Prosím o kontrolu Vyřešeno

[Alan-K]

Ahoj, prosím o kontrolu, udělal jsem ComboFix Log a MWAV - Scan&Clean. Oba logy jsou níže. Počítač mírně zamrzá, vždy tak na deset až patnáct sekund... MWAV něco našel, ale moc prosím, jestli mi to ještě zkontrolujete??? Prosím....

Tady z MWAV o tom co našel (přepsáno z okénka):
Virus Log Information:
C:\WINDOWS\system32\DRIVERS\hcdriver.sys: Forget File - Suspicious Rootkit
Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed
Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed

Log z HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:44:54, on 22.3.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\nlssrv32.exe
C:\WINDOWS\system32\IoctlSvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Bluetooth Software\BTTray.exe
C:\DOCUME~1\Alan\LOCALS~1\temp\mexetmp.ex~
C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\Capture.exe
C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\Cap.exe
C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\Capture.exe
C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\Cap.exe
C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\Capture.exe
C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\Cap.exe
C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\Capture.exe
C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\Cap.exe
C:\Documents and Settings\Alan\Plocha\SECURITY\HijackThis.exe
C:\WINDOWS\system32\WISPTIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0109700281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3773112609
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Adaptec - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\nlssrv32.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: WD Backup (WDBackup) - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: WD Rules (WDRulesService) - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

--
End of file - 12294 bytes

A ještě MWAV:
22 III 2013 09:40:35 - **********************************************************
22 III 2013 09:40:35 - eScan Anti Virus & Spyware Toolkit Utility.
22 III 2013 09:40:35 - Copyright © MicroWorld Technologies
22 III 2013 09:40:35 - **********************************************************
22 III 2013 09:40:35 - Source: C:\DOCUME~1\Alan\Plocha\mwav.exe
22 III 2013 09:40:35 - Version 14.0.56 (C:\DOCUMENTS AND SETTINGS\ALAN\LOCAL SETTINGS\TEMP\MEXETMP.EX~)
22 III 2013 09:40:35 - Log File: C:\Documents and Settings\Alan\Local Settings\temp\MWAV.LOG
22 III 2013 09:40:35 - Last Scan Date and Time: 20.12.2012 04:20:44
22 III 2013 09:40:35 - MWAV Registered: TRUE
22 III 2013 09:40:35 - User Account: Alan (Administrator Mode)
22 III 2013 09:40:35 - OS Type: Windows Workstation
22 III 2013 09:40:35 - OS: Windows XP [OS Install Date: 26 Jul 2012 21:41:52]
22 III 2013 09:40:35 - Ver: Professional Service Pack 3 (Build 2600)
22 III 2013 09:40:35 - System Up Time: 9 Minutes, 32 Seconds


22 III 2013 09:40:35 - Windows Root Folder: C:\WINDOWS
22 III 2013 09:40:35 - Windows Sys32 Folder: C:\WINDOWS\system32
22 III 2013 09:40:36 - DHCP NameServer: 192.168.0.1
22 III 2013 09:40:36 - Interface0 DHCPNameServer: 192.168.0.1
22 III 2013 09:40:36 - Local Fixed Drives: c:\,d:\,e:\,f:\,g:\
22 III 2013 09:40:36 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)
22 III 2013 09:40:36 - [CREATED ZIP FILE: C:\Documents and Settings\Alan\Local Settings\temp\pinfect.zip]

22 III 2013 09:40:36 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ******
22 III 2013 09:40:39 - C:\WINDOWS\R.COM (147968), 22-Mar-2013 [Added C:\WINDOWS\R.COM to ZIP FILE]
22 III 2013 09:40:40 - C:\WINDOWS\system32\FlashPlayerApp.exe (693976), 13-Mar-2013 [Added C:\WINDOWS\system32\FlashPlayerApp.exe to ZIP FILE]
22 III 2013 09:40:40 - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl (73432), 13-Mar-2013 [Added C:\WINDOWS\system32\FlashPlayerCPLApp.cpl to ZIP FILE]
22 III 2013 09:40:40 - C:\WINDOWS\system32\MRT.exe (69796088), 14-Mar-2013
22 III 2013 09:40:40 - C:\WINDOWS\system32\T.COM (137216), 22-Mar-2013 [Added C:\WINDOWS\system32\T.COM to ZIP FILE]
22 III 2013 09:40:40 - C:\WINDOWS\system32\TASKMGR.COM (137216), 22-Mar-2013 [Added C:\WINDOWS\system32\TASKMGR.COM to ZIP FILE]
22 III 2013 09:40:40 - C:\WINDOWS\system32\dllcache\usb8023.sys (12928), 22-Mar-2013 [Added C:\WINDOWS\system32\dllcache\usb8023.sys to ZIP FILE]
22 III 2013 09:40:40 - C:\WINDOWS\system32\dllcache\usb8023x.sys (12928), 22-Mar-2013 [Added C:\WINDOWS\system32\dllcache\usb8023x.sys to ZIP FILE]
22 III 2013 09:40:40 - C:\WINDOWS\system32\drivers\SWDUMon.sys (13464), 20-Mar-2013 [Added C:\WINDOWS\system32\drivers\SWDUMon.sys to ZIP FILE]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\BACKUP.86519351.mexe.com (2353736), 22-Mar-2013
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\bdc.exe (91904), 22-Mar-2013 [Added C:\DOCUME~1\Alan\LOCALS~1\Temp\bdc.exe to ZIP FILE]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\bdfltlib2k.dll (231944), 22-Mar-2013 [Added C:\DOCUME~1\Alan\LOCALS~1\Temp\bdfltlib2k.dll to ZIP FILE]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\DEVCON.EXE (61184), 22-Mar-2013
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\encdec.dll (120328), 22-Mar-2013 [Added C:\DOCUME~1\Alan\LOCALS~1\Temp\encdec.dll to ZIP FILE]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\erootdrv.sys (13832), 22-Mar-2013 [Added C:\DOCUME~1\Alan\LOCALS~1\Temp\erootdrv.sys to ZIP FILE]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\mexe.com (779560), 22-Mar-2013 [Added C:\DOCUME~1\Alan\LOCALS~1\Temp\mexe.com to ZIP FILE]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\msvclnt.dll (236040), 22-Mar-2013 [Added C:\DOCUME~1\Alan\LOCALS~1\Temp\msvclnt.dll to ZIP FILE]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\mwavdwnl.exe (934920), 22-Mar-2013 [Added C:\DOCUME~1\Alan\LOCALS~1\Temp\mwavdwnl.exe to ZIP FILE]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\MWAVSCAN.COM (2353736), 22-Mar-2013
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\plugins.htm (3498), 22-Mar-2013 [Added C:\DOCUME~1\Alan\LOCALS~1\Temp\plugins.htm to ZIP FILE]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\red32.dll (10248), 22-Mar-2013 [Added C:\DOCUME~1\Alan\LOCALS~1\Temp\red32.dll to ZIP FILE]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\reload.exe (154632), 22-Mar-2013 [Added C:\DOCUME~1\Alan\LOCALS~1\Temp\reload.exe to ZIP FILE]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\setpriv.exe (64008), 22-Mar-2013 [Added C:\DOCUME~1\Alan\LOCALS~1\Temp\setpriv.exe to ZIP FILE]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\unregx.exe (61960), 22-Mar-2013 [Added C:\DOCUME~1\Alan\LOCALS~1\Temp\unregx.exe to ZIP FILE]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\UPDLL10.DLL (1125096), 19-Mar-2013
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\viewtcp.exe (573960), 22-Mar-2013 [Added C:\DOCUME~1\Alan\LOCALS~1\Temp\viewtcp.exe to ZIP FILE]

22 III 2013 09:40:40 - C:\WINDOWS\$NtUninstallWdf01009$, 10-Jan-2013 [H] [Folder]
22 III 2013 09:40:40 - C:\WINDOWS\CSC, 08-Jan-2011 [HS] [Folder]
22 III 2013 09:40:40 - C:\WINDOWS\Fonts, 04-Jan-2011 [SR] [Folder]
22 III 2013 09:40:40 - C:\WINDOWS\Web, 04-Jan-2011 [S] [Folder]
22 III 2013 09:40:40 - C:\WINDOWS\system32\dllcache, 04-Jan-2011 [HSR] [Folder]
22 III 2013 09:40:40 - C:\WINDOWS\system32\Microsoft, 04-Jan-2011 [S] [Folder]
22 III 2013 09:40:40 - C:\cmdcons, 17-Feb-2011 [HSR] [Folder]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\AVCBack, 22-Mar-2013 [Folder]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\FtpTemp, 22-Mar-2013 [Folder]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\FtpTempF, 22-Mar-2013 [Folder]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\Log, 22-Mar-2013 [Folder]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\nro.log, 17-Mar-2013 [Folder]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\plugins, 22-Mar-2013 [Folder]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\plugtmp, 17-Mar-2013 [Folder]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\VBE, 17-Mar-2013 [Folder]
22 III 2013 09:40:40 - C:\DOCUME~1\Alan\LOCALS~1\Temp\Word8.0, 17-Mar-2013 [Folder]
22 III 2013 09:40:40 - C:\Documents and Settings\Alan\Data aplikací\Microsoft, 04-Jan-2011 [S] [Folder]
22 III 2013 09:40:40 - C:\Documents and Settings\Alan\Data aplikací\..\Dokumenty, 04-Jan-2011 [S] [Folder]
22 III 2013 09:40:40 - C:\Documents and Settings\Alan\Data aplikací\..\IECompatCache, 04-Jan-2011 [S] [Folder]
22 III 2013 09:40:40 - C:\Documents and Settings\Alan\Data aplikací\..\IETldCache, 04-Jan-2011 [HS] [Folder]
22 III 2013 09:40:40 - C:\Documents and Settings\Alan\Data aplikací\..\Local Settings, 04-Jan-2011 [H] [Folder]
22 III 2013 09:40:40 - C:\Documents and Settings\Alan\Data aplikací\..\Oblíbené položky, 04-Jan-2011 [S] [Folder]
22 III 2013 09:40:40 - C:\Documents and Settings\Alan\Data aplikací\..\PrivacIE, 04-Jan-2011 [HS] [Folder]
22 III 2013 09:40:40 - C:\Documents and Settings\Alan\Data aplikací\..\Recent, 16-Mar-2013 [HS] [Folder]
22 III 2013 09:40:40 - C:\Documents and Settings\Alan\Data aplikací\..\UserData, 04-Jan-2011 [HS] [Folder]
22 III 2013 09:40:40 - C:\Documents and Settings\All Users\Data aplikací\Common Files, 16-Dec-2012 [H] [Folder]
22 III 2013 09:40:40 - C:\Documents and Settings\All Users\Data aplikací\Microsoft, 04-Jan-2011 [S] [Folder]
22 III 2013 09:40:40 - C:\Documents and Settings\All Users\Data aplikací\..\DRM, 04-Jan-2011 [S] [Folder]
22 III 2013 09:40:40 - C:\Program Files\Mozilla Firefox, 10-Mar-2013 [Folder]
22 III 2013 09:40:40 - C:\Program Files\SlimDrivers, 20-Mar-2013 [Folder]

22 III 2013 09:40:40 - *********************************************************************************************

22 III 2013 09:40:40 - Command Line Options Given: /xsign
22 III 2013 09:40:40 - Latest Date of files inside MWAV: Mon Apr 26 13:46:18 2010.
22 III 2013 09:40:40 - Sign Version: 7.31392
22 III 2013 09:40:41 - ** Deleted Value of "RPSessionInterval" in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore". Its value was DWORD:0.
22 III 2013 09:40:41 - Loading/Creating FileScan Cache Database C:\Documents and Settings\All Users\Data aplikací\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\Documents and Settings\Alan\Local Settings\temp\ESCANDB.LOG]
22 III 2013 09:40:41 - Loaded/Created FileScan Cache Database...
22 III 2013 09:40:41 - Loading AV Library [DB]...
22 III 2013 09:40:42 - ArchiveScan: DISABLED
22 III 2013 09:40:46 - AV Library Loaded [DB-DIRECT].
22 III 2013 09:40:46 - MWAV doing self scanning...
22 III 2013 09:40:47 - MWAV files are clean.
22 III 2013 09:41:06 - ArchiveScan: DISABLED
22 III 2013 09:41:06 - Virus Database Date: 26 Apr 2010
22 III 2013 09:41:06 - Virus Database Count: 5690871
22 III 2013 09:41:08 - Downloading AntiVirus and Anti-Spyware Databases...
22 III 2013 09:41:12 - Nothing new to download. Updates are the latest.

22 III 2013 09:44:48 - **********************************************************
22 III 2013 09:44:48 - eScan Anti Virus & Spyware Toolkit Utility.
22 III 2013 09:44:48 - Copyright © MicroWorld Technologies
22 III 2013 09:44:48 -
22 III 2013 09:44:48 - Support: support@escanav.com
22 III 2013 09:44:48 - Web: http://www.escanav.com
22 III 2013 09:44:48 - **********************************************************
22 III 2013 09:44:48 - Version 14.0.56[DB] (C:\DOCUMENTS AND SETTINGS\ALAN\LOCAL SETTINGS\TEMP\MEXETMP.EX~)
22 III 2013 09:44:48 - Log File: C:\Documents and Settings\Alan\Local Settings\temp\MWAV.LOG
22 III 2013 09:44:48 - User Account: Alan (Administrator Mode)
22 III 2013 09:44:48 - Windows Root Folder: C:\WINDOWS
22 III 2013 09:44:48 - Windows Sys32 Folder: C:\WINDOWS\system32
22 III 2013 09:44:48 - OS: Windows XP [OS Install Date: 26 Jul 2012 21:41:52]
22 III 2013 09:44:48 - Ver: Professional Service Pack 3 (Build 2600)
22 III 2013 09:44:48 - Latest Date of files inside MWAV: Mon Apr 26 13:46:18 2010.
22 III 2013 09:44:48 - Sign Version: 7.31392

22 III 2013 09:44:49 - Options Selected by User:
22 III 2013 09:44:49 - Memory Check: Enabled
22 III 2013 09:44:49 - Registry Check: Enabled
22 III 2013 09:44:49 - StartUp Folder Check: Enabled
22 III 2013 09:44:49 - System Folder Check: Enabled
22 III 2013 09:44:49 - Services Check: Enabled
22 III 2013 09:44:49 - Scan Spyware: Enabled
22 III 2013 09:44:49 - Scan Archives: Disabled
22 III 2013 09:44:49 - Drive Check: Enabled
22 III 2013 09:44:49 - All Drive Check isabled
22 III 2013 09:44:49 - Drive Selected = C:\
22 III 2013 09:44:49 - Folder Check: Disabled
22 III 2013 09:44:49 - SCAN: All_Files
22 III 2013 09:44:49 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)

22 III 2013 09:44:49 - Scanning DNS Records...
22 III 2013 09:44:49 - Scanning Master Boot Record (Kernel)...
22 III 2013 09:44:51 - Scanning Logical Boot Records...
22 III 2013 09:44:51 - ***** Scanning For Hidden Rootkit Processes *****
22 III 2013 09:44:51 - ***** Scanning For Hidden Rootkit Services *****
22 III 2013 09:44:53 - Walk through registry failed!

22 III 2013 09:44:53 - ***** Scanning Memory Files *****
22 III 2013 09:45:44 - ScanFile (C:\Program Files\Mozilla Firefox\nss3.dll) took 5329 ms

22 III 2013 09:46:09 - ***** Scanning Registry Files *****

22 III 2013 09:46:12 - ***** Scanning StartUp Folders *****
22 III 2013 09:46:49 - ScanFile (C:\Documents and Settings\Alan\Plocha\mwav.exe) took 22360 ms
22 III 2013 09:46:49 - Scanning of C:\Documents and Settings\Alan\Plocha\mwav.exe Timed out!!!
22 III 2013 09:46:49 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Plocha\mwav.exe
22 III 2013 09:47:01 - ScanFile (C:\Documents and Settings\Alan\Plocha\TFC.exe) took 6828 ms
22 III 2013 09:53:24 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\3a2ece88e28b03adfa37d292a40511fe1213101e not Scanned. Possibly password protected...
22 III 2013 09:53:24 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\3a2ece88e28b03adfa37d292a40511fe1213101e
22 III 2013 09:53:24 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\4185d9b39a871ebb0ce3d245f381590d3d99a83d not Scanned. Possibly password protected...
22 III 2013 09:53:24 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\4185d9b39a871ebb0ce3d245f381590d3d99a83d
22 III 2013 09:53:25 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\4b17f4291374c3aab19ceb80239641424b394333 not Scanned. Possibly password protected...
22 III 2013 09:53:25 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\4b17f4291374c3aab19ceb80239641424b394333
22 III 2013 09:53:27 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\5c416520c3d9d14b841f927051cc71ed58e28d5e not Scanned. Possibly password protected...
22 III 2013 09:53:27 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\5c416520c3d9d14b841f927051cc71ed58e28d5e
22 III 2013 09:53:28 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\5f25ca820494585dc3e8176259b608815b77d8bf not Scanned. Possibly password protected...
22 III 2013 09:53:28 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\5f25ca820494585dc3e8176259b608815b77d8bf
22 III 2013 09:53:29 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\68cd7b346eaf1b52b4bf9ba5a0b03bcd80b0ae3f not Scanned. Possibly password protected...
22 III 2013 09:53:29 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\68cd7b346eaf1b52b4bf9ba5a0b03bcd80b0ae3f
22 III 2013 09:53:30 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\6d2cea13a3ead3e155b92bdb3b18ea0953567dbf not Scanned. Possibly password protected...
22 III 2013 09:53:30 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\6d2cea13a3ead3e155b92bdb3b18ea0953567dbf
22 III 2013 09:53:31 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\7612c6c0984b29dcc84db328005b3b311a5f8067 not Scanned. Possibly password protected...
22 III 2013 09:53:31 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\7612c6c0984b29dcc84db328005b3b311a5f8067
22 III 2013 09:53:31 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\787860856eff37820cae47f5083f599a0514d455 not Scanned. Possibly password protected...
22 III 2013 09:53:31 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\787860856eff37820cae47f5083f599a0514d455
22 III 2013 09:53:33 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\84bb75218f6436abed329b0d042cae3883a3edeb not Scanned. Possibly password protected...
22 III 2013 09:53:33 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\84bb75218f6436abed329b0d042cae3883a3edeb
22 III 2013 09:53:33 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\866e0e9df82b1cd3795b75de246cd528d83c043c not Scanned. Possibly password protected...
22 III 2013 09:53:33 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\866e0e9df82b1cd3795b75de246cd528d83c043c
22 III 2013 09:53:34 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\8e09048661d0cf3f10ccd4d818c06df0d5e69967 not Scanned. Possibly password protected...
22 III 2013 09:53:34 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\8e09048661d0cf3f10ccd4d818c06df0d5e69967
22 III 2013 09:53:39 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\c2b1f29c21473da7187da48f7658f269a5280bc8 not Scanned. Possibly password protected...
22 III 2013 09:53:39 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\c2b1f29c21473da7187da48f7658f269a5280bc8
22 III 2013 09:53:40 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\c8c8948f0c8cfec9f0713b6c79483333b5f76348 not Scanned. Possibly password protected...
22 III 2013 09:53:40 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\c8c8948f0c8cfec9f0713b6c79483333b5f76348
22 III 2013 09:54:59 - C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin not Scanned. Possibly password protected...
22 III 2013 09:54:59 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin

22 III 2013 09:55:10 - ***** Scanning Service Files *****
22 III 2013 09:56:10 - C:\WINDOWS\system32\DRIVERS\hcdriver.sys: Forged File - Suspicious Rootkit

22 III 2013 09:57:39 - ***** Scanning Registry and File system for Adware/Spyware *****
22 III 2013 09:57:41 - Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\Alan\LOCALS~1\temp\spydb.avs, Size: 463768]...
22 III 2013 09:57:41 - Indexed Spyware Databases Successfully Created...

22 III 2013 09:57:58 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
22 III 2013 09:57:58 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: Entries Removed.
22 III 2013 09:57:58 - Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.

22 III 2013 09:57:58 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
22 III 2013 09:57:58 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: Entries Removed.
22 III 2013 09:57:58 - Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.


22 III 2013 09:57:59 - ***** Scanning Registry Files *****
22 III 2013 09:58:00 - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
22 III 2013 09:58:00 - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.msn.com/
22 III 2013 09:58:00 - ** Value in HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome

22 III 2013 09:58:00 - ***** Scanning System32 Folders *****

22 III 2013 09:59:05 - ScanFile (C:\Documents and Settings\Alan\Local Settings\temp\mexe.com) took 8484 ms
22 III 2013 09:59:16 - ScanFile (C:\Documents and Settings\Alan\Local Settings\temp\mwavdwnl.exe) took 8468 ms
22 III 2013 09:59:21 - ScanFile (C:\Documents and Settings\Alan\Local Settings\temp\MWAVL.exe) took 5406 ms
22 III 2013 09:59:32 - ScanFile (C:\Documents and Settings\Alan\Local Settings\temp\mwavscan.exe) took 8438 ms
22 III 2013 10:00:03 - ScanFile (C:\Documents and Settings\Alan\Local Settings\temp\Portuguese.lic) took 11469 ms
22 III 2013 10:02:00 - ScanFile (C:\Documents and Settings\Alan\Local Settings\temp\viewtcp.exe) took 8563 ms

22 III 2013 10:02:01 - ***** Scanning Drive C:\ *****
22 III 2013 10:07:06 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\3a2ece88e28b03adfa37d292a40511fe1213101e not Scanned. Possibly password protected...
22 III 2013 10:07:06 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\3a2ece88e28b03adfa37d292a40511fe1213101e
22 III 2013 10:07:07 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\4185d9b39a871ebb0ce3d245f381590d3d99a83d not Scanned. Possibly password protected...
22 III 2013 10:07:07 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\4185d9b39a871ebb0ce3d245f381590d3d99a83d
22 III 2013 10:07:08 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\4b17f4291374c3aab19ceb80239641424b394333 not Scanned. Possibly password protected...
22 III 2013 10:07:08 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\4b17f4291374c3aab19ceb80239641424b394333
22 III 2013 10:07:09 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\5c416520c3d9d14b841f927051cc71ed58e28d5e not Scanned. Possibly password protected...
22 III 2013 10:07:09 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\5c416520c3d9d14b841f927051cc71ed58e28d5e
22 III 2013 10:07:09 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\5f25ca820494585dc3e8176259b608815b77d8bf not Scanned. Possibly password protected...
22 III 2013 10:07:09 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\5f25ca820494585dc3e8176259b608815b77d8bf
22 III 2013 10:07:10 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\68cd7b346eaf1b52b4bf9ba5a0b03bcd80b0ae3f not Scanned. Possibly password protected...
22 III 2013 10:07:10 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\68cd7b346eaf1b52b4bf9ba5a0b03bcd80b0ae3f
22 III 2013 10:07:10 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\6d2cea13a3ead3e155b92bdb3b18ea0953567dbf not Scanned. Possibly password protected...
22 III 2013 10:07:10 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\6d2cea13a3ead3e155b92bdb3b18ea0953567dbf
22 III 2013 10:07:11 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\7612c6c0984b29dcc84db328005b3b311a5f8067 not Scanned. Possibly password protected...
22 III 2013 10:07:11 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\7612c6c0984b29dcc84db328005b3b311a5f8067
22 III 2013 10:07:11 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\787860856eff37820cae47f5083f599a0514d455 not Scanned. Possibly password protected...
22 III 2013 10:07:11 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\787860856eff37820cae47f5083f599a0514d455
22 III 2013 10:07:12 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\84bb75218f6436abed329b0d042cae3883a3edeb not Scanned. Possibly password protected...
22 III 2013 10:07:12 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\84bb75218f6436abed329b0d042cae3883a3edeb
22 III 2013 10:07:13 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\866e0e9df82b1cd3795b75de246cd528d83c043c not Scanned. Possibly password protected...
22 III 2013 10:07:13 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\866e0e9df82b1cd3795b75de246cd528d83c043c
22 III 2013 10:07:13 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\8e09048661d0cf3f10ccd4d818c06df0d5e69967 not Scanned. Possibly password protected...
22 III 2013 10:07:13 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\8e09048661d0cf3f10ccd4d818c06df0d5e69967
22 III 2013 10:07:18 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\c2b1f29c21473da7187da48f7658f269a5280bc8 not Scanned. Possibly password protected...
22 III 2013 10:07:18 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\c2b1f29c21473da7187da48f7658f269a5280bc8
22 III 2013 10:07:18 - C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\c8c8948f0c8cfec9f0713b6c79483333b5f76348 not Scanned. Possibly password protected...
22 III 2013 10:07:18 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Alan\Data aplikací\Apple Computer\MobileSync\Backup\34207325cb21c8d1c0cfd9f6a103a8077915953a 1\c8c8948f0c8cfec9f0713b6c79483333b5f76348
22 III 2013 10:11:08 - C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin not Scanned. Possibly password protected...
22 III 2013 10:11:08 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin
22 III 2013 10:22:01 - C:\Program Files\Zoner\Photo Studio 13\pack.dat not Scanned. Possibly password protected...
22 III 2013 10:22:01 - ERROR(3)!!! ScanFile fails for C:\Program Files\Zoner\Photo Studio 13\pack.dat
22 III 2013 10:29:19 - C:\WINDOWS\SoftwareDistribution\EventCache\{6C7C3833-DE76-40A1-99E5-F298093C96E6}.bin not Scanned. Possibly password protected...
22 III 2013 10:29:19 - ERROR(3)!!! ScanFile fails for C:\WINDOWS\SoftwareDistribution\EventCache\{6C7C3833-DE76-40A1-99E5-F298093C96E6}.bin
22 III 2013 10:29:24 - C:\WINDOWS\system32\CatRoot2\tmp.edb not Scanned. Possibly password protected...
22 III 2013 10:29:24 - ERROR(3)!!! ScanFile fails for C:\WINDOWS\system32\CatRoot2\tmp.edb
22 III 2013 10:29:25 - C:\WINDOWS\system32\config\default not Scanned. Possibly password protected...
22 III 2013 10:29:25 - ERROR(3)!!! ScanFile fails for C:\WINDOWS\system32\config\default
22 III 2013 10:29:25 - C:\WINDOWS\system32\config\SAM not Scanned. Possibly password protected...
22 III 2013 10:29:25 - ERROR(3)!!! ScanFile fails for C:\WINDOWS\system32\config\SAM
22 III 2013 10:29:25 - C:\WINDOWS\system32\config\software not Scanned. Possibly password protected...
22 III 2013 10:29:25 - ERROR(3)!!! ScanFile fails for C:\WINDOWS\system32\config\software
22 III 2013 10:29:25 - C:\WINDOWS\system32\config\system not Scanned. Possibly password protected...
22 III 2013 10:29:25 - ERROR(3)!!! ScanFile fails for C:\WINDOWS\system32\config\system

22 III 2013 10:30:07 - ***** Checking for specific ITW Viruses *****

22 III 2013 10:30:08 - ***** Scanning complete. *****

22 III 2013 10:30:08 - Total Objects Scanned: 285274
22 III 2013 10:30:08 - Total Critical Objects: 2
22 III 2013 10:30:08 - Total Disinfected Objects: 0
22 III 2013 10:30:08 - Total Objects Renamed: 0
22 III 2013 10:30:08 - Total Deleted Objects: 2
22 III 2013 10:30:08 - Total Errors: 0
22 III 2013 10:30:08 - Time Elapsed: 00:45:18
22 III 2013 10:30:08 - Virus Database Date: 26 Apr 2010
22 III 2013 10:30:08 - Virus Database Count: 5690871

22 III 2013 10:30:08 - Scan Completed.

[Reklama]

[memphisto]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

[Alan-K]

....tak ATF používám i "normálně". Takže vyčištěno. Potom MBAM, který tedy také používám, log níže a nakonec sken adwcleaner...

A chtěl jsme se zeptat, jak jsem to tu pročítal, používám Microsoft Security Essential, a je tu jen odsuzován....tak poradíte mi nějaký antivir, který mám používat???

Log MBAM:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Verze: v2013.03.24.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Alan :: COMMANDER [administrátor]

24.3.2013 22:58:11
mbam-log-2013-03-24 (22-58-11).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 244657
Uplynulý čas: 7 minut, 2 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)


a log adwcleaner:
# AdwCleaner v2.115 - Log vytvooen 24/03/2013 v 23:07:24
# Aktualizováno 17/03/2013 Xplode
# Operaení systém : Microsoft Windows XP Service Pack 3 (32 bits)
# Uživatel : Alan - COMMANDER
# Spuštin systém : Normální
# Spuštino z : C:\Documents and Settings\Alan\Plocha\adwcleaner.exe
# Volba [Prohledat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Nalezeno : C:\Documents and Settings\Alan\Data aplikací\searchresultstb
Složka Nalezeno : C:\Documents and Settings\Alan\Local Settings\Data aplikací\OpenCandy
Složka Nalezeno : C:\Documents and Settings\Alan\Local Settings\Data aplikací\PackageAware
Soubor Nalezeno : C:\Documents and Settings\Alan\Data aplikací\Mozilla\Firefox\Profiles\jepw67px.default\searchplugins\Askcom.xml

***** [Registry] *****

Klíe Nalezeno : HKCU\Software\APN PIP
Klíe Nalezeno : HKCU\Software\PIP
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Klíe Nalezeno : HKLM\Software\PIP

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v18.0 (cs)

Soubor : C:\Documents and Settings\Alan\Data aplikací\Mozilla\Firefox\Profiles\jepw67px.default\prefs.js

Nalezeno : user_pref("browser.search.defaultenginename", "Ask.com");
Nalezeno : user_pref("browser.search.order.1", "Ask.com");
Nalezeno : user_pref("browser.search.selectedEngine", "Ask.com");

*************************

AdwCleaner[R1].txt - [1867 octets] - [24/03/2013 23:07:24]

########## EOF - C:\AdwCleaner[R1].txt - [1927 octets] ##########

[jaro3]

Raději Aviru nebo Avast

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\WINDOWS\system32\DRIVERS\hcdriver.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Delete“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

[Alan-K]

Tak "věc" od Mrkvosoftu je pryč (Microsift Security Essential) a už mne chrání Avira.

Virustotal nenašel nic:

Kód: Vybrat vše

https://www.virustotal.com/cs/file/e322feefa8d4c76d8749f88c9b877e3e119418c4ac0b18a8cfb7260638cc588d/analysis/1364311098/

Log z AdwCleaner a TDSSKiller jsou níže. TDSSKiller mi napsal, že ten soubor, jak jsme testovali je "nízkou hrozbou", ale nevěděl jsem, jestli ho mohu vymazat, tak jsem jej přeskočil. Snad jsem neudělal chybu, v tom případě se omlouvám

# AdwCleaner v2.115 - Log vytvooen 26/03/2013 v 16:58:34
# Aktualizováno 17/03/2013 Xplode
# Operaení systém : Microsoft Windows XP Service Pack 3 (32 bits)
# Uživatel : Alan - COMMANDER
# Spuštin systém : Normální
# Spuštino z : C:\Documents and Settings\Alan\Plocha\adwcleaner.exe
# Volba [Vymazat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Vymazáno : C:\DOCUME~1\Alan\LOCALS~1\Temp\AskSearch
Složka Vymazáno : C:\Documents and Settings\Alan\Data aplikací\searchresultstb
Složka Vymazáno : C:\Documents and Settings\Alan\Local Settings\Data aplikací\OpenCandy
Složka Vymazáno : C:\Documents and Settings\Alan\Local Settings\Data aplikací\PackageAware
Soubor Vymazáno : C:\Documents and Settings\Alan\Data aplikací\Mozilla\Firefox\Profiles\jepw67px.default\searchplugins\Askcom.xml

***** [Registry] *****

Klíe Vymazáno : HKCU\Software\APN PIP
Klíe Vymazáno : HKCU\Software\PIP
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Klíe Vymazáno : HKLM\Software\PIP

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.6001.18702

Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN102 ... cale=en_CZ --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0 (cs)

Soubor : C:\Documents and Settings\Alan\Data aplikací\Mozilla\Firefox\Profiles\jepw67px.default\prefs.js

Vymazáno : user_pref("browser.search.defaultenginename", "Ask.com");
Vymazáno : user_pref("browser.search.order.1", "Ask.com");
Vymazáno : user_pref("browser.search.selectedEngine", "Ask.com");

*************************

AdwCleaner[R1].txt - [1996 octets] - [24/03/2013 23:07:24]
AdwCleaner[R2].txt - [2222 octets] - [26/03/2013 16:58:13]
AdwCleaner[S1].txt - [2188 octets] - [26/03/2013 16:58:34]

########## EOF - C:\AdwCleaner[S1].txt - [2248 octets] ##########

A TDSSKiller:
17:06:14.0556 3060 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:06:15.0666 3060 ============================================================
17:06:15.0666 3060 Current date / time: 2013/03/26 17:06:15.0666
17:06:15.0666 3060 SystemInfo:
17:06:15.0666 3060
17:06:15.0666 3060 OS Version: 5.1.2600 ServicePack: 3.0
17:06:15.0666 3060 Product type: Workstation
17:06:15.0681 3060 ComputerName: COMMANDER
17:06:15.0681 3060 UserName: Alan
17:06:15.0681 3060 Windows directory: C:\WINDOWS
17:06:15.0681 3060 System windows directory: C:\WINDOWS
17:06:15.0681 3060 Processor architecture: Intel x86
17:06:15.0681 3060 Number of processors: 2
17:06:15.0681 3060 Page size: 0x1000
17:06:15.0681 3060 Boot type: Normal boot
17:06:15.0681 3060 ============================================================
17:06:17.0041 3060 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:06:17.0041 3060 Drive \Device\Harddisk1\DR1 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:06:17.0056 3060 Drive \Device\Harddisk2\DR2 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:06:17.0072 3060 Drive \Device\Harddisk3\DR3 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:06:17.0072 3060 Drive \Device\Harddisk4\DR9 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:06:17.0088 3060 ============================================================
17:06:17.0088 3060 \Device\Harddisk0\DR0:
17:06:17.0088 3060 MBR partitions:
17:06:17.0088 3060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8236134
17:06:17.0088 3060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8236173, BlocksNum 0x3214EACE
17:06:17.0088 3060 \Device\Harddisk1\DR1:
17:06:17.0088 3060 MBR partitions:
17:06:17.0088 3060 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEAD02
17:06:17.0088 3060 \Device\Harddisk2\DR2:
17:06:17.0088 3060 MBR partitions:
17:06:17.0088 3060 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEAD02
17:06:17.0088 3060 \Device\Harddisk3\DR3:
17:06:17.0088 3060 MBR partitions:
17:06:17.0088 3060 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEAD02
17:06:17.0088 3060 \Device\Harddisk4\DR9:
17:06:17.0088 3060 MBR partitions:
17:06:17.0088 3060 \Device\Harddisk4\DR9\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEAD02
17:06:17.0088 3060 ============================================================
17:06:17.0103 3060 C: <-> \Device\Harddisk0\DR0\Partition1
17:06:17.0135 3060 G: <-> \Device\Harddisk2\DR2\Partition1
17:06:17.0166 3060 F: <-> \Device\Harddisk3\DR3\Partition1
17:06:17.0181 3060 E: <-> \Device\Harddisk1\DR1\Partition1
17:06:17.0213 3060 D: <-> \Device\Harddisk0\DR0\Partition2
17:06:17.0291 3060 L: <-> \Device\Harddisk4\DR9\Partition1
17:06:17.0291 3060 ============================================================
17:06:17.0291 3060 Initialize success
17:06:17.0291 3060 ============================================================
17:06:25.0197 2916 ============================================================
17:06:25.0197 2916 Scan started
17:06:25.0197 2916 Mode: Manual;
17:06:25.0197 2916 ============================================================
17:06:25.0619 2916 ================ Scan system memory ========================
17:06:25.0619 2916 System memory - ok
17:06:25.0619 2916 ================ Scan services =============================
17:06:25.0760 2916 Abiosdsk - ok
17:06:25.0760 2916 abp480n5 - ok
17:06:25.0806 2916 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:06:25.0822 2916 ACDaemon - ok
17:06:25.0853 2916 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:06:25.0853 2916 ACPI - ok
17:06:25.0869 2916 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:06:25.0885 2916 ACPIEC - ok
17:06:25.0900 2916 [ 73685E15EF8B0BD9C30F1AF413F13D49 ] adfs C:\WINDOWS\system32\drivers\adfs.sys
17:06:25.0916 2916 adfs - ok
17:06:25.0978 2916 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:06:25.0978 2916 AdobeFlashPlayerUpdateSvc - ok
17:06:25.0978 2916 adpu160m - ok
17:06:26.0010 2916 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:06:26.0041 2916 aec - ok
17:06:26.0072 2916 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:06:26.0072 2916 AFD - ok
17:06:26.0088 2916 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
17:06:26.0088 2916 agp440 - ok
17:06:26.0103 2916 Aha154x - ok
17:06:26.0103 2916 aic78u2 - ok
17:06:26.0119 2916 aic78xx - ok
17:06:26.0150 2916 [ BA88534A3CEB6161E7432438B9EA4F54 ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
17:06:26.0197 2916 ALCXSENS - ok
17:06:26.0244 2916 [ 69CBB79CCCCB7AB08F5E00109E9703BD ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:06:26.0275 2916 ALCXWDM - ok
17:06:26.0291 2916 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:06:26.0306 2916 Alerter - ok
17:06:26.0322 2916 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
17:06:26.0322 2916 ALG - ok
17:06:26.0322 2916 AliIde - ok
17:06:26.0338 2916 amsint - ok
17:06:26.0494 2916 [ 27EE3E5A72B3FE0AB0FE94D08D73B94B ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
17:06:26.0541 2916 AntiVirMailService - ok
17:06:26.0572 2916 [ 8871B8E6FBB7BE8F47367E47AADEC5CE ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:06:26.0603 2916 AntiVirSchedulerService - ok
17:06:26.0619 2916 [ 27B3633CED9BD4B588873DAD2F856069 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:06:26.0635 2916 AntiVirService - ok
17:06:26.0666 2916 [ 39C7274C2E8D299F108C17107A0481D7 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:06:26.0681 2916 AntiVirWebService - ok
17:06:26.0713 2916 [ 8D3A55F7B7BE6B374479E5195F477226 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
17:06:26.0728 2916 AnyDVD - ok
17:06:26.0775 2916 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:06:26.0791 2916 Apple Mobile Device - ok
17:06:26.0806 2916 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:06:26.0822 2916 AppMgmt - ok
17:06:26.0838 2916 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:06:26.0853 2916 Arp1394 - ok
17:06:26.0853 2916 asc - ok
17:06:26.0869 2916 asc3350p - ok
17:06:26.0885 2916 asc3550 - ok
17:06:26.0931 2916 [ 5B01AF89D16D562825C4DB4530F20CBB ] Aspi32 C:\WINDOWS\system32\drivers\aspi32.sys
17:06:26.0931 2916 Aspi32 - ok
17:06:26.0963 2916 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:06:26.0978 2916 AsyncMac - ok
17:06:26.0994 2916 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:06:27.0010 2916 atapi - ok
17:06:27.0010 2916 Atdisk - ok
17:06:27.0041 2916 [ 7EEB8386F9AC3721EDAD9B21E5C2F2D4 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:06:27.0072 2916 Ati HotKey Poller - ok
17:06:27.0103 2916 [ 613E7ADA3279F7AD20588B919C223481 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
17:06:27.0135 2916 ATI Smart - ok
17:06:27.0322 2916 [ 28F1B6CCD2E0A184DA7D9F266BFEB267 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:06:27.0385 2916 ati2mtag - ok
17:06:27.0416 2916 [ 924971A182E07463765EF9FA8876F24F ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
17:06:27.0416 2916 AtiHDAudioService - ok
17:06:27.0447 2916 [ 1E82F05CFF41316BCAA513909D99A004 ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
17:06:27.0463 2916 AtiHdmiService - ok
17:06:27.0478 2916 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:06:27.0478 2916 Atmarpc - ok
17:06:27.0510 2916 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:06:27.0510 2916 AudioSrv - ok
17:06:27.0541 2916 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:06:27.0541 2916 audstub - ok
17:06:27.0572 2916 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
17:06:27.0572 2916 Avc - ok
17:06:27.0588 2916 [ D57E60FF40E858B653C404605BBDD6FC ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:06:27.0603 2916 avgntflt - ok
17:06:27.0635 2916 [ 0189056DDBF23C7DEF09D2B5999C5405 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:06:27.0650 2916 avipbb - ok
17:06:27.0666 2916 [ 5BE9B023D7917E6B51FC402DE06819B4 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:06:27.0666 2916 avkmgr - ok
17:06:27.0697 2916 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:06:27.0697 2916 Beep - ok
17:06:27.0728 2916 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
17:06:27.0760 2916 BITS - ok
17:06:27.0791 2916 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:06:27.0806 2916 Bonjour Service - ok
17:06:27.0822 2916 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
17:06:27.0822 2916 Browser - ok
17:06:27.0853 2916 [ 2C04F295F7F40EB46F7ACCD3F6CDEF4A ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
17:06:27.0885 2916 btaudio - ok
17:06:27.0916 2916 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
17:06:27.0916 2916 BTDriver - ok
17:06:27.0947 2916 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
17:06:27.0947 2916 BthEnum - ok
17:06:27.0963 2916 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
17:06:27.0978 2916 BthPan - ok
17:06:27.0978 2916 [ F338662A6C1FC11DD9508F6DFF2C06A2 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
17:06:27.0994 2916 BTHPORT - ok
17:06:28.0025 2916 [ 70CA4B3F634C9DCA200832F8DA76E009 ] BthServ C:\WINDOWS\System32\bthserv.dll
17:06:28.0041 2916 BthServ - ok
17:06:28.0056 2916 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
17:06:28.0056 2916 BTHUSB - ok
17:06:28.0103 2916 [ 49FD2960C0C5FE06DEDF9560AD4C9547 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
17:06:28.0119 2916 BTKRNL - ok
17:06:28.0135 2916 [ F549C3FB145A4928E40BB1518B2034DC ] btusbflt C:\WINDOWS\system32\drivers\btusbflt.sys
17:06:28.0135 2916 btusbflt - ok
17:06:28.0197 2916 [ 80349CB09DDC2F99E16D0F8919E2DCA3 ] btwdins C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe
17:06:28.0244 2916 btwdins - ok
17:06:28.0275 2916 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
17:06:28.0291 2916 BTWDNDIS - ok
17:06:28.0306 2916 [ 949ECA9C56F657C06D3166D51F3226C7 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
17:06:28.0322 2916 btwhid - ok
17:06:28.0353 2916 [ 5922BAE0CD84924B9CD7E6BB515EE070 ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
17:06:28.0353 2916 btwmodem - ok
17:06:28.0385 2916 [ 6B622612FE21B59FAEE2CA4385959778 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
17:06:28.0385 2916 BTWUSB - ok
17:06:28.0416 2916 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:06:28.0416 2916 cbidf2k - ok
17:06:28.0447 2916 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:06:28.0447 2916 CCDECODE - ok
17:06:28.0463 2916 cd20xrnt - ok
17:06:28.0494 2916 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:06:28.0494 2916 Cdaudio - ok
17:06:28.0510 2916 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:06:28.0525 2916 Cdfs - ok
17:06:28.0541 2916 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:06:28.0556 2916 Cdrom - ok
17:06:28.0572 2916 Changer - ok
17:06:28.0588 2916 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:06:28.0588 2916 CiSvc - ok
17:06:28.0619 2916 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:06:28.0635 2916 ClipSrv - ok
17:06:28.0681 2916 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:06:28.0760 2916 clr_optimization_v2.0.50727_32 - ok
17:06:28.0791 2916 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:06:28.0806 2916 clr_optimization_v4.0.30319_32 - ok
17:06:28.0806 2916 CmdIde - ok
17:06:28.0838 2916 [ EF44C32B1AEF62380426B260BF2C66F1 ] COMMONFX C:\WINDOWS\system32\drivers\COMMONFX.SYS
17:06:28.0853 2916 COMMONFX - ok
17:06:28.0853 2916 [ EF44C32B1AEF62380426B260BF2C66F1 ] COMMONFX.SYS C:\WINDOWS\System32\drivers\COMMONFX.SYS
17:06:28.0853 2916 COMMONFX.SYS - ok
17:06:28.0869 2916 COMSysApp - ok
17:06:28.0885 2916 Cpqarray - ok
17:06:28.0916 2916 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
17:06:28.0931 2916 Creative Audio Engine Licensing Service - ok
17:06:28.0947 2916 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
17:06:28.0963 2916 Creative Service for CDROM Access - ok
17:06:28.0994 2916 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:06:28.0994 2916 CryptSvc - ok
17:06:29.0025 2916 [ 357C534B38019B597F51C8BF7186C118 ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
17:06:29.0056 2916 ctac32k - ok
17:06:29.0072 2916 [ 691F8259A1F9C983356D8DB2CDE8043C ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
17:06:29.0088 2916 ctaud2k - ok
17:06:29.0119 2916 [ 7FC78AA6521EF3D9F16E51EFAB0BF13B ] CTAUDFX C:\WINDOWS\system32\drivers\CTAUDFX.SYS
17:06:29.0135 2916 CTAUDFX - ok
17:06:29.0166 2916 [ 7FC78AA6521EF3D9F16E51EFAB0BF13B ] CTAUDFX.SYS C:\WINDOWS\System32\drivers\CTAUDFX.SYS
17:06:29.0166 2916 CTAUDFX.SYS - ok
17:06:29.0213 2916 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
17:06:29.0228 2916 CTAudSvcService - ok
17:06:29.0260 2916 [ 8545D70B0335A05498F34E7E3F8CA9A2 ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
17:06:29.0306 2916 ctdvda2k - ok
17:06:29.0322 2916 [ 16F448354067914E7DEAEA709011BD60 ] CTERFXFX C:\WINDOWS\system32\drivers\CTERFXFX.SYS
17:06:29.0338 2916 CTERFXFX - ok
17:06:29.0353 2916 [ 16F448354067914E7DEAEA709011BD60 ] CTERFXFX.SYS C:\WINDOWS\System32\drivers\CTERFXFX.SYS
17:06:29.0353 2916 CTERFXFX.SYS - ok
17:06:29.0369 2916 [ 4D71541283AEA28FB839007BE90B5FC7 ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
17:06:29.0369 2916 ctprxy2k - ok
17:06:29.0400 2916 [ 64C83684661BE137023F5186A612CF34 ] CTSBLFX C:\WINDOWS\system32\drivers\CTSBLFX.SYS
17:06:29.0416 2916 CTSBLFX - ok
17:06:29.0431 2916 [ 64C83684661BE137023F5186A612CF34 ] CTSBLFX.SYS C:\WINDOWS\System32\drivers\CTSBLFX.SYS
17:06:29.0447 2916 CTSBLFX.SYS - ok
17:06:29.0447 2916 [ 632194572EBDE8D461728CF382A7E964 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
17:06:29.0463 2916 ctsfm2k - ok
17:06:29.0478 2916 dac2w2k - ok
17:06:29.0478 2916 dac960nt - ok
17:06:29.0510 2916 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:06:29.0525 2916 DcomLaunch - ok
17:06:29.0541 2916 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:06:29.0556 2916 Dhcp - ok
17:06:29.0572 2916 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:06:29.0572 2916 Disk - ok
17:06:29.0588 2916 dmadmin - ok
17:06:29.0619 2916 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:06:29.0650 2916 dmboot - ok
17:06:29.0666 2916 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
17:06:29.0666 2916 dmio - ok
17:06:29.0681 2916 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:06:29.0697 2916 dmload - ok
17:06:29.0728 2916 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:06:29.0728 2916 dmserver - ok
17:06:29.0760 2916 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:06:29.0775 2916 DMusic - ok
17:06:29.0791 2916 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:06:29.0806 2916 Dnscache - ok
17:06:29.0822 2916 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:06:29.0853 2916 Dot3svc - ok
17:06:29.0853 2916 dpti2o - ok
17:06:29.0885 2916 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:06:29.0885 2916 drmkaud - ok
17:06:29.0916 2916 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:06:29.0916 2916 EapHost - ok
17:06:29.0947 2916 [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
17:06:29.0947 2916 ElbyCDFL - ok
17:06:29.0978 2916 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
17:06:29.0978 2916 ElbyCDIO - ok
17:06:30.0010 2916 [ BACD9CC06D7A787E529E7EBF56B671AA ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
17:06:30.0010 2916 emupia - ok
17:06:30.0041 2916 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:06:30.0041 2916 ERSvc - ok
17:06:30.0072 2916 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
17:06:30.0072 2916 Eventlog - ok
17:06:30.0103 2916 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\System32\es.dll
17:06:30.0103 2916 EventSystem - ok
17:06:30.0135 2916 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:06:30.0166 2916 Fastfat - ok
17:06:30.0181 2916 [ 3ACBC73531DEDD69837FE73B1623D49C ] fasttx2k C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
17:06:30.0197 2916 fasttx2k - ok
17:06:30.0213 2916 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:06:30.0228 2916 FastUserSwitchingCompatibility - ok
17:06:30.0244 2916 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:06:30.0244 2916 Fdc - ok
17:06:30.0260 2916 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:06:30.0275 2916 Fips - ok
17:06:30.0291 2916 [ CDB568DB5E8985DCC623DA808AC61042 ] fixustor C:\WINDOWS\system32\drivers\fixustor.sys
17:06:30.0291 2916 fixustor - ok
17:06:30.0338 2916 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:06:30.0369 2916 FLEXnet Licensing Service - ok
17:06:30.0400 2916 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:06:30.0400 2916 Flpydisk - ok
17:06:30.0431 2916 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:06:30.0463 2916 FltMgr - ok
17:06:30.0478 2916 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:06:30.0494 2916 FontCache3.0.0.0 - ok
17:06:30.0510 2916 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:06:30.0510 2916 Fs_Rec - ok
17:06:30.0525 2916 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:06:30.0541 2916 Ftdisk - ok
17:06:30.0556 2916 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:06:30.0556 2916 gameenum - ok
17:06:30.0588 2916 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:06:30.0588 2916 GEARAspiWDM - ok
17:06:30.0603 2916 [ 93CA4D9A0433BE0EDD0B9F2F26D5E54C ] ggflt C:\WINDOWS\system32\DRIVERS\ggflt.sys
17:06:30.0619 2916 ggflt - ok
17:06:30.0635 2916 [ 17E678AAB82CCDFB80E7614504933895 ] ggsemc C:\WINDOWS\system32\DRIVERS\ggsemc.sys
17:06:30.0650 2916 ggsemc - ok
17:06:30.0681 2916 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:06:30.0681 2916 Gpc - ok
17:06:30.0728 2916 [ 70606233F3ED0E53CB3EA17F846D6A4F ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys
17:06:30.0744 2916 ha10kx2k - ok
17:06:30.0775 2916 [ A0C69AD2A61E576B0207ACDD9626E167 ] hap16v2k C:\WINDOWS\system32\drivers\hap16v2k.sys
17:06:30.0775 2916 hap16v2k - ok
17:06:30.0806 2916 [ 2EE89452C574D259ADA4FC9FC1C07243 ] hap17v2k C:\WINDOWS\system32\drivers\hap17v2k.sys
17:06:30.0822 2916 hap17v2k - ok
17:06:30.0838 2916 [ 6858AC07F86AAAB72DDB559F21176707 ] hcdriver C:\WINDOWS\system32\DRIVERS\hcdriver.sys
17:06:30.0838 2916 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\hcdriver.sys. Real md5: 6858AC07F86AAAB72DDB559F21176707, Fake md5: 2F244A56091C9705794E92E6BCC38058
17:06:30.0838 2916 hcdriver ( ForgedFile.Multi.Generic ) - warning
17:06:30.0838 2916 hcdriver - detected ForgedFile.Multi.Generic (1)
17:06:30.0869 2916 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:06:30.0869 2916 HDAudBus - ok
17:06:30.0900 2916 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:06:30.0900 2916 helpsvc - ok
17:06:30.0931 2916 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:06:30.0931 2916 HidServ - ok
17:06:30.0963 2916 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:06:30.0963 2916 HidUsb - ok
17:06:30.0994 2916 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:06:30.0994 2916 hkmsvc - ok
17:06:31.0010 2916 hpn - ok
17:06:31.0041 2916 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:06:31.0041 2916 HTTP - ok
17:06:31.0072 2916 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:06:31.0088 2916 HTTPFilter - ok
17:06:31.0103 2916 i2omgmt - ok
17:06:31.0119 2916 i2omp - ok
17:06:31.0135 2916 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:06:31.0135 2916 i8042prt - ok
17:06:31.0197 2916 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:06:31.0260 2916 idsvc - ok
17:06:31.0275 2916 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:06:31.0275 2916 Imapi - ok
17:06:31.0322 2916 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:06:31.0322 2916 ImapiService - ok
17:06:31.0338 2916 ini910u - ok
17:06:31.0353 2916 [ 57D928E548B38502ABBA7A77A6EB7312 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
17:06:31.0353 2916 IntelIde - ok
17:06:31.0369 2916 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:06:31.0385 2916 intelppm - ok
17:06:31.0400 2916 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:06:31.0416 2916 ip6fw - ok
17:06:31.0447 2916 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:06:31.0447 2916 IpFilterDriver - ok
17:06:31.0463 2916 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:06:31.0478 2916 IpInIp - ok
17:06:31.0494 2916 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:06:31.0494 2916 IpNat - ok
17:06:31.0541 2916 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:06:31.0572 2916 iPod Service - ok
17:06:31.0588 2916 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:06:31.0588 2916 IPSec - ok
17:06:31.0619 2916 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:06:31.0619 2916 IRENUM - ok
17:06:31.0650 2916 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:06:31.0650 2916 isapnp - ok
17:06:31.0697 2916 [ 6F9AE59017FAE7E111265394967E846E ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
17:06:31.0728 2916 JavaQuickStarterService - ok
17:06:31.0728 2916 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:06:31.0744 2916 Kbdclass - ok
17:06:31.0760 2916 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:06:31.0791 2916 kmixer - ok
17:06:31.0791 2916 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:06:31.0806 2916 KSecDD - ok
17:06:31.0822 2916 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:06:31.0838 2916 lanmanserver - ok
17:06:31.0869 2916 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:06:31.0869 2916 lanmanworkstation - ok
17:06:31.0885 2916 lbrtfdc - ok
17:06:31.0947 2916 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:06:31.0963 2916 LightScribeService - ok
17:06:31.0978 2916 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:06:31.0994 2916 LmHosts - ok
17:06:32.0010 2916 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
17:06:32.0010 2916 MBAMProtector - ok
17:06:32.0056 2916 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:06:32.0072 2916 MBAMScheduler - ok
17:06:32.0119 2916 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:06:32.0135 2916 MBAMService - ok
17:06:32.0166 2916 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:06:32.0181 2916 Messenger - ok
17:06:32.0228 2916 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:06:32.0228 2916 Microsoft Office Groove Audit Service - ok
17:06:32.0260 2916 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:06:32.0260 2916 mnmdd - ok
17:06:32.0291 2916 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
17:06:32.0306 2916 mnmsrvc - ok
17:06:32.0322 2916 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:06:32.0322 2916 Modem - ok
17:06:32.0353 2916 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:06:32.0353 2916 Mouclass - ok
17:06:32.0369 2916 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:06:32.0385 2916 mouhid - ok
17:06:32.0385 2916 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:06:32.0400 2916 MountMgr - ok
17:06:32.0416 2916 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:06:32.0431 2916 MozillaMaintenance - ok
17:06:32.0447 2916 mraid35x - ok
17:06:32.0478 2916 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:06:32.0510 2916 MRxDAV - ok
17:06:32.0541 2916 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:06:32.0541 2916 MRxSmb - ok
17:06:32.0556 2916 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\System32\msdtc.exe
17:06:32.0572 2916 MSDTC - ok
17:06:32.0603 2916 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys
17:06:32.0635 2916 MSDV - ok
17:06:32.0635 2916 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:06:32.0650 2916 Msfs - ok
17:06:32.0650 2916 MSIServer - ok
17:06:32.0666 2916 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:06:32.0681 2916 MSKSSRV - ok
17:06:32.0681 2916 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:06:32.0697 2916 MSPCLOCK - ok
17:06:32.0697 2916 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:06:32.0713 2916 MSPQM - ok
17:06:32.0713 2916 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:06:32.0728 2916 mssmbios - ok
17:06:32.0760 2916 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:06:32.0760 2916 MSTEE - ok
17:06:32.0775 2916 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:06:32.0775 2916 Mup - ok
17:06:32.0791 2916 [ 363B85773D001E35DC977058956A1486 ] MxEFUF C:\WINDOWS\system32\DRIVERS\MxEFUF32.sys
17:06:32.0806 2916 MxEFUF - ok
17:06:32.0838 2916 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:06:32.0838 2916 NABTSFEC - ok
17:06:32.0869 2916 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:06:32.0900 2916 napagent - ok
17:06:32.0916 2916 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:06:32.0931 2916 NDIS - ok
17:06:32.0947 2916 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:06:32.0963 2916 NdisIP - ok
17:06:32.0978 2916 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:06:32.0978 2916 NdisTapi - ok
17:06:32.0994 2916 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:06:32.0994 2916 Ndisuio - ok
17:06:33.0010 2916 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:06:33.0025 2916 NdisWan - ok
17:06:33.0056 2916 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:06:33.0056 2916 NDProxy - ok
17:06:33.0135 2916 [ 78073F606AE3B24F6C1F555759AA8511 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
17:06:33.0166 2916 Nero BackItUp Scheduler 3 - ok
17:06:33.0181 2916 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:06:33.0197 2916 NetBIOS - ok
17:06:33.0213 2916 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:06:33.0228 2916 NetBT - ok
17:06:33.0260 2916 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
17:06:33.0260 2916 NetDDE - ok
17:06:33.0275 2916 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:06:33.0275 2916 NetDDEdsdm - ok
17:06:33.0306 2916 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:06:33.0306 2916 Netlogon - ok
17:06:33.0338 2916 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
17:06:33.0353 2916 Netman - ok
17:06:33.0385 2916 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:06:33.0400 2916 NetTcpPortSharing - ok
17:06:33.0416 2916 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:06:33.0431 2916 NIC1394 - ok
17:06:33.0447 2916 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
17:06:33.0463 2916 Nla - ok
17:06:33.0494 2916 [ B1EF4686961986DFFB7FE8F18E6FCB5B ] nlsX86cc C:\WINDOWS\system32\nlssrv32.exe
17:06:33.0510 2916 nlsX86cc - ok
17:06:33.0572 2916 [ 37A39E3271842BAE754540FE004D9CB5 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
17:06:33.0603 2916 NMIndexingService - ok
17:06:33.0619 2916 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:06:33.0619 2916 Npfs - ok
17:06:33.0650 2916 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:06:33.0681 2916 Ntfs - ok
17:06:33.0697 2916 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
17:06:33.0697 2916 NtLmSsp - ok
17:06:33.0744 2916 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:06:33.0775 2916 NtmsSvc - ok
17:06:33.0791 2916 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:06:33.0791 2916 Null - ok
17:06:33.0822 2916 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:06:33.0822 2916 NwlnkFlt - ok
17:06:33.0838 2916 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:06:33.0853 2916 NwlnkFwd - ok
17:06:33.0900 2916 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:06:33.0947 2916 odserv - ok
17:06:33.0947 2916 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\drivers\ohci1394.sys
17:06:33.0963 2916 ohci1394 - ok
17:06:33.0994 2916 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:06:33.0994 2916 ose - ok
17:06:34.0025 2916 [ AE896073E1BBF98FEFC2EC52F62C0FBA ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
17:06:34.0041 2916 ossrv - ok
17:06:34.0056 2916 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:06:34.0056 2916 Parport - ok
17:06:34.0072 2916 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:06:34.0072 2916 PartMgr - ok
17:06:34.0103 2916 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:06:34.0119 2916 ParVdm - ok
17:06:34.0119 2916 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:06:34.0135 2916 PCI - ok
17:06:34.0135 2916 PCIDump - ok
17:06:34.0150 2916 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:06:34.0150 2916 PCIIde - ok
17:06:34.0181 2916 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:06:34.0197 2916 Pcmcia - ok
17:06:34.0197 2916 PDCOMP - ok
17:06:34.0213 2916 PDFRAME - ok

[Alan-K]

17:06:34.0213 2916 PDRELI - ok
17:06:34.0228 2916 PDRFRAME - ok
17:06:34.0244 2916 perc2 - ok
17:06:34.0244 2916 perc2hib - ok
17:06:34.0291 2916 [ 5D3F6637FE5981985BF4B7EE6D3E1D67 ] PfModNT C:\WINDOWS\system32\drivers\PfModNT.sys
17:06:34.0291 2916 PfModNT - ok
17:06:34.0306 2916 [ 6FC9CDA0B608DFDA41E42D2E9C7D7874 ] PGR1394b C:\WINDOWS\system32\DRIVERS\HS3dSensor1394.sys
17:06:34.0322 2916 PGR1394b - ok
17:06:34.0338 2916 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe
17:06:34.0353 2916 PLFlash DeviceIoControl Service - ok
17:06:34.0353 2916 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
17:06:34.0369 2916 PlugPlay - ok
17:06:34.0385 2916 [ 273AFC65FABF97326AA78FFE38B1E071 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
17:06:34.0385 2916 Point32 - ok
17:06:34.0400 2916 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:06:34.0400 2916 PolicyAgent - ok
17:06:34.0416 2916 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:06:34.0431 2916 PptpMiniport - ok
17:06:34.0431 2916 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
17:06:34.0447 2916 Processor - ok
17:06:34.0463 2916 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:06:34.0463 2916 ProtectedStorage - ok
17:06:34.0478 2916 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:06:34.0478 2916 PSched - ok
17:06:34.0510 2916 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
17:06:34.0525 2916 PSI_SVC_2 - ok
17:06:34.0556 2916 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:06:34.0556 2916 Ptilink - ok
17:06:34.0572 2916 ql1080 - ok
17:06:34.0572 2916 Ql10wnt - ok
17:06:34.0588 2916 ql12160 - ok
17:06:34.0603 2916 ql1240 - ok
17:06:34.0603 2916 ql1280 - ok
17:06:34.0619 2916 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:06:34.0619 2916 RasAcd - ok
17:06:34.0650 2916 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:06:34.0650 2916 RasAuto - ok
17:06:34.0666 2916 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:06:34.0681 2916 Rasl2tp - ok
17:06:34.0713 2916 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:06:34.0728 2916 RasMan - ok
17:06:34.0744 2916 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:06:34.0744 2916 RasPppoe - ok
17:06:34.0775 2916 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:06:34.0775 2916 Raspti - ok
17:06:34.0791 2916 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:06:34.0822 2916 Rdbss - ok
17:06:34.0838 2916 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:06:34.0838 2916 RDPCDD - ok
17:06:34.0853 2916 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:06:34.0869 2916 rdpdr - ok
17:06:34.0900 2916 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:06:34.0916 2916 RDPWD - ok
17:06:34.0931 2916 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:06:34.0947 2916 RDSessMgr - ok
17:06:34.0963 2916 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:06:34.0978 2916 redbook - ok
17:06:35.0010 2916 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:06:35.0010 2916 RemoteAccess - ok
17:06:35.0041 2916 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:06:35.0041 2916 RemoteRegistry - ok
17:06:35.0072 2916 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
17:06:35.0088 2916 Revoflt - ok
17:06:35.0103 2916 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
17:06:35.0119 2916 RFCOMM - ok
17:06:35.0135 2916 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\System32\locator.exe
17:06:35.0150 2916 RpcLocator - ok
17:06:35.0166 2916 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:06:35.0181 2916 RpcSs - ok
17:06:35.0213 2916 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:06:35.0228 2916 RSVP - ok
17:06:35.0244 2916 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
17:06:35.0244 2916 SamSs - ok
17:06:35.0260 2916 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:06:35.0275 2916 SCardSvr - ok
17:06:35.0306 2916 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:06:35.0338 2916 Schedule - ok
17:06:35.0369 2916 [ 958E956E119EB7B9ABA142AFED1B5FF4 ] ScsiAccess C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
17:06:35.0385 2916 ScsiAccess - ok
17:06:35.0400 2916 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:06:35.0416 2916 Secdrv - ok
17:06:35.0431 2916 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:06:35.0447 2916 seclogon - ok
17:06:35.0463 2916 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
17:06:35.0463 2916 SENS - ok
17:06:35.0478 2916 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:06:35.0494 2916 serenum - ok
17:06:35.0510 2916 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:06:35.0510 2916 Serial - ok
17:06:35.0541 2916 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:06:35.0556 2916 Sfloppy - ok
17:06:35.0588 2916 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:06:35.0588 2916 SharedAccess - ok
17:06:35.0603 2916 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:06:35.0603 2916 ShellHWDetection - ok
17:06:35.0635 2916 [ 3DA2F680BFC8E92A535CEA5A5D80AC37 ] SI3112r C:\WINDOWS\system32\DRIVERS\SI3112r.sys
17:06:35.0666 2916 SI3112r - ok
17:06:35.0666 2916 [ D893AA1D1EE007B7AB1B16E1099E9F17 ] SiFilter C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
17:06:35.0681 2916 SiFilter - ok
17:06:35.0697 2916 Simbad - ok
17:06:35.0713 2916 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:06:35.0713 2916 SLIP - ok
17:06:35.0806 2916 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
17:06:35.0822 2916 Sony PC Companion - ok
17:06:35.0822 2916 Sparrow - ok
17:06:35.0853 2916 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:06:35.0853 2916 splitter - ok
17:06:35.0885 2916 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:06:35.0885 2916 Spooler - ok
17:06:35.0900 2916 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:06:35.0916 2916 sr - ok
17:06:35.0931 2916 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
17:06:35.0963 2916 srservice - ok
17:06:35.0994 2916 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:06:35.0994 2916 Srv - ok
17:06:36.0025 2916 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:06:36.0041 2916 SSDPSRV - ok
17:06:36.0072 2916 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:06:36.0072 2916 ssmdrv - ok
17:06:36.0103 2916 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:06:36.0119 2916 stisvc - ok
17:06:36.0135 2916 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:06:36.0150 2916 streamip - ok
17:06:36.0166 2916 [ 65E1FCF1BBB794E79EDB2F8016127794 ] SWDUMon C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
17:06:36.0166 2916 SWDUMon - ok
17:06:36.0197 2916 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:06:36.0197 2916 swenum - ok
17:06:36.0213 2916 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:06:36.0213 2916 swmidi - ok
17:06:36.0228 2916 SwPrv - ok
17:06:36.0244 2916 symc810 - ok
17:06:36.0260 2916 symc8xx - ok
17:06:36.0260 2916 sym_hi - ok
17:06:36.0275 2916 sym_u3 - ok
17:06:36.0291 2916 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:06:36.0306 2916 sysaudio - ok
17:06:36.0322 2916 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:06:36.0338 2916 SysmonLog - ok
17:06:36.0478 2916 [ 1FF41723B6CF6EF0D2456691B75131BB ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
17:06:36.0525 2916 TabletServicePen - ok
17:06:36.0541 2916 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:06:36.0572 2916 TapiSrv - ok
17:06:36.0588 2916 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:06:36.0588 2916 Tcpip - ok
17:06:36.0619 2916 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:06:36.0635 2916 TDPIPE - ok
17:06:36.0666 2916 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:06:36.0666 2916 TDTCP - ok
17:06:36.0697 2916 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:06:36.0713 2916 TermDD - ok
17:06:36.0744 2916 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
17:06:36.0775 2916 TermService - ok
17:06:36.0791 2916 [ D9D5E4CA72270E9F3ECA97DA0983AB87 ] tffsport C:\WINDOWS\system32\DRIVERS\tffsport.sys
17:06:36.0806 2916 tffsport - ok
17:06:36.0822 2916 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:06:36.0822 2916 Themes - ok
17:06:36.0838 2916 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
17:06:36.0853 2916 TlntSvr - ok
17:06:36.0869 2916 TosIde - ok
17:06:36.0900 2916 [ C17EA46C3326A951DC3B8E883D661E0C ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
17:06:36.0931 2916 TouchServicePen - ok
17:06:36.0947 2916 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:06:36.0963 2916 TrkWks - ok
17:06:36.0994 2916 [ F0D66BAA17BA04BAB1D238FBFC582D8F ] ubohci C:\WINDOWS\system32\DRIVERS\ubohci.sys
17:06:36.0994 2916 ubohci - ok
17:06:37.0010 2916 [ 7DB1DEA2E2CB69FAD1974FECD67190EE ] ubsbm C:\WINDOWS\system32\DRIVERS\ubsbm.sys
17:06:37.0010 2916 ubsbm - ok
17:06:37.0025 2916 [ C1AD76802A97FBBBF743D9F7EE987EC0 ] ubumapi C:\WINDOWS\system32\DRIVERS\ubumapi.sys
17:06:37.0041 2916 ubumapi - ok
17:06:37.0056 2916 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:06:37.0072 2916 Udfs - ok
17:06:37.0103 2916 [ 2BC60F520D92828A00AFF3D2D0C6A3E6 ] udsstub C:\WINDOWS\system32\DRIVERS\udsstub.sys
17:06:37.0103 2916 udsstub - ok
17:06:37.0103 2916 ultra - ok
17:06:37.0150 2916 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:06:37.0181 2916 Update - ok
17:06:37.0197 2916 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
17:06:37.0244 2916 upnphost - ok
17:06:37.0260 2916 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
17:06:37.0260 2916 UPS - ok
17:06:37.0291 2916 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:06:37.0306 2916 USBAAPL - ok
17:06:37.0338 2916 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:06:37.0338 2916 usbccgp - ok
17:06:37.0369 2916 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:06:37.0385 2916 usbehci - ok
17:06:37.0400 2916 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:06:37.0416 2916 usbhub - ok
17:06:37.0431 2916 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:06:37.0447 2916 usbprint - ok
17:06:37.0463 2916 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:06:37.0478 2916 usbscan - ok
17:06:37.0510 2916 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:06:37.0510 2916 USBSTOR - ok
17:06:37.0556 2916 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:06:37.0572 2916 usbuhci - ok
17:06:37.0603 2916 [ 94D73B62E458FB56C9CE60AA96D914F9 ] VClone C:\WINDOWS\system32\DRIVERS\VClone.sys
17:06:37.0603 2916 VClone - ok
17:06:37.0635 2916 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:06:37.0635 2916 VgaSave - ok
17:06:37.0650 2916 ViaIde - ok
17:06:37.0681 2916 [ FECE79A9AEF62AD5F11A3F4A14F1DEAD ] VIAudio C:\WINDOWS\system32\drivers\vinyl97.sys
17:06:37.0697 2916 VIAudio - ok
17:06:37.0728 2916 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:06:37.0744 2916 VolSnap - ok
17:06:37.0760 2916 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
17:06:37.0791 2916 VSS - ok
17:06:37.0806 2916 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
17:06:37.0838 2916 W32Time - ok
17:06:37.0853 2916 [ C3B03ED7B06657A3355F620BC02ACFB6 ] wacmoumonitor C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
17:06:37.0869 2916 wacmoumonitor - ok
17:06:37.0885 2916 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
17:06:37.0885 2916 wacommousefilter - ok
17:06:37.0885 2916 [ 846B58EA44BF8C92E4B59F4E2252C4C0 ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
17:06:37.0900 2916 wacomvhid - ok
17:06:37.0916 2916 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:06:37.0931 2916 Wanarp - ok
17:06:37.0994 2916 [ 96C4C98FE4866C16FC64E4578A0AA975 ] WDBackup C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
17:06:37.0994 2916 WDBackup - ok
17:06:38.0025 2916 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
17:06:38.0041 2916 WDC_SAM - ok
17:06:38.0056 2916 [ 80F8944EA183004D6EDCBBDCEC166404 ] WDDriveService C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
17:06:38.0072 2916 WDDriveService - ok
17:06:38.0103 2916 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
17:06:38.0150 2916 Wdf01000 - ok
17:06:38.0150 2916 WDICA - ok
17:06:38.0181 2916 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:06:38.0197 2916 wdmaud - ok
17:06:38.0244 2916 [ FD2D1C60CDBDFAB63EF182539D8FFC2D ] WDRulesService C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
17:06:38.0260 2916 WDRulesService - ok
17:06:38.0275 2916 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:06:38.0291 2916 WebClient - ok
17:06:38.0353 2916 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:06:38.0369 2916 winmgmt - ok
17:06:38.0416 2916 [ 4D34CEDD74BDBF2B6A935EAE3BF80543 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
17:06:38.0510 2916 WinRM - ok
17:06:38.0541 2916 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:06:38.0556 2916 WmdmPmSN - ok
17:06:38.0588 2916 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:06:38.0588 2916 Wmi - ok
17:06:38.0619 2916 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:06:38.0635 2916 WmiApSrv - ok
17:06:38.0681 2916 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:06:38.0744 2916 WMPNetworkSvc - ok
17:06:38.0760 2916 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:06:38.0775 2916 WpdUsb - ok
17:06:38.0853 2916 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:06:38.0885 2916 WPFFontCache_v0400 - ok
17:06:38.0916 2916 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:06:38.0916 2916 WS2IFSL - ok
17:06:38.0931 2916 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:06:38.0947 2916 wscsvc - ok
17:06:38.0978 2916 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:06:38.0978 2916 WSTCODEC - ok
17:06:39.0010 2916 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:06:39.0010 2916 wuauserv - ok
17:06:39.0041 2916 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:06:39.0041 2916 WudfPf - ok
17:06:39.0072 2916 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:06:39.0088 2916 WudfRd - ok
17:06:39.0119 2916 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:06:39.0135 2916 WudfSvc - ok
17:06:39.0166 2916 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:06:39.0197 2916 WZCSVC - ok
17:06:39.0228 2916 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:06:39.0244 2916 xmlprov - ok
17:06:39.0275 2916 [ 87F126D0F8DC176B282924DF0417075E ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
17:06:39.0275 2916 yukonwxp - ok
17:06:39.0291 2916 [ BA6F5125903095B802D31A061FE7209B ] ZYNFX_AT C:\WINDOWS\system32\DRIVERS\ZYNFX_AT.SYS
17:06:39.0306 2916 ZYNFX_AT - ok
17:06:39.0322 2916 ================ Scan global ===============================
17:06:39.0353 2916 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
17:06:39.0400 2916 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
17:06:39.0416 2916 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
17:06:39.0431 2916 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
17:06:39.0431 2916 [Global] - ok
17:06:39.0431 2916 ================ Scan MBR ==================================
17:06:39.0447 2916 [ 3B00EB857BBA060EBA3B17F7019E492F ] \Device\Harddisk0\DR0
17:06:39.0603 2916 \Device\Harddisk0\DR0 - ok
17:06:39.0603 2916 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk1\DR1
17:06:39.0619 2916 \Device\Harddisk1\DR1 - ok
17:06:39.0619 2916 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
17:06:39.0635 2916 \Device\Harddisk2\DR2 - ok
17:06:39.0635 2916 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
17:06:39.0635 2916 \Device\Harddisk3\DR3 - ok
17:06:39.0650 2916 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk4\DR9
17:06:39.0666 2916 \Device\Harddisk4\DR9 - ok
17:06:39.0666 2916 ================ Scan VBR ==================================
17:06:39.0666 2916 [ F4709A370C6EA54318B19F5FFB73A055 ] \Device\Harddisk0\DR0\Partition1
17:06:39.0666 2916 \Device\Harddisk0\DR0\Partition1 - ok
17:06:39.0681 2916 [ 8CA7C2362E80718F21B955903D9FC76B ] \Device\Harddisk0\DR0\Partition2
17:06:39.0681 2916 \Device\Harddisk0\DR0\Partition2 - ok
17:06:39.0697 2916 [ 3F72A886E781991E368E6D68FE004E2D ] \Device\Harddisk1\DR1\Partition1
17:06:39.0697 2916 \Device\Harddisk1\DR1\Partition1 - ok
17:06:39.0697 2916 [ 009BB83BCC16F4E08EC00CA21843EB1A ] \Device\Harddisk2\DR2\Partition1
17:06:39.0713 2916 \Device\Harddisk2\DR2\Partition1 - ok
17:06:39.0713 2916 [ 1E7728721C26D63EBEC2B584E06DCE89 ] \Device\Harddisk3\DR3\Partition1
17:06:39.0713 2916 \Device\Harddisk3\DR3\Partition1 - ok
17:06:39.0713 2916 [ A0DC9073C8607342B975B19820A0A9C5 ] \Device\Harddisk4\DR9\Partition1
17:06:39.0728 2916 \Device\Harddisk4\DR9\Partition1 - ok
17:06:39.0728 2916 ============================================================
17:06:39.0728 2916 Scan finished
17:06:39.0728 2916 ============================================================
17:06:39.0744 3220 Detected object count: 1
17:06:39.0744 3220 Actual detected object count: 1
17:07:17.0853 3220 hcdriver ( ForgedFile.Multi.Generic ) - skipped by user
17:07:17.0853 3220 hcdriver ( ForgedFile.Multi.Generic ) - User select action: Skip
17:07:35.0166 1804 Deinitialize success

[jaro3]

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[Alan-K]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Alan [Práva správce]
Mód : Kontrola -- Datum : 03/26/2013 22:53:45
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[Faked.Drv][FILE] hcdriver.sys : C:\WINDOWS\system32\drivers\hcdriver.sys [-] --> NALEZENO

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
SSDT[25] : NtClose @ 0x8056F8D7 -> HOOKED (Unknown @ 0xF7A9D294)
SSDT[41] : NtCreateKey @ 0x80578ABE -> HOOKED (Unknown @ 0xF7A9D24E)
SSDT[50] : NtCreateSection @ 0x8056DB66 -> HOOKED (Unknown @ 0xF7A9D29E)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805E0922 -> HOOKED (Unknown @ 0xF7A9D276)
SSDT[53] : NtCreateThread @ 0x805860C0 -> HOOKED (Unknown @ 0xF7A9D244)
SSDT[63] : NtDeleteKey @ 0x8059A5CD -> HOOKED (Unknown @ 0xF7A9D253)
SSDT[65] : NtDeleteValueKey @ 0x805991EC -> HOOKED (Unknown @ 0xF7A9D25D)
SSDT[68] : NtDuplicateObject @ 0x8057DDAF -> HOOKED (Unknown @ 0xF7A9D28F)
SSDT[97] : NtLoadDriver @ 0x805B06F6 -> HOOKED (Unknown @ 0xF7A9D27B)
SSDT[98] : NtLoadKey @ 0x805D608D -> HOOKED (Unknown @ 0xF7A9D262)
SSDT[122] : NtOpenProcess @ 0x8057BB80 -> HOOKED (Unknown @ 0xF7A9D230)
SSDT[125] : NtOpenSection @ 0x8057B96A -> HOOKED (Unknown @ 0xF7A9D271)
SSDT[128] : NtOpenThread @ 0x80596A0F -> HOOKED (Unknown @ 0xF7A9D235)
SSDT[177] : NtQueryValueKey @ 0x80572F19 -> HOOKED (Unknown @ 0xF7A9D2B7)
SSDT[193] : NtReplaceKey @ 0x8065724C -> HOOKED (Unknown @ 0xF7A9D26C)
SSDT[200] : NtRequestWaitReplyPort @ 0x8057D89E -> HOOKED (Unknown @ 0xF7A9D2A8)
SSDT[204] : NtRestoreKey @ 0x80656DE1 -> HOOKED (Unknown @ 0xF7A9D267)
SSDT[213] : NtSetContextThread @ 0x8063628D -> HOOKED (Unknown @ 0xF7A9D2A3)
SSDT[237] : NtSetSecurityObject @ 0x8059EC29 -> HOOKED (Unknown @ 0xF7A9D2AD)
SSDT[240] : NtSetSystemInformation @ 0x805B2328 -> HOOKED (Unknown @ 0xF7A9D280)
SSDT[247] : NtSetValueKey @ 0x8057B4EF -> HOOKED (Unknown @ 0xF7A9D258)
SSDT[255] : NtSystemDebugControl @ 0x80651B27 -> HOOKED (Unknown @ 0xF7A9D2B2)
SSDT[257] : NtTerminateProcess @ 0x8058E6B9 -> HOOKED (Unknown @ 0xF7A9D23F)
SSDT[277] : NtWriteVirtualMemory @ 0x805873F6 -> HOOKED (Unknown @ 0xF7A9D23A)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7A9D2C6)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7A9D2CB)

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKB-00H8A0 +++++
--- User ---
[MBR] c390c7439d1fe20d14e1456093e46626
[BSP] a206917eb8d1bee37f7ebd68ff4de544 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 66668 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 136536435 | Size: 410269 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3300622A +++++
--- User ---
[MBR] f98601582538bbce76eae446e15aac69
[BSP] 677c79a1d8d67249e3545cb22bf0b066 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286165 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST3300622AS +++++
--- User ---
[MBR] 3ff3632047fa515d772c62950a7baa74
[BSP] a770cf9669248ad61739740e10430862 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286165 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: ST3300622AS +++++
--- User ---
[MBR] a4a8d3f4da46dcd80c81dc992c4e5e4b
[BSP] 9ae994606b959d41bedbc7bf587a282b : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286165 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: ST330062 2A USB Disk +++++
--- User ---
[MBR] df8c1b6e3c62f7d2dc9de1d85ded9814
[BSP] 8eb3286053317eca251a66944f07cd41 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286165 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1]_S_03262013_02d2253.txt >>
RKreport[1]_S_03262013_02d2253.txt

[jaro3]

Zavři všechny programy a prohlížeče.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Scan "
- Klikni na "Delete"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [1]. txt na ploše.
- Zavři RogueKiller

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Alan-K]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Alan [Práva správce]
Mód : Odebrat -- Datum : 03/26/2013 23:26:48
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[Faked.Drv][FILE] hcdriver.sys : C:\WINDOWS\system32\drivers\hcdriver.sys [-] --> NELZE OPRAVIT

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
SSDT[25] : NtClose @ 0x8056F8D7 -> HOOKED (Unknown @ 0xF7A9D294)
SSDT[41] : NtCreateKey @ 0x80578ABE -> HOOKED (Unknown @ 0xF7A9D24E)
SSDT[50] : NtCreateSection @ 0x8056DB66 -> HOOKED (Unknown @ 0xF7A9D29E)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805E0922 -> HOOKED (Unknown @ 0xF7A9D276)
SSDT[53] : NtCreateThread @ 0x805860C0 -> HOOKED (Unknown @ 0xF7A9D244)
SSDT[63] : NtDeleteKey @ 0x8059A5CD -> HOOKED (Unknown @ 0xF7A9D253)
SSDT[65] : NtDeleteValueKey @ 0x805991EC -> HOOKED (Unknown @ 0xF7A9D25D)
SSDT[68] : NtDuplicateObject @ 0x8057DDAF -> HOOKED (Unknown @ 0xF7A9D28F)
SSDT[97] : NtLoadDriver @ 0x805B06F6 -> HOOKED (Unknown @ 0xF7A9D27B)
SSDT[98] : NtLoadKey @ 0x805D608D -> HOOKED (Unknown @ 0xF7A9D262)
SSDT[122] : NtOpenProcess @ 0x8057BB80 -> HOOKED (Unknown @ 0xF7A9D230)
SSDT[125] : NtOpenSection @ 0x8057B96A -> HOOKED (Unknown @ 0xF7A9D271)
SSDT[128] : NtOpenThread @ 0x80596A0F -> HOOKED (Unknown @ 0xF7A9D235)
SSDT[177] : NtQueryValueKey @ 0x80572F19 -> HOOKED (Unknown @ 0xF7A9D2B7)
SSDT[193] : NtReplaceKey @ 0x8065724C -> HOOKED (Unknown @ 0xF7A9D26C)
SSDT[200] : NtRequestWaitReplyPort @ 0x8057D89E -> HOOKED (Unknown @ 0xF7A9D2A8)
SSDT[204] : NtRestoreKey @ 0x80656DE1 -> HOOKED (Unknown @ 0xF7A9D267)
SSDT[213] : NtSetContextThread @ 0x8063628D -> HOOKED (Unknown @ 0xF7A9D2A3)
SSDT[237] : NtSetSecurityObject @ 0x8059EC29 -> HOOKED (Unknown @ 0xF7A9D2AD)
SSDT[240] : NtSetSystemInformation @ 0x805B2328 -> HOOKED (Unknown @ 0xF7A9D280)
SSDT[247] : NtSetValueKey @ 0x8057B4EF -> HOOKED (Unknown @ 0xF7A9D258)
SSDT[255] : NtSystemDebugControl @ 0x80651B27 -> HOOKED (Unknown @ 0xF7A9D2B2)
SSDT[257] : NtTerminateProcess @ 0x8058E6B9 -> HOOKED (Unknown @ 0xF7A9D23F)
SSDT[277] : NtWriteVirtualMemory @ 0x805873F6 -> HOOKED (Unknown @ 0xF7A9D23A)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7A9D2C6)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7A9D2CB)

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKB-00H8A0 +++++
--- User ---
[MBR] c390c7439d1fe20d14e1456093e46626
[BSP] a206917eb8d1bee37f7ebd68ff4de544 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 66668 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 136536435 | Size: 410269 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3300622A +++++
--- User ---
[MBR] f98601582538bbce76eae446e15aac69
[BSP] 677c79a1d8d67249e3545cb22bf0b066 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286165 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST3300622AS +++++
--- User ---
[MBR] 3ff3632047fa515d772c62950a7baa74
[BSP] a770cf9669248ad61739740e10430862 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286165 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: ST3300622AS +++++
--- User ---
[MBR] a4a8d3f4da46dcd80c81dc992c4e5e4b
[BSP] 9ae994606b959d41bedbc7bf587a282b : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286165 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[3]_D_03262013_02d2326.txt >>
RKreport[1]_S_03262013_02d2253.txt ; RKreport[2]_S_03262013_02d2324.txt ; RKreport[3]_D_03262013_02d2326.txt

[Alan-K]

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-26 23:32:52
-----------------------------
23:32:52.781 OS Version: Windows 5.1.2600 Service Pack 3
23:32:52.781 Number of processors: 2 586 0x304
23:32:52.781 ComputerName: COMMANDER UserName: Alan
23:32:53.843 Initialize success
23:33:01.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
23:33:01.734 Disk 0 Vendor: WDC_WD5000AAKB-00H8A0 05.04E05 Size: 476940MB BusType: 3
23:33:01.765 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
23:33:01.765 Disk 1 Vendor: ST3300622A 3.AAE Size: 286168MB BusType: 3
23:33:01.765 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2b
23:33:01.765 Disk 2 Vendor: ST3300622AS 3.AAE Size: 286168MB BusType: 3
23:33:01.765 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-36
23:33:01.765 Disk 3 Vendor: ST3300622AS 3.AAE Size: 286168MB BusType: 3
23:33:01.875 Disk 0 MBR read successfully
23:33:01.875 Disk 0 MBR scan
23:33:01.890 Disk 0 Windows XP default MBR code
23:33:01.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 66668 MB offset 63
23:33:01.906 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 410269 MB offset 136536435
23:33:01.906 Disk 0 scanning sectors +976768065
23:33:01.968 Disk 0 scanning C:\WINDOWS\system32\drivers
23:33:07.640 Service scanning
23:33:15.718 Modules scanning
23:33:18.843 Disk 0 trace - called modules:
23:33:18.859 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:33:18.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a917ab8]
23:33:18.875 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8a9b7cb0]
23:33:18.875 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a953d98]
23:33:18.875 Scan finished successfully
23:33:27.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Alan\Plocha\MBR.dat"
23:33:27.093 The log file has been saved successfully to "C:\Documents and Settings\Alan\Plocha\aswMBR.txt"

[jaro3]

Tady z MWAV o tom co našel (přepsáno z okénka):
Virus Log Information:
C:\WINDOWS\system32\DRIVERS\hcdriver.sys: Forget File - Suspicious Rootkit
Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed

http://www.runscanner.net/lib/hcdriver.sys.html

MWAV bych nepoužíval vůbec.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.