rootkit, který upravuje I/O diskové operace pro jaro3

jendislav · Příspěvekod **jendislav** » 19 bře 2012 21:26

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:25:05, on 19.3.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Seznam.cz\postak.exe
C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\SysWOW64\CTHELPER.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\PCTV Systems\TVCenter\TVCenter.exe
C:\Program Files (x86)\Common Files\PCTV Systems\PVR\VideoControl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Jenda\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:splashtopconnect
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files (x86)\Seznam.cz\core.3.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files (x86)\Seznam.cz\postak.exe" -s
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-101 - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-103 - {9E508DD9-844C-4985-AC11-AFE5DD71E0BF} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: (no name) - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-102 - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-104 - {EB89B163-2474-4734-9E93-68B61BC5BED5} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9667 bytes

Reklama

Příspěvekod **Žbeky** » 19 bře 2012 21:46

Odinstaluj splashtop

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:splashtopconnect
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files (x86)\Seznam.cz\core.3.dll
O9 - Extra button: (no name) - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-101 - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-103 - {9E508DD9-844C-4985-AC11-AFE5DD71E0BF} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: (no name) - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-102 - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-104 - {EB89B163-2474-4734-9E93-68B61BC5BED5} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

Stáhni si aswMBR na svojí plochu.
Poklepej na aswMBR.exe. Klikni na Scan.
Po skenu klikni na aswASW.log a ulož si ho na plochu, vlož sem celý obsah toho logu.

jendislav · Příspěvekod **jendislav** » 19 bře 2012 22:01

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.03.19.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jenda :: JENDA-PC [administrátor]

19.3.2012 21:57:36
mbam-log-2012-03-19 (21-57-36).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 228564
Uplynulý čas: 1 minut,

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

ASWMBR
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-19 22:00:14
-----------------------------
22:00:14.767 OS Version: Windows x64 6.1.7601 Service Pack 1
22:00:14.767 Number of processors: 4 586 0x2A07
22:00:14.767 ComputerName: JENDA-PC UserName: Jenda
22:00:15.193 Initialize success
22:00:25.147 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:00:25.149 Disk 0 Vendor: ADATA_SS 320A Size: 114473MB BusType: 3
22:00:25.152 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
22:00:25.154 Disk 1 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
22:00:25.157 Disk 0 MBR read successfully
22:00:25.160 Disk 0 MBR scan
22:00:25.162 Disk 0 Windows 7 default MBR code
22:00:25.166 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:00:25.169 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
22:00:25.174 Disk 0 scanning C:\Windows\system32\drivers
22:00:25.921 Service scanning
22:00:27.402 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
22:00:28.472 Modules scanning
22:00:28.481 Disk 0 trace - called modules:
22:00:28.488 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sphw.sys hal.dll
22:00:28.494 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007016060]
22:00:28.499 3 CLASSPNP.SYS[fffff88001dc143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006dbe050]
22:00:28.505 Scan finished successfully
22:00:56.797 Disk 0 MBR has been saved successfully to "C:\Users\Jenda\Desktop\MBR.dat"
22:00:56.799 The log file has been saved successfully to "C:\Users\Jenda\Desktop\aswMBR.txt"

Příspěvekod **Žbeky** » 19 bře 2012 22:06

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Příspěvekod **jaro3** » 19 bře 2012 22:18

//nejprve TDSSKiller , potom Combofix.

jendislav · Příspěvekod **jendislav** » 19 bře 2012 22:33

Udelal jsem nejdrive Combofix a pak TDSSKiller - cetl jsem to pozde :-/

22:28:56.0328 3788 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
22:28:56.0531 3788 ============================================================
22:28:56.0531 3788 Current date / time: 2012/03/19 22:28:56.0531
22:28:56.0531 3788 SystemInfo:
22:28:56.0531 3788
22:28:56.0531 3788 OS Version: 6.1.7601 ServicePack: 1.0
22:28:56.0531 3788 Product type: Workstation
22:28:56.0531 3788 ComputerName: JENDA-PC
22:28:56.0531 3788 UserName: Jenda
22:28:56.0531 3788 Windows directory: C:\Windows
22:28:56.0531 3788 System windows directory: C:\Windows
22:28:56.0531 3788 Running under WOW64
22:28:56.0531 3788 Processor architecture: Intel x64
22:28:56.0531 3788 Number of processors: 4
22:28:56.0531 3788 Page size: 0x1000
22:28:56.0531 3788 Boot type: Normal boot
22:28:56.0531 3788 ============================================================
22:28:56.0858 3788 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0xD72C, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
22:28:56.0874 3788 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:28:56.0890 3788 \Device\Harddisk0\DR0:
22:28:56.0890 3788 MBR used
22:28:56.0890 3788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:28:56.0890 3788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
22:28:56.0890 3788 \Device\Harddisk1\DR1:
22:28:56.0890 3788 MBR used
22:28:56.0890 3788 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x639D9A7
22:28:56.0890 3788 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x639DA25, BlocksNum 0x511A3A1B
22:28:56.0952 3788 Initialize success
22:28:56.0952 3788 ============================================================
22:29:02.0942 3784 ============================================================
22:29:02.0942 3784 Scan started
22:29:02.0942 3784 Mode: Manual;
22:29:02.0942 3784 ============================================================
22:29:03.0067 3784 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
22:29:03.0083 3784 1394ohci - ok
22:29:03.0098 3784 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:29:03.0098 3784 ACPI - ok
22:29:03.0114 3784 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:29:03.0114 3784 AcpiPmi - ok
22:29:03.0130 3784 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
22:29:03.0130 3784 adp94xx - ok
22:29:03.0145 3784 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
22:29:03.0161 3784 adpahci - ok
22:29:03.0161 3784 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
22:29:03.0176 3784 adpu320 - ok
22:29:03.0192 3784 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:29:03.0192 3784 AFD - ok
22:29:03.0208 3784 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:29:03.0208 3784 agp440 - ok
22:29:03.0223 3784 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:29:03.0223 3784 aliide - ok
22:29:03.0223 3784 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:29:03.0223 3784 amdide - ok
22:29:03.0239 3784 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
22:29:03.0239 3784 AmdK8 - ok
22:29:03.0254 3784 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
22:29:03.0254 3784 AmdPPM - ok
22:29:03.0270 3784 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:29:03.0270 3784 amdsata - ok
22:29:03.0286 3784 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
22:29:03.0286 3784 amdsbs - ok
22:29:03.0301 3784 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:29:03.0301 3784 amdxata - ok
22:29:03.0301 3784 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:29:03.0317 3784 AppID - ok
22:29:03.0332 3784 AppleCharger (6be11ad81d4527d299f0cb5f3731aabc) C:\Windows\system32\DRIVERS\AppleCharger.sys
22:29:03.0332 3784 AppleCharger - ok
22:29:03.0348 3784 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
22:29:03.0348 3784 arc - ok
22:29:03.0348 3784 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
22:29:03.0348 3784 arcsas - ok
22:29:03.0364 3784 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:29:03.0364 3784 AsyncMac - ok
22:29:03.0379 3784 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:29:03.0379 3784 atapi - ok
22:29:03.0395 3784 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
22:29:03.0395 3784 AVGIDSDriver - ok
22:29:03.0395 3784 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:29:03.0395 3784 AVGIDSEH - ok
22:29:03.0410 3784 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
22:29:03.0410 3784 AVGIDSFilter - ok
22:29:03.0426 3784 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
22:29:03.0426 3784 Avgldx64 - ok
22:29:03.0442 3784 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
22:29:03.0442 3784 Avgmfx64 - ok
22:29:03.0457 3784 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
22:29:03.0457 3784 Avgrkx64 - ok
22:29:03.0457 3784 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
22:29:03.0473 3784 Avgtdia - ok
22:29:03.0488 3784 azvusb (9f4320ba8e7ce2342517b182a2f2c0e6) C:\Windows\system32\DRIVERS\azvusb.sys
22:29:03.0488 3784 azvusb - ok
22:29:03.0504 3784 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
22:29:03.0504 3784 b06bdrv - ok
22:29:03.0520 3784 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:29:03.0520 3784 b57nd60a - ok
22:29:03.0535 3784 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:29:03.0535 3784 Beep - ok
22:29:03.0551 3784 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:29:03.0551 3784 blbdrive - ok
22:29:03.0551 3784 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:29:03.0551 3784 bowser - ok
22:29:03.0566 3784 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
22:29:03.0566 3784 BrFiltLo - ok
22:29:03.0566 3784 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
22:29:03.0566 3784 BrFiltUp - ok
22:29:03.0582 3784 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:29:03.0582 3784 BridgeMP - ok
22:29:03.0598 3784 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:29:03.0598 3784 Brserid - ok
22:29:03.0613 3784 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:29:03.0613 3784 BrSerWdm - ok
22:29:03.0629 3784 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:29:03.0629 3784 BrUsbMdm - ok
22:29:03.0629 3784 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:29:03.0629 3784 BrUsbSer - ok
22:29:03.0644 3784 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
22:29:03.0644 3784 BTHMODEM - ok
22:29:03.0644 3784 catchme - ok
22:29:03.0660 3784 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:29:03.0660 3784 cdfs - ok
22:29:03.0676 3784 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:29:03.0676 3784 cdrom - ok
22:29:03.0691 3784 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
22:29:03.0691 3784 circlass - ok
22:29:03.0707 3784 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:29:03.0707 3784 CLFS - ok
22:29:03.0722 3784 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
22:29:03.0722 3784 CmBatt - ok
22:29:03.0738 3784 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:29:03.0738 3784 cmdide - ok
22:29:03.0738 3784 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:29:03.0754 3784 CNG - ok
22:29:03.0754 3784 COMMONFX.DLL - ok
22:29:03.0769 3784 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
22:29:03.0769 3784 Compbatt - ok
22:29:03.0785 3784 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:29:03.0785 3784 CompositeBus - ok
22:29:03.0785 3784 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
22:29:03.0785 3784 crcdisk - ok
22:29:03.0800 3784 ctac32k - ok
22:29:03.0816 3784 CTAUDFX.DLL - ok
22:29:03.0816 3784 CTEAPSFX.DLL - ok
22:29:03.0832 3784 CTEDSPFX.DLL - ok
22:29:03.0832 3784 CTEDSPIO.DLL - ok
22:29:03.0847 3784 CTEDSPSY.DLL - ok
22:29:03.0847 3784 ctprxy2k - ok
22:29:03.0863 3784 CTSBLFX.DLL - ok
22:29:03.0878 3784 ctsfm2k - ok
22:29:03.0894 3784 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:29:03.0894 3784 DfsC - ok
22:29:03.0910 3784 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:29:03.0910 3784 discache - ok
22:29:03.0925 3784 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
22:29:03.0925 3784 Disk - ok
22:29:03.0941 3784 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:29:03.0941 3784 drmkaud - ok
22:29:03.0956 3784 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:29:03.0972 3784 DXGKrnl - ok
22:29:04.0034 3784 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:29:04.0066 3784 ebdrv - ok
22:29:04.0081 3784 EC168x64 (d75803b6557d7ba25d914b3b1b3dd609) C:\Windows\system32\DRIVERS\EC168x64.sys
22:29:04.0081 3784 EC168x64 - ok
22:29:04.0112 3784 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:29:04.0112 3784 elxstor - ok
22:29:04.0128 3784 emupia - ok
22:29:04.0144 3784 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:29:04.0144 3784 ErrDev - ok
22:29:04.0159 3784 EtronHub3 (3663291d0d26001a2bb67678ab61d14c) C:\Windows\system32\Drivers\EtronHub3.sys
22:29:04.0159 3784 EtronHub3 - ok
22:29:04.0159 3784 EtronXHCI (744420d6c062c38f7361870f010d6d4b) C:\Windows\system32\Drivers\EtronXHCI.sys
22:29:04.0159 3784 EtronXHCI - ok
22:29:04.0190 3784 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:29:04.0190 3784 exfat - ok
22:29:04.0206 3784 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:29:04.0206 3784 fastfat - ok
22:29:04.0222 3784 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:29:04.0222 3784 fdc - ok
22:29:04.0222 3784 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:29:04.0222 3784 FileInfo - ok
22:29:04.0237 3784 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:29:04.0237 3784 Filetrace - ok
22:29:04.0253 3784 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:29:04.0253 3784 flpydisk - ok
22:29:04.0253 3784 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:29:04.0268 3784 FltMgr - ok
22:29:04.0284 3784 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:29:04.0284 3784 FsDepends - ok
22:29:04.0300 3784 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:29:04.0300 3784 Fs_Rec - ok
22:29:04.0300 3784 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:29:04.0300 3784 fvevol - ok
22:29:04.0315 3784 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:29:04.0315 3784 gagp30kx - ok
22:29:04.0331 3784 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
22:29:04.0331 3784 gdrv - ok
22:29:04.0331 3784 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
22:29:04.0331 3784 GVTDrv64 - ok
22:29:04.0346 3784 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:29:04.0346 3784 hcw85cir - ok
22:29:04.0346 3784 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:29:04.0362 3784 HdAudAddService - ok
22:29:04.0378 3784 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:29:04.0378 3784 HDAudBus - ok
22:29:04.0378 3784 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:29:04.0378 3784 HidBatt - ok
22:29:04.0393 3784 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
22:29:04.0393 3784 HidBth - ok
22:29:04.0409 3784 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:29:04.0409 3784 HidIr - ok
22:29:04.0409 3784 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:29:04.0424 3784 HidUsb - ok
22:29:04.0440 3784 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:29:04.0440 3784 HpSAMD - ok
22:29:04.0456 3784 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:29:04.0456 3784 HTTP - ok
22:29:04.0471 3784 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:29:04.0471 3784 hwpolicy - ok
22:29:04.0487 3784 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:29:04.0487 3784 i8042prt - ok
22:29:04.0502 3784 iaStor (8180a2392e732e8871589b54fab6991f) C:\Windows\system32\DRIVERS\iaStor.sys
22:29:04.0502 3784 iaStor - ok
22:29:04.0518 3784 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:29:04.0534 3784 iaStorV - ok
22:29:04.0549 3784 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:29:04.0549 3784 iirsp - ok
22:29:04.0580 3784 IntcAzAudAddService (a5f7cef8a939ebe270462edefd629f20) C:\Windows\system32\drivers\RTKVHD64.sys
22:29:04.0596 3784 IntcAzAudAddService - ok
22:29:04.0612 3784 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:29:04.0612 3784 intelide - ok
22:29:04.0627 3784 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:29:04.0627 3784 intelppm - ok
22:29:04.0643 3784 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:29:04.0643 3784 IpFilterDriver - ok
22:29:04.0658 3784 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:29:04.0658 3784 IPMIDRV - ok
22:29:04.0674 3784 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:29:04.0674 3784 IPNAT - ok
22:29:04.0690 3784 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:29:04.0690 3784 IRENUM - ok
22:29:04.0690 3784 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:29:04.0690 3784 isapnp - ok
22:29:04.0705 3784 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:29:04.0705 3784 iScsiPrt - ok
22:29:04.0721 3784 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:29:04.0721 3784 kbdclass - ok
22:29:04.0736 3784 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:29:04.0736 3784 kbdhid - ok
22:29:04.0752 3784 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:29:04.0752 3784 KSecDD - ok
22:29:04.0768 3784 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:29:04.0768 3784 KSecPkg - ok
22:29:04.0783 3784 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:29:04.0783 3784 ksthunk - ok
22:29:04.0783 3784 kxwdmdrv - ok
22:29:04.0814 3784 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:29:04.0814 3784 lltdio - ok
22:29:04.0830 3784 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:29:04.0830 3784 LSI_FC - ok
22:29:04.0846 3784 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:29:04.0846 3784 LSI_SAS - ok
22:29:04.0861 3784 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:29:04.0861 3784 LSI_SAS2 - ok
22:29:04.0861 3784 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:29:04.0877 3784 LSI_SCSI - ok
22:29:04.0892 3784 Ltn_stk7070P_64 (639d24e769bdbec6145e4c1921669b73) C:\Windows\system32\DRIVERS\Ltn_stk7070P_64.sys
22:29:04.0892 3784 Ltn_stk7070P_64 - ok
22:29:04.0908 3784 Ltn_stkrc_64 (e028df5a96827a87898d4d7eb768e3ab) C:\Windows\system32\DRIVERS\Ltn_stkrc_64.sys
22:29:04.0908 3784 Ltn_stkrc_64 - ok
22:29:04.0908 3784 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:29:04.0908 3784 luafv - ok
22:29:04.0924 3784 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:29:04.0924 3784 megasas - ok
22:29:04.0939 3784 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:29:04.0955 3784 MegaSR - ok
22:29:04.0955 3784 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
22:29:04.0955 3784 MEIx64 - ok
22:29:04.0970 3784 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:29:04.0970 3784 Modem - ok
22:29:04.0986 3784 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:29:04.0986 3784 monitor - ok
22:29:05.0002 3784 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:29:05.0002 3784 mouclass - ok
22:29:05.0002 3784 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:29:05.0002 3784 mouhid - ok
22:29:05.0017 3784 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:29:05.0017 3784 mountmgr - ok
22:29:05.0033 3784 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:29:05.0033 3784 mpio - ok
22:29:05.0048 3784 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:29:05.0048 3784 mpsdrv - ok
22:29:05.0064 3784 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:29:05.0064 3784 MRxDAV - ok
22:29:05.0080 3784 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:29:05.0080 3784 mrxsmb - ok
22:29:05.0095 3784 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:29:05.0095 3784 mrxsmb10 - ok
22:29:05.0111 3784 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:29:05.0111 3784 mrxsmb20 - ok
22:29:05.0126 3784 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
22:29:05.0126 3784 msahci - ok
22:29:05.0142 3784 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:29:05.0142 3784 msdsm - ok
22:29:05.0142 3784 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:29:05.0158 3784 Msfs - ok
22:29:05.0158 3784 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:29:05.0158 3784 mshidkmdf - ok
22:29:05.0173 3784 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:29:05.0173 3784 msisadrv - ok
22:29:05.0173 3784 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:29:05.0173 3784 MSKSSRV - ok
22:29:05.0189 3784 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:29:05.0189 3784 MSPCLOCK - ok
22:29:05.0204 3784 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:29:05.0204 3784 MSPQM - ok
22:29:05.0220 3784 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:29:05.0220 3784 MsRPC - ok
22:29:05.0236 3784 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:29:05.0236 3784 mssmbios - ok
22:29:05.0236 3784 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:29:05.0236 3784 MSTEE - ok
22:29:05.0251 3784 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:29:05.0251 3784 MTConfig - ok
22:29:05.0267 3784 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:29:05.0267 3784 Mup - ok
22:29:05.0282 3784 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:29:05.0282 3784 NativeWifiP - ok
22:29:05.0298 3784 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:29:05.0298 3784 NDIS - ok
22:29:05.0314 3784 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:29:05.0314 3784 NdisCap - ok
22:29:05.0329 3784 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:29:05.0329 3784 NdisTapi - ok
22:29:05.0345 3784 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:29:05.0345 3784 Ndisuio - ok
22:29:05.0345 3784 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:29:05.0345 3784 NdisWan - ok
22:29:05.0360 3784 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:29:05.0360 3784 NDProxy - ok
22:29:05.0376 3784 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:29:05.0376 3784 NetBIOS - ok
22:29:05.0376 3784 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:29:05.0392 3784 NetBT - ok
22:29:05.0407 3784 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:29:05.0407 3784 nfrd960 - ok
22:29:05.0407 3784 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:29:05.0423 3784 Npfs - ok
22:29:05.0423 3784 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:29:05.0423 3784 nsiproxy - ok
22:29:05.0454 3784 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:29:05.0470 3784 Ntfs - ok
22:29:05.0470 3784 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:29:05.0470 3784 Null - ok
22:29:05.0485 3784 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
22:29:05.0485 3784 NVHDA - ok
22:29:05.0610 3784 nvlddmkm (cbf698abe989d60ec0d0b6b81ad82930) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:29:05.0657 3784 nvlddmkm - ok
22:29:05.0672 3784 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:29:05.0672 3784 nvraid - ok
22:29:05.0688 3784 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:29:05.0688 3784 nvstor - ok
22:29:05.0704 3784 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:29:05.0704 3784 nv_agp - ok
22:29:05.0704 3784 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:29:05.0704 3784 ohci1394 - ok
22:29:05.0719 3784 ossrv - ok
22:29:05.0735 3784 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:29:05.0735 3784 Parport - ok
22:29:05.0750 3784 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:29:05.0750 3784 partmgr - ok
22:29:05.0766 3784 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:29:05.0766 3784 pci - ok
22:29:05.0782 3784 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:29:05.0782 3784 pciide - ok
22:29:05.0797 3784 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:29:05.0797 3784 pcmcia - ok
22:29:05.0813 3784 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:29:05.0813 3784 pcw - ok
22:29:05.0828 3784 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:29:05.0828 3784 PEAUTH - ok
22:29:05.0860 3784 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:29:05.0860 3784 PptpMiniport - ok
22:29:05.0875 3784 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:29:05.0875 3784 Processor - ok
22:29:05.0891 3784 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:29:05.0891 3784 Psched - ok
22:29:05.0922 3784 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:29:05.0938 3784 ql2300 - ok
22:29:05.0953 3784 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:29:05.0953 3784 ql40xx - ok
22:29:05.0969 3784 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:29:05.0969 3784 QWAVEdrv - ok
22:29:05.0969 3784 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:29:05.0969 3784 RasAcd - ok
22:29:05.0984 3784 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:29:05.0984 3784 RasAgileVpn - ok
22:29:06.0000 3784 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:29:06.0000 3784 Rasl2tp - ok
22:29:06.0016 3784 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:29:06.0016 3784 RasPppoe - ok
22:29:06.0031 3784 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:29:06.0031 3784 RasSstp - ok
22:29:06.0047 3784 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:29:06.0047 3784 rdbss - ok
22:29:06.0062 3784 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
22:29:06.0062 3784 rdpbus - ok
22:29:06.0078 3784 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:29:06.0078 3784 RDPCDD - ok
22:29:06.0094 3784 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:29:06.0094 3784 RDPENCDD - ok
22:29:06.0094 3784 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:29:06.0109 3784 RDPREFMP - ok
22:29:06.0109 3784 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:29:06.0109 3784 RDPWD - ok
22:29:06.0125 3784 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:29:06.0125 3784 rdyboost - ok
22:29:06.0140 3784 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
22:29:06.0140 3784 Revoflt - ok
22:29:06.0156 3784 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:29:06.0156 3784 rspndr - ok
22:29:06.0187 3784 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:29:06.0187 3784 RTL8167 - ok
22:29:06.0203 3784 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:29:06.0203 3784 sbp2port - ok
22:29:06.0203 3784 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:29:06.0218 3784 scfilter - ok
22:29:06.0218 3784 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:29:06.0218 3784 secdrv - ok
22:29:06.0234 3784 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:29:06.0250 3784 Serenum - ok
22:29:06.0250 3784 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:29:06.0250 3784 Serial - ok
22:29:06.0265 3784 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:29:06.0265 3784 sermouse - ok
22:29:06.0281 3784 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:29:06.0281 3784 sffdisk - ok
22:29:06.0296 3784 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:29:06.0296 3784 sffp_mmc - ok
22:29:06.0312 3784 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:29:06.0312 3784 sffp_sd - ok
22:29:06.0312 3784 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:29:06.0312 3784 sfloppy - ok
22:29:06.0328 3784 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:29:06.0328 3784 SiSRaid2 - ok
22:29:06.0343 3784 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:29:06.0343 3784 SiSRaid4 - ok
22:29:06.0343 3784 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:29:06.0343 3784 Smb - ok
22:29:06.0359 3784 speedfan - ok
22:29:06.0359 3784 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:29:06.0374 3784 spldr - ok
22:29:06.0390 3784 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
22:29:06.0390 3784 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
22:29:06.0390 3784 sptd ( LockedFile.Multi.Generic ) - warning
22:29:06.0390 3784 sptd - detected LockedFile.Multi.Generic (1)
22:29:06.0406 3784 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:29:06.0406 3784 srv - ok
22:29:06.0437 3784 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:29:06.0437 3784 srv2 - ok
22:29:06.0452 3784 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:29:06.0452 3784 srvnet - ok
22:29:06.0468 3784 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:29:06.0468 3784 stexstor - ok
22:29:06.0484 3784 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:29:06.0484 3784 swenum - ok
22:29:06.0530 3784 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:29:06.0530 3784 Tcpip - ok
22:29:06.0562 3784 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:29:06.0577 3784 TCPIP6 - ok
22:29:06.0593 3784 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:29:06.0593 3784 tcpipreg - ok
22:29:06.0593 3784 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:29:06.0593 3784 TDPIPE - ok
22:29:06.0608 3784 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:29:06.0608 3784 TDTCP - ok
22:29:06.0624 3784 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:29:06.0624 3784 tdx - ok
22:29:06.0640 3784 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
22:29:06.0640 3784 TermDD - ok
22:29:06.0655 3784 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:29:06.0655 3784 tssecsrv - ok
22:29:06.0671 3784 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:29:06.0671 3784 TsUsbFlt - ok
22:29:06.0671 3784 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:29:06.0671 3784 TsUsbGD - ok
22:29:06.0686 3784 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:29:06.0686 3784 tunnel - ok
22:29:06.0702 3784 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:29:06.0702 3784 uagp35 - ok
22:29:06.0718 3784 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:29:06.0718 3784 udfs - ok
22:29:06.0733 3784 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:29:06.0733 3784 uliagpkx - ok
22:29:06.0749 3784 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:29:06.0749 3784 umbus - ok
22:29:06.0764 3784 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:29:06.0764 3784 UmPass - ok
22:29:06.0780 3784 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:29:06.0780 3784 usbccgp - ok
22:29:06.0780 3784 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:29:06.0796 3784 usbcir - ok
22:29:06.0796 3784 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:29:06.0796 3784 usbehci - ok
22:29:06.0811 3784 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:29:06.0811 3784 usbhub - ok
22:29:06.0827 3784 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:29:06.0827 3784 usbohci - ok
22:29:06.0842 3784 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
22:29:06.0842 3784 usbprint - ok
22:29:06.0858 3784 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:29:06.0858 3784 USBSTOR - ok
22:29:06.0874 3784 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:29:06.0874 3784 usbuhci - ok
22:29:06.0889 3784 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:29:06.0889 3784 vdrvroot - ok
22:29:06.0905 3784 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:29:06.0905 3784 vga - ok
22:29:06.0920 3784 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:29:06.0920 3784 VgaSave - ok
22:29:06.0936 3784 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:29:06.0936 3784 vhdmp - ok
22:29:06.0952 3784 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:29:06.0952 3784 viaide - ok
22:29:06.0967 3784 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:29:06.0967 3784 volmgr - ok
22:29:06.0983 3784 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:29:06.0983 3784 volmgrx - ok
22:29:06.0998 3784 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:29:06.0998 3784 volsnap - ok
22:29:07.0014 3784 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:29:07.0014 3784 vsmraid - ok
22:29:07.0030 3784 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:29:07.0030 3784 vwifibus - ok
22:29:07.0045 3784 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:29:07.0045 3784 WacomPen - ok
22:29:07.0061 3784 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:29:07.0061 3784 WANARP - ok
22:29:07.0061 3784 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:29:07.0061 3784 Wanarpv6 - ok
22:29:07.0076 3784 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:29:07.0076 3784 Wd - ok
22:29:07.0092 3784 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:29:07.0108 3784 Wdf01000 - ok
22:29:07.0123 3784 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:29:07.0123 3784 WfpLwf - ok
22:29:07.0139 3784 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:29:07.0139 3784 WIMMount - ok
22:29:07.0154 3784 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:29:07.0154 3784 WmiAcpi - ok
22:29:07.0170 3784 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:29:07.0170 3784 ws2ifsl - ok
22:29:07.0201 3784 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:29:07.0201 3784 WudfPf - ok
22:29:07.0201 3784 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:29:07.0217 3784 WUDFRd - ok
22:29:07.0217 3784 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:29:07.0217 3784 \Device\Harddisk0\DR0 - ok
22:29:07.0232 3784 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk1\DR1
22:29:07.0420 3784 \Device\Harddisk1\DR1 - ok
22:29:07.0420 3784 Boot (0x1200) (d0b194830e833d67abc73e8d16b72ba6) \Device\Harddisk0\DR0\Partition0
22:29:07.0420 3784 \Device\Harddisk0\DR0\Partition0 - ok
22:29:07.0420 3784 Boot (0x1200) (c1bf98e62320251b661c6acb090f9fa7) \Device\Harddisk0\DR0\Partition1
22:29:07.0420 3784 \Device\Harddisk0\DR0\Partition1 - ok
22:29:07.0420 3784 Boot (0x1200) (3419bf3c789978d5f7408bd26232e0a1) \Device\Harddisk1\DR1\Partition0
22:29:07.0420 3784 \Device\Harddisk1\DR1\Partition0 - ok
22:29:07.0435 3784 Boot (0x1200) (1e9d0e3862dfe4007e017020785c048d) \Device\Harddisk1\DR1\Partition1
22:29:07.0435 3784 \Device\Harddisk1\DR1\Partition1 - ok
22:29:07.0435 3784 ============================================================
22:29:07.0435 3784 Scan finished
22:29:07.0435 3784 ============================================================
22:29:07.0451 3852 Detected object count: 1
22:29:07.0451 3852 Actual detected object count: 1
22:29:37.0793 3852 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:29:37.0793 3852 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:29:47.0044 3848 Deinitialize success

ComboFix 12-03-18.04 - Jenda 19.03.2012 22:19:03.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8175.6753 [GMT 1:00]
Spuštěný z: c:\users\Jenda\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-19 do 2012-03-19 )))))))))))))))))))))))))))))))
.
.
2012-03-19 20:57 . 2012-03-19 20:57 -------- d-----w- c:\users\Jenda\AppData\Roaming\Malwarebytes
2012-03-19 20:57 . 2012-03-19 20:57 -------- d-----w- c:\programdata\Malwarebytes
2012-03-19 20:56 . 2012-03-19 20:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-19 20:56 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 17:58 . 2012-03-19 17:58 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 17:58 . 2012-03-19 17:58 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 09:52 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 09:52 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 09:52 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 08:36 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 08:36 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 08:36 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 08:35 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 08:35 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 08:35 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 08:35 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 08:35 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 08:35 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 08:35 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-02-19 14:22 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-19 14:22 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-19 14:22 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-19 14:22 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-19 14:22 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-19 14:22 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-19 14:22 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-19 21:21 . 2011-10-21 18:24 25640 ----a-w- c:\windows\gdrv.sys
2012-03-14 17:57 . 2011-10-21 19:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19979400]
"Seznam Postak"="c:\program files (x86)\Seznam.cz\postak.exe" [2011-05-25 491040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"AsioReg"="CTASIO.DLL" [2002-07-19 106496]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 136176]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-08 2253120]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 EC168x64;TVGo DVB-T02PRO;c:\windows\system32\DRIVERS\EC168x64.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-11-26 30528]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 Ltn_stk7070P_64;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P_64.sys [x]
S3 Ltn_stkrc_64;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc_64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 21:51]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 21:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-23 2552320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\r388r5kc.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: network.proxy.type - 4
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1191011485-3467939791-947400598-1000\Software\SecuROM\License information*]
"datasecu"=hex:38,12,42,30,fd,f4,33,dd,fe,0c,45,8e,06,17,ec,16,fb,b3,02,3c,14,
01,76,41,4b,7a,72,92,0b,2c,d4,3c,36,09,ba,f0,3f,a9,23,01,02,35,91,44,13,4d,\
"rkeysecu"=hex:bb,f3,92,d2,e9,92,7a,04,d1,9b,5c,ac,35,98,25,4c
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
.
**************************************************************************
.
Celkový čas: 2012-03-19 22:22:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-19 21:22
.
Před spuštěním: Volných bajtů: 69 504 897 024
Po spuštění: Volných bajtů: 68 861 497 344
.
- - End Of File - - 6AB5A110A3793E7C4D1BC99615DF8D54

Příspěvekod **jaro3** » 19 bře 2012 22:47

Stáhni si MBRCheck.exe:
http://majorgeeks.com/MBRCheck_d7076.html
Spusť MBRCheck.exe
Po kratší době bude sken hotov a v okně se ukáže:
Done! Press Enter to Exit. Na Tvé ploše se ukáže text. zpráva , Zkopíruj jí celou a vlož sem.

Stáhni si GMER
Po stažení aplikaci rozbal a spusť, probehne rychlý sken a otevře se hlavní okno programu:
pokud klikneš na tlačítko Save vpravo dole, muzeš vyexportovat první log, ktery vloziš sem.
Abychom se dostali k "hlavnímu" skenu a získaní logu z něj, ponechame v pravem sloupci zafajfkovane vsechny polozky a klikneme na tlacitko Scan
Vyčkej konce skenu (což trvá tak kolem pěti- deseti minut), pote opět klikni na tlačitko Save a vyexportuj log čislo 2,i tento log vlož sem.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[-HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-
BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

jendislav · Příspěvekod **jendislav** » 19 bře 2012 22:58

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: Z68X-UD3-B3
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 162):
0x03400000 \SystemRoot\system32\ntoskrnl.exe
0x039E8000 \SystemRoot\system32\hal.dll
0x00BCC000 \SystemRoot\system32\kdcom.dll
0x00C64000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CB3000 \SystemRoot\system32\PSHED.dll
0x00CC7000 \SystemRoot\system32\CLFS.SYS
0x00D25000 \SystemRoot\system32\CI.dll
0x00E3E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EE2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x010CA000 \SystemRoot\System32\Drivers\speo.sys
0x011F0000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x0102F000 \SystemRoot\system32\drivers\ACPI.sys
0x01086000 \SystemRoot\system32\drivers\msisadrv.sys
0x01090000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00EF1000 \SystemRoot\system32\drivers\pci.sys
0x0109D000 \SystemRoot\System32\drivers\partmgr.sys
0x010B2000 \SystemRoot\system32\drivers\volmgr.sys
0x00F24000 \SystemRoot\System32\drivers\volmgrx.sys
0x011F9000 \SystemRoot\system32\drivers\pciide.sys
0x00F80000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00F90000 \SystemRoot\System32\drivers\mountmgr.sys
0x0120B000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x015AD000 \SystemRoot\system32\drivers\atapi.sys
0x015B6000 \SystemRoot\system32\drivers\ataport.SYS
0x015E0000 \SystemRoot\system32\DRIVERS\msahci.sys
0x015EB000 \SystemRoot\system32\drivers\amdxata.sys
0x00FAA000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E00000 \SystemRoot\system32\drivers\fileinfo.sys
0x01646000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00C00000 \SystemRoot\System32\Drivers\msrpc.sys
0x01600000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01891000 \SystemRoot\System32\Drivers\cng.sys
0x01903000 \SystemRoot\System32\drivers\pcw.sys
0x01914000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01A5C000 \SystemRoot\system32\drivers\ndis.sys
0x01B4F000 \SystemRoot\system32\drivers\NETIO.SYS
0x01BAF000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01C30000 \SystemRoot\System32\drivers\tcpip.sys
0x01E34000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01E7E000 \SystemRoot\system32\drivers\volsnap.sys
0x01ECA000 \SystemRoot\System32\Drivers\spldr.sys
0x01ED2000 \SystemRoot\SysWOW64\speedfan.sys
0x01EDC000 \SystemRoot\System32\drivers\rdyboost.sys
0x01F16000 \SystemRoot\System32\Drivers\mup.sys
0x01F28000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01F31000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01F6B000 \SystemRoot\system32\drivers\disk.sys
0x01F81000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01FB1000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x01FBD000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x04400000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x047E6000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x047F6000 \SystemRoot\System32\Drivers\Null.SYS
0x0442A000 \SystemRoot\System32\Drivers\Beep.SYS
0x01FD5000 \SystemRoot\System32\drivers\vga.sys
0x01C00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01FE3000 \SystemRoot\System32\drivers\watchdog.sys
0x01FF3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01C25000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01BDA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01BE3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01BEE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01A00000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01A22000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0191E000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x0197E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01800000 \SystemRoot\system32\drivers\afd.sys
0x01A2F000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x01A3A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x019C3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x01A43000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0161B000 \SystemRoot\system32\DRIVERS\serial.sys
0x00E14000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x019E9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04829000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0487A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04886000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04891000 \SystemRoot\System32\drivers\discache.sys
0x048A0000 \SystemRoot\System32\Drivers\dfsc.sys
0x048BE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x048CF000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x04918000 \SystemRoot\system32\DRIVERS\AppleCharger.sys
0x04920000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04946000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F606000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x1027D000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x10282000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x10376000 \SystemRoot\System32\drivers\dxgmms1.sys
0x103BC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x103E0000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x0495C000 \SystemRoot\system32\drivers\usbehci.sys
0x0496D000 \SystemRoot\system32\drivers\USBPORT.SYS
0x03263000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x032A1000 \SystemRoot\System32\Drivers\EtronXHCI.sys
0x032B1000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03318000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03324000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03342000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03351000 \SystemRoot\System32\Drivers\ayg6xlak.SYS
0x03394000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0339D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x033AD000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x033C3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x033E7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03200000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0322F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x049C3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x049E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0324A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03259000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0508F000 \SystemRoot\system32\DRIVERS\ks.sys
0x050D2000 \SystemRoot\system32\DRIVERS\azvusb.sys
0x050E4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x050E6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x050F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05152000 \SystemRoot\System32\Drivers\EtronHub3.sys
0x0515C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05171000 \SystemRoot\system32\drivers\nvhda64v.sys
0x0519E000 \SystemRoot\system32\drivers\portcls.sys
0x051DB000 \SystemRoot\system32\drivers\drmk.sys
0x05000000 \SystemRoot\system32\drivers\ksthunk.sys
0x062DC000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x065C8000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x065D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x065EF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06200000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0620D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04431000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x0621B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0622E000 \SystemRoot\system32\DRIVERS\Ltn_stk7070P_64.sys
0x062B7000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x00060000 \SystemRoot\System32\win32k.sys
0x062BB000 \SystemRoot\System32\drivers\Dxapi.sys
0x062C7000 \SystemRoot\system32\DRIVERS\Ltn_stkrc_64.sys
0x062CB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05006000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00530000 \SystemRoot\System32\TSDDD.dll
0x007C0000 \SystemRoot\System32\cdd.dll
0x05014000 \SystemRoot\system32\drivers\luafv.sys
0x05037000 \SystemRoot\system32\drivers\WudfPf.sys
0x05058000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0506D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x066D0000 \SystemRoot\system32\drivers\HTTP.sys
0x06799000 \SystemRoot\system32\DRIVERS\bowser.sys
0x067B7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x067CF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0664E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06E8D000 \SystemRoot\system32\drivers\peauth.sys
0x06F33000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06F3E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06F6F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06F81000 \SystemRoot\System32\DRIVERS\srv2.sys
0x070E5000 \SystemRoot\System32\DRIVERS\srv.sys
0x0717D000 \??\C:\Windows\gdrv.sys
0x07186000 \SystemRoot\system32\drivers\MSPQM.sys
0x07188000 \SystemRoot\system32\drivers\MSPCLOCK.sys
0x07000000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77380000 \Windows\System32\ntdll.dll
0x483B0000 \Windows\System32\smss.exe
0xFF6A0000 \Windows\System32\apisetschema.dll

Processes (total 66):
0 System Idle Process
4 System
344 C:\Windows\System32\smss.exe
484 C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
516 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
796 csrss.exe
852 C:\Windows\System32\wininit.exe
864 csrss.exe
908 C:\Windows\System32\services.exe
928 C:\Windows\System32\lsass.exe
936 C:\Windows\System32\lsm.exe
964 C:\Windows\System32\winlogon.exe
480 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\nvvsvc.exe
1040 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\audiodg.exe
1348 C:\Windows\System32\svchost.exe
1432 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1448 C:\Windows\System32\nvvsvc.exe
1492 C:\Windows\System32\svchost.exe
1740 C:\Windows\System32\spoolsv.exe
1748 C:\Windows\System32\taskhost.exe
1824 C:\Windows\System32\svchost.exe
1864 C:\Windows\System32\dwm.exe
1900 C:\Windows\explorer.exe
1984 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
2044 C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
1468 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
2056 C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
2104 C:\Windows\System32\svchost.exe
2484 C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
2492 C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
2948 C:\Windows\System32\svchost.exe
2576 C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
1980 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1684 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
3060 C:\Program Files (x86)\Skype\Phone\Skype.exe
2040 C:\Program Files (x86)\Seznam.cz\postak.exe
2908 C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
3140 C:\Windows\SysWOW64\CTHELPER.EXE
3156 C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
3168 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
3644 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
3736 C:\Windows\System32\svchost.exe
3376 C:\Program Files (x86)\PCTV Systems\TVCenter\TVCenter.exe
3480 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1120 WmiPrvSE.exe
2416 C:\Windows\System32\SearchIndexer.exe
4108 C:\Program Files\Windows Media Player\wmpnetwk.exe
4348 C:\Program Files (x86)\Common Files\PCTV Systems\PVR\VideoControl.exe
4568 C:\Windows\System32\svchost.exe
3200 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3792 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5412 C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
6128 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
5236 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
4484 C:\Windows\System32\mstsc.exe
3104 C:\Windows\System32\SearchProtocolHost.exe
4888 C:\Windows\System32\SearchFilterHost.exe
4872 dllhost.exe
4244 dllhost.exe
3064 C:\Users\Jenda\Desktop\MBRCheck.exe
5512 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x0000000c`73b44a00 (NTFS)

PhysicalDrive0 Model Number: ADATASSDS510120GB, Rev: 320ABBF0
PhysicalDrive1 Model Number: WDCWD7500AVVS-63E1B1, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
698 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: 41CDAF6C1E640C22E5FA4D3CF4848309BA7CA593

Done!

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-19 22:55:28
Windows 6.1.7601 Service Pack 1
Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2D 0x0E 0xA5 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF9 0xEB 0xAB 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x4B 0xFE 0x41 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x1B 0x53 0x4C 0x4D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2D 0x0E 0xA5 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF9 0xEB 0xAB 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x4B 0xFE 0x41 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x1B 0x53 0x4C 0x4D ...

---- EOF - GMER 1.0.15 ----

Ale ten druhy log je stejny, nemam tam moznost vybrat toho vic nez servicies, registry a files na disku C:

Příspěvekod **jaro3** » 19 bře 2012 23:06

Hm , žádnou nákazu tam nevidím...

udělej ten script v Combofixu.

Ještě:
Stáhni si aswMBR--už máš
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na OK. Po aktualizaci klikni na „Scan“ . Sken s databází Avastu trvá déle.
Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

jendislav · Příspěvekod **jendislav** » 19 bře 2012 23:07

ComboFix 12-03-18.04 - Jenda 19.03.2012 23:01:17.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8175.6687 [GMT 1:00]
Spuštěný z: c:\users\Jenda\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jenda\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-19 do 2012-03-19 )))))))))))))))))))))))))))))))
.
.
2012-03-19 22:02 . 2012-03-19 22:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-19 22:02 . 2012-03-19 22:02 -------- d-----w- c:\users\UpdatusUser.Jenda-PC\AppData\Local\temp
2012-03-19 22:02 . 2012-03-19 22:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-19 20:57 . 2012-03-19 20:57 -------- d-----w- c:\users\Jenda\AppData\Roaming\Malwarebytes
2012-03-19 20:57 . 2012-03-19 20:57 -------- d-----w- c:\programdata\Malwarebytes
2012-03-19 20:56 . 2012-03-19 20:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-19 20:56 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 17:58 . 2012-03-19 17:58 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 17:58 . 2012-03-19 17:58 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 09:52 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 09:52 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 09:52 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 08:36 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 08:36 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 08:36 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 08:35 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 08:35 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 08:35 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 08:35 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 08:35 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 08:35 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 08:35 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-02-19 14:22 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-19 14:22 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-19 14:22 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-19 14:22 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-19 14:22 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-19 14:22 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-19 14:22 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-19 22:03 . 2011-10-21 18:24 25640 ----a-w- c:\windows\gdrv.sys
2012-03-14 17:57 . 2011-10-21 19:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-19_21.21.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-03-19 21:32 47956 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-19 21:32 43492 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-21 17:52 . 2012-03-19 21:32 6520 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1191011485-3467939791-947400598-1000_UserData.bin
- 2012-03-19 21:21 . 2012-03-19 21:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-19 22:03 . 2012-03-19 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-03-19 21:36 615810 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-18 19:45 615810 c:\windows\system32\perfh009.dat
+ 2011-04-12 08:34 . 2012-03-19 21:36 631054 c:\windows\system32\perfh005.dat
- 2011-04-12 08:34 . 2012-03-18 19:45 631054 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-03-19 21:36 106190 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-18 19:45 106190 c:\windows\system32\perfc009.dat
+ 2011-04-12 08:34 . 2012-03-19 21:36 121708 c:\windows\system32\perfc005.dat
- 2011-04-12 08:34 . 2012-03-18 19:45 121708 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2012-03-19 21:20 363876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-19 22:02 363876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-24 09:44 . 2012-03-19 22:02 1975144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-10-24 09:44 . 2012-03-19 21:20 1975144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-21 19:58 . 2012-03-19 22:02 40787220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1191011485-3467939791-947400598-1000-8192.dat
- 2011-10-21 19:58 . 2012-03-19 21:20 40787220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1191011485-3467939791-947400598-1000-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19979400]
"Seznam Postak"="c:\program files (x86)\Seznam.cz\postak.exe" [2011-05-25 491040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"AsioReg"="CTASIO.DLL" [2002-07-19 106496]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 136176]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-08 2253120]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 EC168x64;TVGo DVB-T02PRO;c:\windows\system32\DRIVERS\EC168x64.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-11-26 30528]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 Ltn_stk7070P_64;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P_64.sys [x]
S3 Ltn_stkrc_64;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc_64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 21:51]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 21:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-23 2552320]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\r388r5kc.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - prefs.js: network.proxy.type - 4
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1191011485-3467939791-947400598-1000\Software\SecuROM\License information*]
"datasecu"=hex:38,12,42,30,fd,f4,33,dd,fe,0c,45,8e,06,17,ec,16,fb,b3,02,3c,14,
01,76,41,4b,7a,72,92,0b,2c,d4,3c,36,09,ba,f0,3f,a9,23,01,02,35,91,44,13,4d,\
"rkeysecu"=hex:bb,f3,92,d2,e9,92,7a,04,d1,9b,5c,ac,35,98,25,4c
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
.
**************************************************************************
.
Celkový čas: 2012-03-19 23:04:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-19 22:04
ComboFix2.txt 2012-03-19 21:22
.
Před spuštěním: Volných bajtů: 68 943 122 432
Po spuštění: Volných bajtů: 68 855 570 432
.
- - End Of File - - 136DC4CBB5F51AA2EC1EA490CF94418D

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:06:38, on 19.3.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Jenda\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files (x86)\Seznam.cz\core.3.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files (x86)\Seznam.cz\postak.exe" -s
O4 - HKUS\S-1-5-21-1191011485-3467939791-947400598-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1191011485-3467939791-947400598-1004\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1191011485-3467939791-947400598-1004\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1191011485-3467939791-947400598-1004\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1191011485-3467939791-947400598-1004\..\Run: [RGSC] F:\Hry\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe /silent (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1191011485-3467939791-947400598-1004\..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1191011485-3467939791-947400598-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8262 bytes

A vsechny aplikace musim spoustet jako spravce, jinak uz mi nejdou spustit :-/

Příspěvekod **jaro3** » 19 bře 2012 23:12

A vsechny aplikace musim spoustet jako spravce, jinak uz mi nejdou spustit :-/

--nenastavil Ti to někdo tak?

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.

Ještě:
Stáhni si aswMBR--už máš
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na OK. Po aktualizaci klikni na „Scan“ . Sken s databází Avastu trvá déle.
Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

jendislav · Příspěvekod **jendislav** » 19 bře 2012 23:12

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-19 22:00:14
-----------------------------
22:00:14.767 OS Version: Windows x64 6.1.7601 Service Pack 1
22:00:14.767 Number of processors: 4 586 0x2A07
22:00:14.767 ComputerName: JENDA-PC UserName: Jenda
22:00:15.193 Initialize success
22:00:25.147 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:00:25.149 Disk 0 Vendor: ADATA_SS 320A Size: 114473MB BusType: 3
22:00:25.152 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
22:00:25.154 Disk 1 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
22:00:25.157 Disk 0 MBR read successfully
22:00:25.160 Disk 0 MBR scan
22:00:25.162 Disk 0 Windows 7 default MBR code
22:00:25.166 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:00:25.169 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
22:00:25.174 Disk 0 scanning C:\Windows\system32\drivers
22:00:25.921 Service scanning
22:00:27.402 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
22:00:28.472 Modules scanning
22:00:28.481 Disk 0 trace - called modules:
22:00:28.488 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sphw.sys hal.dll
22:00:28.494 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007016060]
22:00:28.499 3 CLASSPNP.SYS[fffff88001dc143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006dbe050]
22:00:28.505 Scan finished successfully
22:00:56.797 Disk 0 MBR has been saved successfully to "C:\Users\Jenda\Desktop\MBR.dat"
22:00:56.799 The log file has been saved successfully to "C:\Users\Jenda\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-19 23:08:25
-----------------------------
23:08:25.250 OS Version: Windows x64 6.1.7601 Service Pack 1
23:08:25.250 Number of processors: 4 586 0x2A07
23:08:25.250 ComputerName: JENDA-PC UserName: Jenda
23:08:25.390 Initialize success
23:09:06.325 AVAST engine defs: 12031700
23:09:12.378 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:09:12.378 Disk 0 Vendor: ADATA_SS 320A Size: 114473MB BusType: 3
23:09:12.378 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
23:09:12.393 Disk 1 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
23:09:12.393 Disk 0 MBR read successfully
23:09:12.393 Disk 0 MBR scan
23:09:12.393 Disk 0 Windows 7 default MBR code
23:09:12.393 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:09:12.393 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
23:09:12.409 Disk 0 scanning C:\Windows\system32\drivers
23:09:14.343 Service scanning
23:09:19.507 Modules scanning
23:09:19.507 Disk 0 trace - called modules:
23:09:19.507 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spxy.sys hal.dll
23:09:19.522 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007016060]
23:09:19.522 3 CLASSPNP.SYS[fffff88001c1743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006e0d050]
23:09:19.663 AVAST engine scan C:\Windows
23:09:20.365 AVAST engine scan C:\Windows\system32
23:10:06.868 AVAST engine scan C:\Windows\system32\drivers
23:10:08.959 AVAST engine scan C:\Users\Jenda
23:10:16.135 AVAST engine scan C:\ProgramData
23:10:18.428 Scan finished successfully
23:10:27.242 Disk 0 MBR has been saved successfully to "C:\Users\Jenda\Desktop\MBR.dat"
23:10:27.242 The log file has been saved successfully to "C:\Users\Jenda\Desktop\aswMBR.txt"

rootkit, který upravuje I/O diskové operace pro jaro3

rootkit, který upravuje I/O diskové operace pro jaro3

Re: rootkit, který upravuje I/O diskové operace pro jaro3

Re: rootkit, který upravuje I/O diskové operace pro jaro3

Re: rootkit, který upravuje I/O diskové operace pro jaro3

Re: rootkit, který upravuje I/O diskové operace pro jaro3

Re: rootkit, který upravuje I/O diskové operace pro jaro3

Re: rootkit, který upravuje I/O diskové operace pro jaro3

Re: rootkit, který upravuje I/O diskové operace pro jaro3

Re: rootkit, který upravuje I/O diskové operace pro jaro3

Re: rootkit, který upravuje I/O diskové operace pro jaro3

Re: rootkit, který upravuje I/O diskové operace pro jaro3

Re: rootkit, který upravuje I/O diskové operace pro jaro3

Kdo je online