Prosím o kontrolu logu zo starého PC Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

JANíčOK
Level 3
Level 3
Příspěvky: 471
Registrován: červen 06
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu zo starého PC

Příspěvekod JANíčOK » 04 dub 2013 11:34

Pred chvíľkou som to spustil v núdzovom režime. Dosť dlho to už stojí v takomto stave:

Sacanning for infected files...
This typically doesn`t take more than 10 minutes
However, scan times for badly infected machines may easily double


Takisto to bolo po 2 hodinách aj pri normálnom spustení windows.

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu zo starého PC

Příspěvekod jaro3 » 04 dub 2013 11:51

Stiskni tlačítko "windows klávesy" + "R" (mezi "Ctrl" tlačítko a "Alt" Button)
prosím napiš následující text do pole:

Kód: Vybrat vše

C:\Qoobox\Add-Remove Programs.txt

A dej OK.
zprávu , která se ukáže sem zkopíruj celou..

C:\Qoobox\ComboFix-quarantined-files.txt--zkopíruj sem celý obsah toho text. souboru.


Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt

Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

JANíčOK
Level 3
Level 3
Příspěvky: 471
Registrován: červen 06
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu zo starého PC

Příspěvekod JANíčOK » 04 dub 2013 11:53

Combofix sa medzičasom rozbehol. Ak skončí pošlem log, alebo ho mám ignorovať a pokračovať tak ako ste mi napísali?

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu zo starého PC

Příspěvekod jaro3 » 04 dub 2013 11:55

Nech ho pracovat , pokud nebude pak odpovídat (po hodině) , tak pokračuj , co jsem psal.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

JANíčOK
Level 3
Level 3
Příspěvky: 471
Registrován: červen 06
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu zo starého PC

Příspěvekod JANíčOK » 04 dub 2013 12:11

Tu je horko-ťažko vygenerovaný log z Combofix-u:

ComboFix 13-04-02.01 - Administrator . 04. 2013 11:29:04.1.2 - x86 MINIMAL
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.446.285 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\MUI\041b\tourstart.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-04 to 2013-04-04 )))))))))))))))))))))))))))))))
.
.
2013-04-03 06:37 . 2013-04-03 06:37 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2013-04-03 06:37 . 2013-04-03 06:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-04-03 06:36 . 2013-04-03 06:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-03 06:36 . 2012-12-14 14:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 15:08 . 2013-04-02 15:08 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-04-02 14:32 . 2013-04-02 14:32 -------- d-----w- c:\program files\CCleaner
2013-03-21 06:43 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-21 06:43 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 09:21 . 2012-04-05 06:44 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 09:21 . 2011-05-13 06:39 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-14 08:33 . 2013-02-14 08:33 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys
2013-02-14 08:33 . 2013-02-14 08:33 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2013-02-14 08:33 . 2013-02-14 08:33 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2013-02-14 08:33 . 2013-02-14 08:33 170528 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-02-12 00:32 . 2008-08-22 07:52 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2006-02-28 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2006-02-28 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2006-02-28 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-08 08:31 . 2013-03-08 08:31 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]
"RemoteControl"="c:\program files\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-11-02 36864]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-01 390720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ALFA plus - rýchle spustenie.lnk - c:\program files\KROS\ALFA plus\!System\ALFAplus.exe [2013-3-13 3363128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Správce tlačítka.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Správce tlačítka.lnk
backup=c:\windows\pss\Správce tlačítka.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-r- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor]
2010-11-16 02:52 2536448 ----a-w- c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2011-02-01 18:52 5546376 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ZyXEL\\NSU\\NSU.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"20400:TCP"= 20400:TCP:KrosPort20400
"20401:TCP"= 20401:TCP:KrosPort20401
"20402:TCP"= 20402:TCP:KrosPort20402
.
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [14. 2. 2013 10:33 752128]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4. 8. 2011 9:20 118104]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4. 8. 2011 9:20 103112]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [14. 2. 2013 10:33 3246040]
S2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [25. 10. 2006 15:21 51072]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22. 9. 2011 13:03 974944]
S2 FirebirdServerKROS_20400;Firebird Server - KROS_20400;c:\program files\KROS\KROS FBServer\Firebird001\bin\fbserver.exe [30. 7. 2012 12:27 3764224]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3. 4. 2013 8:37 682344]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [14. 2. 2013 10:33 167968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3. 4. 2013 8:36 21104]
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 09:21]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\ghploa57.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-09-02 16:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-150) - c:\windows\IsUn0405.exe
AddRemove-TOSHIBA MFP Driver - c:\windows\ISUN0405.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-04 11:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(292)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-04-04 11:55:46
ComboFix-quarantined-files.txt 2013-04-04 09:55
.
Pre-Run: 55 265 280 000 bytes free
Post-Run: 42 adresárov, 55 239 958 528 voľných bajtov
.
- - End Of File - - 35DDC3465045F2947CE72E4A5516482A

Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu zo starého PC

Příspěvekod Žbeky » 04 dub 2013 19:22

Porty 20400-20402 máš otevřené schválně?
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

JANíčOK
Level 3
Level 3
Příspěvky: 471
Registrován: červen 06
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu zo starého PC

Příspěvekod JANíčOK » 05 dub 2013 07:36

Ja som porty neotváral. Viete mi poradiť čo ich mohlo otvoriť, resp. prečo by mali byť otvorené - potrebuje to nejaký program a pod. ?
Nemohli to byť programy od firmy KROS?
Mám teraz pokračovať s tým čo písal jaro3 04.04.2013 o 11:51 hod. predtým ako som poslal log z ComboFix-u?

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu zo starého PC

Příspěvekod jaro3 » 05 dub 2013 10:45

Jo , pokračuj.Jak jsem psal , kromě OTL.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20400:TCP"= 20400:TCP:KrosPort20400
"20401:TCP"= 20401:TCP:KrosPort20401
"20402:TCP"= 20402:TCP:KrosPort20402
to je k nějakému programu , že?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

JANíčOK
Level 3
Level 3
Příspěvky: 471
Registrován: červen 06
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu zo starého PC

Příspěvekod JANíčOK » 05 dub 2013 11:11

Áno, to je k spomínaným programom od firmy KROS (www.kros.sk).
O chvíľku pošlem ďalšie logy.

JANíčOK
Level 3
Level 3
Příspěvky: 471
Registrován: červen 06
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu zo starého PC

Příspěvekod JANíčOK » 05 dub 2013 11:34

Acronis True Image Home 2011
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6) - Slovak
ALFA 18.14.00
ALFA plus 4.30.00 - C:\Program Files\KROS\ALFA plus\
Aplikace Správce tlačítka (TOSHIBA e-STUDIO120/150)
ATI Catalyst Control Center
ATI Display Driver
Balík Compatibility Pack pre systém Office 2007
CCleaner
D.Signer/XAdES v1.1.0.0
D.Signer/XAdES Xml plugin v1.1.0.0
Desktop Document Manager
Elcomm
ESET NOD32 Antivirus
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP LaserJet M1120 MFP Series
hppusgM1120
Java Auto Updater
Java(TM) 6 Update 29
Lexmark Software Uninstall
Maestro šetrič
Malwarebytes Anti-Malware verzia 1.70.0.1100
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Mozilla Firefox 19.0.2 (x86 sk)
Mozilla Maintenance Service
MrvlUsgTracking
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero OEM
OLYMP 12.60.00
OMEGA 15.73.00
OpenOffice.org 2.2
PowerDVD
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
Scan To
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spelling Dictionaries Support For Adobe Reader 9
TOSHIBA MFP Driver
Total Commander (Remove or Repair)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
ZyXEL NAS Starter Utility


11:08:51.0359 3384 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:08:51.0656 3384 ============================================================
11:08:51.0656 3384 Current date / time: 2013/04/05 11:08:51.0656
11:08:51.0656 3384 SystemInfo:
11:08:51.0656 3384
11:08:51.0656 3384 OS Version: 5.1.2600 ServicePack: 3.0
11:08:51.0656 3384 Product type: Workstation
11:08:51.0671 3384 ComputerName: PC01
11:08:51.0671 3384 UserName: user
11:08:51.0671 3384 Windows directory: C:\WINDOWS
11:08:51.0671 3384 System windows directory: C:\WINDOWS
11:08:51.0671 3384 Processor architecture: Intel x86
11:08:51.0671 3384 Number of processors: 2
11:08:51.0671 3384 Page size: 0x1000
11:08:51.0671 3384 Boot type: Normal boot
11:08:51.0671 3384 ============================================================
11:08:53.0953 3384 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:08:53.0953 3384 ============================================================
11:08:53.0953 3384 \Device\Harddisk0\DR0:
11:08:53.0953 3384 MBR partitions:
11:08:53.0953 3384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
11:08:53.0953 3384 ============================================================
11:08:54.0015 3384 C: <-> \Device\Harddisk0\DR0\Partition1
11:08:54.0015 3384 ============================================================
11:08:54.0015 3384 Initialize success
11:08:54.0015 3384 ============================================================
11:08:57.0843 3548 ============================================================
11:08:57.0843 3548 Scan started
11:08:57.0843 3548 Mode: Manual;
11:08:57.0843 3548 ============================================================
11:09:00.0109 3548 ================ Scan system memory ========================
11:09:00.0140 3548 System memory - ok
11:09:00.0140 3548 ================ Scan services =============================
11:09:00.0296 3548 Abiosdsk - ok
11:09:00.0328 3548 abp480n5 - ok
11:09:00.0375 3548 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:09:00.0375 3548 ACPI - ok
11:09:00.0421 3548 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:09:00.0421 3548 ACPIEC - ok
11:09:00.0531 3548 [ 6CD368F2F066DFC507A7477F15B75EB6 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
11:09:00.0546 3548 AcrSch2Svc - ok
11:09:00.0640 3548 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:09:00.0640 3548 AdobeFlashPlayerUpdateSvc - ok
11:09:00.0656 3548 adpu160m - ok
11:09:00.0687 3548 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:09:00.0703 3548 aec - ok
11:09:00.0734 3548 [ 53696AD8FFC5FAC51949A525FF65A689 ] afcdp C:\WINDOWS\system32\DRIVERS\afcdp.sys
11:09:00.0734 3548 afcdp - ok
11:09:00.0875 3548 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
11:09:00.0968 3548 afcdpsrv - ok
11:09:01.0015 3548 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:09:01.0015 3548 AFD - ok
11:09:01.0031 3548 Aha154x - ok
11:09:01.0046 3548 aic78u2 - ok
11:09:01.0062 3548 aic78xx - ok
11:09:01.0109 3548 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:09:01.0109 3548 Alerter - ok
11:09:01.0140 3548 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:09:01.0140 3548 ALG - ok
11:09:01.0156 3548 AliIde - ok
11:09:01.0171 3548 amsint - ok
11:09:01.0234 3548 [ 4A8CB8FEA9DCB6F93017F413E2646001 ] Angelnt C:\WINDOWS\System32\Drivers\ANGELNT.SYS
11:09:01.0234 3548 Angelnt - ok
11:09:01.0250 3548 AppMgmt - ok
11:09:01.0265 3548 asc - ok
11:09:01.0281 3548 asc3350p - ok
11:09:01.0296 3548 asc3550 - ok
11:09:01.0484 3548 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:09:01.0531 3548 aspnet_state - ok
11:09:01.0578 3548 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:09:01.0578 3548 AsyncMac - ok
11:09:01.0609 3548 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:09:01.0609 3548 atapi - ok
11:09:01.0625 3548 Atdisk - ok
11:09:01.0656 3548 [ 1D4EDB435C59BA0193683739A95E59A6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:09:01.0671 3548 Ati HotKey Poller - ok
11:09:01.0703 3548 [ 2DA0A78E4BB2EB8722FF696E580A0DB9 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
11:09:01.0718 3548 ATI Smart - ok
11:09:01.0796 3548 [ 1CABA9EA8ADC5E9A5EBA3882F6A90F9B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:09:01.0828 3548 ati2mtag - ok
11:09:01.0859 3548 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:09:01.0859 3548 Atmarpc - ok
11:09:01.0906 3548 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:09:01.0906 3548 AudioSrv - ok
11:09:01.0953 3548 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:09:01.0953 3548 audstub - ok
11:09:02.0000 3548 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:09:02.0000 3548 Beep - ok
11:09:02.0046 3548 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:09:02.0171 3548 BITS - ok
11:09:02.0234 3548 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:09:02.0234 3548 Browser - ok
11:09:02.0359 3548 catchme - ok
11:09:02.0406 3548 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:09:02.0406 3548 cbidf2k - ok
11:09:02.0421 3548 cd20xrnt - ok
11:09:02.0484 3548 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:09:02.0484 3548 Cdaudio - ok
11:09:02.0515 3548 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:09:02.0515 3548 Cdfs - ok
11:09:02.0546 3548 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:09:02.0546 3548 Cdrom - ok
11:09:02.0562 3548 Changer - ok
11:09:02.0593 3548 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:09:02.0593 3548 CiSvc - ok
11:09:02.0625 3548 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:09:02.0625 3548 ClipSrv - ok
11:09:02.0687 3548 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:09:02.0750 3548 clr_optimization_v2.0.50727_32 - ok
11:09:02.0812 3548 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:09:03.0062 3548 clr_optimization_v4.0.30319_32 - ok
11:09:03.0062 3548 CmdIde - ok
11:09:03.0093 3548 COMSysApp - ok
11:09:03.0140 3548 Cpqarray - ok
11:09:03.0187 3548 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:09:03.0187 3548 CryptSvc - ok
11:09:03.0203 3548 dac2w2k - ok
11:09:03.0218 3548 dac960nt - ok
11:09:03.0281 3548 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:09:03.0296 3548 DcomLaunch - ok
11:09:03.0312 3548 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:09:03.0312 3548 Dhcp - ok
11:09:03.0343 3548 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:09:03.0343 3548 Disk - ok
11:09:03.0359 3548 dmadmin - ok
11:09:03.0406 3548 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:09:03.0421 3548 dmboot - ok
11:09:03.0453 3548 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:09:03.0453 3548 dmio - ok
11:09:03.0500 3548 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:09:03.0500 3548 dmload - ok
11:09:03.0546 3548 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:09:03.0546 3548 dmserver - ok
11:09:03.0562 3548 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:09:03.0578 3548 DMusic - ok
11:09:03.0625 3548 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:09:03.0625 3548 Dnscache - ok
11:09:03.0750 3548 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:09:03.0781 3548 Dot3svc - ok
11:09:03.0796 3548 dpti2o - ok
11:09:03.0812 3548 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:09:03.0812 3548 drmkaud - ok
11:09:03.0875 3548 [ 9309C5C9831203436E64CF2AE605C5D7 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
11:09:03.0875 3548 eamon - ok
11:09:03.0906 3548 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:09:03.0906 3548 EapHost - ok
11:09:03.0953 3548 [ DEFF87F04AB5F6DD5EDF2B80853BBE10 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
11:09:03.0968 3548 ehdrv - ok
11:09:04.0062 3548 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
11:09:04.0093 3548 ekrn - ok
11:09:04.0140 3548 [ 06C65AC0A703CF8EEA4F284D901A1550 ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
11:09:04.0140 3548 epfwtdir - ok
11:09:04.0171 3548 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:09:04.0187 3548 ERSvc - ok
11:09:04.0218 3548 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:09:04.0234 3548 Eventlog - ok
11:09:04.0281 3548 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:09:04.0296 3548 EventSystem - ok
11:09:04.0312 3548 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:09:04.0312 3548 Fastfat - ok
11:09:04.0359 3548 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:09:04.0375 3548 FastUserSwitchingCompatibility - ok
11:09:04.0390 3548 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:09:04.0390 3548 Fdc - ok
11:09:04.0421 3548 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:09:04.0421 3548 Fips - ok
11:09:04.0593 3548 [ 7D22E48510A807062210E20E17AAB97D ] FirebirdServerKROS_20400 C:\Program Files\KROS\KROS FBServer\Firebird001\bin\fbserver.exe
11:09:04.0671 3548 FirebirdServerKROS_20400 - ok
11:09:04.0687 3548 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:09:04.0687 3548 Flpydisk - ok
11:09:04.0718 3548 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:09:04.0718 3548 FltMgr - ok
11:09:04.0812 3548 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:09:04.0812 3548 FontCache3.0.0.0 - ok
11:09:04.0828 3548 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:09:04.0828 3548 Fs_Rec - ok
11:09:04.0859 3548 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:09:04.0859 3548 Ftdisk - ok
11:09:04.0906 3548 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:09:04.0921 3548 Gpc - ok
11:09:04.0937 3548 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:09:04.0937 3548 HDAudBus - ok
11:09:05.0000 3548 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:09:05.0015 3548 helpsvc - ok
11:09:05.0031 3548 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:09:05.0031 3548 HidServ - ok
11:09:05.0062 3548 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:09:05.0062 3548 HidUsb - ok
11:09:05.0140 3548 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:09:05.0140 3548 hkmsvc - ok
11:09:05.0156 3548 hpn - ok
11:09:05.0203 3548 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:09:05.0203 3548 HTTP - ok
11:09:05.0234 3548 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:09:05.0250 3548 HTTPFilter - ok
11:09:05.0265 3548 i2omgmt - ok
11:09:05.0281 3548 i2omp - ok
11:09:05.0296 3548 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:09:05.0296 3548 i8042prt - ok
11:09:05.0375 3548 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:09:05.0406 3548 idsvc - ok
11:09:05.0421 3548 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:09:05.0421 3548 Imapi - ok
11:09:05.0468 3548 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:09:05.0468 3548 ImapiService - ok
11:09:05.0500 3548 ini910u - ok
11:09:05.0671 3548 [ 90E1B42E49D9E91E5ACCAAAAEFA10CE8 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:09:05.0765 3548 IntcAzAudAddService - ok
11:09:05.0781 3548 IntelIde - ok
11:09:05.0812 3548 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:09:05.0828 3548 intelppm - ok
11:09:05.0843 3548 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:09:05.0843 3548 Ip6Fw - ok
11:09:05.0890 3548 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:09:05.0906 3548 IpFilterDriver - ok
11:09:05.0921 3548 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:09:05.0937 3548 IpInIp - ok
11:09:05.0984 3548 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:09:05.0984 3548 IpNat - ok
11:09:06.0031 3548 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:09:06.0031 3548 IPSec - ok
11:09:06.0078 3548 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:09:06.0078 3548 IRENUM - ok
11:09:06.0125 3548 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:09:06.0125 3548 isapnp - ok
11:09:06.0250 3548 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:09:06.0250 3548 JavaQuickStarterService - ok
11:09:06.0281 3548 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:09:06.0281 3548 Kbdclass - ok
11:09:06.0328 3548 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:09:06.0328 3548 kbdhid - ok
11:09:06.0359 3548 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:09:06.0359 3548 kmixer - ok
11:09:06.0375 3548 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:09:06.0390 3548 KSecDD - ok
11:09:06.0453 3548 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:09:06.0468 3548 lanmanserver - ok
11:09:06.0515 3548 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:09:06.0531 3548 lanmanworkstation - ok
11:09:06.0531 3548 lbrtfdc - ok
11:09:06.0578 3548 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:09:06.0593 3548 LmHosts - ok
11:09:06.0656 3548 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
11:09:06.0656 3548 MBAMProtector - ok
11:09:06.0734 3548 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:09:06.0750 3548 MBAMScheduler - ok
11:09:06.0812 3548 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:09:06.0828 3548 MBAMService - ok
11:09:06.0843 3548 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:09:06.0843 3548 Messenger - ok
11:09:06.0890 3548 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:09:06.0890 3548 mnmdd - ok
11:09:06.0937 3548 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:09:06.0937 3548 mnmsrvc - ok
11:09:06.0984 3548 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:09:06.0984 3548 Modem - ok
11:09:07.0031 3548 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:09:07.0031 3548 Mouclass - ok
11:09:07.0078 3548 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:09:07.0078 3548 mouhid - ok
11:09:07.0093 3548 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:09:07.0109 3548 MountMgr - ok
11:09:07.0187 3548 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:09:07.0187 3548 MozillaMaintenance - ok
11:09:07.0203 3548 mraid35x - ok
11:09:07.0218 3548 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:09:07.0218 3548 MRxDAV - ok
11:09:07.0281 3548 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:09:07.0296 3548 MRxSmb - ok
11:09:07.0343 3548 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:09:07.0343 3548 MSDTC - ok
11:09:07.0375 3548 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:09:07.0375 3548 Msfs - ok
11:09:07.0390 3548 MSIServer - ok
11:09:07.0437 3548 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:09:07.0437 3548 MSKSSRV - ok
11:09:07.0453 3548 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:09:07.0468 3548 MSPCLOCK - ok
11:09:07.0468 3548 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:09:07.0468 3548 MSPQM - ok
11:09:07.0500 3548 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:09:07.0500 3548 mssmbios - ok
11:09:07.0531 3548 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:09:07.0531 3548 Mup - ok
11:09:07.0609 3548 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:09:07.0609 3548 napagent - ok
11:09:07.0625 3548 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:09:07.0640 3548 NDIS - ok
11:09:07.0687 3548 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:09:07.0687 3548 NdisTapi - ok
11:09:07.0703 3548 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:09:07.0703 3548 Ndisuio - ok
11:09:07.0718 3548 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:09:07.0718 3548 NdisWan - ok
11:09:07.0750 3548 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:09:07.0750 3548 NDProxy - ok
11:09:07.0765 3548 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:09:07.0765 3548 NetBIOS - ok
11:09:07.0812 3548 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:09:07.0812 3548 NetBT - ok
11:09:07.0859 3548 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:09:07.0859 3548 NetDDE - ok
11:09:07.0890 3548 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:09:07.0890 3548 NetDDEdsdm - ok
11:09:07.0937 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:09:07.0937 3548 Netlogon - ok
11:09:07.0984 3548 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:09:07.0984 3548 Netman - ok
11:09:08.0031 3548 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:09:08.0093 3548 NetTcpPortSharing - ok
11:09:08.0140 3548 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:09:08.0140 3548 Nla - ok
11:09:08.0156 3548 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:09:08.0171 3548 Npfs - ok
11:09:08.0203 3548 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:09:08.0218 3548 Ntfs - ok
11:09:08.0218 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:09:08.0234 3548 NtLmSsp - ok
11:09:08.0281 3548 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:09:08.0296 3548 NtmsSvc - ok
11:09:08.0312 3548 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:09:08.0312 3548 Null - ok
11:09:08.0359 3548 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:09:08.0375 3548 NwlnkFlt - ok
11:09:08.0390 3548 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:09:08.0390 3548 NwlnkFwd - ok
11:09:08.0515 3548 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:09:08.0515 3548 ose - ok
11:09:08.0531 3548 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:09:08.0546 3548 Parport - ok
11:09:08.0546 3548 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:09:08.0562 3548 PartMgr - ok
11:09:08.0609 3548 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:09:08.0609 3548 ParVdm - ok
11:09:08.0625 3548 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:09:08.0625 3548 PCI - ok
11:09:08.0640 3548 PCIDump - ok
11:09:08.0671 3548 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:09:08.0671 3548 PCIIde - ok
11:09:08.0718 3548 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:09:08.0718 3548 Pcmcia - ok
11:09:08.0734 3548 PDCOMP - ok
11:09:08.0734 3548 PDFRAME - ok
11:09:08.0765 3548 PDRELI - ok
11:09:08.0781 3548 PDRFRAME - ok
11:09:08.0781 3548 perc2 - ok
11:09:08.0796 3548 perc2hib - ok
11:09:08.0859 3548 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:09:08.0859 3548 PlugPlay - ok
11:09:08.0875 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:09:08.0875 3548 PolicyAgent - ok
11:09:08.0906 3548 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:09:08.0921 3548 PptpMiniport - ok
11:09:08.0921 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:09:08.0937 3548 ProtectedStorage - ok
11:09:08.0953 3548 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:09:08.0953 3548 PSched - ok
11:09:08.0968 3548 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:09:08.0968 3548 Ptilink - ok
11:09:08.0984 3548 ql1080 - ok
11:09:09.0000 3548 Ql10wnt - ok
11:09:09.0015 3548 ql12160 - ok
11:09:09.0031 3548 ql1240 - ok
11:09:09.0046 3548 ql1280 - ok
11:09:09.0062 3548 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:09:09.0062 3548 RasAcd - ok
11:09:09.0093 3548 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:09:09.0093 3548 RasAuto - ok
11:09:09.0109 3548 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:09:09.0109 3548 Rasl2tp - ok
11:09:09.0156 3548 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:09:09.0156 3548 RasMan - ok
11:09:09.0171 3548 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:09:09.0171 3548 RasPppoe - ok
11:09:09.0187 3548 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:09:09.0203 3548 Raspti - ok
11:09:09.0218 3548 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:09:09.0234 3548 Rdbss - ok
11:09:09.0265 3548 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:09:09.0281 3548 RDPCDD - ok
11:09:09.0343 3548 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:09:09.0343 3548 RDPWD - ok
11:09:09.0375 3548 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:09:09.0375 3548 RDSessMgr - ok
11:09:09.0390 3548 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:09:09.0421 3548 redbook - ok
11:09:09.0468 3548 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:09:09.0468 3548 RemoteAccess - ok
11:09:09.0515 3548 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:09:09.0515 3548 RpcLocator - ok
11:09:09.0546 3548 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:09:09.0562 3548 RpcSs - ok
11:09:09.0609 3548 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:09:09.0609 3548 RSVP - ok
11:09:09.0656 3548 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
11:09:09.0656 3548 rtl8139 - ok
11:09:09.0671 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:09:09.0687 3548 SamSs - ok
11:09:09.0703 3548 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:09:09.0718 3548 SCardSvr - ok
11:09:09.0765 3548 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:09:09.0781 3548 Schedule - ok
11:09:09.0843 3548 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:09:09.0843 3548 Secdrv - ok
11:09:09.0859 3548 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:09:09.0875 3548 seclogon - ok
11:09:09.0890 3548 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:09:09.0890 3548 SENS - ok
11:09:09.0921 3548 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:09:09.0921 3548 serenum - ok
11:09:09.0937 3548 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:09:09.0937 3548 Serial - ok
11:09:10.0031 3548 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:09:10.0031 3548 Sfloppy - ok
11:09:10.0093 3548 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:09:10.0093 3548 SharedAccess - ok
11:09:10.0125 3548 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:09:10.0125 3548 ShellHWDetection - ok
11:09:10.0140 3548 Simbad - ok
11:09:10.0203 3548 [ EB49860E776CE860DC3CFB9EDB1BA517 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
11:09:10.0218 3548 snapman - ok
11:09:10.0218 3548 Sparrow - ok
11:09:10.0250 3548 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:09:10.0250 3548 splitter - ok
11:09:10.0296 3548 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:09:10.0296 3548 Spooler - ok
11:09:10.0312 3548 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:09:10.0312 3548 sr - ok
11:09:10.0375 3548 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:09:10.0375 3548 srservice - ok
11:09:10.0437 3548 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:09:10.0437 3548 Srv - ok
11:09:10.0468 3548 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:09:10.0468 3548 SSDPSRV - ok
11:09:10.0515 3548 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
11:09:10.0515 3548 StillCam - ok
11:09:10.0578 3548 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:09:10.0578 3548 stisvc - ok
11:09:10.0609 3548 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:09:10.0609 3548 swenum - ok
11:09:10.0640 3548 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:09:10.0656 3548 swmidi - ok
11:09:10.0671 3548 SwPrv - ok
11:09:10.0687 3548 symc810 - ok
11:09:10.0703 3548 symc8xx - ok
11:09:10.0718 3548 sym_hi - ok
11:09:10.0734 3548 sym_u3 - ok
11:09:10.0750 3548 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:09:10.0750 3548 sysaudio - ok
11:09:10.0796 3548 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:09:10.0796 3548 SysmonLog - ok
11:09:10.0843 3548 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:09:10.0843 3548 TapiSrv - ok
11:09:10.0906 3548 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:09:10.0906 3548 Tcpip - ok
11:09:10.0937 3548 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:09:10.0937 3548 TDPIPE - ok
11:09:10.0984 3548 [ 431801FCC97034E04A6EFF81136578D7 ] tdrpman273 C:\WINDOWS\system32\DRIVERS\tdrpm273.sys
11:09:11.0015 3548 tdrpman273 - ok
11:09:11.0062 3548 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:09:11.0062 3548 TDTCP - ok
11:09:11.0078 3548 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:09:11.0078 3548 TermDD - ok
11:09:11.0156 3548 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:09:11.0171 3548 TermService - ok
11:09:11.0203 3548 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:09:11.0203 3548 Themes - ok
11:09:11.0234 3548 [ A34D7024BB7140EC785C86BC065D4F60 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
11:09:11.0250 3548 timounter - ok
11:09:11.0265 3548 TosIde - ok
11:09:11.0296 3548 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:09:11.0312 3548 TrkWks - ok
11:09:11.0328 3548 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:09:11.0343 3548 Udfs - ok
11:09:11.0359 3548 ultra - ok
11:09:11.0390 3548 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:09:11.0406 3548 Update - ok
11:09:11.0453 3548 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:09:11.0453 3548 upnphost - ok
11:09:11.0484 3548 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:09:11.0484 3548 UPS - ok
11:09:11.0531 3548 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:09:11.0531 3548 usbccgp - ok
11:09:11.0546 3548 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:09:11.0546 3548 usbehci - ok
11:09:11.0578 3548 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:09:11.0578 3548 usbhub - ok
11:09:11.0578 3548 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:09:11.0593 3548 usbohci - ok
11:09:11.0609 3548 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:09:11.0609 3548 usbprint - ok
11:09:11.0640 3548 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:09:11.0640 3548 usbscan - ok
11:09:11.0687 3548 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:09:11.0687 3548 USBSTOR - ok
11:09:11.0703 3548 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:09:11.0703 3548 VgaSave - ok
11:09:11.0718 3548 ViaIde - ok
11:09:11.0734 3548 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:09:11.0734 3548 VolSnap - ok
11:09:11.0812 3548 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:09:11.0843 3548 VSS - ok
11:09:11.0875 3548 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:09:11.0875 3548 W32Time - ok
11:09:11.0906 3548 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:09:11.0906 3548 Wanarp - ok
11:09:11.0921 3548 WDICA - ok
11:09:11.0937 3548 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:09:11.0937 3548 wdmaud - ok
11:09:11.0968 3548 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:09:11.0968 3548 WebClient - ok
11:09:12.0093 3548 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:09:12.0093 3548 winmgmt - ok
11:09:12.0156 3548 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
11:09:12.0156 3548 WmdmPmSN - ok
11:09:12.0203 3548 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:09:12.0203 3548 WmiApSrv - ok
11:09:12.0312 3548 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:09:12.0328 3548 WPFFontCache_v0400 - ok
11:09:12.0359 3548 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:09:12.0359 3548 WS2IFSL - ok
11:09:12.0406 3548 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:09:12.0406 3548 wscsvc - ok
11:09:12.0437 3548 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:09:12.0453 3548 wuauserv - ok
11:09:12.0515 3548 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:09:12.0531 3548 WZCSVC - ok
11:09:12.0546 3548 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:09:12.0546 3548 xmlprov - ok
11:09:12.0562 3548 ================ Scan global ===============================
11:09:12.0578 3548 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:09:12.0625 3548 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:09:12.0640 3548 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:09:12.0671 3548 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:09:12.0671 3548 [Global] - ok
11:09:12.0671 3548 ================ Scan MBR ==================================
11:09:12.0687 3548 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:09:12.0906 3548 \Device\Harddisk0\DR0 - ok
11:09:12.0906 3548 ================ Scan VBR ==================================
11:09:12.0921 3548 [ B8524B223AD9E7916019630A276F6CAC ] \Device\Harddisk0\DR0\Partition1
11:09:12.0921 3548 \Device\Harddisk0\DR0\Partition1 - ok
11:09:12.0921 3548 ============================================================
11:09:12.0921 3548 Scan finished
11:09:12.0921 3548 ============================================================
11:09:12.0937 3708 Detected object count: 0
11:09:12.0937 3708 Actual detected object count: 0
11:09:18.0015 3560 Deinitialize success

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu zo starého PC

Příspěvekod jaro3 » 05 dub 2013 19:03

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.


Jak se chová PC?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

JANíčOK
Level 3
Level 3
Příspěvky: 471
Registrován: červen 06
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu zo starého PC

Příspěvekod JANíčOK » 08 dub 2013 09:34

PC ide rýchlejšie ako predtým. Problémy, ktoré boli už nie sú. Dúfam, že to tak aj zostane.
Posielam log z aswMBR.

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-08 09:31:27
-----------------------------
09:31:27.828 OS Version: Windows 5.1.2600 Service Pack 3
09:31:27.828 Number of processors: 2 586 0x407
09:31:27.828 ComputerName: PC01 UserName: user
09:31:29.203 Initialize success
09:31:34.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
09:31:34.218 Disk 0 Vendor: SAMSUNG_HD080HJ ZH100-41 Size: 76319MB BusType: 3
09:31:34.296 Disk 0 MBR read successfully
09:31:34.296 Disk 0 MBR scan
09:31:34.296 Disk 0 Windows XP default MBR code
09:31:34.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
09:31:34.296 Disk 0 scanning sectors +156280320
09:31:34.359 Disk 0 scanning C:\WINDOWS\system32\drivers
09:31:40.515 Service scanning
09:31:48.453 Modules scanning
09:32:03.921 Disk 0 trace - called modules:
09:32:03.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
09:32:03.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84dd77b0]
09:32:03.953 3 CLASSPNP.SYS[f7642fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-9[0x84d6a988]
09:32:03.968 Scan finished successfully
09:32:15.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
09:32:15.593 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 66 hostů