Prosím o kontrolu logu . Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
plexik
Level 2
Level 2
Příspěvky: 223
Registrován: listopad 08
Pohlaví: Muž
Stav:
Offline

Prosím o kontrolu logu .

Příspěvekod plexik » 16 říj 2013 16:36

Prosím o kontrolu logu . Dlouho nabíhá při spouštění . Děkuji .
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:31:02, on 16.10.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FDM.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout FDM - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video FDM - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané FDM - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše FDM - file://C:\Program Files\Free Download Manager\dlall.htm
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

--
End of file - 5621 bytes

Reklama
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu .

Příspěvekod memphisto » 16 říj 2013 16:36

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji

Uživatelský avatar
plexik
Level 2
Level 2
Příspěvky: 223
Registrován: listopad 08
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu .

Příspěvekod plexik » 16 říj 2013 17:00

Mbam je čistej a tady je ten druhej log .

# AdwCleaner v3.007 - Report created 16/10/2013 at 15:46:07
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - DOMA-31B8F09BE9
# Running from : C:\Documents and Settings\User.DOMA-31B8F09BE9\Plocha\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Found C:\Program Files\Common Files\spigot

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\a68ddabc38b810
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116BA71C-8187-4F15-9A1F-C9D6289155D1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\PIP
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [2204 octets] - [16/10/2013 15:46:07]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2264 octets] ##########

Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu .

Příspěvekod memphisto » 16 říj 2013 19:50

v adw nech vše smazat¨a dodej log

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit

-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji

Uživatelský avatar
plexik
Level 2
Level 2
Příspěvky: 223
Registrován: listopad 08
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu .

Příspěvekod plexik » 17 říj 2013 19:58

RogueKiller V8.7.4 [Oct 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : User [Práva správce]
Mód : Kontrola -- Datum : 10/17/2013 18:35:17
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standardní diskové jednotky) - Hitachi HTS541612J9SA00 +++++
--- User ---
[MBR] 372eeac98fcbcc3102c9923a7d72b561
[BSP] 36df4873e24c8688d5dcd758d1834897 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 42147 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 86333310 | Size: 72316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_10172013_183517.txt >>
RKreport[0]_D_10172013_183334.txt;RKreport[0]_S_10172013_183008.txt



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by User on čt 17.10.2013 at 18:38:34,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\User.DOMA-31B8F09BE9\Data aplikací\performersoft"
Successfully deleted: [Folder] "C:\Documents and Settings\User.DOMA-31B8F09BE9\appdata\locallow\datamngr"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on čt 17.10.2013 at 18:49:29,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu .

Příspěvekod memphisto » 17 říj 2013 21:19

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji

Uživatelský avatar
plexik
Level 2
Level 2
Příspěvky: 223
Registrován: listopad 08
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu .

Příspěvekod plexik » 18 říj 2013 17:19

16:14:26.0296 0964 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:14:28.0296 0964 ============================================================
16:14:28.0296 0964 Current date / time: 2013/10/18 16:14:28.0296
16:14:28.0296 0964 SystemInfo:
16:14:28.0296 0964
16:14:28.0296 0964 OS Version: 5.1.2600 ServicePack: 3.0
16:14:28.0296 0964 Product type: Workstation
16:14:28.0296 0964 ComputerName: DOMA-31B8F09BE9
16:14:28.0296 0964 UserName: User
16:14:28.0296 0964 Windows directory: C:\WINDOWS
16:14:28.0296 0964 System windows directory: C:\WINDOWS
16:14:28.0296 0964 Processor architecture: Intel x86
16:14:28.0296 0964 Number of processors: 2
16:14:28.0296 0964 Page size: 0x1000
16:14:28.0296 0964 Boot type: Normal boot
16:14:28.0296 0964 ============================================================
16:14:34.0078 0964 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:14:34.0093 0964 ============================================================
16:14:34.0093 0964 \Device\Harddisk0\DR0:
16:14:34.0093 0964 MBR partitions:
16:14:34.0093 0964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x525187E
16:14:34.0093 0964 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x525577E, BlocksNum 0x8D3E043
16:14:34.0093 0964 ============================================================
16:14:34.0125 0964 D: <-> \Device\Harddisk0\DR0\Partition2
16:14:34.0156 0964 C: <-> \Device\Harddisk0\DR0\Partition1
16:14:34.0156 0964 ============================================================
16:14:34.0156 0964 Initialize success
16:14:34.0156 0964 ============================================================
16:15:01.0515 1748 ============================================================
16:15:01.0515 1748 Scan started
16:15:01.0515 1748 Mode: Manual;
16:15:01.0515 1748 ============================================================
16:15:01.0859 1748 ================ Scan system memory ========================
16:15:01.0859 1748 System memory - ok
16:15:01.0859 1748 ================ Scan services =============================
16:15:01.0953 1748 Abiosdsk - ok
16:15:01.0968 1748 abp480n5 - ok
16:15:02.0015 1748 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:15:02.0015 1748 ACPI - ok
16:15:02.0031 1748 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:15:02.0031 1748 ACPIEC - ok
16:15:02.0109 1748 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:15:02.0109 1748 AdobeFlashPlayerUpdateSvc - ok
16:15:02.0109 1748 adpu160m - ok
16:15:02.0234 1748 [ 9243229DFCCC99B5441750EBA49F1B14 ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
16:15:02.0265 1748 AdvancedSystemCareService6 - ok
16:15:02.0281 1748 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:15:02.0281 1748 aec - ok
16:15:02.0328 1748 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:15:02.0328 1748 AFD - ok
16:15:02.0343 1748 Aha154x - ok
16:15:02.0343 1748 aic78u2 - ok
16:15:02.0359 1748 aic78xx - ok
16:15:02.0390 1748 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:15:02.0406 1748 Alerter - ok
16:15:02.0421 1748 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
16:15:02.0437 1748 ALG - ok
16:15:02.0453 1748 AliIde - ok
16:15:02.0453 1748 amsint - ok
16:15:02.0484 1748 [ 69C2E4FDFAAB3E23A23A35FA36914E47 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
16:15:02.0500 1748 ApfiltrService - ok
16:15:02.0562 1748 [ 65B963F05458A7EE00473EB21CE3789D ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
16:15:02.0562 1748 AR5211 - ok
16:15:02.0593 1748 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:15:02.0609 1748 Arp1394 - ok
16:15:02.0609 1748 asc - ok
16:15:02.0609 1748 asc3350p - ok
16:15:02.0625 1748 asc3550 - ok
16:15:02.0671 1748 [ 05A56C3156E1B6CC7BBD8E1D54D491F2 ] ASNDIS5 C:\WINDOWS\ATK0100\ASNDIS5.SYS
16:15:02.0687 1748 ASNDIS5 - ok
16:15:02.0765 1748 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:15:02.0781 1748 aspnet_state - ok
16:15:02.0812 1748 [ B9FE438B3CAD82B2014710349A2022F7 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
16:15:02.0812 1748 aswFsBlk - ok
16:15:02.0828 1748 [ AE5549DD21F6DE06406031EF1D51ACC3 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
16:15:02.0843 1748 aswMonFlt - ok
16:15:02.0843 1748 [ D084D0A7A66619FC29776CBBB9D5FA55 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
16:15:02.0843 1748 AswRdr - ok
16:15:02.0859 1748 [ FA72FA503F580C3C628DD8C7D7622E37 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
16:15:02.0859 1748 aswRvrt - ok
16:15:02.0906 1748 [ 4D53349D848C6BADB3D4ACBE98C27676 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
16:15:02.0906 1748 aswSnx - ok
16:15:02.0937 1748 [ 813024DFD54A41B3AFAE2B1E2796CB80 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
16:15:02.0953 1748 aswSP - ok
16:15:02.0953 1748 [ 5E18413310134130D7772F0668698CB7 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
16:15:02.0953 1748 aswTdi - ok
16:15:02.0984 1748 [ A5F637D61719D37A5B4868C385E363C0 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
16:15:02.0984 1748 aswVmm - ok
16:15:03.0000 1748 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:15:03.0000 1748 AsyncMac - ok
16:15:03.0015 1748 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:15:03.0015 1748 atapi - ok
16:15:03.0015 1748 Atdisk - ok
16:15:03.0062 1748 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:15:03.0078 1748 Atmarpc - ok
16:15:03.0109 1748 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:15:03.0125 1748 AudioSrv - ok
16:15:03.0140 1748 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:15:03.0140 1748 audstub - ok
16:15:03.0218 1748 [ 9330941C8F6DF417F6DBBE998DB6687E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:15:03.0234 1748 avast! Antivirus - ok
16:15:03.0281 1748 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:15:03.0281 1748 Beep - ok
16:15:03.0312 1748 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
16:15:03.0343 1748 BITS - ok
16:15:03.0375 1748 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
16:15:03.0390 1748 Browser - ok
16:15:03.0421 1748 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
16:15:03.0421 1748 BthEnum - ok
16:15:03.0437 1748 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
16:15:03.0437 1748 BthPan - ok
16:15:03.0484 1748 [ F338662A6C1FC11DD9508F6DFF2C06A2 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
16:15:03.0484 1748 BTHPORT - ok
16:15:03.0515 1748 [ 70CA4B3F634C9DCA200832F8DA76E009 ] BthServ C:\WINDOWS\System32\bthserv.dll
16:15:03.0531 1748 BthServ - ok
16:15:03.0531 1748 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
16:15:03.0546 1748 BTHUSB - ok
16:15:03.0546 1748 catchme - ok
16:15:03.0562 1748 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:15:03.0562 1748 cbidf2k - ok
16:15:03.0593 1748 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:15:03.0593 1748 CCDECODE - ok
16:15:03.0593 1748 cd20xrnt - ok
16:15:03.0625 1748 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:15:03.0625 1748 Cdaudio - ok
16:15:03.0656 1748 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:15:03.0671 1748 Cdfs - ok
16:15:03.0687 1748 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:15:03.0687 1748 Cdrom - ok
16:15:03.0687 1748 Changer - ok
16:15:03.0718 1748 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:15:03.0734 1748 CiSvc - ok
16:15:03.0750 1748 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:15:03.0765 1748 ClipSrv - ok
16:15:03.0781 1748 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:15:03.0812 1748 clr_optimization_v2.0.50727_32 - ok
16:15:03.0828 1748 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:15:03.0843 1748 CmBatt - ok
16:15:03.0843 1748 CmdIde - ok
16:15:03.0843 1748 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:15:03.0859 1748 Compbatt - ok
16:15:03.0859 1748 COMSysApp - ok
16:15:03.0875 1748 Cpqarray - ok
16:15:03.0906 1748 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:15:03.0921 1748 CryptSvc - ok
16:15:03.0921 1748 dac2w2k - ok
16:15:03.0937 1748 dac960nt - ok
16:15:03.0984 1748 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:15:04.0000 1748 DcomLaunch - ok
16:15:04.0046 1748 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:15:04.0046 1748 Dhcp - ok
16:15:04.0062 1748 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:15:04.0062 1748 Disk - ok
16:15:04.0078 1748 dmadmin - ok
16:15:04.0140 1748 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:15:04.0156 1748 dmboot - ok
16:15:04.0156 1748 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:15:04.0156 1748 dmio - ok
16:15:04.0187 1748 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:15:04.0187 1748 dmload - ok
16:15:04.0218 1748 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:15:04.0234 1748 dmserver - ok
16:15:04.0250 1748 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:15:04.0250 1748 DMusic - ok
16:15:04.0281 1748 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:15:04.0296 1748 Dnscache - ok
16:15:04.0328 1748 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:15:04.0343 1748 Dot3svc - ok
16:15:04.0359 1748 dpti2o - ok
16:15:04.0390 1748 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:15:04.0390 1748 drmkaud - ok
16:15:04.0421 1748 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:15:04.0437 1748 EapHost - ok
16:15:04.0468 1748 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:15:04.0484 1748 ERSvc - ok
16:15:04.0515 1748 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
16:15:04.0546 1748 Eventlog - ok
16:15:04.0562 1748 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
16:15:04.0593 1748 EventSystem - ok
16:15:04.0625 1748 [ 43B0076B3AB8996B84D2CC8F990B582F ] f7b5B C:\WINDOWS\system32\f7b5B.sys
16:15:04.0656 1748 f7b5B - ok
16:15:04.0671 1748 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:15:04.0671 1748 Fastfat - ok
16:15:04.0718 1748 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:15:04.0750 1748 FastUserSwitchingCompatibility - ok
16:15:04.0765 1748 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:15:04.0765 1748 Fdc - ok
16:15:04.0796 1748 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:15:04.0796 1748 Fips - ok
16:15:04.0812 1748 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:15:04.0828 1748 Flpydisk - ok
16:15:04.0859 1748 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:15:04.0859 1748 FltMgr - ok
16:15:04.0937 1748 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:15:04.0953 1748 FontCache3.0.0.0 - ok
16:15:04.0953 1748 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:15:04.0968 1748 Fs_Rec - ok
16:15:04.0984 1748 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:15:04.0984 1748 Ftdisk - ok
16:15:05.0000 1748 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:15:05.0000 1748 Gpc - ok
16:15:05.0015 1748 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:15:05.0015 1748 HDAudBus - ok
16:15:05.0062 1748 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:15:05.0078 1748 helpsvc - ok
16:15:05.0125 1748 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:15:05.0125 1748 hidusb - ok
16:15:05.0156 1748 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:15:05.0187 1748 hkmsvc - ok
16:15:05.0187 1748 hpn - ok
16:15:05.0218 1748 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:15:05.0234 1748 HTTP - ok
16:15:05.0250 1748 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:15:05.0281 1748 HTTPFilter - ok
16:15:05.0281 1748 i2omgmt - ok
16:15:05.0296 1748 i2omp - ok
16:15:05.0312 1748 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:15:05.0312 1748 i8042prt - ok
16:15:05.0375 1748 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:15:05.0421 1748 idsvc - ok
16:15:05.0437 1748 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:15:05.0437 1748 Imapi - ok
16:15:05.0484 1748 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:15:05.0500 1748 ImapiService - ok
16:15:05.0515 1748 ini910u - ok
16:15:05.0703 1748 [ 284BCB80391783D328A8D8163E97FD58 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:15:05.0859 1748 IntcAzAudAddService - ok
16:15:05.0859 1748 IntelIde - ok
16:15:05.0906 1748 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:15:05.0906 1748 Ip6Fw - ok
16:15:05.0921 1748 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:15:05.0937 1748 IpFilterDriver - ok
16:15:05.0937 1748 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:15:05.0937 1748 IpInIp - ok
16:15:05.0984 1748 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:15:05.0984 1748 IpNat - ok
16:15:06.0000 1748 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:15:06.0015 1748 IPSec - ok
16:15:06.0015 1748 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:15:06.0015 1748 IRENUM - ok
16:15:06.0031 1748 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:15:06.0046 1748 isapnp - ok
16:15:06.0125 1748 [ 724A6A9AB5E1807665C5DB71C30BFC5F ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
16:15:06.0125 1748 ISWKL - ok
16:15:06.0171 1748 [ 57FE873B8246DEF1372503CBC57A7499 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
16:15:06.0203 1748 IswSvc - ok
16:15:06.0250 1748 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:15:06.0250 1748 Kbdclass - ok
16:15:06.0281 1748 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
16:15:06.0296 1748 KL1 - ok
16:15:06.0296 1748 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
16:15:06.0296 1748 kl2 - ok
16:15:06.0328 1748 [ 1267FC6F43F2868127A01E9766BF51A7 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
16:15:06.0328 1748 KLIF - ok
16:15:06.0359 1748 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:15:06.0359 1748 kmixer - ok
16:15:06.0375 1748 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:15:06.0375 1748 KSecDD - ok
16:15:06.0406 1748 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:15:06.0421 1748 lanmanserver - ok
16:15:06.0453 1748 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:15:06.0484 1748 lanmanworkstation - ok
16:15:06.0484 1748 lbrtfdc - ok
16:15:06.0531 1748 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:15:06.0546 1748 LmHosts - ok
16:15:06.0578 1748 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:15:06.0593 1748 Messenger - ok
16:15:06.0625 1748 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:15:06.0625 1748 mnmdd - ok
16:15:06.0656 1748 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:15:06.0671 1748 mnmsrvc - ok
16:15:06.0718 1748 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:15:06.0718 1748 Modem - ok
16:15:06.0765 1748 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
16:15:06.0765 1748 MODEMCSA - ok
16:15:06.0781 1748 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:15:06.0781 1748 Mouclass - ok
16:15:06.0828 1748 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:15:06.0828 1748 mouhid - ok
16:15:06.0843 1748 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:15:06.0843 1748 MountMgr - ok
16:15:06.0843 1748 mraid35x - ok
16:15:06.0875 1748 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:15:06.0875 1748 MRxDAV - ok
16:15:06.0906 1748 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:15:06.0906 1748 MRxSmb - ok
16:15:06.0953 1748 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:15:06.0968 1748 MSDTC - ok
16:15:07.0000 1748 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:15:07.0000 1748 Msfs - ok
16:15:07.0000 1748 MSIServer - ok
16:15:07.0031 1748 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:15:07.0031 1748 MSKSSRV - ok
16:15:07.0046 1748 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:15:07.0046 1748 MSPCLOCK - ok
16:15:07.0062 1748 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:15:07.0062 1748 MSPQM - ok
16:15:07.0078 1748 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:15:07.0093 1748 mssmbios - ok
16:15:07.0109 1748 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
16:15:07.0109 1748 MSTEE - ok
16:15:07.0140 1748 [ 1C0F480B7C6136DDB5FB909995AF014A ] MTsensor C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
16:15:07.0156 1748 MTsensor - ok
16:15:07.0171 1748 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:15:07.0171 1748 Mup - ok
16:15:07.0203 1748 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:15:07.0203 1748 NABTSFEC - ok
16:15:07.0234 1748 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:15:07.0265 1748 napagent - ok
16:15:07.0312 1748 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:15:07.0312 1748 NDIS - ok
16:15:07.0343 1748 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:15:07.0343 1748 NdisIP - ok
16:15:07.0359 1748 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:15:07.0375 1748 NdisTapi - ok
16:15:07.0390 1748 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:15:07.0390 1748 Ndisuio - ok
16:15:07.0406 1748 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:15:07.0406 1748 NdisWan - ok
16:15:07.0437 1748 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:15:07.0437 1748 NDProxy - ok
16:15:07.0453 1748 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:15:07.0453 1748 NetBIOS - ok
16:15:07.0500 1748 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:15:07.0500 1748 NetBT - ok
16:15:07.0546 1748 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
16:15:07.0562 1748 NetDDE - ok
16:15:07.0578 1748 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:15:07.0578 1748 NetDDEdsdm - ok
16:15:07.0609 1748 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:15:07.0625 1748 Netlogon - ok
16:15:07.0656 1748 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
16:15:07.0671 1748 Netman - ok
16:15:07.0703 1748 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:15:07.0734 1748 NetTcpPortSharing - ok
16:15:07.0750 1748 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:15:07.0750 1748 NIC1394 - ok
16:15:07.0781 1748 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
16:15:07.0781 1748 Nla - ok
16:15:07.0828 1748 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:15:07.0828 1748 Npfs - ok
16:15:07.0843 1748 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:15:07.0843 1748 Ntfs - ok
16:15:07.0859 1748 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:15:07.0875 1748 NtLmSsp - ok
16:15:07.0921 1748 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:15:07.0953 1748 NtmsSvc - ok
16:15:07.0968 1748 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:15:07.0968 1748 Null - ok
16:15:08.0234 1748 [ D42FB8615E810901779294F5627364FE ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:15:08.0437 1748 nv - ok
16:15:08.0484 1748 [ 447CF6E09CECA96EAF5772D465CCA344 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
16:15:08.0484 1748 NVENETFD - ok
16:15:08.0515 1748 [ EF04D5A268F5D44422795F9C013FBC8A ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
16:15:08.0515 1748 nvnetbus - ok
16:15:08.0562 1748 [ 755D3A2DE4B05024F90430FE32FF26A5 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
16:15:08.0593 1748 NVSvc - ok
16:15:08.0625 1748 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:15:08.0625 1748 NwlnkFlt - ok
16:15:08.0640 1748 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:15:08.0640 1748 NwlnkFwd - ok
16:15:08.0687 1748 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:15:08.0703 1748 ohci1394 - ok
16:15:08.0734 1748 [ 72A32882A9BD1904E0726DFC758CAAD1 ] PAC7311 C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
16:15:08.0734 1748 PAC7311 - ok
16:15:08.0765 1748 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\drivers\Parport.sys
16:15:08.0765 1748 Parport - ok
16:15:08.0781 1748 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:15:08.0781 1748 PartMgr - ok
16:15:08.0812 1748 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:15:08.0812 1748 ParVdm - ok
16:15:08.0828 1748 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:15:08.0828 1748 PCI - ok
16:15:08.0828 1748 PCIDump - ok
16:15:08.0843 1748 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:15:08.0843 1748 PCIIde - ok
16:15:08.0859 1748 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:15:08.0875 1748 Pcmcia - ok
16:15:08.0906 1748 [ 02AAAFB7BA137CE5DDABCDF8090954D9 ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
16:15:08.0906 1748 pcouffin - ok
16:15:08.0921 1748 PDCOMP - ok
16:15:08.0921 1748 PDFRAME - ok
16:15:08.0921 1748 PDRELI - ok
16:15:08.0937 1748 PDRFRAME - ok
16:15:08.0937 1748 perc2 - ok
16:15:08.0953 1748 perc2hib - ok
16:15:08.0984 1748 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
16:15:09.0000 1748 PlugPlay - ok
16:15:09.0015 1748 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:15:09.0015 1748 PolicyAgent - ok
16:15:09.0062 1748 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:15:09.0062 1748 PptpMiniport - ok
16:15:09.0078 1748 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
16:15:09.0078 1748 Processor - ok
16:15:09.0078 1748 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:15:09.0093 1748 ProtectedStorage - ok
16:15:09.0093 1748 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:15:09.0109 1748 PSched - ok
16:15:09.0140 1748 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:15:09.0140 1748 Ptilink - ok
16:15:09.0156 1748 ql1080 - ok
16:15:09.0156 1748 Ql10wnt - ok
16:15:09.0171 1748 ql12160 - ok
16:15:09.0171 1748 ql1240 - ok
16:15:09.0171 1748 ql1280 - ok
16:15:09.0187 1748 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:15:09.0187 1748 RasAcd - ok
16:15:09.0234 1748 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:15:09.0250 1748 RasAuto - ok
16:15:09.0281 1748 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:15:09.0281 1748 Rasl2tp - ok
16:15:09.0328 1748 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:15:09.0343 1748 RasMan - ok
16:15:09.0375 1748 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:15:09.0375 1748 RasPppoe - ok
16:15:09.0375 1748 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:15:09.0375 1748 Raspti - ok
16:15:09.0421 1748 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:15:09.0421 1748 Rdbss - ok
16:15:09.0437 1748 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:15:09.0437 1748 RDPCDD - ok
16:15:09.0484 1748 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:15:09.0484 1748 RDPWD - ok
16:15:09.0515 1748 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:15:09.0546 1748 RDSessMgr - ok
16:15:09.0578 1748 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:15:09.0578 1748 redbook - ok
16:15:09.0625 1748 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:15:09.0640 1748 RemoteAccess - ok
16:15:09.0671 1748 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
16:15:09.0671 1748 RFCOMM - ok
16:15:09.0718 1748 [ B6E686AAB08BC276D0000293F9FBA0BB ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
16:15:09.0718 1748 rimmptsk - ok
16:15:09.0734 1748 [ BCFF51E0BE86D6F0E2180E5142203527 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
16:15:09.0734 1748 rimsptsk - ok
16:15:09.0765 1748 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
16:15:09.0796 1748 RpcLocator - ok
16:15:09.0828 1748 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:15:09.0828 1748 RpcSs - ok
16:15:09.0875 1748 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:15:09.0906 1748 RSVP - ok
16:15:09.0921 1748 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
16:15:09.0921 1748 SamSs - ok
16:15:09.0953 1748 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:15:09.0968 1748 SCardSvr - ok
16:15:10.0015 1748 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:15:10.0031 1748 Schedule - ok
16:15:10.0062 1748 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:15:10.0062 1748 sdbus - ok
16:15:10.0109 1748 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:15:10.0109 1748 Secdrv - ok
16:15:10.0125 1748 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:15:10.0140 1748 seclogon - ok
16:15:10.0156 1748 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
16:15:10.0171 1748 SENS - ok
16:15:10.0187 1748 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
16:15:10.0187 1748 Serial - ok
16:15:10.0218 1748 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
16:15:10.0218 1748 sffdisk - ok
16:15:10.0250 1748 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
16:15:10.0250 1748 sffp_sd - ok
16:15:10.0250 1748 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:15:10.0250 1748 Sfloppy - ok
16:15:10.0312 1748 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:15:10.0328 1748 SharedAccess - ok
16:15:10.0343 1748 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:15:10.0359 1748 ShellHWDetection - ok
16:15:10.0359 1748 Simbad - ok
16:15:10.0453 1748 [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:15:10.0531 1748 SkypeUpdate - ok
16:15:10.0562 1748 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:15:10.0562 1748 SLIP - ok
16:15:10.0625 1748 [ D9BFD2298F5CF116D8EAAE3B02DCEE2E ] smserial C:\WINDOWS\system32\DRIVERS\smserial.sys
16:15:10.0640 1748 smserial - ok
16:15:10.0656 1748 Sparrow - ok
16:15:10.0671 1748 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:15:10.0671 1748 splitter - ok
16:15:10.0718 1748 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:15:10.0734 1748 Spooler - ok
16:15:10.0750 1748 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:15:10.0765 1748 sr - ok
16:15:10.0796 1748 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
16:15:10.0828 1748 srservice - ok
16:15:10.0843 1748 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:15:10.0859 1748 Srv - ok
16:15:10.0875 1748 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:15:10.0890 1748 SSDPSRV - ok
16:15:10.0906 1748 ssudmdm - ok
16:15:10.0937 1748 [ ED78DFAD8EFCDFBC89500492C4D14645 ] STI Simulator C:\WINDOWS\System32\PAStiSvc.exe
16:15:10.0968 1748 STI Simulator - ok
16:15:10.0984 1748 [ 06CDA2A5A549BC455D004461E6BC5B33 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
16:15:11.0000 1748 StillCam - ok
16:15:11.0031 1748 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:15:11.0062 1748 stisvc - ok
16:15:11.0093 1748 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:15:11.0093 1748 streamip - ok
16:15:11.0125 1748 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:15:11.0125 1748 swenum - ok
16:15:11.0156 1748 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:15:11.0156 1748 swmidi - ok
16:15:11.0156 1748 SwPrv - ok
16:15:11.0171 1748 symc810 - ok
16:15:11.0171 1748 symc8xx - ok
16:15:11.0187 1748 sym_hi - ok
16:15:11.0187 1748 sym_u3 - ok
16:15:11.0203 1748 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:15:11.0203 1748 sysaudio - ok
16:15:11.0234 1748 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:15:11.0265 1748 SysmonLog - ok
16:15:11.0296 1748 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:15:11.0312 1748 TapiSrv - ok
16:15:11.0359 1748 [ 4AFB3B0919649F95C1964AA1FAD27D73 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:15:11.0359 1748 Tcpip - ok
16:15:11.0406 1748 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:15:11.0406 1748 TDPIPE - ok
16:15:11.0421 1748 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:15:11.0421 1748 TDTCP - ok
16:15:11.0453 1748 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:15:11.0453 1748 TermDD - ok
16:15:11.0515 1748 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
16:15:11.0546 1748 TermService - ok
16:15:11.0578 1748 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
16:15:11.0593 1748 Themes - ok
16:15:11.0609 1748 [ E362D54FD394999C4178936396664E57 ] toshidpt C:\WINDOWS\system32\drivers\Toshidpt.sys
16:15:11.0625 1748 toshidpt - ok
16:15:11.0625 1748 TosIde - ok
16:15:11.0640 1748 [ 02EBF69066D6F208AF4D07481BBAE0AD ] tosporte C:\WINDOWS\system32\DRIVERS\tosporte.sys
16:15:11.0656 1748 tosporte - ok
16:15:11.0671 1748 [ B52D9CE4A1F2FEB1C77F913B55768530 ] Tosrfbd C:\WINDOWS\system32\Drivers\tosrfbd.sys
16:15:11.0671 1748 Tosrfbd - ok
16:15:11.0671 1748 [ 1AE2BA74B2A4F5A358B13FCD35258C30 ] Tosrfbnp C:\WINDOWS\system32\Drivers\tosrfbnp.sys
16:15:11.0671 1748 Tosrfbnp - ok
16:15:11.0703 1748 [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom C:\WINDOWS\system32\Drivers\tosrfcom.sys
16:15:11.0703 1748 Tosrfcom - ok
16:15:11.0703 1748 [ 8310963D2D06860E272EEC87BCA4217A ] Tosrfhid C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
16:15:11.0718 1748 Tosrfhid - ok
16:15:11.0718 1748 [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
16:15:11.0718 1748 tosrfnds - ok
16:15:11.0750 1748 [ AB6FD13D7EFA2634FA6BDF84C7EF0696 ] TosRfSnd C:\WINDOWS\system32\drivers\TosRfSnd.sys
16:15:11.0750 1748 TosRfSnd - ok
16:15:11.0765 1748 [ C639FC314EA7436325ADE8CD514B627C ] Tosrfusb C:\WINDOWS\system32\Drivers\tosrfusb.sys
16:15:11.0781 1748 Tosrfusb - ok
16:15:11.0812 1748 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:15:11.0828 1748 TrkWks - ok
16:15:11.0875 1748 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:15:11.0875 1748 Udfs - ok
16:15:11.0875 1748 ultra - ok
16:15:11.0921 1748 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:15:11.0937 1748 Update - ok
16:15:11.0968 1748 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
16:15:11.0984 1748 upnphost - ok
16:15:12.0000 1748 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
16:15:12.0031 1748 UPS - ok
16:15:12.0062 1748 [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:15:12.0062 1748 usbccgp - ok
16:15:12.0078 1748 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:15:12.0078 1748 usbehci - ok
16:15:12.0125 1748 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:15:12.0140 1748 usbhub - ok
16:15:12.0156 1748 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:15:12.0156 1748 usbohci - ok
16:15:12.0203 1748 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:15:12.0203 1748 usbprint - ok
16:15:12.0265 1748 [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:15:12.0265 1748 usbscan - ok
16:15:12.0296 1748 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:15:12.0296 1748 USBSTOR - ok
16:15:12.0343 1748 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:15:12.0343 1748 VgaSave - ok
16:15:12.0359 1748 ViaIde - ok
16:15:12.0390 1748 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:15:12.0390 1748 VolSnap - ok
16:15:12.0453 1748 [ 5C826F02FF76F07B332C764BB9644F27 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys
16:15:12.0484 1748 Vsdatant - ok
16:15:12.0515 1748 vsmon - ok
16:15:12.0562 1748 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
16:15:12.0593 1748 VSS - ok
16:15:12.0625 1748 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
16:15:12.0640 1748 W32Time - ok
16:15:12.0687 1748 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:15:12.0687 1748 Wanarp - ok
16:15:12.0750 1748 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
16:15:12.0750 1748 Wdf01000 - ok
16:15:12.0765 1748 WDICA - ok
16:15:12.0781 1748 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:15:12.0796 1748 wdmaud - ok
16:15:12.0828 1748 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:15:12.0843 1748 WebClient - ok
16:15:12.0921 1748 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:15:12.0937 1748 winmgmt - ok
16:15:13.0015 1748 [ 4D34CEDD74BDBF2B6A935EAE3BF80543 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
16:15:13.0062 1748 WinRM - ok
16:15:13.0109 1748 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
16:15:13.0109 1748 WinUSB - ok
16:15:13.0140 1748 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:15:13.0156 1748 WmdmPmSN - ok
16:15:13.0187 1748 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:15:13.0187 1748 WmiAcpi - ok
16:15:13.0218 1748 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:15:13.0250 1748 WmiApSrv - ok
16:15:13.0328 1748 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:15:13.0359 1748 WMPNetworkSvc - ok
16:15:13.0390 1748 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:15:13.0390 1748 WpdUsb - ok
16:15:13.0468 1748 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:15:13.0484 1748 wscsvc - ok
16:15:13.0515 1748 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:15:13.0531 1748 WSTCODEC - ok
16:15:13.0546 1748 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:15:13.0578 1748 wuauserv - ok
16:15:13.0609 1748 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:15:13.0609 1748 WudfPf - ok
16:15:13.0625 1748 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:15:13.0640 1748 WudfRd - ok
16:15:13.0671 1748 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:15:13.0703 1748 WudfSvc - ok
16:15:13.0750 1748 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:15:13.0765 1748 WZCSVC - ok
16:15:13.0812 1748 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:15:13.0828 1748 xmlprov - ok
16:15:13.0859 1748 ================ Scan global ===============================
16:15:13.0890 1748 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
16:15:13.0937 1748 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
16:15:13.0968 1748 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
16:15:14.0000 1748 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
16:15:14.0000 1748 [Global] - ok
16:15:14.0000 1748 ================ Scan MBR ==================================
16:15:14.0015 1748 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
16:15:14.0218 1748 \Device\Harddisk0\DR0 - ok
16:15:14.0218 1748 ================ Scan VBR ==================================
16:15:14.0234 1748 [ FA4709FAA2ED00863605C65AE7B6DDAA ] \Device\Harddisk0\DR0\Partition1
16:15:14.0234 1748 \Device\Harddisk0\DR0\Partition1 - ok
16:15:14.0234 1748 [ 696A440923B7483789880CADD5E4DC08 ] \Device\Harddisk0\DR0\Partition2
16:15:14.0234 1748 \Device\Harddisk0\DR0\Partition2 - ok
16:15:14.0234 1748 ============================================================
16:15:14.0234 1748 Scan finished
16:15:14.0234 1748 ============================================================
16:15:14.0250 3092 Detected object count: 0
16:15:14.0250 3092 Actual detected object count: 0

Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu .

Příspěvekod memphisto » 18 říj 2013 18:31

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji

Uživatelský avatar
plexik
Level 2
Level 2
Příspěvky: 223
Registrován: listopad 08
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu .

Příspěvekod plexik » 19 říj 2013 18:33

ComboFix 13-10-19.02 - User 19.10.2013 17:06:21.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1428 [GMT 1:00]
Spuštěný z: c:\documents and settings\User.DOMA-31B8F09BE9\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-19 do 2013-10-19 )))))))))))))))))))))))))))))))
.
.
2013-10-18 20:26 . 2013-10-18 20:26 -------- d-----w- C:\FFOutput
2013-10-18 19:53 . 1998-10-29 13:45 306688 ----a-w- c:\windows\IsUninst.exe
2013-10-18 19:53 . 2013-10-18 19:53 -------- d-----w- c:\documents and settings\USER~1~DO~
2013-10-17 17:38 . 2013-10-17 17:38 -------- d-----w- c:\windows\ERUNT
2013-10-09 11:10 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-10-09 11:10 . 2013-07-17 00:58 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2013-10-09 11:10 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-09 11:09 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-10-09 11:09 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-10-09 11:09 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2013-10-01 11:08 . 2013-10-01 11:09 -------- d-----w- c:\documents and settings\User.DOMA-31B8F09BE9\Local Settings\Data aplikací\Deployment
2013-09-20 15:37 . 2013-09-20 15:37 -------- d-----w- c:\documents and settings\All Users\Oblíbené položky
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 14:05 . 2012-04-18 03:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 14:05 . 2011-05-16 10:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:25 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:25 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:25 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:25 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-30 07:48 . 2013-04-12 21:30 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-04-12 21:30 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-03-22 16:17 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-04-12 21:30 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2013-04-12 21:30 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-03-22 16:17 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-04-12 21:30 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-03-22 16:17 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-04-12 21:30 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-04-12 21:30 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-29 07:01 . 2006-03-02 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2006-03-02 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2006-03-02 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2011-01-19 17:56 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2006-03-02 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2006-03-02 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 00:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2006-03-02 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2010-10-14 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-02 73984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"nwiz"="nwiz.exe" [2009-01-30 1657376]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2006-06-02 10:58 176128 ----a-r- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2013-03-11 11:32 6873600 ----a-w- c:\program files\Free Download Manager\fdm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
2010-10-14 08:11 487424 ----a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
2006-08-23 14:22 110592 ----a-r- c:\windows\ATK0100\HControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 11:18 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-01-30 09:12 1657376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-08-14 06:00 16050176 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 09:31 630784 ----a-r- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2]
2005-10-17 16:09 987136 ----a-w- c:\program files\Wireless Console 2\wcourier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [22.3.2013 17:17 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [22.3.2013 17:17 177864]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12.4.2013 22:30 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.4.2013 22:30 369584]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [1.1.2013 13:59 11352]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [17.2.2013 16:56 574272]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.4.2013 22:30 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [22.3.2013 17:17 66336]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [30.4.2012 20:05 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [30.4.2012 20:05 497320]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [21.6.2013 9:53 162408]
S3 f7b5B;f7b5B;c:\windows\system32\f7b5B.sys [22.1.2012 2:02 54624]
S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\drivers\PA707UCM.SYS [16.9.2005 14:34 150272]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [19.1.2011 21:11 47360]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys --> c:\windows\system32\DRIVERS\ssudmdm.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 14:05]
.
2013-10-19 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2013-02-17 16:44]
.
2013-10-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-12 07:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše FDM - file://c:\program files\Free Download Manager\dlall.htm
IE: ????3?? - c:\documents and settings\User.DOMA-31B8F09BE9\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\User.DOMA-31B8F09BE9\Data aplikací\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-ISW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-19 17:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-57989841-839522115-682003330-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}Ź]
@="c:\\Documents and Settings\\User.DOMA-31B8F09BE9\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-57989841-839522115-682003330-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\User.DOMA-31B8F09BE9\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(876)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(8172)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2013-10-19 17:17:26
ComboFix-quarantined-files.txt 2013-10-19 16:17
.
Před spuštěním: Volných bajtů: 29 358 129 152
Po spuštění: Volných bajtů: 29 411 770 368
.
- - End Of File - - 820D0A3E12C0A9737BFC77AA692B01D9
413FC2A0C716421B3158746D63736515

Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu .

Příspěvekod Žbeky » 19 říj 2013 19:08

Od Zonealarmu si nech jen firewall

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\drivers\kl2.sys
c:\windows\system32\DRIVERS\ssudmdm.sys

Folder::
c:\program files\Skype\Updater

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000

Driver::
kl2
SkypeUpdate
ssudmdm

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Toto otestuj na Virustotal
c:\windows\IsUninst.exe
c:\windows\system32\f7b5B.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

Uživatelský avatar
plexik
Level 2
Level 2
Příspěvky: 223
Registrován: listopad 08
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu .

Příspěvekod plexik » 19 říj 2013 20:24

ComboFix 13-10-19.02 - User 19.10.2013 19:02:03.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1338 [GMT 1:00]
Spuštěný z: c:\documents and settings\User.DOMA-31B8F09BE9\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\User.DOMA-31B8F09BE9\Plocha\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\windows\system32\drivers\kl2.sys"
"c:\windows\system32\DRIVERS\ssudmdm.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KL2
-------\Legacy_SKYPEUPDATE
-------\Service_kl2
-------\Service_SkypeUpdate
-------\Service_ssudmdm
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-19 do 2013-10-19 )))))))))))))))))))))))))))))))
.
.
2013-10-18 20:26 . 2013-10-18 20:26 -------- d-----w- C:\FFOutput
2013-10-18 19:53 . 1998-10-29 13:45 306688 ----a-w- c:\windows\IsUninst.exe
2013-10-18 19:53 . 2013-10-18 19:53 -------- d-----w- c:\documents and settings\USER~1~DO~
2013-10-17 17:38 . 2013-10-17 17:38 -------- d-----w- c:\windows\ERUNT
2013-10-09 11:10 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-10-09 11:10 . 2013-07-17 00:58 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2013-10-09 11:10 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-09 11:09 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-10-09 11:09 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-10-09 11:09 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2013-10-01 11:08 . 2013-10-01 11:09 -------- d-----w- c:\documents and settings\User.DOMA-31B8F09BE9\Local Settings\Data aplikací\Deployment
2013-09-20 15:37 . 2013-09-20 15:37 -------- d-----w- c:\documents and settings\All Users\Oblíbené položky
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 14:05 . 2012-04-18 03:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 14:05 . 2011-05-16 10:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:25 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:25 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:25 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:25 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-30 07:48 . 2013-04-12 21:30 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-04-12 21:30 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-03-22 16:17 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-04-12 21:30 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2013-04-12 21:30 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-03-22 16:17 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-04-12 21:30 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-03-22 16:17 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-04-12 21:30 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-04-12 21:30 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-29 07:01 . 2006-03-02 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2006-03-02 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2006-03-02 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2011-01-19 17:56 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2006-03-02 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2006-03-02 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 00:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2006-03-02 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2010-10-14 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-02 73984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"nwiz"="nwiz.exe" [2009-01-30 1657376]
"ISW"="" [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2006-06-02 10:58 176128 ----a-r- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2013-03-11 11:32 6873600 ----a-w- c:\program files\Free Download Manager\fdm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
2010-10-14 08:11 487424 ----a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
2006-08-23 14:22 110592 ----a-r- c:\windows\ATK0100\HControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 11:18 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-01-30 09:12 1657376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-08-14 06:00 16050176 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 09:31 630784 ----a-r- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2]
2005-10-17 16:09 987136 ----a-w- c:\program files\Wireless Console 2\wcourier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [22.3.2013 17:17 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [22.3.2013 17:17 177864]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12.4.2013 22:30 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.4.2013 22:30 369584]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [17.2.2013 16:56 574272]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.4.2013 22:30 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [22.3.2013 17:17 66336]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [30.4.2012 20:05 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [30.4.2012 20:05 497320]
S3 f7b5B;f7b5B;c:\windows\system32\f7b5B.sys [22.1.2012 2:02 54624]
S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\drivers\PA707UCM.SYS [16.9.2005 14:34 150272]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [19.1.2011 21:11 47360]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 14:05]
.
2013-10-19 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2013-02-17 16:44]
.
2013-10-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-12 07:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše FDM - file://c:\program files\Free Download Manager\dlall.htm
IE: ????3?? - c:\documents and settings\User.DOMA-31B8F09BE9\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\User.DOMA-31B8F09BE9\Data aplikací\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-19 19:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-57989841-839522115-682003330-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}Ź]
@="c:\\Documents and Settings\\User.DOMA-31B8F09BE9\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-57989841-839522115-682003330-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\User.DOMA-31B8F09BE9\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(884)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(992)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-10-19 19:16:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-10-19 18:16
ComboFix2.txt 2013-10-19 16:17
.
Před spuštěním: Volných bajtů: 29 397 831 680
Po spuštění: Volných bajtů: 29 052 596 224
.
- - End Of File - - 34EC6E9E27696C2A82825F6C8F60A720
413FC2A0C716421B3158746D63736515

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu .

Příspěvekod jaro3 » 20 říj 2013 09:43

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
Klikni na „ Vymazat-Clean
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

vlož nový log z HJT+info o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 87 hostů