kontrola HJT - boot virus

aallbbll · Příspěvekod **aallbbll** » 09 dub 2012 20:04

Původní disk měl jen 20gb a dvě parti, Intel1,3gb, 248 mb ram.sdílená grafika 16 mb. Mám to od neteře na hraní pro mně a děti. Jako invalida / už 5 let/ se třemi dětmi /10+10+7 let/ na lepší nemám. Proto od něj nečekám zázraky. Ale něco odstraním.

Reklama

Příspěvekod **jaro3** » 10 dub 2012 10:18

Odinstaluj:
McAfee Security Scan

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
File::
c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
c:\windows\system32\DRIVERS\ehdrv.sys
c:\windows\system32\DRIVERS\epfwtdir.sys
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe

Folder::
c:\windows\SxsCaPendDel
c:\program files\ESET
c:\program files\McAfee Security Scan

Driver::
McComponentHostService
ehdrv
epfwtdir
ekrn

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"=-


RegNull::
[HKEY_USERS\S-1-5-21-789336058-492894223-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05F2AD5E-7520-CB34-E865-0282803A8D11}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jafncmgnoplmlcjgmcnk"=hex:62,61,69,63,00,00
"jafncmgnoplmlcjgmcjk"=hex:62,61,70,63,00,00
"iafoobcjghifoefabp"=hex:6b,61,6f,63,6a,6a,65,68,6d,66,69,63,68,64,66,64,64,61,
 67,6c,65,6f,00,00
"hadoemejhdmimgbc"=hex:6b,61,6f,63,6a,6a,68,68,65,62,64,61,6b,67,64,64,6d,70,
 6f,6c,6d,63,00,00
[HKEY_USERS\S-1-5-21-789336058-492894223-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B2FC9513-070F-8C21-F260-09B3DBDF8767}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hajhokfiijmimhbg"=hex:68,61,69,68,6e,65,6f,69,66,63,6c,6e,6f,6c,68,6e,00,00
"jaihnfckbahkllecphbi"=hex:64,62,63,69,6b,66,61,67,64,63,61,68,68,68,66,70,61,
 68,6d,6b,67,6d,70,6c,70,6c,6e,6b,6d,70,70,61,61,66,6f,61,6e,68,6a,70,00,a2
"janhkcbkpcjbmlammgeb"=hex:62,61,6a,66,00,00
"janhkcbkpcjbmlammgib"=hex:62,61,67,66,00,00

RegLock::
[HKEY_USERS\S-1-5-21-789336058-492894223-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05F2AD5E-7520-CB34-E865-0282803A8D11}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jafncmgnoplmlcjgmcnk"=hex:62,61,69,63,00,00
"jafncmgnoplmlcjgmcjk"=hex:62,61,70,63,00,00
"iafoobcjghifoefabp"=hex:6b,61,6f,63,6a,6a,65,68,6d,66,69,63,68,64,66,64,64,61,
 67,6c,65,6f,00,00
"hadoemejhdmimgbc"=hex:6b,61,6f,63,6a,6a,68,68,65,62,64,61,6b,67,64,64,6d,70,
 6f,6c,6d,63,00,00
[HKEY_USERS\S-1-5-21-789336058-492894223-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B2FC9513-070F-8C21-F260-09B3DBDF8767}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hajhokfiijmimhbg"=hex:68,61,69,68,6e,65,6f,69,66,63,6c,6e,6f,6c,68,6e,00,00
"jaihnfckbahkllecphbi"=hex:64,62,63,69,6b,66,61,67,64,63,61,68,68,68,66,70,61,
 68,6d,6b,67,6d,70,6c,70,6c,6e,6b,6d,70,70,61,61,66,6f,61,6e,68,6a,70,00,a2
"janhkcbkpcjbmlammgeb"=hex:62,61,6a,66,00,00
"janhkcbkpcjbmlammgib"=hex:62,61,67,66,00,00

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

C:\taskman---znáš tu složku?

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\nglide_uninst.exe
c:\windows\system32\ChinaOne.FOT
c:\windows\system32\common_res.dll
c:\windows\system32\sfcfiles.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

µTorrent--není bezpečný proghram.

Nainstaluj si free antivir:
Avira
Avast
AVG

Aktualizuj javu:
Java SE Runtime Environment 7

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-7-windows-i586-p.exe nebo
jre-7-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

aallbbll · Příspěvekod **aallbbll** » 10 dub 2012 19:46

Znám "C:\taskman---znáš tu složku?". Je to anvir task manager. Zatím díky, budu večer pokračovat.

Příspěvekod **jaro3** » 10 dub 2012 20:17

Fajn , ještě jsem upravil ten script.

aallbbll · Příspěvekod **aallbbll** » 10 dub 2012 22:12

McAfee je pryč, Nglide je pryč. VirusTotal je negativní u všech čtyř.Pokračuji dál.

aallbbll · Příspěvekod **aallbbll** » 11 dub 2012 07:15

ComboFix 12-04-06.03 - a 10.04.2012 22:50:53.2.1 - x86
Spuštěný z: c:\documents and settings\a\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\a\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\program files\ESET\ESET NOD32 Antivirus\egui.exe"
"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe"
"c:\windows\system32\DRIVERS\ehdrv.sys"
"c:\windows\system32\DRIVERS\epfwtdir.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ESET
c:\program files\ESET\ESET NOD32 Antivirus\callmsi.exe
c:\program files\ESET\ESET NOD32 Antivirus\DMON.dll
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.cat
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.inf
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.sys
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.cat
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.inf
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.sys
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.cat
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.inf
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.sys
c:\program files\ESET\ESET NOD32 Antivirus\ecls.exe
c:\program files\ESET\ESET NOD32 Antivirus\eclsLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\ecmd.exe
c:\program files\ESET\ESET NOD32 Antivirus\eeclnt.exe
c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
c:\program files\ESET\ESET NOD32 Antivirus\eguiAmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiAmonLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiDmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiDmonLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiEmonLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiEpfwLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiMailPluginsLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiProduct.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiProductRcd.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiScan.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiScanLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiUpdateLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnDmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnDmonLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnEpfwLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnMailPluginsLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnScan.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnScanLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnUpdateLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\em000_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em001_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em002_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em003_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em004_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em005_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em006_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em009_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em013_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em015_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em023_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOE.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOEEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOELang.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOutlook.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOutlookEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOutlookEmonLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOutlookLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgTbEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgTbLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\eset.chm
c:\program files\ESET\ESET NOD32 Antivirus\eula.rtf
c:\program files\ESET\ESET NOD32 Antivirus\http_dll.dll
c:\program files\ESET\ESET NOD32 Antivirus\mfc80.dll
c:\program files\ESET\ESET NOD32 Antivirus\mfc80u.dll
c:\program files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.CRT.manifest
c:\program files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFC.manifest
c:\program files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFCLOC.manifest
c:\program files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird\Components\eplgTb.dll
c:\program files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird\chrome.manifest
c:\program files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird\install.rdf
c:\program files\ESET\ESET NOD32 Antivirus\msvcp80.dll
c:\program files\ESET\ESET NOD32 Antivirus\msvcr80.dll
c:\program files\ESET\ESET NOD32 Antivirus\PPESET.dll
c:\program files\ESET\ESET NOD32 Antivirus\PPEset.inf
c:\program files\ESET\ESET NOD32 Antivirus\shellExt.dll
c:\program files\ESET\ESET NOD32 Antivirus\ShellExtLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\SysInspector.exe
c:\program files\ESET\ESET NOD32 Antivirus\SysInspectorLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\SysRescue.exe
c:\program files\ESET\ESET NOD32 Antivirus\SysRescueLang.dll
c:\program files\ESET\ESET NOD32 Antivirus\updater.dll
c:\windows\SxsCaPendDel
c:\windows\system32\DRIVERS\ehdrv.sys
c:\windows\system32\DRIVERS\epfwtdir.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EHDRV
-------\Legacy_EKRN
-------\Legacy_EPFWTDIR
-------\Legacy_MCCOMPONENTHOSTSERVICE
-------\Service_ehdrv
-------\Service_ekrn
-------\Service_epfwtdir
-------\Service_McComponentHostService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-10 do 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-09 12:25 . 2009-06-08 12:56 30464 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-04-08 21:30 . 2012-04-08 21:30 -------- d-----w- C:\anvirtask
2012-04-08 21:28 . 2012-04-08 21:31 -------- d-----w- C:\taskman
2012-04-08 21:22 . 2012-04-08 21:23 -------- d-----w- C:\AnVir_Task_Manager_6.5.0_Portable
2012-04-06 21:53 . 2012-04-06 22:06 -------- d-----w- c:\program files\System Ninja
2012-04-06 21:48 . 2012-04-06 21:48 -------- d-----w- c:\program files\PTDD Group
2012-04-06 21:46 . 2004-04-18 21:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-04-06 21:46 . 2004-04-18 21:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-04-06 21:46 . 2004-04-18 21:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-04-06 21:46 . 2004-04-18 21:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-04-06 21:46 . 2004-04-18 21:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-04-06 21:45 . 2012-04-06 21:45 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-04-06 21:45 . 2012-04-06 21:45 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-04-05 20:30 . 2012-04-05 21:56 -------- d-----w- C:\UninstallTool portable
2012-04-05 07:45 . 2012-04-06 22:09 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-05 07:30 . 2012-04-05 07:30 -------- d-----w- c:\documents and settings\a\Data aplikací\Malwarebytes
2012-04-05 07:29 . 2012-04-05 07:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-04-05 07:29 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 07:29 . 2012-04-05 07:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-04 13:46 . 2012-04-04 13:46 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 12:53 . 2012-04-09 13:15 -------- d-----w- C:\záloha boot
2012-04-02 11:03 . 2012-04-02 11:03 -------- d-----w- C:\Impressions Games
2012-03-30 20:38 . 2012-03-30 20:38 -------- d-----w- C:\videodvdmaker
2012-03-30 20:33 . 2012-03-30 20:33 -------- d-----w- c:\documents and settings\a\Data aplikací\AnvSoft
2012-03-30 12:09 . 2012-03-30 12:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ImTOO
2012-03-30 10:26 . 2012-03-30 10:26 -------- d-----w- c:\documents and settings\a\Data aplikací\AVS4YOU
2012-03-30 05:34 . 2012-03-30 10:57 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-03-30 05:34 . 2010-11-29 15:21 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-03-30 05:34 . 2010-11-29 15:21 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2012-03-28 17:55 . 2012-03-28 18:06 -------- d-----w- c:\documents and settings\a\Data aplikací\Mobipocket
2012-03-28 17:43 . 2012-03-28 17:43 -------- d-----w- c:\program files\Mobipocket.com
2012-03-25 07:11 . 2012-03-25 07:11 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\Downloaded Installations
2012-03-24 17:01 . 2012-03-24 17:01 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\LitexMedia
2012-03-24 14:52 . 2012-03-24 14:52 -------- d-----w- c:\documents and settings\a\Data aplikací\ImTOO
2012-03-22 18:13 . 2012-03-22 18:13 -------- d-----w- c:\documents and settings\a\Data aplikací\Longbow Digital Arts
2012-03-21 12:55 . 1998-06-26 15:57 142336 ----a-w- c:\windows\system32\CM6_1024x16.dll
2012-03-21 12:55 . 2000-12-12 09:36 344123 ----a-w- c:\windows\system32\spr_p5.dll
2012-03-21 12:55 . 1998-06-26 17:25 142848 ----a-w- c:\windows\system32\CM6_800x16.dll
2012-03-21 12:55 . 1998-06-26 15:48 142336 ----a-w- c:\windows\system32\CM6_512x16.dll
2012-03-21 12:55 . 1998-06-26 14:48 142848 ----a-w- c:\windows\system32\CM6_640x16.dll
2012-03-21 12:55 . 2000-12-12 09:36 348219 ----a-w- c:\windows\system32\spr_p6.dll
2012-03-17 14:53 . 2012-03-17 14:54 -------- d-----w- c:\documents and settings\a\Data aplikací\Sierra
2012-03-14 18:51 . 2012-03-14 18:51 -------- d-----w- C:\Westwood
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 19:50 . 2012-04-08 19:48 7556936 ----a-w- C:\AnVir.Task.Manager.6.7.0.zip
2012-04-04 13:46 . 2011-11-05 18:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-01 11:56 . 2012-02-06 20:07 21840 ----atw- c:\windows\system32\SIntfNT.dll
2012-04-01 11:56 . 2012-02-06 20:07 17212 ----atw- c:\windows\system32\SIntf32.dll
2012-04-01 11:56 . 2012-02-06 20:07 12067 ----atw- c:\windows\system32\SIntf16.dll
2012-02-25 11:35 . 2011-04-25 20:49 73728 ----a-w- c:\windows\ST6UNST.EXE
2012-02-20 11:25 . 2012-02-20 11:25 1409 ----a-w- c:\windows\system32\ChinaOne.FOT
2012-01-24 10:21 . 2012-01-25 17:58 155480 ----a-w- c:\windows\UnDeploy.exe
2012-01-23 21:21 . 2012-01-25 18:05 249856 ----a-w- c:\windows\system32\GSService.exe
2012-01-16 12:48 . 2011-02-15 12:46 30494720 ----a-w- c:\windows\system32\common_res.dll
2010-06-10 13:37 . 2010-06-10 13:37 3074560 ----a-w- c:\program files\openofficeorg32.msi
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-09 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-04-09_12.35.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-10 21:55 . 2012-04-10 21:55 16384 c:\windows\temp\Perflib_Perfdata_74c.dat
+ 2011-07-15 14:36 . 2012-04-09 21:41 2068 c:\windows\system32\d3d9caps.dat
- 2011-07-15 14:36 . 2012-04-08 19:59 2068 c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2011-02-19 198160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDReminder]
2011-09-20 16:11 1461480 ----a-w- c:\program files\Dll-Files.com Fixer\DLLFixer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Softland\\Backup4all Professional 4\\Backup4all.exe"=
"c:\\Program Files\\Softland\\Backup4all Professional 4\\b4aCmd.exe"=
"c:\\Condition Zero\\czero.exe"=
"c:\\µTorrent 3.0.24613 Alpha Portable\\uTorrent.exe"=
"d:\\Program Files\\Valve\\hl.exe"=
"f:\\f\\cs full 7.7.2005\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\ComicRack\\ComicRack.exe"=
"f:\\f\\warez hry2\\gp 3 s\\Grand Prix 3 Expansion Pack 2000\\GP3_2000.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\Valve\\hlds.exe"=
"e:\\Opera_USB_11.01.1179b_Portable\\Opera.exe"=
"c:\\Program Files\\WinPcap\\rpcapd.exe"=
"c:\\Program Files\\NovaLan\\CS NovaLan\\hl.exe"=
"f:\\Program Files\\Counter Strike 1 Anthology Non Steam\\hl.exe"=
"f:\\hry\\Condition Zero\\czero.exe"=
"f:\\f\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"=
"f:\\f\\warez\\utorent portable\\utorrent.exe"=
"c:\\Sierra\\Half-Life\\hl.exe"=
"f:\\f\\programy portable\\skype portable\\App\\Skype\\Phone\\Skype.exe"=
"d:\\ooVoo_v3.0.4.38_Final_Portable\\ooVoo.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"d:\\Anime.Studio.Pro.v8.0.2019.Multilingual.Portable\\Anime Studio Pro.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Electronic Arts\\Need For Speed High Stakes\\nfshsgame.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"f:\\f\\warez2\\thundebird portable\\ThunderbirdPortable.exe"=
"c:\\Program Files\\NovaLan\\CS NovaLan\\hlds.exe"=
"c:\\LEGO Chess\\Lego Chess.exe"=
"d:\\Thunderbird_5.0_Portable\\Thunderbird_5.0_English_Portable\\ThunderbirdPortable.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"d:\\Bohemia Interactive\\ColdWarAssault.exe"=
"d:\\Bohemia Interactive\\ColdWarAssault_Server.exe"=
"d:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"d:\\RipTiger_3.3.3\\RipTiger\\RipTiger.exe"=
"d:\\RipTiger_3.3.3\\RipTiger\\HTTPDownloaderApp.exe"=
"d:\\RipTiger_3.3.3\\RipTiger\\RTMPDownloaderApp.exe"=
"d:\\RipTiger_3.3.3\\RipTiger\\VideoDownloadApp_RTMP.exe"=
"d:\\RipTiger_3.3.3\\RipTiger\\MMSDownloaderApp.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57953:TCP"= 57953:TCP:Pando Media Booster
"57953:UDP"= 57953:UDP:Pando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 DumpDrv;Crash Dump Driver; [x]
R1 WMDrive;WMDrive;e:\winmount_32-bit_portable_3.5.0114_\WinMountPortable\App\SysDir\drivers\WMDrive.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2010-02-01 759048]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 253600]
R3 CisUtMonitor;CisUtMonitor;c:\windows\system32\DRIVERS\CisUtMonitor.sys [2011-10-30 27600]
R3 FileConvertSvc;FileConvert Monitor;d:\luc.filecon.pro.v7.1.0.23.cracked\FileCenter\Main\FileConvertService.exe [2011-06-16 3915920]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [x]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [x]
R3 GSService;GSService;c:\windows\system32\GSService.exe [2012-01-23 249856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-04-06 40776]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-12-21 16456]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-12-21 11088]
R3 s1317bus;Sony Ericsson Device 1317 driver (WDM);c:\windows\system32\DRIVERS\s1317bus.sys [2007-10-31 83840]
R3 s1317mdfl;Sony Ericsson Device 1317 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1317mdfl.sys [2007-10-31 14976]
R3 s1317mdm;Sony Ericsson Device 1317 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1317mdm.sys [2007-10-31 110592]
R3 s1317mgmt;Sony Ericsson Device 1317 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1317mgmt.sys [2007-10-31 104448]
R3 s1317nd5;Sony Ericsson Device 1317 USB Ethernet Emulation SEMC1317 (NDIS);c:\windows\system32\DRIVERS\s1317nd5.sys [2007-10-31 25472]
R3 s1317obex;Sony Ericsson Device 1317 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1317obex.sys [2007-10-31 100608]
R3 s1317unic;Sony Ericsson Device 1317 USB Ethernet Emulation SEMC1317 (WDM);c:\windows\system32\DRIVERS\s1317unic.sys [2007-10-31 109952]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2010-01-14 14848]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-26 218176]
S2 litdpl;litdpl;c:\windows\system32\DRIVERS\litdpl.sys [2002-10-13 4736]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-07-16 35088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 13:46]
.
2012-03-21 c:\windows\Tasks\DLL-files.com Fixer_MONTHLY.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2011-09-20 16:11]
.
2012-04-04 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2011-09-20 16:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: ????3?? - c:\documents and settings\a\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\a\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: Interfaces\{88D3510B-5699-4ACD-AADD-8D69C790CCC4}: NameServer = 213.250.192.1,213.250.194.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-10 23:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-492894223-1957994488-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Documents and Settings\\a\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-789336058-492894223-1957994488-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\a\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-789336058-492894223-1957994488-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3208)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-04-11 00:12:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-10 22:11
ComboFix2.txt 2012-04-09 12:53
.
Před spuštěním: 4 848 705 536
Po spuštění: 4 996 116 480
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\windows
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\windows="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5B4A677516748A0C0D8151351D1E4793

Teď ještě HJT a Java.

Příspěvekod **jaro3** » 11 dub 2012 10:30

+
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

aallbbll · Příspěvekod **aallbbll** » 11 dub 2012 16:29

Tady je nový scan HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:41, on 11.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\windows\system32\svchost.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\explorer.exe
F:\hijackthis .exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-789336058-492894223-1957994488-1004\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{88D3510B-5699-4ACD-AADD-8D69C790CCC4}: NameServer = 213.250.192.1,213.250.194.1
O23 - Service: Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba (ABBYY.Licensing.PDFTransformer.Classic.3.0) - ABBYY - C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: FileConvert Monitor (FileConvertSvc) - Unknown owner - D:\Luc.FileCon.Pro.v7.1.0.23.Cracked\FileCenter\Main\FileConvertService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GSService - Unknown owner - C:\WINDOWS\system32\GSService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6074 bytes

a tady aswMBR

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-11 13:41:01
-----------------------------
13:41:01.191 OS Version: Windows 5.1.2600 Service Pack 3
13:41:01.191 Number of processors: 1 586 0xB04
13:41:01.191 ComputerName: A-846A7C13DFBE4 UserName: a
13:41:11.896 Initialize success
13:49:42.090 AVAST engine defs: 12041100
13:52:07.769 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:52:07.769 Disk 0 Vendor: IC35L040AVVN07-0 VA2OAG0A Size: 39266MB BusType: 3
13:52:07.779 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
13:52:07.779 Disk 1 Vendor: WDC_WD1600AAJB-00J3A0 01.03E01 Size: 152627MB BusType: 3
13:52:07.809 Disk 0 MBR read successfully
13:52:07.809 Disk 0 MBR scan
13:52:09.371 Disk 0 Windows XP default MBR code
13:52:09.411 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39252 MB offset 63
13:52:10.954 Disk 0 scanning sectors +80389260
13:52:11.775 Disk 0 scanning C:\windows\system32\drivers
13:53:03.529 Service scanning
13:53:53.912 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
13:54:09.464 Modules scanning
13:54:46.237 Disk 0 trace - called modules:
13:54:46.267 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys siside.sys PCIIDEX.SYS
13:54:46.277 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x812f2030]
13:54:46.277 3 CLASSPNP.SYS[f98b4fd7] -> nt!IofCallDriver -> \Device\00000070[0x812c4f18]
13:54:46.287 5 ACPI.sys[f96e3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x812d58e8]
13:54:48.590 AVAST engine scan C:\windows
13:55:05.144 AVAST engine scan C:\windows\system32
14:05:27.589 AVAST engine scan C:\windows\system32\drivers
14:06:05.524 AVAST engine scan C:\Documents and Settings\a
14:13:42.401 AVAST engine scan C:\Documents and Settings\All Users
14:15:53.008 Scan finished successfully
16:21:23.577 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\a\Plocha\MBR.dat"
16:21:23.847 The log file has been saved successfully to "C:\Documents and Settings\a\Plocha\aswMBR.txt"

Teď co dál?

Příspěvekod **jaro3** » 11 dub 2012 19:05

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Aktualizuj javu:
Java SE Runtime Environment 7

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-7-windows-i586-p.exe nebo
jre-7-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Pak nainstaluj free antivir , proveď si sken PC.

aallbbll · Příspěvekod **aallbbll** » 11 dub 2012 21:36

Hotovo : Cobofix pryč/ CCleaner hotovo/ T-Cleaner hotovo/ Java hotovo/ antivir NOD5 hotovo/ HJT hotovo /

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:32, on 11.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\windows\system32\svchost.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\ctfmon.exe
C:\windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\a\Plocha\hijackthis .exe
C:\windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-789336058-492894223-1957994488-1004\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User '?')
O4 - HKUS\S-1-5-21-789336058-492894223-1957994488-1004\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{88D3510B-5699-4ACD-AADD-8D69C790CCC4}: NameServer = 213.250.192.1,213.250.194.1
O23 - Service: Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba (ABBYY.Licensing.PDFTransformer.Classic.3.0) - ABBYY - C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FileConvert Monitor (FileConvertSvc) - Unknown owner - D:\Luc.FileCon.Pro.v7.1.0.23.Cracked\FileCenter\Main\FileConvertService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GSService - Unknown owner - C:\WINDOWS\system32\GSService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5658 bytes

Ještě zbývá TDSSKiller

aallbbll · Příspěvekod **aallbbll** » 11 dub 2012 21:58

scan TDSS jeden blokovaný
" 21:43:45.0568 1816 sptd (614deea4bdcec3fd5a07bdc705723ad7) C:\windows\System32\Drivers\sptd.sys
21:43:45.0568 1816 Suspicious file (NoAccess): C:\windows\System32\Drivers\sptd.sys. md5: 614deea4bdcec3fd5a07bdc705723ad7
21:43:45.0598 1816 sptd ( LockedFile.Multi.Generic ) - warning "
----------------------------------------------------------------------------------------------------------------------------------------------
21:41:16.0684 2980 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
21:41:31.0455 2980 ============================================================
21:41:31.0455 2980 Current date / time: 2012/04/11 21:41:31.0455
21:41:31.0455 2980 SystemInfo:
21:41:31.0455 2980
21:41:31.0455 2980 OS Version: 5.1.2600 ServicePack: 3.0
21:41:31.0455 2980 Product type: Workstation
21:41:31.0455 2980 ComputerName: A-846A7C13DFBE4
21:41:31.0455 2980 UserName: a
21:41:31.0455 2980 Windows directory: C:\windows
21:41:31.0455 2980 System windows directory: C:\windows
21:41:31.0455 2980 Processor architecture: Intel x86
21:41:31.0455 2980 Number of processors: 1
21:41:31.0455 2980 Page size: 0x1000
21:41:31.0455 2980 Boot type: Normal boot
21:41:31.0455 2980 ============================================================
21:41:37.0023 2980 Drive \Device\Harddisk0\DR0 - Size: 0x9962B8000 (38.35 Gb), SectorSize: 0x200, Cylinders: 0x138D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:41:37.0053 2980 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:41:37.0193 2980 Drive \Device\Harddisk2\DR5 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:41:37.0214 2980 \Device\Harddisk0\DR0:
21:41:37.0264 2980 MBR used
21:41:37.0264 2980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4CAA44D
21:41:37.0264 2980 \Device\Harddisk1\DR1:
21:41:37.0264 2980 MBR used
21:41:37.0304 2980 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x4EE2F9E
21:41:37.0314 2980 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x4EE6EDD, BlocksNum 0xDB31BE4
21:41:37.0314 2980 \Device\Harddisk2\DR5:
21:41:37.0314 2980 MBR used
21:41:37.0314 2980 \Device\Harddisk2\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x747051C1
21:41:39.0126 2980 Initialize success
21:41:39.0126 2980 ============================================================
21:42:03.0822 1816 ============================================================
21:42:03.0822 1816 Scan started
21:42:03.0822 1816 Mode: Manual;
21:42:03.0822 1816 ============================================================
21:42:04.0983 1816 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\windows\system32\DRIVERS\61883.sys
21:42:04.0993 1816 61883 - ok
21:42:05.0324 1816 6to4 (453524515eda23f9220025fc02b6f71a) C:\windows\System32\6to4svc.dll
21:42:05.0384 1816 6to4 - ok
21:42:05.0674 1816 ABBYY.Licensing.PDFTransformer.Classic.3.0 (bbc496cc995fe6aa0524fbfc3c39a878) C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
21:42:05.0965 1816 ABBYY.Licensing.PDFTransformer.Classic.3.0 - ok
21:42:06.0255 1816 Abiosdsk - ok
21:42:06.0446 1816 abp480n5 - ok
21:42:06.0746 1816 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\windows\system32\DRIVERS\ACPI.sys
21:42:06.0776 1816 ACPI - ok
21:42:07.0127 1816 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\windows\system32\drivers\ACPIEC.sys
21:42:07.0127 1816 ACPIEC - ok
21:42:07.0657 1816 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:42:07.0818 1816 AdobeFlashPlayerUpdateSvc - ok
21:42:08.0058 1816 adpu160m - ok
21:42:08.0428 1816 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
21:42:08.0448 1816 aec - ok
21:42:08.0839 1816 AFD (38d7b715504da4741df35e3594fe2099) C:\windows\System32\drivers\afd.sys
21:42:08.0919 1816 AFD - ok
21:42:09.0220 1816 Aha154x - ok
21:42:09.0630 1816 aic78u2 - ok
21:42:09.0880 1816 aic78xx - ok
21:42:10.0231 1816 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\windows\system32\alrsvc.dll
21:42:10.0271 1816 Alerter - ok
21:42:10.0662 1816 ALG (88842de939a827577bf24243699ac80a) C:\windows\System32\alg.exe
21:42:10.0672 1816 ALG - ok
21:42:11.0052 1816 AliIde - ok
21:42:11.0463 1816 amsint - ok
21:42:11.0723 1816 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\windows\System32\appmgmts.dll
21:42:11.0753 1816 AppMgmt - ok
21:42:12.0114 1816 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\windows\system32\DRIVERS\arp1394.sys
21:42:12.0124 1816 Arp1394 - ok
21:42:12.0474 1816 asc - ok
21:42:12.0725 1816 asc3350p - ok
21:42:12.0955 1816 asc3550 - ok
21:42:13.0476 1816 ASPI32 - ok
21:42:13.0866 1816 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:42:14.0006 1816 aspnet_state - ok
21:42:14.0377 1816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
21:42:14.0387 1816 AsyncMac - ok
21:42:14.0788 1816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
21:42:14.0798 1816 atapi - ok
21:42:14.0998 1816 Atdisk - ok
21:42:15.0298 1816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
21:42:15.0318 1816 Atmarpc - ok
21:42:15.0619 1816 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\windows\System32\audiosrv.dll
21:42:15.0639 1816 AudioSrv - ok
21:42:16.0009 1816 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
21:42:16.0009 1816 audstub - ok
21:42:16.0260 1816 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\windows\system32\DRIVERS\avc.sys
21:42:16.0270 1816 Avc - ok
21:42:16.0700 1816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
21:42:16.0700 1816 Beep - ok
21:42:17.0131 1816 BITS (3aede727580f0a7c3929dd6526145759) C:\windows\system32\qmgr.dll
21:42:17.0321 1816 BITS - ok
21:42:17.0672 1816 Browser (39ce94b2b33771a3d95c70f41847f3f9) C:\windows\System32\browser.dll
21:42:17.0692 1816 Browser - ok
21:42:18.0022 1816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
21:42:18.0032 1816 cbidf2k - ok
21:42:18.0373 1816 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\windows\system32\DRIVERS\CCDECODE.sys
21:42:18.0383 1816 CCDECODE - ok
21:42:18.0623 1816 cd20xrnt - ok
21:42:18.0954 1816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
21:42:18.0964 1816 Cdaudio - ok
21:42:19.0364 1816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
21:42:19.0374 1816 Cdfs - ok
21:42:19.0795 1816 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\windows\system32\DRIVERS\cdrom.sys
21:42:19.0805 1816 Cdrom - ok
21:42:20.0105 1816 Changer - ok
21:42:20.0456 1816 CisUtMonitor (03809544b21d43b1f40de67215d4153a) C:\windows\system32\DRIVERS\CisUtMonitor.sys
21:42:20.0546 1816 CisUtMonitor - ok
21:42:20.0716 1816 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\windows\system32\cisvc.exe
21:42:20.0726 1816 CiSvc - ok
21:42:21.0027 1816 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\windows\system32\clipsrv.exe
21:42:21.0107 1816 ClipSrv - ok
21:42:21.0427 1816 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:42:21.0477 1816 clr_optimization_v2.0.50727_32 - ok
21:42:21.0778 1816 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:42:21.0948 1816 clr_optimization_v4.0.30319_32 - ok
21:42:22.0278 1816 CmdIde - ok
21:42:22.0769 1816 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\windows\system32\drivers\cmaudio.sys
21:42:22.0829 1816 cmpci - ok
21:42:23.0059 1816 COMSysApp - ok
21:42:23.0490 1816 Cpqarray - ok
21:42:23.0760 1816 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\windows\System32\cryptsvc.dll
21:42:23.0770 1816 CryptSvc - ok
21:42:24.0071 1816 dac2w2k - ok
21:42:24.0321 1816 dac960nt - ok
21:42:24.0642 1816 DcomLaunch (c0bd34a62508ba68f146e22ce45919f9) C:\windows\system32\rpcss.dll
21:42:24.0712 1816 DcomLaunch - ok
21:42:25.0032 1816 Dhcp (eb737f46d7d494c7760a932c9b6491a4) C:\windows\System32\dhcpcsvc.dll
21:42:25.0052 1816 Dhcp - ok
21:42:25.0483 1816 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\windows\system32\DRIVERS\disk.sys
21:42:25.0483 1816 Disk - ok
21:42:25.0783 1816 dmadmin - ok
21:42:26.0304 1816 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\windows\system32\drivers\dmboot.sys
21:42:26.0474 1816 dmboot - ok
21:42:26.0805 1816 dmio (fff1720af51171f32f1ead5cf71f2810) C:\windows\system32\drivers\dmio.sys
21:42:26.0865 1816 dmio - ok
21:42:27.0195 1816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
21:42:27.0195 1816 dmload - ok
21:42:27.0466 1816 dmserver (2bfefe9e865655a76982f050450b9591) C:\windows\System32\dmserver.dll
21:42:27.0476 1816 dmserver - ok
21:42:27.0826 1816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
21:42:27.0836 1816 DMusic - ok
21:42:28.0177 1816 Dnscache (38aad7e982198cb4f642bb60e59511f1) C:\windows\System32\dnsrslvr.dll
21:42:28.0217 1816 Dnscache - ok
21:42:28.0507 1816 Dot3svc (aacfc38e9d085d58f9f933cfd6af1d2b) C:\windows\System32\dot3svc.dll
21:42:28.0527 1816 Dot3svc - ok
21:42:28.0848 1816 dpti2o - ok
21:42:29.0078 1816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
21:42:29.0078 1816 drmkaud - ok
21:42:29.0469 1816 dtsoftbus01 (b672b993207dd5e2f73fcda8c0427b0f) C:\windows\system32\DRIVERS\dtsoftbus01.sys
21:42:29.0499 1816 dtsoftbus01 - ok
21:42:29.0849 1816 DumpDrv (b327281012b48bd73f587799f9f29be2) C:\windows\system32\drivers\DumpDrv.sys
21:42:29.0849 1816 DumpDrv - ok
21:42:30.0260 1816 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\windows\system32\DRIVERS\eamon.sys
21:42:30.0280 1816 eamon - ok
21:42:30.0600 1816 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\windows\System32\eapsvc.dll
21:42:30.0610 1816 EapHost - ok
21:42:30.0931 1816 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\windows\system32\DRIVERS\ehdrv.sys
21:42:30.0951 1816 ehdrv - ok
21:42:31.0592 1816 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
21:42:31.0782 1816 ekrn - ok
21:42:32.0052 1816 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\windows\system32\DRIVERS\enodpl.sys
21:42:32.0052 1816 enodpl - ok
21:42:32.0373 1816 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\windows\system32\DRIVERS\epfwtdir.sys
21:42:32.0383 1816 epfwtdir - ok
21:42:32.0673 1816 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\windows\System32\ersvc.dll
21:42:32.0683 1816 ERSvc - ok
21:42:32.0994 1816 Eventlog (3d107d45ccfdb266e91d84b52cd7f430) C:\windows\system32\services.exe
21:42:33.0034 1816 Eventlog - ok
21:42:33.0394 1816 EventSystem (be68ea4457e2e5717231cf91be5448e0) C:\WINDOWS\system32\es.dll
21:42:33.0504 1816 EventSystem - ok
21:42:33.0835 1816 exFat (4d893323dae445e34a4c9038b0551bc9) C:\windows\system32\drivers\exFat.sys
21:42:33.0855 1816 exFat - ok
21:42:34.0145 1816 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
21:42:34.0165 1816 Fastfat - ok
21:42:34.0476 1816 FastUserSwitchingCompatibility (54a6bf743e0517528a5064ceaeb40ea7) C:\windows\System32\shsvcs.dll
21:42:34.0506 1816 FastUserSwitchingCompatibility - ok
21:42:34.0806 1816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys
21:42:34.0816 1816 Fdc - ok
21:42:36.0068 1816 FileConvertSvc (faad3e51a9ab6d3cd3aa7859f39970b7) D:\Luc.FileCon.Pro.v7.1.0.23.Cracked\FileCenter\Main\FileConvertService.exe
21:42:36.0769 1816 FileConvertSvc - ok
21:42:36.0999 1816 Fips (ac366695a0796560aa37215ad5762aaf) C:\windows\system32\drivers\Fips.sys
21:42:37.0010 1816 Fips - ok
21:42:37.0320 1816 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:42:37.0550 1816 FLEXnet Licensing Service - ok
21:42:37.0921 1816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\DRIVERS\flpydisk.sys
21:42:37.0931 1816 Flpydisk - ok
21:42:38.0241 1816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\DRIVERS\fltMgr.sys
21:42:38.0261 1816 FltMgr - ok
21:42:38.0432 1816 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:42:38.0442 1816 FontCache3.0.0.0 - ok
21:42:38.0792 1816 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\windows\system32\drivers\Fs_Rec.sys
21:42:38.0792 1816 Fs_Rec - ok
21:42:39.0453 1816 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\windows\system32\DRIVERS\ftdisk.sys
21:42:39.0473 1816 Ftdisk - ok
21:42:39.0814 1816 gameenum (065639773d8b03f33577f6cdaea21063) C:\windows\system32\DRIVERS\gameenum.sys
21:42:39.0824 1816 gameenum - ok
21:42:40.0044 1816 gHidPnp - ok
21:42:40.0745 1816 gMouUsb - ok
21:42:41.0055 1816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
21:42:41.0065 1816 Gpc - ok
21:42:41.0506 1816 GSService (c4d6a1ef698ec3d641713b550b9b33d1) C:\WINDOWS\system32\GSService.exe
21:42:41.0556 1816 GSService - ok
21:42:41.0826 1816 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:42:41.0836 1816 helpsvc - ok
21:42:42.0127 1816 HidServ - ok
21:42:42.0387 1816 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys
21:42:42.0397 1816 hidusb - ok
21:42:42.0848 1816 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\windows\System32\kmsvc.dll
21:42:42.0858 1816 hkmsvc - ok
21:42:43.0108 1816 hpn - ok
21:42:43.0619 1816 HTTP (937031c085718c1c04a9c0864625ec6b) C:\windows\system32\Drivers\HTTP.sys
21:42:43.0679 1816 HTTP - ok
21:42:44.0030 1816 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\windows\System32\w3ssl.dll
21:42:44.0040 1816 HTTPFilter - ok
21:42:44.0330 1816 i2omgmt - ok
21:42:44.0640 1816 i2omp - ok
21:42:44.0991 1816 i8042prt (c528e27945367191e7bae364930b6932) C:\windows\system32\DRIVERS\i8042prt.sys
21:42:45.0001 1816 i8042prt - ok
21:42:45.0311 1816 ICQ Service (7a95a3ad931b97fec5067e40636ce37f) C:\Program Files\ICQ6Toolbar\ICQ Service.exe
21:42:45.0412 1816 ICQ Service - ok
21:42:45.0732 1816 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:42:45.0812 1816 IDriverT - ok
21:42:46.0313 1816 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:42:46.0503 1816 idsvc - ok
21:42:46.0914 1816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
21:42:46.0924 1816 Imapi - ok
21:42:47.0194 1816 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\windows\system32\imapi.exe
21:42:47.0224 1816 ImapiService - ok
21:42:47.0615 1816 ini910u - ok
21:42:48.0015 1816 IntelIde - ok
21:42:48.0356 1816 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\DRIVERS\Ip6Fw.sys
21:42:48.0366 1816 Ip6Fw - ok
21:42:48.0806 1816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:42:48.0806 1816 IpFilterDriver - ok
21:42:49.0127 1816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
21:42:49.0127 1816 IpInIp - ok
21:42:49.0578 1816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
21:42:49.0648 1816 IpNat - ok
21:42:49.0968 1816 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
21:42:49.0978 1816 IPSec - ok
21:42:50.0279 1816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
21:42:50.0289 1816 IRENUM - ok
21:42:50.0669 1816 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\windows\system32\DRIVERS\isapnp.sys
21:42:50.0679 1816 isapnp - ok
21:42:50.0980 1816 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\windows\system32\DRIVERS\kbdclass.sys
21:42:50.0990 1816 Kbdclass - ok
21:42:51.0460 1816 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
21:42:51.0490 1816 kmixer - ok
21:42:51.0711 1816 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\windows\system32\drivers\KSecDD.sys
21:42:51.0771 1816 KSecDD - ok
21:42:52.0121 1816 LanmanServer (21920ac69594ab021237054fa728fe46) C:\windows\System32\srvsvc.dll
21:42:52.0141 1816 LanmanServer - ok
21:42:52.0522 1816 lanmanworkstation (9a2e7ee3989aac0079e9d23555545d52) C:\windows\System32\wkssvc.dll
21:42:52.0562 1816 lanmanworkstation - ok
21:42:52.0882 1816 lbrtfdc - ok
21:42:53.0313 1816 litdpl (27db2834fe8523a6a142382181e3cd82) C:\windows\system32\DRIVERS\litdpl.sys
21:42:53.0323 1816 litdpl - ok
21:42:53.0673 1816 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\windows\System32\lmhsvc.dll
21:42:53.0683 1816 LmHosts - ok
21:42:54.0084 1816 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
21:42:54.0094 1816 MBAMProtector - ok
21:42:54.0505 1816 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:42:54.0645 1816 MBAMService - ok
21:42:55.0106 1816 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
21:42:55.0116 1816 MBAMSwissArmy - ok
21:42:55.0526 1816 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\windows\System32\msgsvc.dll
21:42:55.0536 1816 Messenger - ok
21:42:55.0927 1816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
21:42:55.0937 1816 mnmdd - ok
21:42:56.0277 1816 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
21:42:56.0287 1816 mnmsrvc - ok
21:42:56.0598 1816 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\windows\system32\drivers\Modem.sys
21:42:56.0608 1816 Modem - ok
21:42:56.0918 1816 Mouclass (4cb582831dbde63ce43b45d771218374) C:\windows\system32\DRIVERS\mouclass.sys
21:42:56.0928 1816 Mouclass - ok
21:42:57.0269 1816 mouhid (bb269eba740737ab749b214d568b6812) C:\windows\system32\DRIVERS\mouhid.sys
21:42:57.0279 1816 mouhid - ok
21:42:57.0629 1816 MountMgr (1a1faa5102466f418494e94ff9b0b091) C:\windows\system32\drivers\MountMgr.sys
21:42:57.0659 1816 MountMgr - ok
21:42:57.0960 1816 mraid35x - ok
21:42:58.0510 1816 MRxDAV (6a7c4ac5b52155115dee97995c1cf157) C:\windows\system32\DRIVERS\mrxdav.sys
21:42:58.0540 1816 MRxDAV - ok
21:42:58.0921 1816 MRxSmb (ead71a165eb3b9df09a2bc0de3bd22a8) C:\windows\system32\DRIVERS\mrxsmb.sys
21:42:59.0061 1816 MRxSmb - ok
21:42:59.0342 1816 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
21:42:59.0352 1816 MSDTC - ok
21:42:59.0872 1816 MSDV (1477849772712bac69c144dcf2c9ce81) C:\windows\system32\DRIVERS\msdv.sys
21:42:59.0912 1816 MSDV - ok
21:43:00.0213 1816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
21:43:00.0223 1816 Msfs - ok
21:43:00.0523 1816 MSIServer - ok
21:43:00.0894 1816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
21:43:00.0944 1816 MSKSSRV - ok
21:43:01.0395 1816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
21:43:01.0405 1816 MSPCLOCK - ok
21:43:01.0625 1816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
21:43:01.0705 1816 MSPQM - ok
21:43:02.0035 1816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
21:43:02.0056 1816 mssmbios - ok
21:43:02.0416 1816 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\windows\system32\drivers\MSTEE.sys
21:43:02.0426 1816 MSTEE - ok
21:43:02.0897 1816 Mup (6546fe6639499fa4bef180bdf08266a1) C:\windows\system32\drivers\Mup.sys
21:43:02.0917 1816 Mup - ok
21:43:03.0307 1816 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\windows\system32\DRIVERS\NABTSFEC.sys
21:43:03.0327 1816 NABTSFEC - ok
21:43:03.0858 1816 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\windows\System32\qagentrt.dll
21:43:04.0088 1816 napagent - ok
21:43:04.0499 1816 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\windows\system32\drivers\NDIS.sys
21:43:04.0619 1816 NDIS - ok
21:43:04.0990 1816 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\windows\system32\DRIVERS\NdisIP.sys
21:43:05.0080 1816 NdisIP - ok
21:43:05.0510 1816 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys
21:43:05.0541 1816 NdisTapi - ok
21:43:06.0141 1816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
21:43:06.0151 1816 Ndisuio - ok
21:43:06.0502 1816 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\windows\system32\DRIVERS\ndiswan.sys
21:43:06.0572 1816 NdisWan - ok
21:43:06.0923 1816 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\windows\system32\drivers\NDProxy.sys
21:43:06.0933 1816 NDProxy - ok
21:43:07.0323 1816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
21:43:07.0333 1816 NetBIOS - ok
21:43:07.0654 1816 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
21:43:07.0674 1816 NetBT - ok
21:43:08.0014 1816 NetDDE (933de774986ec85e48210c44ab431de6) C:\windows\system32\netdde.exe
21:43:08.0044 1816 NetDDE - ok
21:43:08.0164 1816 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\windows\system32\netdde.exe
21:43:08.0174 1816 NetDDEdsdm - ok
21:43:08.0425 1816 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\windows\system32\lsass.exe
21:43:08.0435 1816 Netlogon - ok
21:43:08.0715 1816 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\windows\System32\netman.dll
21:43:08.0825 1816 Netman - ok
21:43:09.0146 1816 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:43:09.0246 1816 NetTcpPortSharing - ok
21:43:09.0626 1816 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\windows\system32\DRIVERS\nic1394.sys
21:43:09.0636 1816 NIC1394 - ok
21:43:10.0077 1816 Nla (0d594d828829e1bc727b870899376b19) C:\windows\System32\mswsock.dll
21:43:10.0107 1816 Nla - ok
21:43:10.0538 1816 nocashio (03bba4dedefb48c510061529651b453a) C:\windows\system32\drivers\nocashio.sys
21:43:10.0538 1816 nocashio - ok
21:43:10.0918 1816 npf (b48dc6abcd3aeff8618350ccbdc6b09a) C:\windows\system32\drivers\npf.sys
21:43:10.0928 1816 npf - ok
21:43:11.0309 1816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
21:43:11.0319 1816 Npfs - ok
21:43:11.0719 1816 Ntfs (ae8cad8f28db13b515a68510a539b0b8) C:\windows\system32\drivers\Ntfs.sys
21:43:11.0769 1816 Ntfs - ok
21:43:12.0010 1816 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\windows\system32\lsass.exe
21:43:12.0050 1816 NtLmSsp - ok
21:43:12.0511 1816 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\windows\system32\ntmssvc.dll
21:43:12.0571 1816 NtmsSvc - ok
21:43:12.0911 1816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
21:43:12.0911 1816 Null - ok
21:43:13.0182 1816 NWCWorkstation (adb82fbc435ae7504082b3c714c3885d) C:\windows\System32\nwwks.dll
21:43:13.0262 1816 NWCWorkstation - ok
21:43:13.0442 1816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
21:43:13.0442 1816 NwlnkFlt - ok
21:43:13.0782 1816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
21:43:13.0792 1816 NwlnkFwd - ok
21:43:14.0153 1816 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\windows\system32\DRIVERS\nwlnkipx.sys
21:43:14.0213 1816 NwlnkIpx - ok
21:43:14.0503 1816 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\windows\system32\DRIVERS\nwlnknb.sys
21:43:14.0513 1816 NwlnkNb - ok
21:43:14.0784 1816 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\windows\system32\DRIVERS\nwlnkspx.sys
21:43:14.0794 1816 NwlnkSpx - ok
21:43:15.0174 1816 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\windows\system32\DRIVERS\nwrdr.sys
21:43:15.0214 1816 NWRDR - ok
21:43:15.0475 1816 NwSapAgent (85d8c6514bd48df2cc61debe3f879dc0) C:\windows\System32\ipxsap.dll
21:43:15.0515 1816 NwSapAgent - ok
21:43:15.0865 1816 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:43:15.0925 1816 odserv - ok
21:43:16.0276 1816 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\windows\system32\DRIVERS\ohci1394.sys
21:43:16.0286 1816 ohci1394 - ok
21:43:16.0436 1816 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:43:16.0466 1816 ose - ok
21:43:16.0817 1816 P3 (3fc38e7fbe91db40c34731195f4116c2) C:\windows\system32\DRIVERS\p3.sys
21:43:16.0827 1816 P3 - ok
21:43:17.0157 1816 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\windows\system32\DRIVERS\parport.sys
21:43:17.0167 1816 Parport - ok
21:43:17.0488 1816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
21:43:17.0498 1816 PartMgr - ok
21:43:17.0848 1816 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\windows\system32\drivers\ParVdm.sys
21:43:17.0858 1816 ParVdm - ok
21:43:18.0279 1816 PCI (6ce351d149cb4befc702951e471e1730) C:\windows\system32\DRIVERS\pci.sys
21:43:18.0299 1816 PCI - ok
21:43:18.0589 1816 PCIDump - ok
21:43:18.0880 1816 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\windows\system32\DRIVERS\pciide.sys
21:43:18.0890 1816 PCIIde - ok
21:43:19.0230 1816 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\windows\system32\drivers\Pcmcia.sys
21:43:19.0240 1816 Pcmcia - ok
21:43:19.0581 1816 PDCOMP - ok
21:43:19.0891 1816 PDFRAME - ok
21:43:20.0152 1816 PDRELI - ok
21:43:20.0412 1816 PDRFRAME - ok
21:43:20.0552 1816 perc2 - ok
21:43:20.0802 1816 perc2hib - ok
21:43:21.0453 1816 PlugPlay (3d107d45ccfdb266e91d84b52cd7f430) C:\windows\system32\services.exe
21:43:21.0463 1816 PlugPlay - ok
21:43:21.0754 1816 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\windows\system32\lsass.exe
21:43:21.0754 1816 PolicyAgent - ok
21:43:22.0194 1816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
21:43:22.0204 1816 PptpMiniport - ok
21:43:22.0505 1816 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\windows\system32\lsass.exe
21:43:22.0515 1816 ProtectedStorage - ok
21:43:22.0875 1816 PSched (d8e11d311785f89f1d70a28b0e879127) C:\windows\system32\DRIVERS\psched.sys
21:43:22.0916 1816 PSched - ok
21:43:23.0256 1816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
21:43:23.0296 1816 Ptilink - ok
21:43:23.0596 1816 pwdrvio (99cf0190f1f346cb0a0bbd1873683425) C:\WINDOWS\system32\pwdrvio.sys
21:43:23.0607 1816 pwdrvio - ok
21:43:23.0837 1816 pwdspio (57febcc5f8c577faad55b0ff2d617826) C:\WINDOWS\system32\pwdspio.sys
21:43:23.0877 1816 pwdspio - ok
21:43:24.0187 1816 ql1080 - ok
21:43:24.0408 1816 Ql10wnt - ok
21:43:24.0638 1816 ql12160 - ok
21:43:24.0968 1816 ql1240 - ok
21:43:25.0279 1816 ql1280 - ok
21:43:25.0629 1816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
21:43:25.0629 1816 RasAcd - ok
21:43:25.0870 1816 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\windows\System32\rasauto.dll
21:43:25.0890 1816 RasAuto - ok
21:43:26.0190 1816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
21:43:26.0200 1816 Rasl2tp - ok
21:43:26.0621 1816 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\windows\System32\rasmans.dll
21:43:26.0651 1816 RasMan - ok
21:43:26.0981 1816 RasPppoe (2c9d4620a0fd35de1828370b392f6e2d) C:\windows\system32\DRIVERS\raspppoe.sys
21:43:26.0991 1816 RasPppoe - ok
21:43:27.0372 1816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
21:43:27.0382 1816 Raspti - ok
21:43:27.0873 1816 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\windows\system32\DRIVERS\rdbss.sys
21:43:27.0893 1816 Rdbss - ok
21:43:28.0273 1816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
21:43:28.0273 1816 RDPCDD - ok
21:43:28.0744 1816 rdpdr (47ea20320e3d6fdc7b7bb22b2b881ca6) C:\windows\system32\DRIVERS\rdpdr.sys
21:43:28.0764 1816 rdpdr - ok
21:43:29.0165 1816 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\windows\system32\drivers\RDPWD.sys
21:43:29.0195 1816 RDPWD - ok
21:43:29.0625 1816 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
21:43:29.0645 1816 RDSessMgr - ok
21:43:29.0946 1816 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\windows\system32\DRIVERS\redbook.sys
21:43:29.0956 1816 redbook - ok
21:43:30.0316 1816 RemoteAccess (127c26b5371651043450e52542099aba) C:\windows\System32\mprdim.dll
21:43:30.0326 1816 RemoteAccess - ok
21:43:30.0667 1816 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\windows\system32\regsvc.dll
21:43:30.0677 1816 RemoteRegistry - ok
21:43:30.0987 1816 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\windows\system32\locator.exe
21:43:31.0007 1816 RpcLocator - ok
21:43:31.0448 1816 RpcSs (c0bd34a62508ba68f146e22ce45919f9) C:\windows\System32\rpcss.dll
21:43:31.0598 1816 RpcSs - ok
21:43:32.0009 1816 rspndr (743d7d59767073a617b1dcc6c546f234) C:\windows\system32\DRIVERS\rspndr.sys
21:43:32.0019 1816 rspndr - ok
21:43:32.0429 1816 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\windows\system32\rsvp.exe
21:43:32.0449 1816 RSVP - ok
21:43:32.0790 1816 rtl8139 (d507c1400284176573224903819ffda3) C:\windows\system32\DRIVERS\RTL8139.SYS
21:43:32.0860 1816 rtl8139 - ok
21:43:33.0060 1816 s1317bus (f56cdbcedf4bd7fb9fa0dda1b7209d5f) C:\windows\system32\DRIVERS\s1317bus.sys
21:43:33.0110 1816 s1317bus - ok
21:43:33.0481 1816 s1317mdfl (1c735d149766bf37219cd8e978c80975) C:\windows\system32\DRIVERS\s1317mdfl.sys
21:43:33.0491 1816 s1317mdfl - ok
21:43:33.0901 1816 s1317mdm (30e4ca0d55203ce4c2783fa89e68985c) C:\windows\system32\DRIVERS\s1317mdm.sys
21:43:33.0911 1816 s1317mdm - ok
21:43:34.0262 1816 s1317mgmt (98d4b2ff6a1a344e8ff93c89c849f354) C:\windows\system32\DRIVERS\s1317mgmt.sys
21:43:34.0282 1816 s1317mgmt - ok
21:43:34.0632 1816 s1317nd5 (1da86aff026d9d410c8ab94cb0238fb3) C:\windows\system32\DRIVERS\s1317nd5.sys
21:43:34.0642 1816 s1317nd5 - ok
21:43:34.0963 1816 s1317obex (494e22fce6441cb0a5add10e831f1644) C:\windows\system32\DRIVERS\s1317obex.sys
21:43:34.0983 1816 s1317obex - ok
21:43:35.0333 1816 s1317unic (15042b5c1c6be6954b8575b0467236e0) C:\windows\system32\DRIVERS\s1317unic.sys
21:43:35.0353 1816 s1317unic - ok
21:43:35.0684 1816 SamSs (ed0a176354487ceed65b80a7148ab739) C:\windows\system32\lsass.exe
21:43:35.0694 1816 SamSs - ok
21:43:36.0034 1816 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\windows\System32\SCardSvr.exe
21:43:36.0074 1816 SCardSvr - ok
21:43:36.0505 1816 Schedule (3ff232a7731621b8902d81d42418c93c) C:\windows\system32\schedsvc.dll
21:43:36.0525 1816 Schedule - ok
21:43:36.0916 1816 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\windows\system32\DRIVERS\secdrv.sys
21:43:36.0936 1816 Secdrv - ok
21:43:37.0276 1816 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\windows\System32\seclogon.dll
21:43:37.0286 1816 seclogon - ok
21:43:37.0617 1816 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\windows\system32\sens.dll
21:43:37.0627 1816 SENS - ok
21:43:37.0957 1816 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys
21:43:37.0967 1816 serenum - ok
21:43:38.0328 1816 Serial (b842729337c9b921615c40d3c1a1af96) C:\windows\system32\DRIVERS\serial.sys
21:43:38.0348 1816 Serial - ok
21:43:39.0219 1816 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\windows\system32\drivers\sfdrv01.sys
21:43:39.0249 1816 sfdrv01 - ok
21:43:39.0670 1816 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\windows\system32\drivers\sfhlp02.sys
21:43:39.0680 1816 sfhlp02 - ok
21:43:39.0970 1816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
21:43:39.0970 1816 Sfloppy - ok
21:43:40.0280 1816 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\windows\system32\drivers\sfvfs02.sys
21:43:40.0290 1816 sfvfs02 - ok
21:43:40.0721 1816 SharedAccess (65eacfe3182afee8d222d0b17fe05eda) C:\windows\System32\ipnathlp.dll
21:43:40.0811 1816 SharedAccess - ok
21:43:41.0112 1816 ShellHWDetection (54a6bf743e0517528a5064ceaeb40ea7) C:\windows\System32\shsvcs.dll
21:43:41.0122 1816 ShellHWDetection - ok
21:43:41.0472 1816 Simbad - ok
21:43:41.0813 1816 SiS300i (c1e381b6e480dd936d92e1aed5be29c4) C:\windows\system32\DRIVERS\sis300ip.sys
21:43:41.0823 1816 SiS300i - ok
21:43:42.0183 1816 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\windows\system32\DRIVERS\sisagp.sys
21:43:42.0193 1816 sisagp - ok
21:43:42.0654 1816 SiSide (b4485881bd8aed9b157a2e6cf43c2d51) C:\windows\system32\DRIVERS\siside.sys
21:43:42.0664 1816 SiSide - ok
21:43:43.0054 1816 sisidex (6225224b8e846ac230f8d9b343635910) C:\windows\system32\drivers\sisidex.sys
21:43:43.0064 1816 sisidex - ok
21:43:43.0445 1816 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\windows\system32\drivers\sisperf.sys
21:43:43.0455 1816 sisperf - ok
21:43:43.0866 1816 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\windows\system32\DRIVERS\SLIP.sys
21:43:43.0866 1816 SLIP - ok
21:43:44.0376 1816 Sparrow - ok
21:43:44.0687 1816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
21:43:44.0697 1816 splitter - ok
21:43:45.0007 1816 Spooler (cb1090bca0e7b40d0b5b4e4d66531809) C:\windows\system32\spoolsv.exe
21:43:45.0027 1816 Spooler - ok
21:43:45.0568 1816 sptd (614deea4bdcec3fd5a07bdc705723ad7) C:\windows\System32\Drivers\sptd.sys
21:43:45.0568 1816 Suspicious file (NoAccess): C:\windows\System32\Drivers\sptd.sys. md5: 614deea4bdcec3fd5a07bdc705723ad7
21:43:45.0598 1816 sptd ( LockedFile.Multi.Generic ) - warning
21:43:45.0598 1816 sptd - detected LockedFile.Multi.Generic (1)
21:43:46.0009 1816 SR (94610c8653635e4459316a0050d55ce7) C:\windows\system32\DRIVERS\sr.sys
21:43:46.0059 1816 SR - ok
21:43:46.0419 1816 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\windows\system32\srsvc.dll
21:43:46.0449 1816 srservice - ok
21:43:46.0930 1816 Srv (e89b42b216bc86ada4345908284519cb) C:\windows\system32\DRIVERS\srv.sys
21:43:46.0990 1816 Srv - ok
21:43:47.0291 1816 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\windows\System32\ssdpsrv.dll
21:43:47.0311 1816 SSDPSRV - ok
21:43:47.0611 1816 StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
21:43:47.0641 1816 StarWindServiceAE - ok
21:43:47.0962 1816 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\windows\system32\wiaservc.dll
21:43:48.0012 1816 stisvc - ok
21:43:48.0352 1816 streamip (77813007ba6265c4b6098187e6ed79d2) C:\windows\system32\DRIVERS\StreamIP.sys
21:43:48.0362 1816 streamip - ok
21:43:48.0612 1816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
21:43:48.0683 1816 swenum - ok
21:43:48.0953 1816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
21:43:49.0013 1816 swmidi - ok
21:43:49.0303 1816 SwPrv - ok
21:43:49.0464 1816 symc810 - ok
21:43:49.0714 1816 symc8xx - ok
21:43:50.0045 1816 sym_hi - ok
21:43:50.0255 1816 sym_u3 - ok
21:43:50.0675 1816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
21:43:50.0685 1816 sysaudio - ok
21:43:51.0016 1816 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\windows\system32\smlogsvc.exe
21:43:51.0086 1816 SysmonLog - ok
21:43:51.0416 1816 TapiSrv (af2a883cc63318a8bda168bdd7ac80d9) C:\windows\System32\tapisrv.dll
21:43:51.0537 1816 TapiSrv - ok
21:43:51.0897 1816 Tcpip (367de8e5f638c091f49273144274f629) C:\windows\system32\DRIVERS\tcpip.sys
21:43:51.0977 1816 Tcpip - ok
21:43:52.0288 1816 Tcpip6 (d9b8f003950162581c3425947ed0aca7) C:\windows\system32\DRIVERS\tcpip6.sys
21:43:52.0318 1816 Tcpip6 - ok
21:43:52.0558 1816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
21:43:52.0568 1816 TDPIPE - ok
21:43:52.0849 1816 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\windows\system32\drivers\TDTCP.sys
21:43:52.0849 1816 TDTCP - ok
21:43:53.0069 1816 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
21:43:53.0079 1816 TermDD - ok
21:43:53.0580 1816 TermService (0e43a7cf302d85273fc86f5fca9a1909) C:\windows\System32\termsrv.dll
21:43:53.0630 1816 TermService - ok
21:43:53.0990 1816 Themes (54a6bf743e0517528a5064ceaeb40ea7) C:\windows\System32\shsvcs.dll
21:43:54.0010 1816 Themes - ok
21:43:54.0381 1816 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\system32\tlntsvr.exe
21:43:54.0421 1816 TlntSvr - ok
21:43:54.0631 1816 TosIde - ok
21:43:55.0002 1816 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\windows\system32\trkwks.dll
21:43:55.0012 1816 TrkWks - ok
21:43:55.0603 1816 tunmp (8f861eda21c05857eb8197300a92501c) C:\windows\system32\DRIVERS\tunmp.sys
21:43:55.0613 1816 tunmp - ok
21:43:55.0923 1816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
21:43:55.0943 1816 Udfs - ok
21:43:56.0654 1816 ultra - ok
21:43:57.0045 1816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
21:43:57.0165 1816 Update - ok
21:43:57.0545 1816 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\windows\System32\upnphost.dll
21:43:57.0716 1816 upnphost - ok
21:43:58.0076 1816 UPS (20a0f6a11959e92908717d09e87d670d) C:\windows\System32\ups.exe
21:43:58.0086 1816 UPS - ok
21:43:58.0567 1816 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\windows\system32\DRIVERS\usbccgp.sys
21:43:58.0577 1816 usbccgp - ok
21:43:58.0967 1816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
21:43:59.0017 1816 usbhub - ok
21:43:59.0568 1816 usbohci (c5e11cd822adf0019a5a862d9c4e2222) C:\windows\system32\DRIVERS\usbohci.sys
21:43:59.0578 1816 usbohci - ok
21:43:59.0869 1816 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:43:59.0889 1816 usbstor - ok
21:44:00.0179 1816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
21:44:00.0189 1816 VgaSave - ok
21:44:00.0630 1816 ViaIde - ok
21:44:01.0000 1816 VolSnap (28a4b296b47782173c346e376cb374d1) C:\windows\system32\drivers\VolSnap.sys
21:44:01.0020 1816 VolSnap - ok
21:44:01.0401 1816 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\windows\System32\vssvc.exe
21:44:01.0481 1816 VSS - ok
21:44:01.0791 1816 w200bus (34923e278eac7ddcea717ae1fcf592f6) C:\windows\system32\DRIVERS\w200bus.sys
21:44:01.0862 1816 w200bus - ok
21:44:02.0132 1816 w200mdfl (eff90a983cd3deab05922242e8072dc6) C:\windows\system32\DRIVERS\w200mdfl.sys
21:44:02.0142 1816 w200mdfl - ok
21:44:02.0482 1816 w200mdm (f03da4fbb2708a0b5409ea63e88c0f50) C:\windows\system32\DRIVERS\w200mdm.sys
21:44:02.0492 1816 w200mdm - ok
21:44:02.0883 1816 w200mgmt (1522d6387e6bb54aef9824b1733832db) C:\windows\system32\DRIVERS\w200mgmt.sys
21:44:02.0903 1816 w200mgmt - ok
21:44:03.0254 1816 w200obex (8405be0bba1ccf26d0fbdd26be03c816) C:\windows\system32\DRIVERS\w200obex.sys
21:44:03.0264 1816 w200obex - ok
21:44:03.0594 1816 W32Time (df2e8ea96391126977da1b8ab6fc39fc) C:\windows\system32\w32time.dll
21:44:03.0624 1816 W32Time - ok
21:44:03.0955 1816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
21:44:03.0965 1816 Wanarp - ok
21:44:04.0295 1816 WDICA - ok
21:44:04.0716 1816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
21:44:04.0736 1816 wdmaud - ok
21:44:04.0996 1816 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\windows\System32\webclnt.dll
21:44:05.0016 1816 WebClient - ok
21:44:05.0637 1816 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\windows\system32\wbem\WMIsvc.dll
21:44:05.0707 1816 winmgmt - ok
21:44:06.0308 1816 WinRM (4d34cedd74bdbf2b6a935eae3bf80543) C:\windows\system32\WsmSvc.dll
21:44:06.0628 1816 WinRM - ok
21:44:07.0159 1816 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:44:07.0169 1816 WmdmPmSN - ok
21:44:07.0359 1816 WMDrive - ok
21:44:07.0740 1816 Wmi (4e68a735673ce17152329428524ba1c3) C:\windows\System32\advapi32.dll
21:44:07.0940 1816 Wmi - ok
21:44:08.0391 1816 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:44:08.0411 1816 WmiApSrv - ok
21:44:08.0822 1816 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:44:09.0032 1816 WMPNetworkSvc - ok
21:44:09.0422 1816 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\windows\system32\DRIVERS\wpdusb.sys
21:44:09.0432 1816 WpdUsb - ok
21:44:09.0963 1816 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:44:10.0173 1816 WPFFontCache_v0400 - ok
21:44:10.0564 1816 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\windows\System32\drivers\ws2ifsl.sys
21:44:10.0574 1816 WS2IFSL - ok
21:44:10.0854 1816 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\windows\system32\wscsvc.dll
21:44:10.0915 1816 wscsvc - ok
21:44:11.0095 1816 WSearch - ok
21:44:11.0505 1816 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\windows\system32\DRIVERS\WSTCODEC.SYS
21:44:11.0515 1816 WSTCODEC - ok
21:44:11.0866 1816 wuauserv (02e4055488047729b333f99d93877038) C:\WINDOWS\system32\wuauserv.dll
21:44:11.0896 1816 wuauserv - ok
21:44:12.0236 1816 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys
21:44:12.0246 1816 WudfPf - ok
21:44:12.0517 1816 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys
21:44:12.0527 1816 WudfRd - ok
21:44:12.0847 1816 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\windows\System32\WUDFSvc.dll
21:44:12.0867 1816 WudfSvc - ok
21:44:13.0278 1816 WZCSVC (f345ff726d92d58abe5b0aee08d29df1) C:\windows\System32\wzcsvc.dll
21:44:13.0398 1816 WZCSVC - ok
21:44:13.0689 1816 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\windows\System32\xmlprov.dll
21:44:13.0779 1816 xmlprov - ok
21:44:14.0259 1816 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
21:44:15.0471 1816 \Device\Harddisk0\DR0 - ok
21:44:15.0571 1816 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk1\DR1
21:44:15.0611 1816 \Device\Harddisk1\DR1 - ok
21:44:15.0792 1816 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR5
21:44:15.0842 1816 \Device\Harddisk2\DR5 - ok
21:44:15.0942 1816 Boot (0x1200) (0cba31e81737b0c1ce8d1baa893ab561) \Device\Harddisk0\DR0\Partition0
21:44:15.0942 1816 \Device\Harddisk0\DR0\Partition0 - ok
21:44:16.0082 1816 Boot (0x1200) (e111039c11a96749a06363c1813c61bc) \Device\Harddisk1\DR1\Partition0
21:44:16.0092 1816 \Device\Harddisk1\DR1\Partition0 - ok
21:44:16.0352 1816 Boot (0x1200) (507bc861d808803b2110f6fe4bf542c6) \Device\Harddisk1\DR1\Partition1
21:44:16.0362 1816 \Device\Harddisk1\DR1\Partition1 - ok
21:44:16.0463 1816 Boot (0x1200) (e99a077707c09e5e82443483aa429e20) \Device\Harddisk2\DR5\Partition0
21:44:16.0483 1816 \Device\Harddisk2\DR5\Partition0 - ok
21:44:16.0563 1816 ============================================================
21:44:16.0563 1816 Scan finished
21:44:16.0563 1816 ============================================================
21:44:16.0843 2288 Detected object count: 1
21:44:16.0843 2288 Actual detected object count: 1
21:50:43.0008 2288 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:50:43.0008 2288 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
A teď si snad dáme pauzu. Dík Standa

Příspěvekod **jaro3** » 12 dub 2012 08:43

sptd je OK.

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe--zastav ve správci úloh-.

Odinstaluj NOD32 tímto:
Uninstall NOD32:
http://www.nod32.nl/download/tool/nod32removal.exe

http://kb.eset.com/esetkb/index?page=co ... raft=false

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

Pak nový log z HJT.

kontrola HJT - boot virus Vyřešeno

Re: kontrola HJT - boot virus

Re: kontrola HJT - boot virus

Re: kontrola HJT - boot virus

Re: kontrola HJT - boot virus

Re: kontrola HJT - boot virus

Re: kontrola HJT - boot virus

Re: kontrola HJT - boot virus

Re: kontrola HJT - boot virus

Re: kontrola HJT - boot virus

Re: kontrola HJT - boot virus

Re: kontrola HJT - boot virus

Re: kontrola HJT - boot virus

Kdo je online