Kontrola logu - PC j zasekáne, pomalu se vypíná Vyřešeno

[divine]

Dobrý den, rád bych si od Vás nechal zkontrolovat PC. Je to sice už hodně starý stroj (cca. 8 let), přesto ho občas používám na chatě, tak bych o něj nerad přisel. Poslední dobou ho mám chuť vyhodit z okna - ne jenom, že je totálně zasekaný, ale poslední zdruba půl rok se vypíná asi půl hodinu.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:57:54, on 16.9.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: bw+0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D5859FA1-86E7-4832-9606-2696EDB851A6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 19938 bytes


Děkuji

[Reklama]

[memphisto]

Odinstaluj:
ICQ Toolbar
Ask Toolbar
Google Toolbar
Deamon Tools Toolbar

v logu fixni:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

tyhle IP znáš?
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[divine]

IP adresu neznám.

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.0.1400
www.malwarebytes.org

Verze databáze: v2012.09.16.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Michal :: KLAMATH-391A9F1 [administrátor]

Ochrana: Povolena

16.9.2012 19:28:29
mbam-log-2012-09-16 (19-37-41).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 203128
Uplynulý čas: 8 minut, 52 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[Orcus]

Potom fixni skrz HJT i ty zmíněné záznamy s IP adresou.

MBAM:
- Takže spus znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Pokud budou problémy , spusť v nouz. režimu.

[divine]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.0.1400
www.malwarebytes.org

Verze databáze: v2012.09.16.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Michal :: KLAMATH-391A9F1 [administrátor]

Ochrana: Povolena

16.9.2012 20:38:04
mbam-log-2012-09-16 (20-38-04).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 203112
Uplynulý čas: 5 minut, 31 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

ATF Cleaner jsem už použil.. Ale tak použiju znova

[Orcus]

ATF už vidím, překouknul jsem se. V MBAM jsi neodstranil nález, takže ještě jednou a tentokrát ho odstraň, viz předchozí post.

Stáhni si TDSSKiller
- Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče.
- Rozbal soubor a spusť TDSSKiller.exe.
- Restartuj PC .
- Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Stáhni si Gmer
- Ulož, rozbal a přejmenuj na Tool.exe
- Spusť a v pravém dolním rohu dej "Scan".
- Po dokončení klikni na "Save" log ulož a obsah logu sem zkopíruj.

Stáhni si MBR rtk detector
- Spusť a vyčkej než okno zmizí.
- V umístění kam si stáhnul mbr.exe bud i mbr.log, jeho obsah sem zkopíruj.

[divine]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-09-16 21:17:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3160827AS rev.3.42
Running: Tool.exe.exe; Driver: C:\DOCUME~1\Michal\LOCALS~1\Temp\awrdqkod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9BC9932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9BC979D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA9C4A966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\a9evy1i8 \Device\Scsi\a9evy1i81 8A2261F8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8A3241F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----




Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160827AS rev.3.42 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK





21:01:42.0453 1148 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:01:42.0625 1148 ============================================================
21:01:42.0625 1148 Current date / time: 2012/09/16 21:01:42.0625
21:01:42.0625 1148 SystemInfo:
21:01:42.0625 1148
21:01:42.0625 1148 OS Version: 5.1.2600 ServicePack: 3.0
21:01:42.0625 1148 Product type: Workstation
21:01:42.0625 1148 ComputerName: KLAMATH-391A9F1
21:01:42.0625 1148 UserName: Michal
21:01:42.0625 1148 Windows directory: C:\WINDOWS
21:01:42.0625 1148 System windows directory: C:\WINDOWS
21:01:42.0625 1148 Processor architecture: Intel x86
21:01:42.0625 1148 Number of processors: 2
21:01:42.0625 1148 Page size: 0x1000
21:01:42.0625 1148 Boot type: Normal boot
21:01:42.0625 1148 ============================================================
21:01:43.0875 1148 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:01:43.0875 1148 ============================================================
21:01:43.0875 1148 \Device\Harddisk0\DR0:
21:01:43.0875 1148 MBR partitions:
21:01:43.0875 1148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
21:01:43.0890 1148 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x66C58F5
21:01:43.0890 1148 ============================================================
21:01:43.0921 1148 C: <-> \Device\Harddisk0\DR0\Partition1
21:01:43.0937 1148 D: <-> \Device\Harddisk0\DR0\Partition2
21:01:43.0937 1148 ============================================================
21:01:43.0937 1148 Initialize success
21:01:43.0937 1148 ============================================================
21:01:47.0687 2348 ============================================================
21:01:47.0687 2348 Scan started
21:01:47.0687 2348 Mode: Manual;
21:01:47.0687 2348 ============================================================
21:01:48.0890 2348 ================ Scan system memory ========================
21:01:48.0890 2348 System memory - ok
21:01:48.0890 2348 ================ Scan services =============================
21:01:49.0375 2348 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
21:01:49.0375 2348 Aavmker4 - ok
21:01:49.0375 2348 Abiosdsk - ok
21:01:49.0390 2348 abp480n5 - ok
21:01:49.0437 2348 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:01:49.0437 2348 ACPI - ok
21:01:49.0468 2348 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:01:49.0468 2348 ACPIEC - ok
21:01:49.0531 2348 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:01:49.0531 2348 AdobeFlashPlayerUpdateSvc - ok
21:01:49.0546 2348 adpu160m - ok
21:01:49.0593 2348 [ 75BEE80A25FC7F690DCD57570DC159C1 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
21:01:49.0593 2348 aeaudio - ok
21:01:49.0640 2348 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:01:49.0640 2348 aec - ok
21:01:49.0687 2348 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:01:49.0687 2348 AFD - ok
21:01:49.0734 2348 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
21:01:49.0734 2348 agp440 - ok
21:01:49.0734 2348 Aha154x - ok
21:01:49.0750 2348 aic78u2 - ok
21:01:49.0765 2348 aic78xx - ok
21:01:49.0796 2348 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:01:49.0796 2348 Alerter - ok
21:01:49.0828 2348 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
21:01:49.0828 2348 ALG - ok
21:01:49.0843 2348 AliIde - ok
21:01:49.0859 2348 amsint - ok
21:01:49.0890 2348 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:01:49.0890 2348 AppMgmt - ok
21:01:49.0906 2348 asc - ok
21:01:49.0921 2348 asc3350p - ok
21:01:49.0921 2348 asc3550 - ok
21:01:50.0046 2348 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:01:50.0046 2348 aspnet_state - ok
21:01:50.0078 2348 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:01:50.0078 2348 aswFsBlk - ok
21:01:50.0109 2348 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
21:01:50.0109 2348 aswMon2 - ok
21:01:50.0125 2348 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
21:01:50.0125 2348 AswRdr - ok
21:01:50.0171 2348 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
21:01:50.0171 2348 aswSnx - ok
21:01:50.0203 2348 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
21:01:50.0203 2348 aswSP - ok
21:01:50.0218 2348 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
21:01:50.0234 2348 aswTdi - ok
21:01:50.0250 2348 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:01:50.0250 2348 AsyncMac - ok
21:01:50.0281 2348 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:01:50.0281 2348 atapi - ok
21:01:50.0281 2348 Atdisk - ok
21:01:50.0343 2348 [ C49A64D70DD96F1A511F2D2BADFB924F ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:01:50.0343 2348 Ati HotKey Poller - ok
21:01:50.0375 2348 [ FDC4B0D5E8D477C75D962F395C3A25F0 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
21:01:50.0375 2348 ATI Smart - ok
21:01:50.0500 2348 [ 4F1D98C5FAA232D89F479AA2F6EF4196 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:01:50.0531 2348 ati2mtag - ok
21:01:50.0562 2348 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:01:50.0562 2348 Atmarpc - ok
21:01:50.0593 2348 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:01:50.0593 2348 AudioSrv - ok
21:01:50.0625 2348 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:01:50.0640 2348 audstub - ok
21:01:50.0734 2348 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:01:50.0734 2348 avast! Antivirus - ok
21:01:50.0765 2348 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:01:50.0765 2348 Beep - ok
21:01:50.0812 2348 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
21:01:50.0828 2348 BITS - ok
21:01:50.0875 2348 [ 249276D3EF1E74B992299CB96099E4D7 ] Browser C:\WINDOWS\System32\browser.dll
21:01:50.0875 2348 Browser - ok
21:01:50.0906 2348 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
21:01:50.0906 2348 BthEnum - ok
21:01:50.0937 2348 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
21:01:50.0937 2348 BTHMODEM - ok
21:01:50.0953 2348 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
21:01:50.0968 2348 BthPan - ok
21:01:51.0000 2348 [ F338662A6C1FC11DD9508F6DFF2C06A2 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
21:01:51.0000 2348 BTHPORT - ok
21:01:51.0031 2348 [ 70CA4B3F634C9DCA200832F8DA76E009 ] BthServ C:\WINDOWS\System32\bthserv.dll
21:01:51.0031 2348 BthServ - ok
21:01:51.0078 2348 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
21:01:51.0078 2348 BTHUSB - ok
21:01:51.0109 2348 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:01:51.0109 2348 cbidf2k - ok
21:01:51.0140 2348 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:01:51.0140 2348 CCDECODE - ok
21:01:51.0140 2348 cd20xrnt - ok
21:01:51.0171 2348 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:01:51.0171 2348 Cdaudio - ok
21:01:51.0203 2348 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:01:51.0203 2348 Cdfs - ok
21:01:51.0218 2348 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:01:51.0218 2348 Cdrom - ok
21:01:51.0218 2348 Changer - ok
21:01:51.0250 2348 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:01:51.0250 2348 CiSvc - ok
21:01:51.0281 2348 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:01:51.0281 2348 ClipSrv - ok
21:01:51.0312 2348 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:01:51.0312 2348 clr_optimization_v2.0.50727_32 - ok
21:01:51.0312 2348 CmdIde - ok
21:01:51.0328 2348 COMSysApp - ok
21:01:51.0343 2348 Cpqarray - ok
21:01:51.0375 2348 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:01:51.0375 2348 CryptSvc - ok
21:01:51.0390 2348 dac2w2k - ok
21:01:51.0390 2348 dac960nt - ok
21:01:51.0453 2348 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:01:51.0468 2348 DcomLaunch - ok
21:01:51.0500 2348 [ 770471DE2550820FEEB7E5D24BF2E273 ] DgiVecp C:\WINDOWS\system32\Drivers\DgiVecp.sys
21:01:51.0500 2348 DgiVecp - ok
21:01:51.0546 2348 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:01:51.0546 2348 Dhcp - ok
21:01:51.0578 2348 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:01:51.0578 2348 Disk - ok
21:01:51.0593 2348 dmadmin - ok
21:01:51.0625 2348 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:01:51.0625 2348 dmboot - ok
21:01:51.0656 2348 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:01:51.0671 2348 dmio - ok
21:01:51.0671 2348 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:01:51.0687 2348 dmload - ok
21:01:51.0718 2348 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:01:51.0718 2348 dmserver - ok
21:01:51.0734 2348 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:01:51.0734 2348 DMusic - ok
21:01:51.0781 2348 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:01:51.0781 2348 Dnscache - ok
21:01:51.0828 2348 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:01:51.0828 2348 Dot3svc - ok
21:01:51.0843 2348 dpti2o - ok
21:01:51.0859 2348 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:01:51.0859 2348 drmkaud - ok
21:01:51.0875 2348 EagleNT - ok
21:01:51.0875 2348 EagleXNt - ok
21:01:51.0921 2348 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:01:51.0921 2348 EapHost - ok
21:01:51.0953 2348 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:01:51.0953 2348 ERSvc - ok
21:01:52.0000 2348 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
21:01:52.0015 2348 Eventlog - ok
21:01:52.0062 2348 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
21:01:52.0062 2348 EventSystem - ok
21:01:52.0109 2348 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:01:52.0109 2348 Fastfat - ok
21:01:52.0156 2348 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:01:52.0171 2348 FastUserSwitchingCompatibility - ok
21:01:52.0203 2348 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:01:52.0218 2348 Fdc - ok
21:01:52.0250 2348 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:01:52.0250 2348 Fips - ok
21:01:52.0296 2348 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:01:52.0296 2348 Flpydisk - ok
21:01:52.0328 2348 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:01:52.0343 2348 FltMgr - ok
21:01:52.0390 2348 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:01:52.0390 2348 FontCache3.0.0.0 - ok
21:01:52.0406 2348 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:01:52.0406 2348 Fs_Rec - ok
21:01:52.0421 2348 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:01:52.0421 2348 Ftdisk - ok
21:01:52.0453 2348 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:01:52.0453 2348 gameenum - ok
21:01:52.0500 2348 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:01:52.0500 2348 Gpc - ok
21:01:52.0578 2348 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:01:52.0578 2348 gupdate - ok
21:01:52.0593 2348 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:01:52.0593 2348 gupdatem - ok
21:01:52.0640 2348 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:01:52.0640 2348 helpsvc - ok
21:01:52.0687 2348 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:01:52.0687 2348 HidServ - ok
21:01:52.0734 2348 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:01:52.0734 2348 hidusb - ok
21:01:52.0765 2348 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:01:52.0781 2348 hkmsvc - ok
21:01:52.0781 2348 hpn - ok
21:01:52.0828 2348 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:01:52.0828 2348 HTTP - ok
21:01:52.0859 2348 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:01:52.0875 2348 HTTPFilter - ok
21:01:52.0906 2348 [ 20330198554B7DDB44403AF21D6AE179 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
21:01:52.0906 2348 hwdatacard - ok
21:01:52.0921 2348 [ 922065957563D851B5A68B95AADAC6AD ] hwusbdev C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
21:01:52.0937 2348 hwusbdev - ok
21:01:52.0953 2348 i2omgmt - ok
21:01:52.0953 2348 i2omp - ok
21:01:52.0984 2348 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:01:53.0000 2348 i8042prt - ok
21:01:53.0062 2348 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:01:53.0078 2348 idsvc - ok
21:01:53.0109 2348 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:01:53.0109 2348 Imapi - ok
21:01:53.0140 2348 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:01:53.0156 2348 ImapiService - ok
21:01:53.0171 2348 ini910u - ok
21:01:53.0187 2348 [ 57D928E548B38502ABBA7A77A6EB7312 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:01:53.0187 2348 IntelIde - ok
21:01:53.0234 2348 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:01:53.0234 2348 intelppm - ok
21:01:53.0265 2348 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:01:53.0265 2348 Ip6Fw - ok
21:01:53.0296 2348 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:01:53.0296 2348 IpFilterDriver - ok
21:01:53.0312 2348 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:01:53.0312 2348 IpInIp - ok
21:01:53.0343 2348 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:01:53.0343 2348 IpNat - ok
21:01:53.0359 2348 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:01:53.0359 2348 IPSec - ok
21:01:53.0390 2348 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:01:53.0390 2348 IRENUM - ok
21:01:53.0421 2348 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:01:53.0421 2348 isapnp - ok
21:01:53.0437 2348 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:01:53.0437 2348 Kbdclass - ok
21:01:53.0453 2348 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:01:53.0453 2348 kmixer - ok
21:01:53.0484 2348 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:01:53.0484 2348 KSecDD - ok
21:01:53.0515 2348 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:01:53.0531 2348 lanmanserver - ok
21:01:53.0578 2348 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:01:53.0593 2348 lanmanworkstation - ok
21:01:53.0593 2348 lbrtfdc - ok
21:01:53.0687 2348 [ 98D884ADC0B8C0FEBCC9D7BEE6D86F90 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:01:53.0687 2348 LightScribeService - ok
21:01:53.0718 2348 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:01:53.0718 2348 LmHosts - ok
21:01:53.0734 2348 Lvckap - ok
21:01:53.0765 2348 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:01:53.0765 2348 MBAMProtector - ok
21:01:53.0812 2348 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:01:53.0812 2348 MBAMScheduler - ok
21:01:53.0859 2348 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:01:53.0859 2348 MBAMService - ok
21:01:53.0953 2348 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:01:53.0953 2348 MDM - ok
21:01:53.0984 2348 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:01:53.0984 2348 Messenger - ok
21:01:54.0031 2348 [ 63C34814492AA65FC517B002DE77B191 ] MidiSyn C:\WINDOWS\system32\drivers\MidiSyn.sys
21:01:54.0031 2348 MidiSyn - ok
21:01:54.0062 2348 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:01:54.0062 2348 mnmdd - ok
21:01:54.0093 2348 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:01:54.0109 2348 mnmsrvc - ok
21:01:54.0140 2348 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:01:54.0140 2348 Modem - ok
21:01:54.0171 2348 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:01:54.0171 2348 Mouclass - ok
21:01:54.0187 2348 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:01:54.0187 2348 mouhid - ok
21:01:54.0234 2348 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:01:54.0234 2348 MountMgr - ok
21:01:54.0234 2348 mraid35x - ok
21:01:54.0281 2348 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:01:54.0281 2348 MRxDAV - ok
21:01:54.0328 2348 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:01:54.0328 2348 MRxSmb - ok
21:01:54.0359 2348 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:01:54.0375 2348 MSDTC - ok
21:01:54.0390 2348 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:01:54.0390 2348 Msfs - ok
21:01:54.0406 2348 MSIServer - ok
21:01:54.0437 2348 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:01:54.0437 2348 MSKSSRV - ok
21:01:54.0453 2348 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:01:54.0453 2348 MSPCLOCK - ok
21:01:54.0468 2348 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:01:54.0468 2348 MSPQM - ok
21:01:54.0500 2348 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:01:54.0500 2348 mssmbios - ok
21:01:54.0515 2348 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:01:54.0515 2348 MSTEE - ok
21:01:54.0546 2348 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
21:01:54.0546 2348 ms_mpu401 - ok
21:01:54.0593 2348 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:01:54.0593 2348 Mup - ok
21:01:54.0609 2348 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:01:54.0625 2348 NABTSFEC - ok
21:01:54.0656 2348 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:01:54.0656 2348 napagent - ok
21:01:54.0687 2348 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:01:54.0703 2348 NDIS - ok
21:01:54.0718 2348 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:01:54.0718 2348 NdisIP - ok
21:01:54.0750 2348 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:01:54.0750 2348 NdisTapi - ok
21:01:54.0765 2348 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:01:54.0765 2348 Ndisuio - ok
21:01:54.0781 2348 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:01:54.0781 2348 NdisWan - ok
21:01:54.0828 2348 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:01:54.0828 2348 NDProxy - ok
21:01:54.0843 2348 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:01:54.0843 2348 NetBIOS - ok
21:01:54.0875 2348 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:01:54.0875 2348 NetBT - ok
21:01:54.0906 2348 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
21:01:54.0921 2348 NetDDE - ok
21:01:54.0937 2348 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:01:54.0937 2348 NetDDEdsdm - ok
21:01:54.0984 2348 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:01:55.0000 2348 Netlogon - ok
21:01:55.0031 2348 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
21:01:55.0046 2348 Netman - ok
21:01:55.0093 2348 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:01:55.0093 2348 NetTcpPortSharing - ok
21:01:55.0125 2348 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
21:01:55.0140 2348 Nla - ok
21:01:55.0171 2348 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:01:55.0171 2348 Npfs - ok
21:01:55.0453 2348 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:01:55.0453 2348 Ntfs - ok
21:01:55.0468 2348 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:01:55.0468 2348 NtLmSsp - ok
21:01:55.0515 2348 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:01:55.0531 2348 NtmsSvc - ok
21:01:55.0546 2348 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:01:55.0546 2348 Null - ok
21:01:55.0578 2348 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:01:55.0593 2348 NwlnkFlt - ok
21:01:55.0609 2348 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:01:55.0609 2348 NwlnkFwd - ok
21:01:55.0640 2348 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:01:55.0640 2348 ose - ok
21:01:55.0671 2348 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:01:55.0671 2348 Parport - ok
21:01:55.0718 2348 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:01:55.0718 2348 PartMgr - ok
21:01:55.0750 2348 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:01:55.0765 2348 ParVdm - ok
21:01:55.0781 2348 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:01:55.0781 2348 PCI - ok
21:01:55.0781 2348 PCIDump - ok
21:01:55.0828 2348 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:01:55.0828 2348 PCIIde - ok
21:01:55.0859 2348 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:01:55.0859 2348 Pcmcia - ok
21:01:55.0875 2348 PDCOMP - ok
21:01:55.0890 2348 PDFRAME - ok
21:01:55.0890 2348 PDRELI - ok
21:01:55.0906 2348 PDRFRAME - ok
21:01:55.0906 2348 perc2 - ok
21:01:55.0921 2348 perc2hib - ok
21:01:55.0953 2348 PID_0928 - ok
21:01:55.0984 2348 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
21:01:55.0984 2348 PlugPlay - ok
21:01:56.0031 2348 [ 1713D9DE407313138118D501B0E3C05B ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
21:01:56.0046 2348 PnkBstrA - ok
21:01:56.0046 2348 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:01:56.0062 2348 PolicyAgent - ok
21:01:56.0078 2348 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:01:56.0078 2348 PptpMiniport - ok
21:01:56.0078 2348 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:01:56.0093 2348 ProtectedStorage - ok
21:01:56.0093 2348 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:01:56.0109 2348 PSched - ok
21:01:56.0140 2348 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:01:56.0140 2348 Ptilink - ok
21:01:56.0187 2348 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:01:56.0187 2348 PxHelp20 - ok
21:01:56.0187 2348 ql1080 - ok
21:01:56.0203 2348 Ql10wnt - ok
21:01:56.0218 2348 ql12160 - ok
21:01:56.0218 2348 ql1240 - ok
21:01:56.0234 2348 ql1280 - ok
21:01:56.0250 2348 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:01:56.0250 2348 RasAcd - ok
21:01:56.0296 2348 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:01:56.0296 2348 RasAuto - ok
21:01:56.0328 2348 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:01:56.0328 2348 Rasl2tp - ok
21:01:56.0375 2348 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:01:56.0375 2348 RasMan - ok
21:01:56.0390 2348 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:01:56.0390 2348 RasPppoe - ok
21:01:56.0406 2348 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:01:56.0406 2348 Raspti - ok
21:01:56.0421 2348 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:01:56.0421 2348 Rdbss - ok
21:01:56.0437 2348 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:01:56.0437 2348 RDPCDD - ok
21:01:56.0453 2348 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:01:56.0453 2348 rdpdr - ok
21:01:56.0515 2348 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:01:56.0515 2348 RDPWD - ok
21:01:56.0531 2348 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:01:56.0546 2348 RDSessMgr - ok
21:01:56.0578 2348 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:01:56.0578 2348 redbook - ok
21:01:56.0609 2348 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:01:56.0625 2348 RemoteAccess - ok
21:01:56.0656 2348 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:01:56.0656 2348 RemoteRegistry - ok
21:01:56.0703 2348 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
21:01:56.0703 2348 RFCOMM - ok
21:01:56.0781 2348 [ 2D84428075CE90F1B8882D54960C7000 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
21:01:56.0781 2348 RichVideo - ok
21:01:56.0812 2348 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:01:56.0828 2348 RpcLocator - ok
21:01:56.0859 2348 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:01:56.0875 2348 RpcSs - ok
21:01:56.0921 2348 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:01:56.0937 2348 RSVP - ok
21:01:56.0953 2348 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
21:01:56.0968 2348 SamSs - ok
21:01:56.0984 2348 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:01:57.0000 2348 SCardSvr - ok
21:01:57.0031 2348 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:01:57.0046 2348 Schedule - ok
21:01:57.0078 2348 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:01:57.0078 2348 Secdrv - ok
21:01:57.0109 2348 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:01:57.0125 2348 seclogon - ok
21:01:57.0140 2348 [ 9A4C4A4B191200F12085D188BE70E4E3 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
21:01:57.0140 2348 senfilt - ok
21:01:57.0156 2348 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
21:01:57.0171 2348 SENS - ok
21:01:57.0218 2348 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:01:57.0218 2348 serenum - ok
21:01:57.0234 2348 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:01:57.0234 2348 Serial - ok
21:01:57.0296 2348 [ 9E7DEE11FD5A4355941A45F13C0ED59A ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
21:01:57.0296 2348 sfdrv01 - ok
21:01:57.0328 2348 [ ECEFB59D2206D281E6D317AF0EA0D8BD ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
21:01:57.0328 2348 sfhlp02 - ok
21:01:57.0343 2348 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:01:57.0343 2348 Sfloppy - ok
21:01:57.0390 2348 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:01:57.0406 2348 SharedAccess - ok
21:01:57.0421 2348 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:01:57.0437 2348 ShellHWDetection - ok
21:01:57.0453 2348 Simbad - ok
21:01:57.0500 2348 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:01:57.0500 2348 SLIP - ok
21:01:57.0562 2348 [ 93560891704BBF5FF11E8D16C41698E5 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
21:01:57.0562 2348 smwdm - ok
21:01:57.0625 2348 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
21:01:57.0625 2348 SoundMAX Agent Service (default) - ok
21:01:57.0625 2348 Sparrow - ok
21:01:57.0656 2348 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:01:57.0656 2348 splitter - ok
21:01:57.0687 2348 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:01:57.0703 2348 Spooler - ok
21:01:57.0765 2348 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
21:01:57.0765 2348 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
21:01:57.0765 2348 sptd ( LockedFile.Multi.Generic ) - warning
21:01:57.0765 2348 sptd - detected LockedFile.Multi.Generic (1)
21:01:57.0781 2348 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:01:57.0781 2348 sr - ok
21:01:57.0828 2348 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
21:01:57.0828 2348 srservice - ok
21:01:57.0875 2348 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:01:57.0890 2348 Srv - ok
21:01:57.0906 2348 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:01:57.0921 2348 SSDPSRV - ok
21:01:57.0921 2348 SSPORT - ok
21:01:57.0968 2348 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:01:57.0984 2348 stisvc - ok
21:01:58.0015 2348 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:01:58.0015 2348 streamip - ok
21:01:58.0031 2348 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:01:58.0046 2348 swenum - ok
21:01:58.0062 2348 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:01:58.0062 2348 swmidi - ok
21:01:58.0062 2348 SwPrv - ok
21:01:58.0078 2348 symc810 - ok
21:01:58.0093 2348 symc8xx - ok
21:01:58.0109 2348 sym_hi - ok
21:01:58.0109 2348 sym_u3 - ok
21:01:58.0156 2348 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:01:58.0156 2348 sysaudio - ok
21:01:58.0187 2348 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:01:58.0203 2348 SysmonLog - ok
21:01:58.0234 2348 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:01:58.0234 2348 TapiSrv - ok
21:01:58.0296 2348 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:01:58.0296 2348 Tcpip - ok
21:01:58.0328 2348 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:01:58.0328 2348 TDPIPE - ok
21:01:58.0359 2348 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:01:58.0375 2348 TDTCP - ok
21:01:58.0406 2348 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:01:58.0406 2348 TermDD - ok
21:01:58.0437 2348 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
21:01:58.0453 2348 TermService - ok
21:01:58.0484 2348 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:01:58.0484 2348 Themes - ok
21:01:58.0531 2348 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:01:58.0546 2348 TlntSvr - ok
21:01:58.0546 2348 TosIde - ok
21:01:58.0578 2348 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:01:58.0593 2348 TrkWks - ok
21:01:58.0640 2348 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:01:58.0640 2348 Udfs - ok
21:01:58.0640 2348 ultra - ok
21:01:58.0687 2348 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:01:58.0703 2348 Update - ok
21:01:58.0750 2348 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
21:01:58.0750 2348 upnphost - ok
21:01:58.0781 2348 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
21:01:58.0796 2348 UPS - ok
21:01:58.0828 2348 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:01:58.0828 2348 usbccgp - ok
21:01:58.0859 2348 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:01:58.0859 2348 usbehci - ok
21:01:58.0875 2348 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:01:58.0875 2348 usbhub - ok
21:01:58.0906 2348 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:01:58.0906 2348 usbprint - ok
21:01:58.0937 2348 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:01:58.0953 2348 usbstor - ok
21:01:58.0984 2348 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:01:58.0984 2348 usbuhci - ok
21:01:58.0984 2348 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:01:59.0000 2348 VgaSave - ok
21:01:59.0000 2348 ViaIde - ok
21:01:59.0046 2348 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:01:59.0046 2348 VolSnap - ok
21:01:59.0093 2348 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
21:01:59.0109 2348 VSS - ok
21:01:59.0140 2348 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
21:01:59.0156 2348 W32Time - ok
21:01:59.0171 2348 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:01:59.0187 2348 Wanarp - ok
21:01:59.0187 2348 WDICA - ok
21:01:59.0218 2348 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:01:59.0218 2348 wdmaud - ok
21:01:59.0265 2348 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:01:59.0265 2348 WebClient - ok
21:01:59.0343 2348 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:01:59.0359 2348 winmgmt - ok
21:01:59.0390 2348 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:01:59.0406 2348 WmdmPmSN - ok
21:01:59.0437 2348 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:01:59.0453 2348 Wmi - ok
21:01:59.0500 2348 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:01:59.0500 2348 WmiApSrv - ok
21:01:59.0593 2348 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:01:59.0609 2348 WMPNetworkSvc - ok
21:01:59.0625 2348 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:01:59.0640 2348 WpdUsb - ok
21:01:59.0671 2348 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:01:59.0687 2348 wscsvc - ok
21:01:59.0718 2348 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:01:59.0734 2348 WSTCODEC - ok
21:01:59.0750 2348 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:01:59.0765 2348 wuauserv - ok
21:01:59.0796 2348 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:01:59.0812 2348 WudfPf - ok
21:01:59.0828 2348 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:01:59.0843 2348 WudfRd - ok
21:01:59.0859 2348 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:01:59.0875 2348 WudfSvc - ok
21:01:59.0937 2348 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:01:59.0953 2348 WZCSVC - ok
21:01:59.0968 2348 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:01:59.0984 2348 xmlprov - ok
21:02:00.0015 2348 [ 121805040C826638CEB541BF968E7C5B ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
21:02:00.0031 2348 yukonwxp - ok
21:02:00.0031 2348 ================ Scan global ===============================
21:02:00.0078 2348 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
21:02:00.0125 2348 [ 4F1340B27E7590D3E42541769ABD5872 ] C:\WINDOWS\system32\winsrv.dll
21:02:00.0156 2348 [ 4F1340B27E7590D3E42541769ABD5872 ] C:\WINDOWS\system32\winsrv.dll
21:02:00.0187 2348 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
21:02:00.0187 2348 [Global] - ok
21:02:00.0187 2348 ================ Scan MBR ==================================
21:02:00.0218 2348 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
21:02:00.0375 2348 \Device\Harddisk0\DR0 - ok
21:02:00.0375 2348 ================ Scan VBR ==================================
21:02:00.0375 2348 [ 301AC7DD06019B7023AF4C0F1B27F87A ] \Device\Harddisk0\DR0\Partition1
21:02:00.0390 2348 \Device\Harddisk0\DR0\Partition1 - ok
21:02:00.0406 2348 [ C64A8E18D15B26B5B77DD71445F6CAFC ] \Device\Harddisk0\DR0\Partition2
21:02:00.0406 2348 \Device\Harddisk0\DR0\Partition2 - ok
21:02:00.0406 2348 ============================================================
21:02:00.0406 2348 Scan finished
21:02:00.0406 2348 ============================================================
21:02:00.0421 1976 Detected object count: 1
21:02:00.0421 1976 Actual detected object count: 1
21:02:04.0234 1976 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:02:04.0234 1976 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:02:06.0140 1280 Deinitialize success

[Orcus]

U toho Gmeru si dával Scan nebo to byl jen ten rychlej scan, co proběhne hned při spuštění? Nezdá se mi, že by byl za tak krátkou dobu hotovej a hlavička logu nasvědčuje právě tomu rychlýmu scanu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[divine]

Pravda. Teď dělám novej scan. Ale už to jede 2 hodiny. Tak to sem potom hodím.

[divine]

ComboFix 12-09-16.01 - Michal 17.09.2012 17:44:44.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.793 [GMT 2:00]
Spuštěný z: c:\documents and settings\Michal\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Michal\WINDOWS
c:\windows\system32\msxml2.dll.tmp
c:\windows\system32\SETA4.tmp
c:\windows\system32\SETA8.tmp
c:\windows\system32\SETB0.tmp
c:\windows\system32\SETF7.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-17 do 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-09-16 17:25 . 2012-09-16 17:25 -------- d-----w- c:\documents and settings\Michal\Data aplikací\Malwarebytes
2012-09-16 17:25 . 2012-09-16 17:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-09-16 17:25 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-16 17:25 . 2012-09-16 17:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-16 17:18 . 2012-09-16 17:18 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-16 17:18 . 2012-09-16 17:18 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-16 15:57 . 2012-09-16 15:57 388096 ----a-r- c:\documents and settings\Michal\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-16 15:57 . 2012-09-16 15:57 -------- d-----w- c:\program files\Trend Micro
2012-09-16 15:54 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-16 15:54 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-16 15:54 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-09-16 15:54 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-16 15:54 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-16 15:54 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-09-16 15:54 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-09-16 15:54 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-09-16 15:53 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-16 15:53 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-16 15:53 . 2012-09-16 15:53 -------- d-----w- c:\program files\AVAST Software
2012-09-16 15:53 . 2012-09-16 15:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 14:57 . 2011-09-08 12:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-05-07 524288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-3-26 450560]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-3 415072]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\Documents and Settings\\Michal\\Plocha\\Ostatní\\Worms-Armagedon-XP\\Worms Armagedon XP\\WA.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"=
"c:\\Program Files\\Army Men RTS\\amrts.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.8.2008 10:02 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16.9.2012 17:54 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.9.2012 17:54 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.9.2012 17:54 21256]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16.9.2012 19:25 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16.9.2012 19:25 22856]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16.9.2012 17:54 136176]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16.9.2012 19:18 250568]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16.9.2012 17:54 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [6.7.2011 15:52 100736]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - awrdqkod
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 17:18]
.
2012-09-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-16 09:12]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-16 15:54]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-16 15:54]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\n4pqvbv9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_result ... r=1.3.1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.5.3&q=
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-17 17:51
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-09-17 17:54:07
ComboFix-quarantined-files.txt 2012-09-17 15:54
.
Před spuštěním: Volných bajtů: 22 870 319 104
Po spuštění: Volných bajtů: 22 857 019 392
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
.
- - End Of File - - DDC9DB7B09A4D4FC71B0A959588A3F5F

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Driver::
gupdate
SSPORT
EagleXNt
gupdatem

Folder::
c:\program files\Google\Update

File::
c:\windows\system32\Drivers\SSPORT.sys
c:\windows\system32\drivers\EagleXNt.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Firefox::
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\n4pqvbv9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_result ... r=1.3.1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.5.3&q=
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť?.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[divine]

Bohužel to nejde. Jak se ComboFix spusti, tak to piše že scenuje. Měl jsem to zapnuté cca. 2 ho´dky a furt to samé