PLS HJT Control - Nález Mbam

Jan Pašek · Příspěvekod **Jan Pašek** » 16 lis 2012 16:09

Pustil jsem se do SW údržby synova PC a spíše bych se divil kdyby PC neměl zavirovaný. Poprosil bych o pomoc s odvirováním a SW čištěním.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.11.16.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
sprravce :: ASUS [administrátor]

16.11.2012 13:47:09
mbam-log-2012-11-16 (15-52-29).txt

Typ: Úplná kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 251473
Uplynulý čas: 1 hodin, 5 minut, 20 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Program Files\OpenTab\OpenTab_kmpopentab_Setup.exe (Adware.K.OpenTab) -> Žádná instrukce nebyla provedena.

(konec)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:01:28, on 16.11.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3069265984
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5210 bytes

Reklama

Příspěvekod **Žbeky** » 17 lis 2012 10:00

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3069265984

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Jan Pašek · Příspěvekod **Jan Pašek** » 17 lis 2012 18:35

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:59:35, on 17.11.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\sprravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sprravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sprravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sprravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sprravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5392 bytes

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.11.17.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
sprravce :: ASUS [administrátor]

17.11.2012 17:12:18
mbam-log-2012-11-17 (17-12-18).txt

Typ: Úplná kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 250489
Uplynulý čas: 52 minut, 36 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Program Files\OpenTab\OpenTab_kmpopentab_Setup.exe (Adware.K.OpenTab) -> Umístnění do karantény a smazání se zdařilo.

(konec)

ComboFix 12-11-16.02 - sprravce 17.11.2012 18:21:00.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.633 [GMT 1:00]
Spuštěný z: c:\documents and settings\sprravce\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\OpenTab
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\79b40ed3f90dfeb7.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-17 do 2012-11-17 )))))))))))))))))))))))))))))))
.
.
2012-11-16 12:42 . 2012-11-16 12:42 -------- d-----w- c:\program files\Common Files\Java
2012-11-16 12:42 . 2012-11-16 12:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-28 14:57 . 2012-10-28 14:57 -------- d-----w- c:\documents and settings\sprravce\Data aplikací\GRETECH
2012-10-28 14:53 . 2012-10-28 14:53 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2012-10-28 14:52 . 2012-10-28 14:52 -------- d-----w- c:\program files\GRETECH
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 12:41 . 2012-05-31 15:15 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-16 12:41 . 2012-05-31 15:15 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-16 12:41 . 2010-05-01 14:33 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-30 22:51 . 2011-03-03 05:00 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2010-01-28 02:53 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2010-01-28 02:53 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2010-01-28 02:52 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2010-01-28 02:52 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2010-01-28 02:52 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2010-01-28 02:53 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2010-01-28 02:52 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2010-06-29 19:31 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2010-01-28 02:52 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-30 19:06 . 2012-05-29 18:09 1878 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-10-22 19:57 . 2010-11-11 10:08 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2010-11-11 10:07 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 18:54 . 2012-03-30 17:39 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:18 . 2010-11-11 10:08 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2010-11-11 10:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2010-11-11 10:07 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2010-11-11 10:07 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2010-11-11 10:08 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2008-04-14 08:06 2029568 ------w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 06:27 . 2008-04-14 08:06 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2011-06-20 10:45 . 2011-06-20 10:45 388608 ----a-w- c:\program files\HiJackThis.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 498560]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-11-27 993704]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
2007-03-01 05:01 180736 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2012-09-29 18:54 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2008-06-20 14:58 2887680 -c--a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2008-07-11 10:46 90112 -c--a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\USB Server 2\\USB Server.exe"=
"c:\\Documents and Settings\\sprravce\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.3.2011 6:00 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.1.2010 3:52 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.1.2010 3:52 21256]
R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\drivers\GenBus.sys [28.7.2009 17:25 27136]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [23.10.2008 11:01 94208]
R3 NUS_Bus;Network USB Server Bus;c:\windows\system32\drivers\NUS_Bus.sys [28.1.2010 14:51 27392]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 12:28 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.11.2010 11:01 1684736]
S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [12.1.2012 13:49 173056]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21.4.2007 14:54 52080]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-05 22:50]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
MSConfigStartUp-Diar_VS - c:\program files\Diar 5\diar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-17 18:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-11-17 18:31:31
ComboFix-quarantined-files.txt 2012-11-17 17:31
.
Před spuštěním: Volných bajtů: 34 605 154 304
Po spuštění: Volných bajtů: 34 555 465 728
.
- - End Of File - - 6545E62219EBF4F0BAFD05E2DB13504B

ComboFix 12-11-16.02 - sprravce 17.11.2012 18:21:00.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.633 [GMT 1:00]
Spuštěný z: c:\documents and settings\sprravce\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\OpenTab
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\79b40ed3f90dfeb7.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-17 do 2012-11-17 )))))))))))))))))))))))))))))))
.
.
2012-11-16 12:42 . 2012-11-16 12:42 -------- d-----w- c:\program files\Common Files\Java
2012-11-16 12:42 . 2012-11-16 12:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-28 14:57 . 2012-10-28 14:57 -------- d-----w- c:\documents and settings\sprravce\Data aplikací\GRETECH
2012-10-28 14:53 . 2012-10-28 14:53 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2012-10-28 14:52 . 2012-10-28 14:52 -------- d-----w- c:\program files\GRETECH
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 12:41 . 2012-05-31 15:15 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-16 12:41 . 2012-05-31 15:15 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-16 12:41 . 2010-05-01 14:33 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-30 22:51 . 2011-03-03 05:00 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2010-01-28 02:53 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2010-01-28 02:53 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2010-01-28 02:52 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2010-01-28 02:52 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2010-01-28 02:52 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2010-01-28 02:53 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2010-01-28 02:52 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2010-06-29 19:31 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2010-01-28 02:52 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-30 19:06 . 2012-05-29 18:09 1878 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-10-22 19:57 . 2010-11-11 10:08 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2010-11-11 10:07 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 18:54 . 2012-03-30 17:39 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:18 . 2010-11-11 10:08 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2010-11-11 10:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2010-11-11 10:07 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2010-11-11 10:07 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2010-11-11 10:08 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2008-04-14 08:06 2029568 ------w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 06:27 . 2008-04-14 08:06 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2011-06-20 10:45 . 2011-06-20 10:45 388608 ----a-w- c:\program files\HiJackThis.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 498560]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-11-27 993704]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
2007-03-01 05:01 180736 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2012-09-29 18:54 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2008-06-20 14:58 2887680 -c--a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2008-07-11 10:46 90112 -c--a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\USB Server 2\\USB Server.exe"=
"c:\\Documents and Settings\\sprravce\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.3.2011 6:00 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.1.2010 3:52 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.1.2010 3:52 21256]
R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\drivers\GenBus.sys [28.7.2009 17:25 27136]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [23.10.2008 11:01 94208]
R3 NUS_Bus;Network USB Server Bus;c:\windows\system32\drivers\NUS_Bus.sys [28.1.2010 14:51 27392]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 12:28 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.11.2010 11:01 1684736]
S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [12.1.2012 13:49 173056]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21.4.2007 14:54 52080]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-05 22:50]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
MSConfigStartUp-Diar_VS - c:\program files\Diar 5\diar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-17 18:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-11-17 18:31:31
ComboFix-quarantined-files.txt 2012-11-17 17:31
.
Před spuštěním: Volných bajtů: 34 605 154 304
Po spuštění: Volných bajtů: 34 555 465 728
.
- - End Of File - - 6545E62219EBF4F0BAFD05E2DB13504B

Příspěvekod **Žbeky** » 18 lis 2012 14:12

Dals 2* CF, ale ani jednou TDSS

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\PerfStringBackup.TMP

Folder::
c:\program files\Skype\Updater

Driver::
SkypeUpdate

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Jan Pašek · Příspěvekod **Jan Pašek** » 18 lis 2012 19:17

Sorry zřejmě chybná manipulace s Ctrl+C na malých klávesnicích a s mými silnějšími prsty se to občas stane.

ComboFix 12-11-16.02 - sprravce 18.11.2012 18:57:57.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.518 [GMT 1:00]
Spuštěný z: c:\documents and settings\sprravce\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\sprravce\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\system32\PerfStringBackup.TMP"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-18 do 2012-11-18 )))))))))))))))))))))))))))))))
.
.
2012-11-18 17:48 . 2012-06-02 14:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-11-16 12:42 . 2012-11-16 12:42 -------- d-----w- c:\program files\Common Files\Java
2012-11-16 12:42 . 2012-11-16 12:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-28 14:57 . 2012-10-28 14:57 -------- d-----w- c:\documents and settings\sprravce\Data aplikací\GRETECH
2012-10-28 14:53 . 2012-10-28 14:53 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2012-10-28 14:52 . 2012-10-28 14:52 -------- d-----w- c:\program files\GRETECH
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 12:41 . 2012-05-31 15:15 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-16 12:41 . 2012-05-31 15:15 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-16 12:41 . 2010-05-01 14:33 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-30 22:51 . 2011-03-03 05:00 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2010-01-28 02:53 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2010-01-28 02:53 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2010-01-28 02:52 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2010-01-28 02:52 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2010-01-28 02:52 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2010-01-28 02:53 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2010-01-28 02:52 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2010-06-29 19:31 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2010-01-28 02:52 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-30 19:06 . 2012-05-29 18:09 1878 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-10-22 19:57 . 2010-11-11 10:08 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2010-11-11 10:07 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 18:54 . 2012-03-30 17:39 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:18 . 2010-11-11 10:08 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2010-11-11 10:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2010-11-11 10:07 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2010-11-11 10:07 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2010-11-11 10:08 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2008-04-14 08:06 2029568 ------w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 06:27 . 2008-04-14 08:06 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2011-06-20 10:45 . 2011-06-20 10:45 388608 ----a-w- c:\program files\HiJackThis.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 498560]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-11-27 993704]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
2007-03-01 05:01 180736 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2012-09-29 18:54 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2008-06-20 14:58 2887680 -c--a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2008-07-11 10:46 90112 -c--a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\USB Server 2\\USB Server.exe"=
"c:\\Documents and Settings\\sprravce\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.3.2011 6:00 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.1.2010 3:52 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.1.2010 3:52 21256]
R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\drivers\GenBus.sys [28.7.2009 17:25 27136]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [23.10.2008 11:01 94208]
R3 NUS_Bus;Network USB Server Bus;c:\windows\system32\drivers\NUS_Bus.sys [28.1.2010 14:51 27392]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.11.2010 11:01 1684736]
S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [12.1.2012 13:49 173056]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21.4.2007 14:54 52080]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-05 22:50]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-18 19:09
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3148)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2012-11-18 19:13:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-18 18:13
ComboFix2.txt 2012-11-17 17:31
.
Před spuštěním: Volných bajtů: 34 288 447 488
Po spuštění: Volných bajtů: 34 223 120 384
.
- - End Of File - - F04C0FA326F361C1AAA723CB107B666D

19:19:58.0234 0128 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:19:58.0328 0128 ============================================================
19:19:58.0328 0128 Current date / time: 2012/11/18 19:19:58.0328
19:19:58.0328 0128 SystemInfo:
19:19:58.0328 0128
19:19:58.0328 0128 OS Version: 5.1.2600 ServicePack: 3.0
19:19:58.0328 0128 Product type: Workstation
19:19:58.0328 0128 ComputerName: ASUS
19:19:58.0328 0128 UserName: sprravce
19:19:58.0328 0128 Windows directory: C:\WINDOWS
19:19:58.0328 0128 System windows directory: C:\WINDOWS
19:19:58.0328 0128 Processor architecture: Intel x86
19:19:58.0328 0128 Number of processors: 2
19:19:58.0328 0128 Page size: 0x1000
19:19:58.0328 0128 Boot type: Normal boot
19:19:58.0328 0128 ============================================================
19:20:00.0515 0128 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:20:00.0515 0128 ============================================================
19:20:00.0515 0128 \Device\Harddisk0\DR0:
19:20:00.0515 0128 MBR partitions:
19:20:00.0515 0128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA5A5EFD
19:20:00.0515 0128 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA5A5F3C, BlocksNum 0x7A94E01
19:20:00.0515 0128 ============================================================
19:20:00.0562 0128 C: <-> \Device\Harddisk0\DR0\Partition1
19:20:00.0625 0128 D: <-> \Device\Harddisk0\DR0\Partition2
19:20:00.0625 0128 ============================================================
19:20:00.0625 0128 Initialize success
19:20:00.0625 0128 ============================================================
19:20:16.0562 3408 ============================================================
19:20:16.0562 3408 Scan started
19:20:16.0562 3408 Mode: Manual;
19:20:16.0562 3408 ============================================================
19:20:18.0031 3408 ================ Scan system memory ========================
19:20:18.0843 3408 System memory - ok
19:20:18.0843 3408 ================ Scan services =============================
19:20:19.0046 3408 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
19:20:19.0046 3408 Aavmker4 - ok
19:20:19.0062 3408 Abiosdsk - ok
19:20:19.0062 3408 abp480n5 - ok
19:20:19.0234 3408 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:20:19.0234 3408 ACDaemon - ok
19:20:19.0250 3408 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:20:19.0265 3408 ACPI - ok
19:20:19.0296 3408 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:20:19.0296 3408 ACPIEC - ok
19:20:19.0312 3408 adpu160m - ok
19:20:19.0375 3408 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:20:19.0375 3408 aec - ok
19:20:19.0468 3408 [ 3CD15EBAA1D68BC18CE14A26683BC1EC ] AF15BDA C:\WINDOWS\system32\DRIVERS\AF15BDA.sys
19:20:19.0468 3408 AF15BDA - ok
19:20:19.0562 3408 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:20:19.0562 3408 AFD - ok
19:20:19.0578 3408 Aha154x - ok
19:20:19.0593 3408 aic78u2 - ok
19:20:19.0609 3408 aic78xx - ok
19:20:19.0656 3408 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:20:19.0656 3408 Alerter - ok
19:20:19.0703 3408 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
19:20:19.0703 3408 ALG - ok
19:20:19.0718 3408 AliIde - ok
19:20:19.0828 3408 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
19:20:19.0906 3408 Ambfilt - ok
19:20:19.0921 3408 amsint - ok
19:20:20.0078 3408 [ D4E1BFC2B1DDA9272E8144DECA080C3A ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
19:20:20.0171 3408 AR5416 - ok
19:20:20.0187 3408 asc - ok
19:20:20.0203 3408 asc3350p - ok
19:20:20.0218 3408 asc3550 - ok
19:20:20.0250 3408 [ 12415A4B61DED200FE9932B47A35FA42 ] AsusACPI C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
19:20:20.0250 3408 AsusACPI - ok
19:20:20.0312 3408 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:20:20.0312 3408 aswFsBlk - ok
19:20:20.0343 3408 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
19:20:20.0343 3408 aswMon2 - ok
19:20:20.0375 3408 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
19:20:20.0375 3408 aswRdr - ok
19:20:20.0453 3408 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
19:20:20.0468 3408 aswSnx - ok
19:20:20.0515 3408 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
19:20:20.0531 3408 aswSP - ok
19:20:20.0578 3408 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
19:20:20.0578 3408 aswTdi - ok
19:20:20.0640 3408 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:20:20.0640 3408 AsyncMac - ok
19:20:20.0718 3408 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:20:20.0718 3408 atapi - ok
19:20:20.0734 3408 Atdisk - ok
19:20:20.0781 3408 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:20:20.0781 3408 Atmarpc - ok
19:20:20.0828 3408 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:20:20.0828 3408 AudioSrv - ok
19:20:20.0906 3408 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:20:20.0906 3408 audstub - ok
19:20:21.0031 3408 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
19:20:21.0031 3408 avast! Antivirus - ok
19:20:21.0078 3408 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:20:21.0078 3408 Beep - ok
19:20:21.0187 3408 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
19:20:21.0203 3408 BITS - ok
19:20:21.0265 3408 [ 1D866FAF96D7369A1817AB208C04CF55 ] BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
19:20:21.0281 3408 BlueletAudio - ok
19:20:21.0296 3408 [ 8FC27B12A02B43947787F0EF1885DF9B ] BlueletSCOAudio C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
19:20:21.0296 3408 BlueletSCOAudio - ok
19:20:21.0359 3408 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
19:20:21.0375 3408 Browser - ok
19:20:21.0406 3408 [ C5CCE2B26F73F8CF7F3C82159E79AA08 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
19:20:21.0406 3408 BT - ok
19:20:21.0437 3408 [ D5D025B5F704817B42D13A3E443F7893 ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys
19:20:21.0453 3408 Btcsrusb - ok
19:20:21.0484 3408 [ CE643D0918123D76A5CAAB008FCA9663 ] BTHidEnum C:\WINDOWS\system32\Drivers\vbtenum.sys
19:20:21.0484 3408 BTHidEnum - ok
19:20:21.0500 3408 [ DFCA4FE4C8AEC786B4D0F432EB730F48 ] BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys
19:20:21.0500 3408 BTHidMgr - ok
19:20:21.0609 3408 [ 4F26303BECBB7CC5CA8FF39593124CF2 ] BTNetFilter C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
19:20:21.0609 3408 BTNetFilter - ok
19:20:21.0625 3408 catchme - ok
19:20:21.0656 3408 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:20:21.0656 3408 cbidf2k - ok
19:20:21.0687 3408 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:20:21.0687 3408 CCDECODE - ok
19:20:21.0703 3408 cd20xrnt - ok
19:20:21.0750 3408 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:20:21.0750 3408 Cdaudio - ok
19:20:21.0765 3408 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:20:21.0765 3408 Cdfs - ok
19:20:21.0843 3408 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:20:21.0843 3408 Cdrom - ok
19:20:21.0859 3408 Changer - ok
19:20:21.0890 3408 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:20:21.0890 3408 CiSvc - ok
19:20:21.0921 3408 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:20:21.0921 3408 ClipSrv - ok
19:20:21.0968 3408 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:20:21.0984 3408 CmBatt - ok
19:20:21.0984 3408 CmdIde - ok
19:20:22.0031 3408 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:20:22.0031 3408 Compbatt - ok
19:20:22.0046 3408 COMSysApp - ok
19:20:22.0078 3408 Cpqarray - ok
19:20:22.0156 3408 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:20:22.0156 3408 CryptSvc - ok
19:20:22.0171 3408 dac2w2k - ok
19:20:22.0187 3408 dac960nt - ok
19:20:22.0265 3408 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:20:22.0281 3408 DcomLaunch - ok
19:20:22.0359 3408 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:20:22.0375 3408 Dhcp - ok
19:20:22.0437 3408 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:20:22.0453 3408 Disk - ok
19:20:22.0453 3408 dmadmin - ok
19:20:22.0562 3408 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:20:22.0609 3408 dmboot - ok
19:20:22.0640 3408 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:20:22.0656 3408 dmio - ok
19:20:22.0671 3408 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:20:22.0671 3408 dmload - ok
19:20:22.0703 3408 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:20:22.0703 3408 dmserver - ok
19:20:22.0781 3408 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:20:22.0781 3408 DMusic - ok
19:20:22.0859 3408 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:20:22.0859 3408 Dnscache - ok
19:20:22.0906 3408 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:20:22.0921 3408 Dot3svc - ok
19:20:22.0937 3408 dpti2o - ok
19:20:22.0953 3408 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:20:22.0953 3408 drmkaud - ok
19:20:22.0968 3408 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:20:22.0984 3408 EapHost - ok
19:20:23.0031 3408 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:20:23.0046 3408 ERSvc - ok
19:20:23.0125 3408 [ A0F019102A3AE1DFAB81A106483753CD ] EST_BusEnum C:\WINDOWS\system32\DRIVERS\GenBus.sys
19:20:23.0125 3408 EST_BusEnum - ok
19:20:23.0156 3408 [ 69F5F5D031ADE2CAB525F87B90018676 ] EST_Server C:\WINDOWS\system32\DRIVERS\GenHC.sys
19:20:23.0171 3408 EST_Server - ok
19:20:23.0234 3408 [ 21A2734DFB3AC9586BAD8AE0502A76AA ] ETD C:\WINDOWS\system32\DRIVERS\ETD.sys
19:20:23.0250 3408 ETD - ok
19:20:23.0343 3408 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
19:20:23.0359 3408 Eventlog - ok
19:20:23.0437 3408 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
19:20:23.0437 3408 EventSystem - ok
19:20:23.0515 3408 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:20:23.0515 3408 Fastfat - ok
19:20:23.0578 3408 [ B927443008910B412BEC72FC41C1BAD0 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:20:23.0593 3408 FastUserSwitchingCompatibility - ok
19:20:23.0656 3408 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:20:23.0671 3408 Fdc - ok
19:20:23.0687 3408 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:20:23.0687 3408 Fips - ok
19:20:23.0734 3408 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:20:23.0734 3408 Flpydisk - ok
19:20:23.0781 3408 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:20:23.0781 3408 FltMgr - ok
19:20:23.0796 3408 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:20:23.0796 3408 Fs_Rec - ok
19:20:23.0875 3408 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:20:23.0890 3408 Ftdisk - ok
19:20:23.0921 3408 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:20:23.0937 3408 Gpc - ok
19:20:24.0015 3408 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:20:24.0015 3408 HDAudBus - ok
19:20:24.0109 3408 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:20:24.0109 3408 helpsvc - ok
19:20:24.0187 3408 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:20:24.0187 3408 HidUsb - ok
19:20:24.0250 3408 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:20:24.0265 3408 hkmsvc - ok
19:20:24.0265 3408 hpn - ok
19:20:24.0343 3408 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:20:24.0343 3408 HTTP - ok
19:20:24.0406 3408 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:20:24.0421 3408 HTTPFilter - ok
19:20:24.0437 3408 i2omgmt - ok
19:20:24.0453 3408 i2omp - ok
19:20:24.0515 3408 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:20:24.0515 3408 i8042prt - ok
19:20:24.0812 3408 [ 0F68E2EC713F132FFB19E45415B09679 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:20:25.0031 3408 ialm - ok
19:20:25.0125 3408 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:20:25.0125 3408 Imapi - ok
19:20:25.0234 3408 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:20:25.0281 3408 ImapiService - ok
19:20:25.0296 3408 ini910u - ok
19:20:25.0625 3408 [ AFA6853AA949B5E151E4A10F6805B5B2 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:20:25.0671 3408 IntcAzAudAddService - ok
19:20:25.0687 3408 IntelIde - ok
19:20:25.0750 3408 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:20:25.0765 3408 intelppm - ok
19:20:25.0796 3408 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:20:25.0796 3408 Ip6Fw - ok
19:20:25.0828 3408 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:20:25.0828 3408 IpFilterDriver - ok
19:20:25.0875 3408 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:20:25.0875 3408 IpInIp - ok
19:20:25.0906 3408 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:20:25.0921 3408 IpNat - ok
19:20:25.0984 3408 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:20:26.0000 3408 IPSec - ok
19:20:26.0062 3408 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:20:26.0062 3408 IRENUM - ok
19:20:26.0140 3408 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:20:26.0140 3408 isapnp - ok
19:20:26.0359 3408 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:20:26.0359 3408 JavaQuickStarterService - ok
19:20:26.0437 3408 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:20:26.0437 3408 Kbdclass - ok
19:20:26.0500 3408 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:20:26.0500 3408 kbdhid - ok
19:20:26.0578 3408 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:20:26.0578 3408 kmixer - ok
19:20:26.0640 3408 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:20:26.0656 3408 KSecDD - ok
19:20:26.0671 3408 [ 21A2734DFB3AC9586BAD8AE0502A76AA ] Ktp C:\WINDOWS\system32\DRIVERS\ETD.sys
19:20:26.0671 3408 Ktp - ok
19:20:26.0718 3408 [ FA46F5D09EDF93E0C71FE6500FE3F4AE ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
19:20:26.0718 3408 L1e - ok
19:20:26.0796 3408 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
19:20:26.0828 3408 LanmanServer - ok
19:20:26.0906 3408 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:20:26.0937 3408 lanmanworkstation - ok
19:20:26.0953 3408 lbrtfdc - ok
19:20:27.0031 3408 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:20:27.0046 3408 LmHosts - ok
19:20:27.0093 3408 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:20:27.0109 3408 Messenger - ok
19:20:27.0171 3408 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:20:27.0171 3408 mnmdd - ok
19:20:27.0234 3408 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:20:27.0250 3408 mnmsrvc - ok
19:20:27.0296 3408 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:20:27.0296 3408 Modem - ok
19:20:27.0375 3408 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
19:20:27.0437 3408 Monfilt - ok
19:20:27.0500 3408 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:20:27.0500 3408 Mouclass - ok
19:20:27.0531 3408 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:20:27.0531 3408 mouhid - ok
19:20:27.0562 3408 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:20:27.0578 3408 MountMgr - ok
19:20:27.0625 3408 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
19:20:27.0625 3408 MPE - ok
19:20:27.0640 3408 mraid35x - ok
19:20:27.0671 3408 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:20:27.0671 3408 MRxDAV - ok
19:20:27.0703 3408 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:20:27.0718 3408 MRxSmb - ok
19:20:27.0750 3408 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:20:27.0765 3408 MSDTC - ok
19:20:27.0781 3408 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:20:27.0796 3408 Msfs - ok
19:20:27.0812 3408 MSIServer - ok
19:20:27.0843 3408 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:20:27.0843 3408 MSKSSRV - ok
19:20:27.0859 3408 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:20:27.0859 3408 MSPCLOCK - ok
19:20:27.0906 3408 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:20:27.0906 3408 MSPQM - ok
19:20:27.0937 3408 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:20:27.0937 3408 mssmbios - ok
19:20:27.0984 3408 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:20:28.0000 3408 MSTEE - ok
19:20:28.0046 3408 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:20:28.0046 3408 Mup - ok
19:20:28.0093 3408 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:20:28.0093 3408 NABTSFEC - ok
19:20:28.0140 3408 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:20:28.0171 3408 napagent - ok
19:20:28.0218 3408 NAVENG - ok
19:20:28.0234 3408 NAVEX15 - ok
19:20:28.0312 3408 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:20:28.0312 3408 NDIS - ok
19:20:28.0359 3408 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:20:28.0359 3408 NdisIP - ok
19:20:28.0453 3408 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:20:28.0453 3408 NdisTapi - ok
19:20:28.0546 3408 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:20:28.0546 3408 Ndisuio - ok
19:20:28.0593 3408 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:20:28.0593 3408 NdisWan - ok
19:20:28.0656 3408 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:20:28.0656 3408 NDProxy - ok
19:20:28.0734 3408 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:20:28.0734 3408 NetBIOS - ok
19:20:28.0812 3408 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:20:28.0812 3408 NetBT - ok
19:20:28.0859 3408 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
19:20:28.0875 3408 NetDDE - ok
19:20:28.0890 3408 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:20:28.0906 3408 NetDDEdsdm - ok
19:20:28.0968 3408 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:20:28.0968 3408 Netlogon - ok
19:20:29.0031 3408 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
19:20:29.0046 3408 Netman - ok
19:20:29.0125 3408 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
19:20:29.0140 3408 Nla - ok
19:20:29.0156 3408 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:20:29.0156 3408 Npfs - ok
19:20:29.0218 3408 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:20:29.0234 3408 Ntfs - ok
19:20:29.0234 3408 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:20:29.0250 3408 NtLmSsp - ok
19:20:29.0296 3408 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:20:29.0312 3408 NtmsSvc - ok
19:20:29.0375 3408 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:20:29.0375 3408 Null - ok
19:20:29.0453 3408 [ 51415CBE22CC5D8B373C57E960E9B22B ] NUS_Bus C:\WINDOWS\system32\DRIVERS\NUS_Bus.sys
19:20:29.0453 3408 NUS_Bus - ok
19:20:29.0500 3408 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:20:29.0500 3408 NwlnkFlt - ok
19:20:29.0546 3408 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:20:29.0562 3408 NwlnkFwd - ok
19:20:29.0640 3408 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:20:29.0656 3408 ose - ok
19:20:29.0687 3408 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\drivers\Parport.sys
19:20:29.0703 3408 Parport - ok
19:20:29.0750 3408 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:20:29.0750 3408 PartMgr - ok
19:20:29.0828 3408 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:20:29.0828 3408 ParVdm - ok
19:20:29.0859 3408 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:20:29.0875 3408 PCI - ok
19:20:29.0875 3408 PCIDump - ok
19:20:29.0890 3408 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:20:29.0906 3408 PCIIde - ok
19:20:29.0937 3408 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:20:29.0953 3408 Pcmcia - ok
19:20:29.0953 3408 PDCOMP - ok
19:20:29.0968 3408 PDFRAME - ok
19:20:29.0984 3408 PDRELI - ok
19:20:30.0000 3408 PDRFRAME - ok
19:20:30.0015 3408 perc2 - ok
19:20:30.0031 3408 perc2hib - ok
19:20:30.0125 3408 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
19:20:30.0125 3408 PlugPlay - ok
19:20:30.0140 3408 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:20:30.0140 3408 PolicyAgent - ok
19:20:30.0156 3408 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:20:30.0156 3408 PptpMiniport - ok
19:20:30.0171 3408 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:20:30.0171 3408 ProtectedStorage - ok
19:20:30.0187 3408 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:20:30.0187 3408 PSched - ok
19:20:30.0203 3408 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:20:30.0203 3408 Ptilink - ok
19:20:30.0203 3408 ql1080 - ok
19:20:30.0218 3408 Ql10wnt - ok
19:20:30.0234 3408 ql12160 - ok
19:20:30.0234 3408 ql1240 - ok
19:20:30.0250 3408 ql1280 - ok
19:20:30.0265 3408 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:20:30.0265 3408 RasAcd - ok
19:20:30.0312 3408 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:20:30.0328 3408 RasAuto - ok
19:20:30.0359 3408 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:20:30.0359 3408 Rasl2tp - ok
19:20:30.0390 3408 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:20:30.0390 3408 RasMan - ok
19:20:30.0406 3408 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:20:30.0406 3408 RasPppoe - ok
19:20:30.0421 3408 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:20:30.0421 3408 Raspti - ok
19:20:30.0453 3408 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:20:30.0468 3408 Rdbss - ok
19:20:30.0500 3408 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:20:30.0500 3408 RDPCDD - ok
19:20:30.0546 3408 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:20:30.0562 3408 RDPWD - ok
19:20:30.0593 3408 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:20:30.0609 3408 RDSessMgr - ok
19:20:30.0656 3408 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:20:30.0671 3408 redbook - ok
19:20:30.0718 3408 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:20:30.0718 3408 RemoteAccess - ok
19:20:30.0765 3408 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
19:20:30.0765 3408 ROOTMODEM - ok
19:20:30.0796 3408 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
19:20:30.0796 3408 RpcLocator - ok
19:20:30.0843 3408 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:20:30.0875 3408 RpcSs - ok
19:20:30.0906 3408 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:20:30.0937 3408 RSVP - ok
19:20:30.0968 3408 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
19:20:30.0984 3408 SamSs - ok
19:20:31.0031 3408 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:20:31.0078 3408 SCardSvr - ok
19:20:31.0125 3408 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:20:31.0140 3408 Schedule - ok
19:20:31.0218 3408 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:20:31.0218 3408 Secdrv - ok
19:20:31.0296 3408 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:20:31.0312 3408 seclogon - ok
19:20:31.0343 3408 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
19:20:31.0359 3408 SENS - ok
19:20:31.0406 3408 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:20:31.0406 3408 Serenum - ok
19:20:31.0421 3408 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
19:20:31.0437 3408 Serial - ok
19:20:31.0484 3408 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:20:31.0484 3408 Sfloppy - ok
19:20:31.0515 3408 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:20:31.0546 3408 SharedAccess - ok
19:20:31.0578 3408 [ B927443008910B412BEC72FC41C1BAD0 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:20:31.0593 3408 ShellHWDetection - ok
19:20:31.0609 3408 Simbad - ok
19:20:31.0656 3408 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:20:31.0656 3408 SLIP - ok
19:20:31.0671 3408 Sparrow - ok
19:20:31.0734 3408 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:20:31.0750 3408 splitter - ok
19:20:31.0812 3408 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:20:31.0828 3408 Spooler - ok
19:20:31.0906 3408 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:20:31.0906 3408 sr - ok
19:20:31.0953 3408 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
19:20:31.0968 3408 srservice - ok
19:20:31.0984 3408 SRTSP - ok
19:20:32.0000 3408 SRTSPX - ok
19:20:32.0078 3408 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:20:32.0093 3408 Srv - ok
19:20:32.0156 3408 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:20:32.0171 3408 SSDPSRV - ok
19:20:32.0218 3408 [ 87B8F74C32F34F581D2EF8CDE8CDB187 ] Start BT in service C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
19:20:32.0234 3408 Start BT in service - ok
19:20:32.0281 3408 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:20:32.0312 3408 stisvc - ok
19:20:32.0359 3408 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:20:32.0359 3408 streamip - ok
19:20:32.0406 3408 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:20:32.0421 3408 swenum - ok
19:20:32.0437 3408 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:20:32.0437 3408 swmidi - ok
19:20:32.0453 3408 SwPrv - ok
19:20:32.0468 3408 symc810 - ok
19:20:32.0484 3408 symc8xx - ok
19:20:32.0515 3408 sym_hi - ok
19:20:32.0531 3408 sym_u3 - ok
19:20:32.0593 3408 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:20:32.0609 3408 sysaudio - ok
19:20:32.0656 3408 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:20:32.0687 3408 SysmonLog - ok
19:20:32.0750 3408 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:20:32.0781 3408 TapiSrv - ok
19:20:32.0859 3408 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:20:32.0875 3408 Tcpip - ok
19:20:32.0937 3408 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:20:32.0937 3408 TDPIPE - ok
19:20:32.0984 3408 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:20:32.0984 3408 TDTCP - ok
19:20:33.0046 3408 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:20:33.0062 3408 TermDD - ok
19:20:33.0093 3408 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
19:20:33.0109 3408 TermService - ok
19:20:33.0156 3408 [ B927443008910B412BEC72FC41C1BAD0 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:20:33.0171 3408 Themes - ok
19:20:33.0187 3408 TosIde - ok
19:20:33.0265 3408 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:20:33.0281 3408 TrkWks - ok
19:20:33.0343 3408 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:20:33.0359 3408 Udfs - ok
19:20:33.0406 3408 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
19:20:33.0421 3408 UleadBurningHelper - ok
19:20:33.0421 3408 ultra - ok
19:20:33.0500 3408 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:20:33.0515 3408 Update - ok
19:20:33.0562 3408 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
19:20:33.0578 3408 upnphost - ok
19:20:33.0625 3408 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
19:20:33.0640 3408 UPS - ok
19:20:33.0687 3408 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:20:33.0687 3408 usbccgp - ok
19:20:33.0765 3408 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:20:33.0765 3408 usbehci - ok
19:20:33.0781 3408 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:20:33.0781 3408 usbhub - ok
19:20:33.0843 3408 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:20:33.0843 3408 usbprint - ok
19:20:33.0875 3408 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:20:33.0875 3408 usbscan - ok
19:20:33.0906 3408 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:20:33.0921 3408 usbstor - ok
19:20:33.0968 3408 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:20:33.0984 3408 usbuhci - ok
19:20:34.0062 3408 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
19:20:34.0062 3408 usbvideo - ok
19:20:34.0140 3408 [ 1CDAA48CB2F7744B8D25650E050766A5 ] VClone C:\WINDOWS\system32\DRIVERS\VClone.sys
19:20:34.0140 3408 VClone - ok
19:20:34.0203 3408 [ 51750B0539986186C6931FC40D171521 ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys
19:20:34.0218 3408 VComm - ok
19:20:34.0281 3408 [ 6D9C891C0A761AFED1F3609C2E56F2B9 ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys
19:20:34.0281 3408 VcommMgr - ok
19:20:34.0312 3408 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:20:34.0312 3408 VgaSave - ok
19:20:34.0328 3408 ViaIde - ok
19:20:34.0390 3408 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:20:34.0406 3408 VolSnap - ok
19:20:34.0453 3408 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
19:20:34.0500 3408 VSS - ok
19:20:34.0546 3408 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
19:20:34.0562 3408 W32Time - ok
19:20:34.0640 3408 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:20:34.0640 3408 Wanarp - ok
19:20:34.0656 3408 WDICA - ok
19:20:34.0687 3408 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:20:34.0703 3408 wdmaud - ok
19:20:34.0765 3408 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:20:34.0781 3408 WebClient - ok
19:20:34.0921 3408 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:20:34.0921 3408 winmgmt - ok
19:20:35.0000 3408 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:20:35.0000 3408 WmdmPmSN - ok
19:20:35.0062 3408 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:20:35.0062 3408 WmiApSrv - ok
19:20:35.0140 3408 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:20:35.0187 3408 WMPNetworkSvc - ok
19:20:35.0250 3408 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:20:35.0250 3408 WpdUsb - ok
19:20:35.0328 3408 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:20:35.0328 3408 WS2IFSL - ok
19:20:35.0390 3408 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:20:35.0421 3408 wscsvc - ok
19:20:35.0468 3408 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:20:35.0468 3408 WSTCODEC - ok
19:20:35.0546 3408 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:20:35.0562 3408 wuauserv - ok
19:20:35.0656 3408 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:20:35.0703 3408 WZCSVC - ok
19:20:35.0750 3408 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:20:35.0781 3408 xmlprov - ok
19:20:35.0812 3408 ================ Scan global ===============================
19:20:35.0859 3408 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
19:20:35.0953 3408 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
19:20:36.0000 3408 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
19:20:36.0078 3408 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
19:20:36.0093 3408 [Global] - ok
19:20:36.0093 3408 ================ Scan MBR ==================================
19:20:36.0140 3408 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:20:36.0468 3408 \Device\Harddisk0\DR0 - ok
19:20:36.0468 3408 ================ Scan VBR ==================================
19:20:36.0515 3408 [ AC619B646299B21D2D894976799D0730 ] \Device\Harddisk0\DR0\Partition1
19:20:36.0531 3408 \Device\Harddisk0\DR0\Partition1 - ok
19:20:36.0578 3408 [ 35EA19C2CC33D420D105FC2C4C657373 ] \Device\Harddisk0\DR0\Partition2
19:20:36.0578 3408 \Device\Harddisk0\DR0\Partition2 - ok
19:20:36.0578 3408 ============================================================
19:20:36.0578 3408 Scan finished
19:20:36.0578 3408 ============================================================
19:20:36.0609 2196 Detected object count: 0
19:20:36.0609 2196 Actual detected object count: 0
19:22:14.0812 1500 Deinitialize success

Příspěvekod **memphisto** » 18 lis 2012 22:40

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

Jan Pašek · Příspěvekod **Jan Pašek** » 19 lis 2012 11:29

Projel jsem SW údřbu dle tohoto návodu (zrychlená verze)
Programy jsou aktualizované, aktualizace systému překontrolovány, nepotřebné programy odstraněny, odstraněny pozůstatky smazaných programů ze složky Program Files,vyčištěno CCleaner(em), disky defragmentovány.
Hodnocení:
Počítač se zdá být býti trochu svižnější ale mám dojem že pokud je otevřen G-chrome bere si neustále až 5% CPU a disk neustále bliká.

Přikládám log HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:07:04, on 19.11.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3310455031
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5139 bytes

Příspěvekod **memphisto** » 19 lis 2012 18:52

Samozřejmě. každý proces si něco bere a pseudoprohlížeč Chrome ještě víc. Paměti taky bude žrát dokud bude volná. Já ho nemám rád. Má spoustu chyb a to blikání disku bude od něj, jak cachuje na disk...

fixni:
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Jan Pašek · Příspěvekod **Jan Pašek** » 20 lis 2012 08:33

Větší zázraky s tím PC asi nenaděláme dokud tam bude nainstalován výše zmíněný prohlížeč.
Děkuji za pomoc.

Kdybychom se už náhodou neviděli ... Přeji členům security teamu brzské získání kvalitních posil, teamu fora pak klidné prožití vánočních svátků a nového roku bez debilních otázek kdy jest trpělivost rádce šponována k horním mezím ...

Ona: Koupila jsem si nový počítač a nejde mi tam internet!
Já: No a jaké máš připojení k internetu .. kabel nebo Wi\Fi?
Ona: Žádné ... No a to se musí?

Příspěvekod **memphisto** » 20 lis 2012 09:37

Děkuji za přání. Neříkám, že je to na 100 % Chromem, ale nic dalšího tam není a toto je standardní chování Chromu.

Odesláno z mého GT-I9100 pomocí Tapatalk 2

PLS HJT Control - Nález Mbam

PLS HJT Control - Nález Mbam

Re: PLS HJT Control - Nález Mbam

Re: PLS HJT Control - Nález Mbam

Re: PLS HJT Control - Nález Mbam

Re: PLS HJT Control - Nález Mbam

Re: PLS HJT Control - Nález Mbam

Re: PLS HJT Control - Nález Mbam

Re: PLS HJT Control - Nález Mbam

Re: PLS HJT Control - Nález Mbam

Re: PLS HJT Control - Nález Mbam

Kdo je online