Rootkit TCP/IP - prosím o kontrolu logu Combofix

radim648 · Příspěvekod **radim648** » 28 bře 2012 11:18

Dobrý den,
nejde mi připojeni k internetu a po spuštění Combofixu hlásí, že rootkit napadl TCP/IP. Prosím o kontrolu logu. Co s tím, prosím?

ComboFix 12-03-27.03 - SpravceNT 27.03.2012 23:44:46.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.401 [GMT 2:00]
Spuštìný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
VAROVÁNÍ - NA TOMTO POÈÍTAÈI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvoøené od 2012-02-27 do 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-24 19:34 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-24 19:34 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-24 19:34 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-24 19:34 . 2012-03-07 00:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-24 19:34 . 2012-03-07 00:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-24 15:33 . 2012-03-06 23:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-24 15:32 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-24 15:32 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-24 15:31 . 2012-03-24 15:31 -------- d-----w- c:\program files\AVAST Software
2012-03-24 15:31 . 2012-03-24 15:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-03-24 07:19 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{25C68577-152D-4B77-895D-C4A7084C6985}\mpengine.dll
2012-03-23 08:42 . 2012-03-23 08:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\PCHealth
2012-03-18 09:44 . 2012-03-18 09:44 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 02:15 . 2011-10-07 07:31 6582328 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-09-30 13:52 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 17:55 . 2011-03-26 13:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-27_21.00.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-27 21:35 . 2012-03-27 21:35 16384 c:\windows\Temp\Perflib_Perfdata_e1c.dat
.
(((((((((((((((((((((((((((((((((( Spouštìcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-11-04 33128]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-08-30 136512]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštìní\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Rychlé spuštìní aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-12-14 6144]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\0\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\1\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\2\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\3\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\4\0]
"Script"=\\t-systems.cz\NETLOGON\tsca1.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\0\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\1\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\2\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\3\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\4\0]
"Script"=\\t-systems.cz\NETLOGON\tsca1.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.3.2012 21:34 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.3.2012 21:34 337880]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [8.1.2009 21:25 58608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.3.2012 21:34 20696]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [1.8.2007 22:30 16376]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [14.10.2011 16:11 72832]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.10.2010 20:34 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 9:50 158856]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [15.10.2011 10:14 102784]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12.10.2010 20:34 136176]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [14.10.2011 16:18 85632]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [14.10.2011 16:18 51456]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [14.10.2011 16:18 26496]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [18.12.2009 12:28 51040]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [12.10.2010 22:50 67968]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zebrmdfl
.
Obsah adresáøe 'Naplánované úlohy'
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 18:34]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 18:34]
.
2012-03-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Doplòkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 10.246.110.1:3128
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\zhdu10ow.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: network.proxy.ftp - 10.246.110.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 10.246.110.1
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 10.246.110.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 10.246.110.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 10.246.110.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-27 23:51
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesù ...
.
skenování skrytých položek 'Po spuštìní' ...
.
skenování skrytých souborù ...
.
sken byl úspešnì dokonèen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na bìžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\tcgina.dll
.
- - - - - - - > 'explorer.exe'(2460)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový èas: 2012-03-27 23:53:36
ComboFix-quarantined-files.txt 2012-03-27 21:53
ComboFix2.txt 2012-03-27 21:27
ComboFix3.txt 2012-03-27 21:03
.
Pøed spuštìním: 779 141 120
Po spuštìní: 760 881 152
.
- - End Of File - - 04A32F382A7A4C19556CE2F0F12931DB

Reklama

Příspěvekod **jaro3** » 28 bře 2012 19:11

když už používáš Combofix , tak proč nevíš jak dál???

Takže:

Vlož log z HJT:
viewtopic.php?f=70&t=5119

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\tcgina.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Příspěvekod **Žbeky** » 28 bře 2012 19:29

Jen dodám, že těmi 2 antiviry tomu taky nijak nepomáháš

radim648 · Příspěvekod **radim648** » 28 bře 2012 23:27

ahoj, ále jsem tu už po několikáté a vždycky to skončilo u Combofixu

jasně, že nevím jak dál, ale nechtěl jsem zdržovat..
s těmi dvěma antiviry máš pravdu, je to nouzovka, protože jsem tam měl jen Microsoft Security Essentials (je to bývalý služební notebook odkoupený od firmy), co bys mi tedy poradil?

takže log z HJT (nejde mi na tom notebooku internet, takže to vkládám přes druhej počítač / flešku, taky asi nic moc):

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:35:25, on 28.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Administrator\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.246.110.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2916326957-211545732-3362804733-12176\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2916326957-211545732-3362804733-12176\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User '?')
O4 - HKUS\S-1-5-21-2916326957-211545732-3362804733-9314\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0789637421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0789741468
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 13015 bytes

log z Malwarebytes:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.01.13.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
SpravceNT :: DELL_D620 [administrátor]

Ochrana: Povolena

28.3.2012 22:45:47
mbam-log-2012-03-28 (22-45-47).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 214916
Uplynulý čas: 5 minut, 47 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

log aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-28 23:01:05
-----------------------------
23:01:05.875 OS Version: Windows 5.1.2600 Service Pack 3
23:01:05.875 Number of processors: 2 586 0xF02
23:01:05.875 ComputerName: DELL_D620 UserName: SpravceNT
23:01:06.875 Initialize success
23:01:10.140 AVAST engine defs: 12032400
23:04:24.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:04:24.531 Disk 0 Vendor: Hitachi_HTS541660J9SA00 SBBOC7KP Size: 57231MB BusType: 3
23:04:24.546 Disk 0 MBR read successfully
23:04:24.546 Disk 0 MBR scan
23:04:25.890 Disk 0 Windows XP default MBR code
23:04:25.906 Disk 0 Partition 1 80 (A) 0C FAT32 LBA NTFS 20002 MB offset 63
23:04:27.406 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 37220 MB offset 40965750
23:04:27.484 Disk 0 scanning sectors +117194175
23:04:28.375 Disk 0 scanning C:\WINDOWS\system32\drivers
23:04:54.281 Service scanning
23:05:12.828 Modules scanning
23:05:20.406 Disk 0 trace - called modules:
23:05:20.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:05:20.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d55ab8]
23:05:20.437 3 CLASSPNP.SYS[f75defd7] -> nt!IofCallDriver -> \Device\00000095[0x86d85f18]
23:05:20.437 5 ACPI.sys[f7455620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d58940]
23:05:20.703 AVAST engine scan C:\WINDOWS
23:05:26.296 AVAST engine scan C:\WINDOWS\system32
23:07:22.203 AVAST engine scan C:\WINDOWS\system32\drivers
23:07:32.843 AVAST engine scan C:\Documents and Settings\Administrator
23:09:36.890 AVAST engine scan C:\Documents and Settings\All Users
23:10:48.421 Scan finished successfully
23:24:22.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Plocha\MBR.dat"
23:24:22.281 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Plocha\aswMBR.txt"

no a jelikož nefunguje připojení wifi, zkusím notebook napíchnout na síťový kabel vedle, abych mohl otestovat soubor na VirusTotal, odkaz pošlu v další zprávě.
díky, zatím R

radim648 · Příspěvekod **radim648** » 28 bře 2012 23:51

tak mi to nejde připojit ani natvrdo kabelem, po zadání ipconfig v příkazovém řádku hlásí chybový kód 2, nepodařilo se najít ovladač IP..co to znamená? ještě před dvěma dny to běhalo normálně..může to taky dělat ten rootkit?
čili nemohu poslat odkaz z kontroly na VirusTotal.
R

Příspěvekod **jaro3** » 29 bře 2012 09:29

když si tu poněkolikáté , tak víš , že máš prvně dát HJT a popsat problémy..

Odinstaluj:
McAfee Security Scan

Nech jen Avast.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.246.110.1:3128
tu proxy používáš?

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

A zkus přeinstalovat ovladače k síť. kartě.

Ten soubor si překopíruj na flash disk a postni z druhého PC na VT.

radim648 · Příspěvekod **radim648** » 29 bře 2012 22:25

ahoj, díky, takže:
- fixnul jsem
- tuto proxy nepoužívám
- log z Killeru:
21:03:09.0625 5236 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
21:03:09.0703 5236 ============================================================
21:03:09.0703 5236 Current date / time: 2012/03/29 21:03:09.0703
21:03:09.0703 5236 SystemInfo:
21:03:09.0703 5236
21:03:09.0703 5236 OS Version: 5.1.2600 ServicePack: 3.0
21:03:09.0703 5236 Product type: Workstation
21:03:09.0703 5236 ComputerName: DELL_D620
21:03:09.0703 5236 UserName: SpravceNT
21:03:09.0703 5236 Windows directory: C:\WINDOWS
21:03:09.0703 5236 System windows directory: C:\WINDOWS
21:03:09.0703 5236 Processor architecture: Intel x86
21:03:09.0703 5236 Number of processors: 2
21:03:09.0703 5236 Page size: 0x1000
21:03:09.0703 5236 Boot type: Normal boot
21:03:09.0703 5236 ============================================================
21:03:11.0234 5236 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:03:11.0250 5236 Drive \Device\Harddisk1\DR3 - Size: 0x7A500000 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:03:11.0250 5236 \Device\Harddisk0\DR0:
21:03:11.0250 5236 MBR used
21:03:11.0250 5236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2711637
21:03:11.0250 5236 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x48B2749
21:03:11.0250 5236 \Device\Harddisk1\DR3:
21:03:11.0250 5236 MBR used
21:03:11.0250 5236 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x3D27E0
21:03:11.0343 5236 Initialize success
21:03:11.0343 5236 ============================================================
21:03:22.0953 5636 ============================================================
21:03:22.0953 5636 Scan started
21:03:22.0953 5636 Mode: Manual;
21:03:22.0953 5636 ============================================================
21:03:23.0484 5636 6to4 (d76e9f5a991458a9f7e28395479b3150) C:\WINDOWS\System32\6to4svc.dll
21:03:23.0500 5636 6to4 - ok
21:03:23.0562 5636 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
21:03:23.0562 5636 Aavmker4 - ok
21:03:23.0562 5636 Abiosdsk - ok
21:03:23.0578 5636 abp480n5 - ok
21:03:23.0703 5636 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:03:23.0703 5636 ACDaemon - ok
21:03:23.0796 5636 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:03:23.0796 5636 ACPI - ok
21:03:23.0843 5636 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:03:23.0843 5636 ACPIEC - ok
21:03:23.0843 5636 adpu160m - ok
21:03:23.0890 5636 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:03:23.0890 5636 aec - ok
21:03:23.0921 5636 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
21:03:23.0921 5636 Afc - ok
21:03:23.0953 5636 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
21:03:23.0953 5636 AFD - ok
21:03:24.0015 5636 Aha154x - ok
21:03:24.0031 5636 aic78u2 - ok
21:03:24.0046 5636 aic78xx - ok
21:03:24.0078 5636 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
21:03:24.0078 5636 Alerter - ok
21:03:24.0093 5636 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
21:03:24.0093 5636 ALG - ok
21:03:24.0093 5636 AliIde - ok
21:03:24.0140 5636 ameisvc (107ffa71fe06ce9cdb339741b7e8bfc0) C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
21:03:24.0140 5636 ameisvc - ok
21:03:24.0156 5636 amsint - ok
21:03:24.0187 5636 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
21:03:24.0187 5636 ApfiltrService - ok
21:03:24.0265 5636 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
21:03:24.0265 5636 APPDRV - ok
21:03:24.0312 5636 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
21:03:24.0312 5636 AppMgmt - ok
21:03:24.0328 5636 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:03:24.0328 5636 Arp1394 - ok
21:03:24.0343 5636 asc - ok
21:03:24.0359 5636 asc3350p - ok
21:03:24.0359 5636 asc3550 - ok
21:03:24.0437 5636 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:03:24.0437 5636 aspnet_state - ok
21:03:24.0515 5636 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:03:24.0515 5636 aswFsBlk - ok
21:03:24.0531 5636 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
21:03:24.0531 5636 aswMon2 - ok
21:03:24.0578 5636 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
21:03:24.0593 5636 aswSnx - ok
21:03:24.0703 5636 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
21:03:24.0703 5636 aswSP - ok
21:03:24.0750 5636 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:03:24.0750 5636 AsyncMac - ok
21:03:24.0781 5636 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:03:24.0781 5636 atapi - ok
21:03:24.0796 5636 Atdisk - ok
21:03:24.0828 5636 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:03:24.0828 5636 Atmarpc - ok
21:03:24.0875 5636 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
21:03:24.0875 5636 AudioSrv - ok
21:03:24.0953 5636 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:03:24.0953 5636 audstub - ok
21:03:25.0046 5636 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:03:25.0046 5636 avast! Antivirus - ok
21:03:25.0062 5636 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:03:25.0062 5636 b57w2k - ok
21:03:25.0171 5636 BCM43XX (345d38f298368dd6b0df5c4f37457a22) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:03:25.0187 5636 BCM43XX - ok
21:03:25.0296 5636 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:03:25.0296 5636 Beep - ok
21:03:25.0328 5636 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
21:03:25.0343 5636 BITS - ok
21:03:25.0421 5636 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
21:03:25.0421 5636 Browser - ok
21:03:25.0453 5636 catchme - ok
21:03:25.0515 5636 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:03:25.0515 5636 cbidf2k - ok
21:03:25.0546 5636 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:03:25.0546 5636 CCDECODE - ok
21:03:25.0546 5636 cd20xrnt - ok
21:03:25.0593 5636 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:03:25.0593 5636 Cdaudio - ok
21:03:25.0656 5636 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:03:25.0656 5636 Cdfs - ok
21:03:25.0687 5636 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:03:25.0687 5636 Cdrom - ok
21:03:25.0718 5636 Changer - ok
21:03:25.0734 5636 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
21:03:25.0750 5636 CiSvc - ok
21:03:25.0750 5636 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
21:03:25.0765 5636 ClipSrv - ok
21:03:25.0828 5636 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:03:25.0828 5636 clr_optimization_v2.0.50727_32 - ok
21:03:25.0875 5636 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:03:25.0890 5636 CmBatt - ok
21:03:25.0921 5636 CmdIde - ok
21:03:25.0937 5636 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:03:25.0953 5636 Compbatt - ok
21:03:25.0953 5636 COMSysApp - ok
21:03:25.0968 5636 Cpqarray - ok
21:03:26.0000 5636 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
21:03:26.0000 5636 CryptSvc - ok
21:03:26.0015 5636 CSRBC (8e1945984e147562f9f08e1d344a69cc) C:\WINDOWS\system32\Drivers\csrbcxp.sys
21:03:26.0015 5636 CSRBC - ok
21:03:26.0046 5636 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
21:03:26.0046 5636 CVirtA - ok
21:03:26.0140 5636 CVPND (5ce32922f8f74a0d2d6ecc30cdad01e0) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
21:03:26.0156 5636 CVPND - ok
21:03:26.0265 5636 CVPNDRVA (d46b2e0eeaf349f2085f8b164e462156) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
21:03:26.0265 5636 CVPNDRVA - ok
21:03:26.0265 5636 dac2w2k - ok
21:03:26.0281 5636 dac960nt - ok
21:03:26.0328 5636 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
21:03:26.0343 5636 DcomLaunch - ok
21:03:26.0437 5636 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
21:03:26.0437 5636 Dhcp - ok
21:03:26.0484 5636 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:03:26.0484 5636 Disk - ok
21:03:26.0531 5636 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
21:03:26.0531 5636 DLABMFSM - ok
21:03:26.0531 5636 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
21:03:26.0531 5636 DLABOIOM - ok
21:03:26.0546 5636 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:03:26.0546 5636 DLACDBHM - ok
21:03:26.0578 5636 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
21:03:26.0578 5636 DLADResM - ok
21:03:26.0578 5636 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
21:03:26.0578 5636 DLAIFS_M - ok
21:03:26.0593 5636 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
21:03:26.0593 5636 DLAOPIOM - ok
21:03:26.0609 5636 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
21:03:26.0609 5636 DLAPoolM - ok
21:03:26.0609 5636 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
21:03:26.0625 5636 DLARTL_M - ok
21:03:26.0625 5636 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
21:03:26.0625 5636 DLAUDFAM - ok
21:03:26.0656 5636 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
21:03:26.0656 5636 DLAUDF_M - ok
21:03:26.0671 5636 dmadmin - ok
21:03:26.0703 5636 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
21:03:26.0718 5636 dmboot - ok
21:03:26.0812 5636 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
21:03:26.0828 5636 dmio - ok
21:03:26.0843 5636 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:03:26.0843 5636 dmload - ok
21:03:26.0875 5636 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
21:03:26.0890 5636 dmserver - ok
21:03:26.0906 5636 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:03:26.0921 5636 DMusic - ok
21:03:26.0953 5636 DNE (694616f813fb627a32c9e32dec133078) C:\WINDOWS\system32\DRIVERS\dne2000.sys
21:03:26.0953 5636 DNE - ok
21:03:27.0015 5636 Dnscache (0634b791684b84f4a331f3d3536feef8) C:\WINDOWS\System32\dnsrslvr.dll
21:03:27.0015 5636 Dnscache - ok
21:03:27.0062 5636 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
21:03:27.0062 5636 Dot3svc - ok
21:03:27.0093 5636 dpti2o - ok
21:03:27.0125 5636 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:03:27.0125 5636 drmkaud - ok
21:03:27.0156 5636 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:03:27.0156 5636 DRVMCDB - ok
21:03:27.0171 5636 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:03:27.0171 5636 DRVNDDM - ok
21:03:27.0250 5636 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
21:03:27.0250 5636 EapHost - ok
21:03:27.0281 5636 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
21:03:27.0281 5636 ERSvc - ok
21:03:27.0328 5636 Ethpdrv (66742188777cca93b0402792dc1f1058) C:\WINDOWS\system32\DRIVERS\ethpdrv.sys
21:03:27.0328 5636 Ethpdrv - ok
21:03:27.0359 5636 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
21:03:27.0359 5636 Eventlog - ok
21:03:27.0406 5636 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
21:03:27.0406 5636 EventSystem - ok
21:03:27.0531 5636 EvtEng (c37b83b51cdf10e5bb6f78a7e4fed11a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:03:27.0531 5636 EvtEng - ok
21:03:27.0640 5636 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
21:03:27.0656 5636 ew_hwusbdev - ok
21:03:27.0687 5636 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:03:27.0687 5636 Fastfat - ok
21:03:27.0718 5636 FastUserSwitchingCompatibility (b927443008910b412bec72fc41c1bad0) C:\WINDOWS\System32\shsvcs.dll
21:03:27.0718 5636 FastUserSwitchingCompatibility - ok
21:03:27.0765 5636 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:03:27.0765 5636 Fdc - ok
21:03:27.0843 5636 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
21:03:27.0843 5636 Fips - ok
21:03:27.0875 5636 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:03:27.0875 5636 Flpydisk - ok
21:03:27.0921 5636 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:03:27.0921 5636 FltMgr - ok
21:03:27.0968 5636 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:03:27.0968 5636 FontCache3.0.0.0 - ok
21:03:27.0984 5636 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:03:27.0984 5636 Fs_Rec - ok
21:03:28.0078 5636 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:03:28.0078 5636 Ftdisk - ok
21:03:28.0109 5636 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:03:28.0109 5636 Gpc - ok
21:03:28.0140 5636 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINDOWS\system32\Drivers\oz776.sys
21:03:28.0140 5636 guardian2 - ok
21:03:28.0203 5636 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:03:28.0203 5636 gupdate - ok
21:03:28.0218 5636 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:03:28.0218 5636 gupdatem - ok
21:03:28.0234 5636 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:03:28.0234 5636 gusvc - ok
21:03:28.0343 5636 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:03:28.0343 5636 HDAudBus - ok
21:03:28.0406 5636 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:03:28.0406 5636 helpsvc - ok
21:03:28.0437 5636 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
21:03:28.0437 5636 HidServ - ok
21:03:28.0468 5636 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:03:28.0468 5636 hidusb - ok
21:03:28.0500 5636 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
21:03:28.0500 5636 hkmsvc - ok
21:03:28.0562 5636 hpn - ok
21:03:28.0609 5636 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:03:28.0609 5636 HPZid412 - ok
21:03:28.0625 5636 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:03:28.0625 5636 HPZipr12 - ok
21:03:28.0656 5636 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:03:28.0656 5636 HPZius12 - ok
21:03:28.0687 5636 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:03:28.0703 5636 HSFHWAZL - ok
21:03:28.0781 5636 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
21:03:28.0796 5636 HSF_DPV - ok
21:03:28.0859 5636 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
21:03:28.0859 5636 HSXHWAZL - ok
21:03:28.0890 5636 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:03:28.0906 5636 HTTP - ok
21:03:28.0953 5636 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
21:03:28.0968 5636 HTTPFilter - ok
21:03:29.0015 5636 huawei_cdcacm (6723835670a746eb97cb932f61151169) C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys
21:03:29.0015 5636 huawei_cdcacm - ok
21:03:29.0078 5636 huawei_cdcecm (132af7d47704801f7af5bafcc623825c) C:\WINDOWS\system32\DRIVERS\ew_jucdcecm.sys
21:03:29.0078 5636 huawei_cdcecm - ok
21:03:29.0125 5636 huawei_enumerator (2f23aba465b24a57e8664a124a53cc15) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
21:03:29.0125 5636 huawei_enumerator - ok
21:03:29.0156 5636 huawei_ext_ctrl (50a16e0f4586338f1114a54c906463b5) C:\WINDOWS\system32\DRIVERS\ew_juextctrl.sys
21:03:29.0156 5636 huawei_ext_ctrl - ok
21:03:29.0187 5636 i2omgmt - ok
21:03:29.0187 5636 i2omp - ok
21:03:29.0234 5636 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:03:29.0234 5636 i8042prt - ok
21:03:29.0468 5636 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:03:29.0515 5636 ialm - ok
21:03:29.0625 5636 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:03:29.0640 5636 idsvc - ok
21:03:29.0718 5636 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:03:29.0718 5636 Imapi - ok
21:03:29.0765 5636 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
21:03:29.0765 5636 ImapiService - ok
21:03:29.0781 5636 ini910u - ok
21:03:29.0796 5636 IntelIde - ok
21:03:29.0812 5636 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:03:29.0812 5636 intelppm - ok
21:03:29.0828 5636 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:03:29.0828 5636 Ip6Fw - ok
21:03:29.0859 5636 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:03:29.0859 5636 IpFilterDriver - ok
21:03:29.0890 5636 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:03:29.0890 5636 IpInIp - ok
21:03:29.0968 5636 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:03:29.0968 5636 IpNat - ok
21:03:30.0015 5636 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:03:30.0015 5636 IPSec - ok
21:03:30.0062 5636 IpwP (d3f6df74534cfdccf49803e739acaea0) C:\WINDOWS\system32\DRIVERS\ipw3gnet.sys
21:03:30.0062 5636 IpwP - ok
21:03:30.0093 5636 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:03:30.0093 5636 IRENUM - ok
21:03:30.0125 5636 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:03:30.0125 5636 isapnp - ok
21:03:30.0171 5636 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe
21:03:30.0171 5636 JavaQuickStarterService - ok
21:03:30.0265 5636 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:03:30.0265 5636 Kbdclass - ok
21:03:30.0312 5636 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:03:30.0312 5636 kmixer - ok
21:03:30.0343 5636 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:03:30.0343 5636 KSecDD - ok
21:03:30.0375 5636 LanmanServer (21920ac69594ab021237054fa728fe46) C:\WINDOWS\System32\srvsvc.dll
21:03:30.0375 5636 LanmanServer - ok
21:03:30.0421 5636 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
21:03:30.0421 5636 lanmanworkstation - ok
21:03:30.0484 5636 lbrtfdc - ok
21:03:30.0531 5636 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
21:03:30.0531 5636 LmHosts - ok
21:03:30.0562 5636 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
21:03:30.0562 5636 MBAMProtector - ok
21:03:30.0671 5636 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:03:30.0687 5636 MBAMService - ok
21:03:30.0718 5636 McAfeeFramework (61a075eee96e6b6ca54c1dc22ca9bf86) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
21:03:30.0718 5636 McAfeeFramework - ok
21:03:30.0781 5636 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:03:30.0796 5636 MDM - ok
21:03:30.0890 5636 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:03:30.0890 5636 mdmxsdk - ok
21:03:30.0906 5636 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
21:03:30.0906 5636 Messenger - ok
21:03:30.0953 5636 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:03:30.0953 5636 mnmdd - ok
21:03:30.0984 5636 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
21:03:30.0984 5636 mnmsrvc - ok
21:03:31.0078 5636 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
21:03:31.0078 5636 Modem - ok
21:03:31.0093 5636 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:03:31.0093 5636 Mouclass - ok
21:03:31.0140 5636 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:03:31.0140 5636 mouhid - ok
21:03:31.0156 5636 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:03:31.0156 5636 MountMgr - ok
21:03:31.0203 5636 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:03:31.0203 5636 MpFilter - ok
21:03:31.0281 5636 mraid35x - ok
21:03:31.0296 5636 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:03:31.0296 5636 MRxDAV - ok
21:03:31.0343 5636 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:03:31.0343 5636 MRxSmb - ok
21:03:31.0421 5636 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
21:03:31.0421 5636 MSDTC - ok
21:03:31.0453 5636 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:03:31.0453 5636 Msfs - ok
21:03:31.0484 5636 MSIServer - ok
21:03:31.0531 5636 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:03:31.0531 5636 MSKSSRV - ok
21:03:31.0625 5636 MsMpSvc (90dc23d940551db35367fb1e40575b25) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
21:03:31.0625 5636 MsMpSvc - ok
21:03:31.0671 5636 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:03:31.0671 5636 MSPCLOCK - ok
21:03:31.0687 5636 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:03:31.0687 5636 MSPQM - ok
21:03:31.0750 5636 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:03:31.0750 5636 mssmbios - ok
21:03:31.0796 5636 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:03:31.0796 5636 MSTEE - ok
21:03:31.0828 5636 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:03:31.0828 5636 Mup - ok
21:03:31.0875 5636 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:03:31.0890 5636 NABTSFEC - ok
21:03:31.0921 5636 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
21:03:31.0921 5636 napagent - ok
21:03:31.0984 5636 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:03:32.0000 5636 NDIS - ok
21:03:32.0031 5636 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:03:32.0031 5636 NdisIP - ok
21:03:32.0046 5636 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:03:32.0046 5636 NdisTapi - ok
21:03:32.0109 5636 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:03:32.0109 5636 Ndisuio - ok
21:03:32.0125 5636 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:03:32.0125 5636 NdisWan - ok
21:03:32.0140 5636 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:03:32.0140 5636 NDProxy - ok
21:03:32.0187 5636 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:03:32.0203 5636 NetBIOS - ok
21:03:32.0218 5636 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:03:32.0218 5636 NetBT - ok
21:03:32.0234 5636 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:03:32.0250 5636 NetDDE - ok
21:03:32.0250 5636 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:03:32.0250 5636 NetDDEdsdm - ok
21:03:32.0281 5636 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:03:32.0281 5636 Netlogon - ok
21:03:32.0343 5636 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
21:03:32.0359 5636 Netman - ok
21:03:32.0421 5636 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:03:32.0421 5636 NetTcpPortSharing - ok
21:03:32.0640 5636 NETw5x32 (aa88346ab7849a1cb34bd3424febfece) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
21:03:32.0671 5636 NETw5x32 - ok
21:03:32.0765 5636 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:03:32.0765 5636 NIC1394 - ok
21:03:32.0828 5636 NICCONFIGSVC (27d38b7d646283d98d65e3435b1e6197) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
21:03:32.0828 5636 NICCONFIGSVC - ok
21:03:32.0921 5636 Nla (1289b7611ccd6cb27596ae92cbf03e35) C:\WINDOWS\System32\mswsock.dll
21:03:32.0937 5636 Nla - ok
21:03:32.0968 5636 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:03:32.0968 5636 Npfs - ok
21:03:33.0015 5636 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:03:33.0031 5636 Ntfs - ok
21:03:33.0109 5636 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:03:33.0125 5636 NtLmSsp - ok
21:03:33.0156 5636 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
21:03:33.0171 5636 NtmsSvc - ok
21:03:33.0312 5636 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:03:33.0312 5636 Null - ok
21:03:33.0671 5636 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:03:33.0671 5636 NwlnkFlt - ok
21:03:33.0906 5636 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:03:33.0906 5636 NwlnkFwd - ok
21:03:34.0328 5636 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
21:03:34.0328 5636 NwlnkIpx - ok
21:03:34.0500 5636 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
21:03:34.0500 5636 NwlnkNb - ok
21:03:34.0515 5636 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
21:03:34.0515 5636 NwlnkSpx - ok
21:03:34.0546 5636 NwSapAgent (85d8c6514bd48df2cc61debe3f879dc0) C:\WINDOWS\System32\ipxsap.dll
21:03:34.0546 5636 NwSapAgent - ok
21:03:34.0640 5636 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:03:34.0640 5636 odserv - ok
21:03:34.0734 5636 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:03:34.0734 5636 ohci1394 - ok
21:03:34.0765 5636 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:03:34.0765 5636 ose - ok
21:03:34.0875 5636 P0630VID (01b008e6e423242e9fec8f466ef83767) C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
21:03:34.0875 5636 P0630VID - ok
21:03:34.0906 5636 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
21:03:34.0906 5636 Parport - ok
21:03:34.0953 5636 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:03:34.0953 5636 PartMgr - ok
21:03:35.0000 5636 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
21:03:35.0000 5636 ParVdm - ok
21:03:35.0031 5636 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
21:03:35.0031 5636 PCI - ok
21:03:35.0062 5636 PCIDump - ok
21:03:35.0125 5636 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:03:35.0125 5636 PCIIde - ok
21:03:35.0140 5636 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:03:35.0140 5636 Pcmcia - ok
21:03:35.0156 5636 PDCOMP - ok
21:03:35.0156 5636 PDFRAME - ok
21:03:35.0171 5636 PDRELI - ok
21:03:35.0187 5636 PDRFRAME - ok
21:03:35.0187 5636 perc2 - ok
21:03:35.0203 5636 perc2hib - ok
21:03:35.0250 5636 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
21:03:35.0250 5636 PlugPlay - ok
21:03:35.0296 5636 Pml Driver HPZ12 (901c43516504cbe582e4c4193e00876a) C:\WINDOWS\system32\HPZipm12.exe
21:03:35.0296 5636 Pml Driver HPZ12 - ok
21:03:35.0328 5636 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:03:35.0328 5636 PolicyAgent - ok
21:03:35.0390 5636 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:03:35.0390 5636 PptpMiniport - ok
21:03:35.0421 5636 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:03:35.0421 5636 ProtectedStorage - ok
21:03:35.0453 5636 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:03:35.0453 5636 PSched - ok
21:03:35.0484 5636 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:03:35.0484 5636 Ptilink - ok
21:03:35.0531 5636 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:03:35.0531 5636 PxHelp20 - ok
21:03:35.0546 5636 ql1080 - ok
21:03:35.0546 5636 Ql10wnt - ok
21:03:35.0562 5636 ql12160 - ok
21:03:35.0578 5636 ql1240 - ok
21:03:35.0578 5636 ql1280 - ok
21:03:35.0593 5636 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:03:35.0593 5636 RasAcd - ok
21:03:35.0625 5636 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
21:03:35.0625 5636 RasAuto - ok
21:03:35.0703 5636 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:03:35.0703 5636 Rasl2tp - ok
21:03:35.0734 5636 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
21:03:35.0750 5636 RasMan - ok
21:03:35.0765 5636 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:03:35.0781 5636 RasPppoe - ok
21:03:35.0796 5636 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:03:35.0796 5636 Raspti - ok
21:03:35.0828 5636 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:03:35.0828 5636 Rdbss - ok
21:03:35.0843 5636 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:03:35.0843 5636 RDPCDD - ok
21:03:35.0921 5636 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:03:35.0921 5636 rdpdr - ok
21:03:35.0968 5636 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:03:35.0968 5636 RDPWD - ok
21:03:36.0000 5636 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
21:03:36.0000 5636 RDSessMgr - ok
21:03:36.0046 5636 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:03:36.0046 5636 redbook - ok
21:03:36.0140 5636 RegSrvc (c96980cccf84329824623b0b50383703) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:03:36.0140 5636 RegSrvc - ok
21:03:36.0234 5636 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
21:03:36.0234 5636 RemoteAccess - ok
21:03:36.0265 5636 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
21:03:36.0281 5636 RemoteRegistry - ok
21:03:36.0296 5636 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
21:03:36.0312 5636 RpcLocator - ok
21:03:36.0343 5636 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
21:03:36.0359 5636 RpcSs - ok
21:03:36.0406 5636 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
21:03:36.0406 5636 RSVP - ok
21:03:36.0500 5636 S24EventMonitor (0fcb7eeb0e81a777735a5af185f56c2b) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
21:03:36.0515 5636 S24EventMonitor - ok
21:03:36.0609 5636 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:03:36.0609 5636 s24trans - ok
21:03:36.0625 5636 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:03:36.0625 5636 SamSs - ok
21:03:36.0671 5636 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
21:03:36.0671 5636 SCardSvr - ok
21:03:36.0703 5636 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
21:03:36.0718 5636 Schedule - ok
21:03:36.0734 5636 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:03:36.0734 5636 Secdrv - ok
21:03:36.0812 5636 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
21:03:36.0812 5636 seclogon - ok
21:03:36.0843 5636 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
21:03:36.0859 5636 SENS - ok
21:03:36.0890 5636 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:03:36.0890 5636 serenum - ok
21:03:36.0906 5636 Serial (9476be2e05e1040ce042d8400dc519c4) C:\WINDOWS\system32\DRIVERS\serial.sys
21:03:36.0906 5636 Serial - ok
21:03:36.0921 5636 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:03:36.0921 5636 Sfloppy - ok
21:03:36.0984 5636 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
21:03:36.0984 5636 SharedAccess - ok
21:03:37.0078 5636 ShellHWDetection (b927443008910b412bec72fc41c1bad0) C:\WINDOWS\System32\shsvcs.dll
21:03:37.0093 5636 ShellHWDetection - ok
21:03:37.0109 5636 Simbad - ok
21:03:37.0140 5636 SimpTcp (0befa983f8b9511eadd6960dd13e9fbf) C:\WINDOWS\system32\tcpsvcs.exe
21:03:37.0156 5636 SimpTcp - ok
21:03:37.0203 5636 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
21:03:37.0203 5636 SkypeUpdate - ok
21:03:37.0296 5636 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:03:37.0296 5636 SLIP - ok
21:03:37.0343 5636 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:03:37.0343 5636 SONYPVU1 - ok
21:03:37.0359 5636 Sparrow - ok
21:03:37.0390 5636 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:03:37.0390 5636 splitter - ok
21:03:37.0421 5636 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:03:37.0437 5636 Spooler - ok
21:03:37.0468 5636 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
21:03:37.0468 5636 sr - ok
21:03:37.0531 5636 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
21:03:37.0546 5636 srservice - ok
21:03:37.0593 5636 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
21:03:37.0593 5636 Srv - ok
21:03:37.0625 5636 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
21:03:37.0625 5636 SSDPSRV - ok
21:03:37.0703 5636 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
21:03:37.0703 5636 STHDA - ok
21:03:37.0812 5636 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
21:03:37.0812 5636 stisvc - ok
21:03:37.0875 5636 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:03:37.0890 5636 stllssvr - ok
21:03:37.0921 5636 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:03:37.0937 5636 streamip - ok
21:03:38.0015 5636 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:03:38.0015 5636 swenum - ok
21:03:38.0046 5636 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:03:38.0046 5636 swmidi - ok
21:03:38.0062 5636 SwPrv - ok
21:03:38.0078 5636 symc810 - ok
21:03:38.0078 5636 symc8xx - ok
21:03:38.0093 5636 sym_hi - ok
21:03:38.0109 5636 sym_u3 - ok
21:03:38.0125 5636 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:03:38.0125 5636 sysaudio - ok
21:03:38.0156 5636 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
21:03:38.0171 5636 SysmonLog - ok
21:03:38.0187 5636 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
21:03:38.0203 5636 TapiSrv - ok
21:03:38.0296 5636 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:03:38.0312 5636 Tcpip - ok
21:03:38.0343 5636 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
21:03:38.0343 5636 Tcpip6 - ok
21:03:38.0375 5636 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:03:38.0375 5636 TDPIPE - ok
21:03:38.0390 5636 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:03:38.0390 5636 TDTCP - ok
21:03:38.0406 5636 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:03:38.0421 5636 TermDD - ok
21:03:38.0500 5636 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
21:03:38.0500 5636 TermService - ok
21:03:38.0546 5636 Themes (b927443008910b412bec72fc41c1bad0) C:\WINDOWS\System32\shsvcs.dll
21:03:38.0546 5636 Themes - ok
21:03:38.0578 5636 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\system32\tlntsvr.exe
21:03:38.0578 5636 TlntSvr - ok
21:03:38.0640 5636 TOSHIBA Bluetooth Service (2e7315b147e524e055026e6634b14ea6) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
21:03:38.0640 5636 TOSHIBA Bluetooth Service - ok
21:03:38.0703 5636 TosIde - ok
21:03:38.0734 5636 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
21:03:38.0750 5636 tosporte - ok
21:03:38.0765 5636 tosrfbd (399c5e4db7bdd5a83a7d26c96389b85a) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
21:03:38.0765 5636 tosrfbd - ok
21:03:38.0781 5636 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
21:03:38.0781 5636 tosrfbnp - ok
21:03:38.0812 5636 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys
21:03:38.0812 5636 Tosrfcom - ok
21:03:38.0828 5636 Tosrfhid (efc95c0dc6f96b228f58319776006548) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
21:03:38.0828 5636 Tosrfhid - ok
21:03:38.0921 5636 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
21:03:38.0921 5636 tosrfnds - ok
21:03:38.0937 5636 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
21:03:38.0937 5636 Tosrfusb - ok
21:03:38.0968 5636 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
21:03:38.0984 5636 TrkWks - ok
21:03:39.0031 5636 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\WINDOWS\system32\drivers\truecrypt.sys
21:03:39.0031 5636 truecrypt - ok
21:03:39.0062 5636 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
21:03:39.0062 5636 tunmp - ok
21:03:39.0140 5636 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:03:39.0140 5636 Udfs - ok
21:03:39.0156 5636 UIUSys - ok
21:03:39.0171 5636 ultra - ok
21:03:39.0218 5636 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:03:39.0218 5636 Update - ok
21:03:39.0234 5636 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
21:03:39.0250 5636 upnphost - ok
21:03:39.0265 5636 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
21:03:39.0281 5636 UPS - ok
21:03:39.0312 5636 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:03:39.0312 5636 usbccgp - ok
21:03:39.0390 5636 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:03:39.0390 5636 usbehci - ok
21:03:39.0421 5636 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:03:39.0421 5636 usbhub - ok
21:03:39.0453 5636 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:03:39.0453 5636 usbprint - ok
21:03:39.0500 5636 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:03:39.0500 5636 usbscan - ok
21:03:39.0531 5636 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:03:39.0531 5636 USBSTOR - ok
21:03:39.0609 5636 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:03:39.0625 5636 usbuhci - ok
21:03:39.0656 5636 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:03:39.0656 5636 VgaSave - ok
21:03:39.0671 5636 ViaIde - ok
21:03:39.0687 5636 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
21:03:39.0687 5636 VolSnap - ok
21:03:39.0734 5636 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
21:03:39.0734 5636 VSS - ok
21:03:39.0765 5636 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
21:03:39.0781 5636 W32Time - ok
21:03:39.0859 5636 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:03:39.0859 5636 Wanarp - ok
21:03:39.0906 5636 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:03:39.0921 5636 Wdf01000 - ok
21:03:39.0968 5636 WDICA - ok
21:03:40.0000 5636 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:03:40.0000 5636 wdmaud - ok
21:03:40.0046 5636 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
21:03:40.0046 5636 WebClient - ok
21:03:40.0125 5636 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
21:03:40.0125 5636 winachsf - ok
21:03:40.0203 5636 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:03:40.0218 5636 winmgmt - ok
21:03:40.0312 5636 WLANKEEPER (c9b9942eeca0b82e35d60627e365510a) C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
21:03:40.0312 5636 WLANKEEPER - ok
21:03:40.0375 5636 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:03:40.0375 5636 WmdmPmSN - ok
21:03:40.0453 5636 Wmi (0171cff34bba8c5977f18c48d8aef8c6) C:\WINDOWS\System32\advapi32.dll
21:03:40.0468 5636 Wmi - ok
21:03:40.0546 5636 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:03:40.0546 5636 WmiAcpi - ok
21:03:40.0578 5636 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:03:40.0578 5636 WmiApSrv - ok
21:03:40.0671 5636 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:03:40.0687 5636 WMPNetworkSvc - ok
21:03:40.0812 5636 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:03:40.0812 5636 WpdUsb - ok
21:03:40.0843 5636 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:03:40.0843 5636 WS2IFSL - ok
21:03:40.0875 5636 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
21:03:40.0875 5636 wscsvc - ok
21:03:40.0890 5636 WSearch - ok
21:03:40.0937 5636 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:03:40.0937 5636 WSTCODEC - ok
21:03:40.0968 5636 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
21:03:40.0968 5636 wuauserv - ok
21:03:41.0046 5636 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:03:41.0062 5636 WudfPf - ok
21:03:41.0078 5636 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:03:41.0078 5636 WudfRd - ok
21:03:41.0109 5636 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:03:41.0109 5636 WudfSvc - ok
21:03:41.0156 5636 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
21:03:41.0171 5636 WZCSVC - ok
21:03:41.0234 5636 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
21:03:41.0250 5636 xmlprov - ok
21:03:41.0281 5636 zebrmdfl (8024ea8c5b2d2a4d201f418b0aadb804) C:\WINDOWS\system32\irmon.dll
21:03:41.0281 5636 zebrmdfl - ok
21:03:41.0328 5636 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
21:03:41.0484 5636 \Device\Harddisk0\DR0 - ok
21:03:41.0500 5636 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR3
21:03:42.0156 5636 \Device\Harddisk1\DR3 - ok
21:03:42.0171 5636 Boot (0x1200) (1ab452669ae2cad6416a3708a72f017a) \Device\Harddisk0\DR0\Partition0
21:03:42.0171 5636 \Device\Harddisk0\DR0\Partition0 - ok
21:03:42.0187 5636 Boot (0x1200) (1438e3f6dac2dc32716a1473a75fe10a) \Device\Harddisk0\DR0\Partition1
21:03:42.0187 5636 \Device\Harddisk0\DR0\Partition1 - ok
21:03:42.0187 5636 Boot (0x1200) (b93a6090620e33222be7e453212d0c9f) \Device\Harddisk1\DR3\Partition0
21:03:42.0187 5636 \Device\Harddisk1\DR3\Partition0 - ok
21:03:42.0187 5636 ============================================================
21:03:42.0187 5636 Scan finished
21:03:42.0187 5636 ============================================================
21:03:42.0203 4688 Detected object count: 0
21:03:42.0203 4688 Actual detected object count: 0
21:03:54.0703 1952 Deinitialize success

Radim

hroch123 · Příspěvekod **hroch123** » 30 bře 2012 00:58

ukázka Avastu, hnůj

Příspěvekod **jaro3** » 30 bře 2012 09:38

ukázka Avastu, hnůj

????

fix

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.246.110.1:3128

Odinstaloval si Microsoft Security Essentials?

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Stáhni si ToolsCleaner2( by de A.Rothstein & Dj Quiou & překlad: Damned )
Na plochu a spusť ho.
Klikni na Bod obnovení[b] a poté na [b]OK , OK[b].
Klikni na [b]Koš[b] a poté na [b]OK[b].
Klikni na [b]Dočasné soubory[b] a poté na [b]OK[b].
Klikni na [b]Vyhledat[b] a nech Cleaner pracovat. Může se během čištění zastavit (neodpovídá), ale nech ho pokračovat.
Když program skončí , klikni na [b]Odstranit a odstraň nalezené.
Zavři program.
Program maže i všechny nástroje na odvirování a vytváření logů , které se zde používají (HJT, Combofix, OTM, OTL, OTS atd.)

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

radim648 · Příspěvekod **radim648** » 30 bře 2012 22:14

díky, zde je log:

ComboFix 12-03-27.03 - SpravceNT 30.03.2012 21:57:55.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.283 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-28 do 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-24 19:34 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-24 19:34 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-24 19:34 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-24 19:34 . 2012-03-07 00:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-24 19:34 . 2012-03-07 00:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-24 15:33 . 2012-03-06 23:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-24 15:32 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-24 15:32 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-24 15:31 . 2012-03-24 15:31 -------- d-----w- c:\program files\AVAST Software
2012-03-24 15:31 . 2012-03-24 15:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-03-23 08:42 . 2012-03-23 08:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\PCHealth
2012-03-18 09:44 . 2012-03-18 09:44 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2010-09-30 13:52 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 17:55 . 2011-03-26 13:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-11-04 33128]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-08-30 136512]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychlé spuštění aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-12-14 6144]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\0\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\1\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\2\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\3\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\4\0]
"Script"=\\t-systems.cz\NETLOGON\tsca1.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\0\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\1\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\2\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\3\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\4\0]
"Script"=\\t-systems.cz\NETLOGON\tsca1.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.3.2012 21:34 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.3.2012 21:34 337880]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [8.1.2009 21:25 58608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.3.2012 21:34 20696]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [1.8.2007 22:30 16376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28.3.2012 22:42 652360]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [14.10.2011 16:11 72832]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28.3.2012 22:42 20464]
R3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [29.3.2012 22:00 6609920]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.10.2010 20:34 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 9:50 158856]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [15.10.2011 10:14 102784]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12.10.2010 20:34 136176]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [14.10.2011 16:18 85632]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [14.10.2011 16:18 51456]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [14.10.2011 16:18 26496]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [18.12.2009 12:28 51040]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [12.10.2010 22:50 67968]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zebrmdfl
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 18:34]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 18:34]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\zhdu10ow.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: network.proxy.ftp - 10.246.110.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 10.246.110.1
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 10.246.110.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 10.246.110.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 10.246.110.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-30 22:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1444)
c:\windows\system32\tcgina.dll
.
- - - - - - - > 'explorer.exe'(4856)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-03-30 22:06:47
ComboFix-quarantined-files.txt 2012-03-30 20:06
.
Před spuštěním: 2 050 482 176
Po spuštění: 2 045 222 912
.
- - End Of File - - 598C857C00E0A85B9B724E3270A13F4A

Příspěvekod **jaro3** » 30 bře 2012 23:21

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
SecCenter::
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

Collect::
c:\windows\system32\tcgina.dll

File::
c:\program files\McAfee\Common Framework\UdaterUI.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\McAfee
c:\program files\Google\Update

Driver::
gupdate
gupdatem
zebrmdfl

NetSvcs::
zebrmdfl

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

srvpp01\NETLOGON\doadmins.vbs
"Script"=\\t-systems.cz\NETLOGON\tsca1.cmd
Tohle Ti něco říká? Visual Basic??

Ještě jednou ty porty:
FF - prefs.js: network.proxy.ftp - 10.246.110.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 10.246.110.1
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 10.246.110.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 10.246.110.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 10.246.110.1
FF - prefs.js: network.proxy.ssl_port - 3128
Nepovoloval si ani jeden??

radim648 · Příspěvekod **radim648** » 31 bře 2012 15:06

Ahoj, zkouším to po několikáté, ale vždycky se mi ComboFix sekne. poprvé jsem ho nechal běžet asi 3 hodiny a pak jsem to musel natvrdo resetovat. co s tím?
R

Rootkit TCP/IP - prosím o kontrolu logu Combofix Vyřešeno

Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Kdo je online