Problém s Hacknutím FB Acc

mambo158 · Příspěvekod **mambo158** » 03 zář 2012 15:39

Mám problém s Hacknutím FB účtu. Viac tu http://www.pc-help.cz/viewtopic.php?f=95&t=92300&p=692713#p692713.
Kotik mi odporučil, založiť si tu sekciu.

Log z HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:38:56, on 3.9.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\COMPUW~1\PCShared\NCS.EXE
C:\WINDOWS\System32\svchost.exe
E:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Converter Hosted Agent\vmware-ufad.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\marek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\marek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\marek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\marek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Documents and Settings\marek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\marek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\marek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\marek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\marek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555 ... 0e7f6308a0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [msseces.exe] C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11f_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\marek\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Numega Control Service (NCS) - Compuware Corporation - NuMega Lab - C:\PROGRA~1\COMPUW~1\PCShared\NCS.EXE
O23 - Service: NMSAccess - Unknown owner - E:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Converter Hosted Agent\vmware-ufad.exe

--
End of file - 10046 bytes

Reklama

Příspěvekod **Žbeky** » 03 zář 2012 16:16

Odinstaluj Babylon toolbar

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555 ... 0e7f6308a0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterSt
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11f_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

mambo158 · Příspěvekod **mambo158** » 03 zář 2012 17:24

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.03.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
marek :: MAREK-PC [administrator]

3.9.2012 17:18:59
mbam-log-2012-09-03 (17-24-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264387
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Příspěvekod **Žbeky** » 03 zář 2012 17:50

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

mambo158 · Příspěvekod **mambo158** » 03 zář 2012 18:33

mbam log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.03.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
marek :: MAREK-PC [administrator]

3.9.2012 17:55:47
mbam-log-2012-09-03 (17-55-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264322
Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

mambo158 · Příspěvekod **mambo158** » 03 zář 2012 18:34

TDSSKiller Log:
18:01:38.0203 3688 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:01:40.0203 3688 ============================================================
18:01:40.0203 3688 Current date / time: 2012/09/03 18:01:40.0203
18:01:40.0203 3688 SystemInfo:
18:01:40.0203 3688
18:01:40.0203 3688 OS Version: 5.1.2600 ServicePack: 3.0
18:01:40.0203 3688 Product type: Workstation
18:01:40.0203 3688 ComputerName: MAREK-PC
18:01:40.0203 3688 UserName: marek
18:01:40.0203 3688 Windows directory: C:\WINDOWS
18:01:40.0203 3688 System windows directory: C:\WINDOWS
18:01:40.0203 3688 Processor architecture: Intel x86
18:01:40.0203 3688 Number of processors: 2
18:01:40.0203 3688 Page size: 0x1000
18:01:40.0203 3688 Boot type: Normal boot
18:01:40.0203 3688 ============================================================
18:01:43.0937 3688 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
18:01:43.0953 3688 ============================================================
18:01:43.0953 3688 \Device\Harddisk0\DR0:
18:01:43.0953 3688 MBR partitions:
18:01:43.0953 3688 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2710011
18:01:43.0953 3688 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2710050, BlocksNum 0xB8833C0
18:01:43.0953 3688 ============================================================
18:01:43.0968 3688 C: <-> \Device\Harddisk0\DR0\Partition1
18:01:44.0015 3688 E: <-> \Device\Harddisk0\DR0\Partition2
18:01:44.0015 3688 ============================================================
18:01:44.0015 3688 Initialize success
18:01:44.0015 3688 ============================================================
18:01:47.0812 2128 ============================================================
18:01:47.0812 2128 Scan started
18:01:47.0812 2128 Mode: Manual;
18:01:47.0812 2128 ============================================================
18:01:48.0984 2128 ================ Scan system memory ========================
18:01:48.0984 2128 System memory - ok
18:01:48.0984 2128 ================ Scan services =============================
18:01:49.0125 2128 Abiosdsk - ok
18:01:49.0125 2128 abp480n5 - ok
18:01:49.0171 2128 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:01:49.0171 2128 ACPI - ok
18:01:49.0203 2128 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:01:49.0203 2128 ACPIEC - ok
18:01:49.0265 2128 [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:01:49.0265 2128 Adobe LM Service - ok
18:01:49.0265 2128 adpu160m - ok
18:01:49.0312 2128 [ E696E749BEDCDA8B23757B8B5EA93780 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
18:01:49.0312 2128 aeaudio - ok
18:01:49.0328 2128 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:01:49.0343 2128 aec - ok
18:01:49.0359 2128 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:01:49.0375 2128 AFD - ok
18:01:49.0390 2128 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
18:01:49.0390 2128 agp440 - ok
18:01:49.0406 2128 Aha154x - ok
18:01:49.0421 2128 aic78u2 - ok
18:01:49.0421 2128 aic78xx - ok
18:01:49.0468 2128 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:01:49.0468 2128 Alerter - ok
18:01:49.0484 2128 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:01:49.0484 2128 ALG - ok
18:01:49.0500 2128 AliIde - ok
18:01:49.0515 2128 amsint - ok
18:01:49.0546 2128 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:01:49.0546 2128 AppMgmt - ok
18:01:49.0562 2128 asc - ok
18:01:49.0578 2128 asc3350p - ok
18:01:49.0578 2128 asc3550 - ok
18:01:49.0687 2128 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:01:49.0687 2128 aspnet_state - ok
18:01:49.0718 2128 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:01:49.0718 2128 AsyncMac - ok
18:01:49.0734 2128 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:01:49.0734 2128 atapi - ok
18:01:49.0750 2128 Atdisk - ok
18:01:49.0812 2128 [ 471087B5E1E01CC82604E81EA14781D8 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
18:01:49.0812 2128 Ati HotKey Poller - ok
18:01:50.0000 2128 [ B979BA0120B6DB757196A8E2E873FE3C ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
18:01:50.0015 2128 ATI Smart - ok
18:01:50.0281 2128 [ C0B86ECB324E50F6BBD529F9D5C6B24B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:01:50.0328 2128 ati2mtag - ok
18:01:50.0359 2128 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:01:50.0359 2128 Atmarpc - ok
18:01:50.0375 2128 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:01:50.0375 2128 AudioSrv - ok
18:01:50.0406 2128 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:01:50.0406 2128 audstub - ok
18:01:50.0437 2128 [ 4D50B7A5AE8E67E68B7C9571769D5DDE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:01:50.0437 2128 b57w2k - ok
18:01:50.0484 2128 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:01:50.0484 2128 Beep - ok
18:01:50.0531 2128 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:01:50.0546 2128 BITS - ok
18:01:50.0578 2128 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
18:01:50.0578 2128 Browser - ok
18:01:50.0609 2128 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:01:50.0609 2128 cbidf2k - ok
18:01:50.0625 2128 cd20xrnt - ok
18:01:50.0656 2128 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:01:50.0656 2128 Cdaudio - ok
18:01:50.0687 2128 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:01:50.0687 2128 Cdfs - ok
18:01:50.0734 2128 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:01:50.0734 2128 Cdrom - ok
18:01:50.0750 2128 Changer - ok
18:01:50.0781 2128 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:01:50.0781 2128 CiSvc - ok
18:01:50.0796 2128 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:01:50.0796 2128 ClipSrv - ok
18:01:50.0859 2128 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:01:50.0859 2128 clr_optimization_v2.0.50727_32 - ok
18:01:50.0890 2128 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:01:50.0906 2128 clr_optimization_v4.0.30319_32 - ok
18:01:50.0921 2128 CmdIde - ok
18:01:50.0937 2128 COMSysApp - ok
18:01:50.0953 2128 Cpqarray - ok
18:01:50.0984 2128 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:01:50.0984 2128 CryptSvc - ok
18:01:51.0031 2128 [ 5C706C06C1279952D2CC1A609CA948BF ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
18:01:51.0031 2128 CVirtA - ok
18:01:51.0031 2128 dac2w2k - ok
18:01:51.0046 2128 dac960nt - ok
18:01:51.0109 2128 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:01:51.0109 2128 DcomLaunch - ok
18:01:51.0156 2128 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:01:51.0156 2128 Dhcp - ok
18:01:51.0187 2128 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:01:51.0187 2128 Disk - ok
18:01:51.0203 2128 dmadmin - ok
18:01:51.0250 2128 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:01:51.0250 2128 dmboot - ok
18:01:51.0281 2128 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:01:51.0281 2128 dmio - ok
18:01:51.0312 2128 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:01:51.0312 2128 dmload - ok
18:01:51.0343 2128 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:01:51.0343 2128 dmserver - ok
18:01:51.0359 2128 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:01:51.0359 2128 DMusic - ok
18:01:51.0390 2128 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:01:51.0390 2128 Dnscache - ok
18:01:51.0421 2128 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:01:51.0421 2128 Dot3svc - ok
18:01:51.0421 2128 dpti2o - ok
18:01:51.0453 2128 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:01:51.0453 2128 drmkaud - ok
18:01:51.0484 2128 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:01:51.0484 2128 EapHost - ok
18:01:51.0500 2128 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:01:51.0500 2128 ERSvc - ok
18:01:51.0546 2128 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:01:51.0546 2128 Eventlog - ok
18:01:51.0578 2128 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
18:01:51.0578 2128 EventSystem - ok
18:01:51.0609 2128 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:01:51.0609 2128 Fastfat - ok
18:01:51.0640 2128 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:01:51.0656 2128 FastUserSwitchingCompatibility - ok
18:01:51.0671 2128 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:01:51.0671 2128 Fdc - ok
18:01:51.0703 2128 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:01:51.0703 2128 Fips - ok
18:01:51.0718 2128 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:01:51.0718 2128 Flpydisk - ok
18:01:51.0765 2128 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:01:51.0765 2128 FltMgr - ok
18:01:51.0843 2128 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:01:51.0843 2128 FontCache3.0.0.0 - ok
18:01:51.0859 2128 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:01:51.0859 2128 Fs_Rec - ok
18:01:51.0890 2128 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:01:51.0890 2128 Ftdisk - ok
18:01:51.0921 2128 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:01:51.0921 2128 Gpc - ok
18:01:51.0984 2128 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:01:52.0000 2128 gusvc - ok
18:01:52.0031 2128 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
18:01:52.0031 2128 hamachi - ok
18:01:52.0171 2128 [ DA1B48FDE74125128D0D846A3701D344 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
18:01:52.0187 2128 Hamachi2Svc - ok
18:01:52.0281 2128 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:01:52.0281 2128 helpsvc - ok
18:01:52.0281 2128 HidServ - ok
18:01:52.0312 2128 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:01:52.0312 2128 HidUsb - ok
18:01:52.0343 2128 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:01:52.0343 2128 hkmsvc - ok
18:01:52.0421 2128 [ C9A96F4D46767E65042E7B6C531FB526 ] HP Port Resolver C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
18:01:52.0421 2128 HP Port Resolver - ok
18:01:52.0453 2128 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
18:01:52.0453 2128 HP Status Server - ok
18:01:52.0453 2128 hpn - ok
18:01:52.0484 2128 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:01:52.0500 2128 HTTP - ok
18:01:52.0515 2128 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:01:52.0531 2128 HTTPFilter - ok
18:01:52.0531 2128 i2omgmt - ok
18:01:52.0546 2128 i2omp - ok
18:01:52.0578 2128 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:01:52.0578 2128 i8042prt - ok
18:01:52.0656 2128 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:01:52.0656 2128 IDriverT - ok
18:01:52.0718 2128 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:01:52.0734 2128 idsvc - ok
18:01:52.0796 2128 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] IISADMIN C:\WINDOWS\System32\inetsrv\inetinfo.exe
18:01:52.0796 2128 IISADMIN - ok
18:01:52.0812 2128 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:01:52.0812 2128 Imapi - ok
18:01:52.0843 2128 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:01:52.0859 2128 ImapiService - ok
18:01:52.0875 2128 ini910u - ok
18:01:52.0890 2128 IntelIde - ok
18:01:52.0921 2128 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:01:52.0921 2128 intelppm - ok
18:01:52.0953 2128 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:01:52.0953 2128 ip6fw - ok
18:01:52.0984 2128 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:01:52.0984 2128 IpFilterDriver - ok
18:01:53.0000 2128 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:01:53.0015 2128 IpInIp - ok
18:01:53.0031 2128 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:01:53.0031 2128 IpNat - ok
18:01:53.0062 2128 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:01:53.0062 2128 IPSec - ok
18:01:53.0078 2128 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:01:53.0078 2128 IRENUM - ok
18:01:53.0109 2128 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:01:53.0109 2128 isapnp - ok
18:01:53.0203 2128 [ 9E6898C4A084FEBAE925525C3BAF467E ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
18:01:53.0203 2128 JavaQuickStarterService - ok
18:01:53.0218 2128 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:01:53.0218 2128 Kbdclass - ok
18:01:53.0250 2128 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:01:53.0250 2128 kmixer - ok
18:01:53.0281 2128 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:01:53.0281 2128 KSecDD - ok
18:01:53.0328 2128 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:01:53.0328 2128 lanmanserver - ok
18:01:53.0375 2128 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:01:53.0375 2128 lanmanworkstation - ok
18:01:53.0390 2128 lbrtfdc - ok
18:01:53.0437 2128 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:01:53.0437 2128 LmHosts - ok
18:01:53.0468 2128 [ 48F8843A96F82E83F1FA2D468930CD0D ] mach5 C:\WINDOWS\System32\mach5.sys
18:01:53.0484 2128 mach5 - ok
18:01:53.0562 2128 [ C341D64C9F3B39CB56F9712335C33717 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
18:01:53.0562 2128 McAfeeFramework - ok
18:01:53.0625 2128 [ AAC6788DE4B9A0AE0B660597C7500B1D ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
18:01:53.0625 2128 MDM - ok
18:01:53.0671 2128 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:01:53.0671 2128 Messenger - ok
18:01:53.0671 2128 mferkdk - ok
18:01:53.0765 2128 [ 033B947AF4A997820E86FCB070B1F450 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:01:53.0781 2128 Microsoft Office Groove Audit Service - ok
18:01:53.0812 2128 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:01:53.0812 2128 mnmdd - ok
18:01:53.0843 2128 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
18:01:53.0843 2128 mnmsrvc - ok
18:01:53.0875 2128 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:01:53.0875 2128 Modem - ok
18:01:53.0906 2128 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:01:53.0906 2128 Mouclass - ok
18:01:53.0937 2128 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:01:53.0937 2128 mouhid - ok
18:01:53.0953 2128 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:01:53.0968 2128 MountMgr - ok
18:01:54.0000 2128 [ FEE0BADED54222E9F1DAE9541212AAB1 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:01:54.0000 2128 MpFilter - ok
18:01:54.0171 2128 [ A69630D039C38018689190234F866D77 ] MpKsla03a821b C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A54BB82F-B2A2-4D00-8049-AAEF3DE61CFC}\MpKsla03a821b.sys
18:01:54.0171 2128 MpKsla03a821b - ok
18:01:54.0187 2128 mraid35x - ok
18:01:54.0203 2128 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:01:54.0218 2128 MRxDAV - ok
18:01:54.0250 2128 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:01:54.0265 2128 MRxSmb - ok
18:01:54.0296 2128 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
18:01:54.0296 2128 MSDTC - ok
18:01:54.0343 2128 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:01:54.0343 2128 Msfs - ok
18:01:54.0343 2128 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] MSFtpsvc C:\WINDOWS\System32\inetsrv\inetinfo.exe
18:01:54.0343 2128 MSFtpsvc - ok
18:01:54.0359 2128 MSIServer - ok
18:01:54.0390 2128 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:01:54.0390 2128 MSKSSRV - ok
18:01:54.0453 2128 [ CFCE43B70CA0CC4DCC8ADB62B792B173 ] MsMpSvc C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
18:01:54.0453 2128 MsMpSvc - ok
18:01:54.0468 2128 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:01:54.0468 2128 MSPCLOCK - ok
18:01:54.0484 2128 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:01:54.0484 2128 MSPQM - ok
18:01:54.0531 2128 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:01:54.0531 2128 mssmbios - ok
18:01:54.0562 2128 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:01:54.0578 2128 Mup - ok
18:01:54.0609 2128 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:01:54.0625 2128 napagent - ok
18:01:54.0703 2128 [ 0780CF34C64DB6A0D1A2DD4ABBDF246C ] NCS C:\PROGRA~1\COMPUW~1\PCShared\NCS.EXE
18:01:54.0703 2128 NCS - ok
18:01:54.0734 2128 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:01:54.0734 2128 NDIS - ok
18:01:54.0765 2128 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:01:54.0765 2128 NdisTapi - ok
18:01:54.0781 2128 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:01:54.0781 2128 Ndisuio - ok
18:01:54.0812 2128 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:01:54.0812 2128 NdisWan - ok
18:01:54.0843 2128 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:01:54.0843 2128 NDProxy - ok
18:01:54.0875 2128 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
18:01:54.0890 2128 Net Driver HPZ12 - ok
18:01:54.0890 2128 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:01:54.0906 2128 NetBIOS - ok
18:01:54.0921 2128 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:01:54.0921 2128 NetBT - ok
18:01:54.0968 2128 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:01:54.0968 2128 NetDDE - ok
18:01:54.0984 2128 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:01:54.0984 2128 NetDDEdsdm - ok
18:01:55.0015 2128 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:01:55.0015 2128 Netlogon - ok
18:01:55.0046 2128 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:01:55.0046 2128 Netman - ok
18:01:55.0078 2128 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:01:55.0093 2128 NetTcpPortSharing - ok
18:01:55.0109 2128 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:01:55.0125 2128 Nla - ok
18:01:55.0140 2128 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
18:01:55.0140 2128 nm - ok
18:01:55.0234 2128 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess E:\Program Files\CDBurnerXP\NMSAccessU.exe
18:01:55.0234 2128 NMSAccess - ok
18:01:55.0265 2128 [ 4A8A2AA0706B659175169DECF198E9D7 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
18:01:55.0265 2128 nmwcd - ok
18:01:55.0296 2128 [ 02E96113511171BA7559386D10D3DAEA ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys
18:01:55.0296 2128 nmwcdnsu - ok
18:01:55.0328 2128 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:01:55.0328 2128 Npfs - ok
18:01:55.0375 2128 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:01:55.0390 2128 Ntfs - ok
18:01:55.0406 2128 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
18:01:55.0406 2128 NtLmSsp - ok
18:01:55.0453 2128 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:01:55.0468 2128 NtmsSvc - ok
18:01:55.0500 2128 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:01:55.0500 2128 Null - ok
18:01:55.0531 2128 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:01:55.0531 2128 NwlnkFlt - ok
18:01:55.0546 2128 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:01:55.0546 2128 NwlnkFwd - ok
18:01:55.0609 2128 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:01:55.0625 2128 odserv - ok
18:01:55.0656 2128 [ 18CD59B762829860F96DC2569F1A7AD2 ] OOD2000 C:\WINDOWS\system32\OOD2000.exe
18:01:55.0671 2128 OOD2000 - ok
18:01:55.0703 2128 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:01:55.0718 2128 ose - ok
18:01:55.0734 2128 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:01:55.0750 2128 Parport - ok
18:01:55.0781 2128 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:01:55.0781 2128 PartMgr - ok
18:01:55.0796 2128 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:01:55.0796 2128 ParVdm - ok
18:01:55.0812 2128 pccsmcfd - ok
18:01:55.0828 2128 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:01:55.0828 2128 PCI - ok
18:01:55.0843 2128 PCIDump - ok
18:01:55.0859 2128 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:01:55.0859 2128 PCIIde - ok
18:01:55.0890 2128 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:01:55.0890 2128 Pcmcia - ok
18:01:55.0890 2128 PDCOMP - ok
18:01:55.0906 2128 PDFRAME - ok
18:01:55.0921 2128 PDRELI - ok
18:01:55.0921 2128 PDRFRAME - ok
18:01:55.0937 2128 perc2 - ok
18:01:55.0953 2128 perc2hib - ok
18:01:56.0000 2128 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:01:56.0000 2128 PlugPlay - ok
18:01:56.0031 2128 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
18:01:56.0031 2128 Pml Driver HPZ12 - ok
18:01:56.0046 2128 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:01:56.0046 2128 PolicyAgent - ok
18:01:56.0078 2128 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:01:56.0093 2128 PptpMiniport - ok
18:01:56.0109 2128 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
18:01:56.0109 2128 Processor - ok
18:01:56.0125 2128 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:01:56.0125 2128 ProtectedStorage - ok
18:01:56.0125 2128 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:01:56.0140 2128 PSched - ok
18:01:56.0140 2128 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:01:56.0140 2128 Ptilink - ok
18:01:56.0171 2128 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:01:56.0187 2128 PxHelp20 - ok
18:01:56.0187 2128 ql1080 - ok
18:01:56.0203 2128 Ql10wnt - ok
18:01:56.0218 2128 ql12160 - ok
18:01:56.0218 2128 ql1240 - ok
18:01:56.0234 2128 ql1280 - ok
18:01:56.0250 2128 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:01:56.0250 2128 RasAcd - ok
18:01:56.0296 2128 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:01:56.0296 2128 RasAuto - ok
18:01:56.0328 2128 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:01:56.0328 2128 Rasl2tp - ok
18:01:56.0359 2128 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:01:56.0375 2128 RasMan - ok
18:01:56.0375 2128 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:01:56.0390 2128 RasPppoe - ok
18:01:56.0406 2128 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:01:56.0406 2128 Raspti - ok
18:01:56.0453 2128 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:01:56.0453 2128 Rdbss - ok
18:01:56.0468 2128 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:01:56.0468 2128 RDPCDD - ok
18:01:56.0500 2128 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:01:56.0515 2128 rdpdr - ok
18:01:56.0546 2128 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:01:56.0546 2128 RDPWD - ok
18:01:56.0593 2128 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:01:56.0593 2128 RDSessMgr - ok
18:01:56.0609 2128 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:01:56.0609 2128 redbook - ok
18:01:56.0640 2128 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:01:56.0640 2128 RemoteAccess - ok
18:01:56.0671 2128 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:01:56.0671 2128 RemoteRegistry - ok
18:01:56.0703 2128 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
18:01:56.0718 2128 RpcLocator - ok
18:01:56.0750 2128 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:01:56.0765 2128 RpcSs - ok
18:01:56.0781 2128 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
18:01:56.0796 2128 RSVP - ok
18:01:56.0812 2128 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:01:56.0828 2128 SamSs - ok
18:01:56.0843 2128 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:01:56.0859 2128 SCardSvr - ok
18:01:56.0890 2128 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:01:56.0890 2128 Schedule - ok
18:01:56.0937 2128 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:01:56.0937 2128 Secdrv - ok
18:01:56.0968 2128 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:01:56.0968 2128 seclogon - ok
18:01:57.0000 2128 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:01:57.0000 2128 SENS - ok
18:01:57.0031 2128 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:01:57.0031 2128 serenum - ok
18:01:57.0046 2128 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:01:57.0062 2128 Serial - ok
18:01:57.0109 2128 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:01:57.0109 2128 Sfloppy - ok
18:01:57.0156 2128 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:01:57.0156 2128 SharedAccess - ok
18:01:57.0187 2128 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:01:57.0203 2128 ShellHWDetection - ok
18:01:57.0203 2128 Simbad - ok
18:01:57.0265 2128 [ FA3368A7039F5ABAA4B933703AC34763 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
18:01:57.0265 2128 smwdm - ok
18:01:57.0328 2128 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
18:01:57.0328 2128 SoundMAX Agent Service (default) - ok
18:01:57.0328 2128 Sparrow - ok
18:01:57.0359 2128 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:01:57.0359 2128 splitter - ok
18:01:57.0390 2128 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:01:57.0390 2128 Spooler - ok
18:01:57.0453 2128 [ D390675B8CE45E5FB359338E5E649329 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
18:01:57.0453 2128 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: D390675B8CE45E5FB359338E5E649329
18:01:57.0453 2128 sptd ( LockedFile.Multi.Generic ) - warning
18:01:57.0453 2128 sptd - detected LockedFile.Multi.Generic (1)
18:01:57.0484 2128 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:01:57.0484 2128 sr - ok
18:01:57.0515 2128 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:01:57.0531 2128 srservice - ok
18:01:57.0562 2128 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:01:57.0562 2128 Srv - ok
18:01:57.0593 2128 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:01:57.0609 2128 SSDPSRV - ok
18:01:57.0625 2128 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
18:01:57.0640 2128 StarOpen - ok
18:01:57.0750 2128 [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
18:01:57.0765 2128 StarWindServiceAE - ok
18:01:57.0781 2128 Steam Client Service - ok
18:01:57.0812 2128 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:01:57.0812 2128 stisvc - ok
18:01:57.0843 2128 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:01:57.0843 2128 swenum - ok
18:01:57.0937 2128 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:01:57.0937 2128 SwitchBoard - ok
18:01:57.0968 2128 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:01:57.0968 2128 swmidi - ok
18:01:57.0968 2128 SwPrv - ok
18:01:58.0000 2128 symc810 - ok
18:01:58.0000 2128 symc8xx - ok
18:01:58.0015 2128 sym_hi - ok
18:01:58.0031 2128 sym_u3 - ok
18:01:58.0046 2128 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:01:58.0046 2128 sysaudio - ok
18:01:58.0093 2128 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:01:58.0093 2128 SysmonLog - ok
18:01:58.0125 2128 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:01:58.0140 2128 TapiSrv - ok
18:01:58.0187 2128 [ D9F19E78F98834CB411D6AD3C68D181A ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:01:58.0203 2128 Tcpip - ok
18:01:58.0218 2128 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:01:58.0218 2128 TDPIPE - ok
18:01:58.0234 2128 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:01:58.0234 2128 TDTCP - ok
18:01:58.0265 2128 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:01:58.0265 2128 TermDD - ok
18:01:58.0296 2128 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:01:58.0296 2128 TermService - ok
18:01:58.0328 2128 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:01:58.0328 2128 Themes - ok
18:01:58.0375 2128 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
18:01:58.0375 2128 TlntSvr - ok
18:01:58.0390 2128 TosIde - ok
18:01:58.0406 2128 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:01:58.0421 2128 TrkWks - ok
18:01:58.0453 2128 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:01:58.0453 2128 Udfs - ok
18:01:58.0515 2128 [ 10C30C9F370CDD89033362BF9AF7CACB ] ufad-ws60 C:\Program Files\VMware\VMware Converter Hosted Agent\vmware-ufad.exe
18:01:58.0515 2128 ufad-ws60 - ok
18:01:58.0531 2128 ultra - ok
18:01:58.0593 2128 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:01:58.0593 2128 Update - ok
18:01:58.0625 2128 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:01:58.0640 2128 upnphost - ok
18:01:58.0671 2128 [ A34560A5D516A2F5240180370866B99D ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
18:01:58.0671 2128 upperdev - ok
18:01:58.0687 2128 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:01:58.0703 2128 UPS - ok
18:01:58.0734 2128 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:01:58.0734 2128 usbehci - ok
18:01:58.0781 2128 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:01:58.0781 2128 usbhub - ok
18:01:58.0796 2128 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:01:58.0812 2128 usbscan - ok
18:01:58.0843 2128 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
18:01:58.0843 2128 usbser - ok
18:01:58.0875 2128 [ 6410EEBD6E0427466812858EE84C8467 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
18:01:58.0875 2128 UsbserFilt - ok
18:01:58.0890 2128 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:01:58.0890 2128 USBSTOR - ok
18:01:58.0921 2128 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:01:58.0937 2128 usbuhci - ok
18:01:58.0953 2128 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:01:58.0953 2128 VgaSave - ok
18:01:58.0968 2128 ViaIde - ok
18:01:59.0046 2128 [ B5BA71EADEED0773D2E0978F962E1BF3 ] Visual Studio Analyzer RPC bridge C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
18:01:59.0046 2128 Visual Studio Analyzer RPC bridge - ok
18:01:59.0062 2128 Vmaa81l80 - ok
18:01:59.0078 2128 VMnetAdapter - ok
18:01:59.0109 2128 [ 2CCBFA08C10CD064FDEE5B31869B0C02 ] VNA C:\WINDOWS\system32\DRIVERS\vna.sys
18:01:59.0109 2128 VNA - ok
18:01:59.0140 2128 [ 4EC979B157D1AA075330362ACB5424E5 ] vncdrv C:\WINDOWS\system32\DRIVERS\vncdrv.sys
18:01:59.0140 2128 vncdrv - ok
18:01:59.0187 2128 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:01:59.0187 2128 VolSnap - ok
18:01:59.0203 2128 VSPerfDrv90 - ok
18:01:59.0234 2128 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:01:59.0250 2128 VSS - ok
18:01:59.0281 2128 [ 476A052B3CE506ED63A94018F3E979D5 ] vstor2-ws60 C:\Program Files\VMware\VMware Converter Hosted Agent\vstor2-ws60.sys
18:01:59.0281 2128 vstor2-ws60 - ok
18:01:59.0328 2128 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:01:59.0328 2128 W32Time - ok
18:01:59.0359 2128 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:01:59.0359 2128 Wanarp - ok
18:01:59.0406 2128 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:01:59.0421 2128 Wdf01000 - ok
18:01:59.0421 2128 WDICA - ok
18:01:59.0453 2128 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:01:59.0453 2128 wdmaud - ok
18:01:59.0468 2128 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:01:59.0484 2128 WebClient - ok
18:01:59.0546 2128 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:01:59.0546 2128 winmgmt - ok
18:01:59.0609 2128 [ 845AF1BA23C8D5E64DEF61BCC441604C ] WinRing0_1_2_0 C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys
18:01:59.0609 2128 WinRing0_1_2_0 - ok
18:01:59.0671 2128 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
18:01:59.0687 2128 WinRM - ok
18:01:59.0734 2128 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:01:59.0750 2128 WmdmPmSN - ok
18:01:59.0796 2128 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:01:59.0812 2128 Wmi - ok
18:01:59.0828 2128 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
18:01:59.0843 2128 WmiApSrv - ok
18:01:59.0921 2128 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:01:59.0937 2128 WMPNetworkSvc - ok
18:01:59.0953 2128 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:01:59.0953 2128 WpdUsb - ok
18:02:00.0015 2128 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:02:00.0031 2128 WPFFontCache_v0400 - ok
18:02:00.0062 2128 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:02:00.0062 2128 WS2IFSL - ok
18:02:00.0093 2128 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:02:00.0093 2128 wscsvc - ok
18:02:00.0109 2128 WSearch - ok
18:02:00.0140 2128 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:02:00.0140 2128 wuauserv - ok
18:02:00.0171 2128 [ 50EB9E21963B4F06FD010D007D54351B ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:02:00.0171 2128 WudfPf - ok
18:02:00.0203 2128 [ 6E209664BDEA8A15B5E8E480D6C607C2 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:02:00.0203 2128 WudfRd - ok
18:02:00.0234 2128 [ AE93084D2D236887BA56467AE42B4955 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:02:00.0250 2128 WudfSvc - ok
18:02:00.0296 2128 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:02:00.0312 2128 WZCSVC - ok
18:02:00.0312 2128 XDva389 - ok
18:02:00.0328 2128 XDva390 - ok
18:02:00.0343 2128 XDva392 - ok
18:02:00.0343 2128 XDva399 - ok
18:02:00.0375 2128 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:02:00.0390 2128 xmlprov - ok
18:02:00.0390 2128 ================ Scan global ===============================
18:02:00.0421 2128 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:02:00.0437 2128 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:02:00.0468 2128 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:02:00.0484 2128 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:02:00.0500 2128 [Global] - ok
18:02:00.0500 2128 ================ Scan MBR ==================================
18:02:00.0500 2128 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:02:00.0687 2128 \Device\Harddisk0\DR0 - ok
18:02:00.0687 2128 ================ Scan VBR ==================================
18:02:00.0703 2128 [ 967A5FF027CE8F70F3A947C27E85B51C ] \Device\Harddisk0\DR0\Partition1
18:02:00.0703 2128 \Device\Harddisk0\DR0\Partition1 - ok
18:02:00.0718 2128 [ EAD5A5C78672426378CA9D03F4033925 ] \Device\Harddisk0\DR0\Partition2
18:02:00.0718 2128 \Device\Harddisk0\DR0\Partition2 - ok
18:02:00.0718 2128 ============================================================
18:02:00.0718 2128 Scan finished
18:02:00.0718 2128 ============================================================
18:02:00.0750 3552 Detected object count: 1
18:02:00.0750 3552 Actual detected object count: 1
18:02:20.0343 3552 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
18:02:20.0515 3552 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
18:02:20.0515 3552 HKLM\SYSTEM\ControlSet004\services\sptd - will be deleted on reboot
18:02:20.0531 3552 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted on reboot
18:02:20.0531 3552 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
18:02:29.0671 1940 Deinitialize success

PS: Nechtiac som vymazal jedno locknute...

mambo158 · Příspěvekod **mambo158** » 03 zář 2012 18:34

TDSSKiller Log:
18:01:38.0203 3688 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:01:40.0203 3688 ============================================================
18:01:40.0203 3688 Current date / time: 2012/09/03 18:01:40.0203
18:01:40.0203 3688 SystemInfo:
18:01:40.0203 3688
18:01:40.0203 3688 OS Version: 5.1.2600 ServicePack: 3.0
18:01:40.0203 3688 Product type: Workstation
18:01:40.0203 3688 ComputerName: MAREK-PC
18:01:40.0203 3688 UserName: marek
18:01:40.0203 3688 Windows directory: C:\WINDOWS
18:01:40.0203 3688 System windows directory: C:\WINDOWS
18:01:40.0203 3688 Processor architecture: Intel x86
18:01:40.0203 3688 Number of processors: 2
18:01:40.0203 3688 Page size: 0x1000
18:01:40.0203 3688 Boot type: Normal boot
18:01:40.0203 3688 ============================================================
18:01:43.0937 3688 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
18:01:43.0953 3688 ============================================================
18:01:43.0953 3688 \Device\Harddisk0\DR0:
18:01:43.0953 3688 MBR partitions:
18:01:43.0953 3688 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2710011
18:01:43.0953 3688 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2710050, BlocksNum 0xB8833C0
18:01:43.0953 3688 ============================================================
18:01:43.0968 3688 C: <-> \Device\Harddisk0\DR0\Partition1
18:01:44.0015 3688 E: <-> \Device\Harddisk0\DR0\Partition2
18:01:44.0015 3688 ============================================================
18:01:44.0015 3688 Initialize success
18:01:44.0015 3688 ============================================================
18:01:47.0812 2128 ============================================================
18:01:47.0812 2128 Scan started
18:01:47.0812 2128 Mode: Manual;
18:01:47.0812 2128 ============================================================
18:01:48.0984 2128 ================ Scan system memory ========================
18:01:48.0984 2128 System memory - ok
18:01:48.0984 2128 ================ Scan services =============================
18:01:49.0125 2128 Abiosdsk - ok
18:01:49.0125 2128 abp480n5 - ok
18:01:49.0171 2128 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:01:49.0171 2128 ACPI - ok
18:01:49.0203 2128 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:01:49.0203 2128 ACPIEC - ok
18:01:49.0265 2128 [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:01:49.0265 2128 Adobe LM Service - ok
18:01:49.0265 2128 adpu160m - ok
18:01:49.0312 2128 [ E696E749BEDCDA8B23757B8B5EA93780 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
18:01:49.0312 2128 aeaudio - ok
18:01:49.0328 2128 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:01:49.0343 2128 aec - ok
18:01:49.0359 2128 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:01:49.0375 2128 AFD - ok
18:01:49.0390 2128 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
18:01:49.0390 2128 agp440 - ok
18:01:49.0406 2128 Aha154x - ok
18:01:49.0421 2128 aic78u2 - ok
18:01:49.0421 2128 aic78xx - ok
18:01:49.0468 2128 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:01:49.0468 2128 Alerter - ok
18:01:49.0484 2128 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:01:49.0484 2128 ALG - ok
18:01:49.0500 2128 AliIde - ok
18:01:49.0515 2128 amsint - ok
18:01:49.0546 2128 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:01:49.0546 2128 AppMgmt - ok
18:01:49.0562 2128 asc - ok
18:01:49.0578 2128 asc3350p - ok
18:01:49.0578 2128 asc3550 - ok
18:01:49.0687 2128 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:01:49.0687 2128 aspnet_state - ok
18:01:49.0718 2128 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:01:49.0718 2128 AsyncMac - ok
18:01:49.0734 2128 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:01:49.0734 2128 atapi - ok
18:01:49.0750 2128 Atdisk - ok
18:01:49.0812 2128 [ 471087B5E1E01CC82604E81EA14781D8 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
18:01:49.0812 2128 Ati HotKey Poller - ok
18:01:50.0000 2128 [ B979BA0120B6DB757196A8E2E873FE3C ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
18:01:50.0015 2128 ATI Smart - ok
18:01:50.0281 2128 [ C0B86ECB324E50F6BBD529F9D5C6B24B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:01:50.0328 2128 ati2mtag - ok
18:01:50.0359 2128 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:01:50.0359 2128 Atmarpc - ok
18:01:50.0375 2128 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:01:50.0375 2128 AudioSrv - ok
18:01:50.0406 2128 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:01:50.0406 2128 audstub - ok
18:01:50.0437 2128 [ 4D50B7A5AE8E67E68B7C9571769D5DDE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:01:50.0437 2128 b57w2k - ok
18:01:50.0484 2128 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:01:50.0484 2128 Beep - ok
18:01:50.0531 2128 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:01:50.0546 2128 BITS - ok
18:01:50.0578 2128 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
18:01:50.0578 2128 Browser - ok
18:01:50.0609 2128 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:01:50.0609 2128 cbidf2k - ok
18:01:50.0625 2128 cd20xrnt - ok
18:01:50.0656 2128 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:01:50.0656 2128 Cdaudio - ok
18:01:50.0687 2128 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:01:50.0687 2128 Cdfs - ok
18:01:50.0734 2128 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:01:50.0734 2128 Cdrom - ok
18:01:50.0750 2128 Changer - ok
18:01:50.0781 2128 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:01:50.0781 2128 CiSvc - ok
18:01:50.0796 2128 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:01:50.0796 2128 ClipSrv - ok
18:01:50.0859 2128 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:01:50.0859 2128 clr_optimization_v2.0.50727_32 - ok
18:01:50.0890 2128 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:01:50.0906 2128 clr_optimization_v4.0.30319_32 - ok
18:01:50.0921 2128 CmdIde - ok
18:01:50.0937 2128 COMSysApp - ok
18:01:50.0953 2128 Cpqarray - ok
18:01:50.0984 2128 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:01:50.0984 2128 CryptSvc - ok
18:01:51.0031 2128 [ 5C706C06C1279952D2CC1A609CA948BF ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
18:01:51.0031 2128 CVirtA - ok
18:01:51.0031 2128 dac2w2k - ok
18:01:51.0046 2128 dac960nt - ok
18:01:51.0109 2128 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:01:51.0109 2128 DcomLaunch - ok
18:01:51.0156 2128 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:01:51.0156 2128 Dhcp - ok
18:01:51.0187 2128 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:01:51.0187 2128 Disk - ok
18:01:51.0203 2128 dmadmin - ok
18:01:51.0250 2128 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:01:51.0250 2128 dmboot - ok
18:01:51.0281 2128 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:01:51.0281 2128 dmio - ok
18:01:51.0312 2128 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:01:51.0312 2128 dmload - ok
18:01:51.0343 2128 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:01:51.0343 2128 dmserver - ok
18:01:51.0359 2128 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:01:51.0359 2128 DMusic - ok
18:01:51.0390 2128 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:01:51.0390 2128 Dnscache - ok
18:01:51.0421 2128 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:01:51.0421 2128 Dot3svc - ok
18:01:51.0421 2128 dpti2o - ok
18:01:51.0453 2128 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:01:51.0453 2128 drmkaud - ok
18:01:51.0484 2128 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:01:51.0484 2128 EapHost - ok
18:01:51.0500 2128 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:01:51.0500 2128 ERSvc - ok
18:01:51.0546 2128 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:01:51.0546 2128 Eventlog - ok
18:01:51.0578 2128 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
18:01:51.0578 2128 EventSystem - ok
18:01:51.0609 2128 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:01:51.0609 2128 Fastfat - ok
18:01:51.0640 2128 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:01:51.0656 2128 FastUserSwitchingCompatibility - ok
18:01:51.0671 2128 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:01:51.0671 2128 Fdc - ok
18:01:51.0703 2128 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:01:51.0703 2128 Fips - ok
18:01:51.0718 2128 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:01:51.0718 2128 Flpydisk - ok
18:01:51.0765 2128 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:01:51.0765 2128 FltMgr - ok
18:01:51.0843 2128 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:01:51.0843 2128 FontCache3.0.0.0 - ok
18:01:51.0859 2128 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:01:51.0859 2128 Fs_Rec - ok
18:01:51.0890 2128 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:01:51.0890 2128 Ftdisk - ok
18:01:51.0921 2128 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:01:51.0921 2128 Gpc - ok
18:01:51.0984 2128 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:01:52.0000 2128 gusvc - ok
18:01:52.0031 2128 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
18:01:52.0031 2128 hamachi - ok
18:01:52.0171 2128 [ DA1B48FDE74125128D0D846A3701D344 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
18:01:52.0187 2128 Hamachi2Svc - ok
18:01:52.0281 2128 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:01:52.0281 2128 helpsvc - ok
18:01:52.0281 2128 HidServ - ok
18:01:52.0312 2128 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:01:52.0312 2128 HidUsb - ok
18:01:52.0343 2128 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:01:52.0343 2128 hkmsvc - ok
18:01:52.0421 2128 [ C9A96F4D46767E65042E7B6C531FB526 ] HP Port Resolver C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
18:01:52.0421 2128 HP Port Resolver - ok
18:01:52.0453 2128 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
18:01:52.0453 2128 HP Status Server - ok
18:01:52.0453 2128 hpn - ok
18:01:52.0484 2128 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:01:52.0500 2128 HTTP - ok
18:01:52.0515 2128 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:01:52.0531 2128 HTTPFilter - ok
18:01:52.0531 2128 i2omgmt - ok
18:01:52.0546 2128 i2omp - ok
18:01:52.0578 2128 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:01:52.0578 2128 i8042prt - ok
18:01:52.0656 2128 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:01:52.0656 2128 IDriverT - ok
18:01:52.0718 2128 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:01:52.0734 2128 idsvc - ok
18:01:52.0796 2128 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] IISADMIN C:\WINDOWS\System32\inetsrv\inetinfo.exe
18:01:52.0796 2128 IISADMIN - ok
18:01:52.0812 2128 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:01:52.0812 2128 Imapi - ok
18:01:52.0843 2128 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:01:52.0859 2128 ImapiService - ok
18:01:52.0875 2128 ini910u - ok
18:01:52.0890 2128 IntelIde - ok
18:01:52.0921 2128 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:01:52.0921 2128 intelppm - ok
18:01:52.0953 2128 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:01:52.0953 2128 ip6fw - ok
18:01:52.0984 2128 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:01:52.0984 2128 IpFilterDriver - ok
18:01:53.0000 2128 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:01:53.0015 2128 IpInIp - ok
18:01:53.0031 2128 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:01:53.0031 2128 IpNat - ok
18:01:53.0062 2128 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:01:53.0062 2128 IPSec - ok
18:01:53.0078 2128 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:01:53.0078 2128 IRENUM - ok
18:01:53.0109 2128 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:01:53.0109 2128 isapnp - ok
18:01:53.0203 2128 [ 9E6898C4A084FEBAE925525C3BAF467E ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
18:01:53.0203 2128 JavaQuickStarterService - ok
18:01:53.0218 2128 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:01:53.0218 2128 Kbdclass - ok
18:01:53.0250 2128 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:01:53.0250 2128 kmixer - ok
18:01:53.0281 2128 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:01:53.0281 2128 KSecDD - ok
18:01:53.0328 2128 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:01:53.0328 2128 lanmanserver - ok
18:01:53.0375 2128 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:01:53.0375 2128 lanmanworkstation - ok
18:01:53.0390 2128 lbrtfdc - ok
18:01:53.0437 2128 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:01:53.0437 2128 LmHosts - ok
18:01:53.0468 2128 [ 48F8843A96F82E83F1FA2D468930CD0D ] mach5 C:\WINDOWS\System32\mach5.sys
18:01:53.0484 2128 mach5 - ok
18:01:53.0562 2128 [ C341D64C9F3B39CB56F9712335C33717 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
18:01:53.0562 2128 McAfeeFramework - ok
18:01:53.0625 2128 [ AAC6788DE4B9A0AE0B660597C7500B1D ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
18:01:53.0625 2128 MDM - ok
18:01:53.0671 2128 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:01:53.0671 2128 Messenger - ok
18:01:53.0671 2128 mferkdk - ok
18:01:53.0765 2128 [ 033B947AF4A997820E86FCB070B1F450 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:01:53.0781 2128 Microsoft Office Groove Audit Service - ok
18:01:53.0812 2128 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:01:53.0812 2128 mnmdd - ok
18:01:53.0843 2128 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
18:01:53.0843 2128 mnmsrvc - ok
18:01:53.0875 2128 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:01:53.0875 2128 Modem - ok
18:01:53.0906 2128 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:01:53.0906 2128 Mouclass - ok
18:01:53.0937 2128 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:01:53.0937 2128 mouhid - ok
18:01:53.0953 2128 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:01:53.0968 2128 MountMgr - ok
18:01:54.0000 2128 [ FEE0BADED54222E9F1DAE9541212AAB1 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:01:54.0000 2128 MpFilter - ok
18:01:54.0171 2128 [ A69630D039C38018689190234F866D77 ] MpKsla03a821b C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A54BB82F-B2A2-4D00-8049-AAEF3DE61CFC}\MpKsla03a821b.sys
18:01:54.0171 2128 MpKsla03a821b - ok
18:01:54.0187 2128 mraid35x - ok
18:01:54.0203 2128 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:01:54.0218 2128 MRxDAV - ok
18:01:54.0250 2128 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:01:54.0265 2128 MRxSmb - ok
18:01:54.0296 2128 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
18:01:54.0296 2128 MSDTC - ok
18:01:54.0343 2128 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:01:54.0343 2128 Msfs - ok
18:01:54.0343 2128 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] MSFtpsvc C:\WINDOWS\System32\inetsrv\inetinfo.exe
18:01:54.0343 2128 MSFtpsvc - ok
18:01:54.0359 2128 MSIServer - ok
18:01:54.0390 2128 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:01:54.0390 2128 MSKSSRV - ok
18:01:54.0453 2128 [ CFCE43B70CA0CC4DCC8ADB62B792B173 ] MsMpSvc C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
18:01:54.0453 2128 MsMpSvc - ok
18:01:54.0468 2128 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:01:54.0468 2128 MSPCLOCK - ok
18:01:54.0484 2128 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:01:54.0484 2128 MSPQM - ok
18:01:54.0531 2128 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:01:54.0531 2128 mssmbios - ok
18:01:54.0562 2128 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:01:54.0578 2128 Mup - ok
18:01:54.0609 2128 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:01:54.0625 2128 napagent - ok
18:01:54.0703 2128 [ 0780CF34C64DB6A0D1A2DD4ABBDF246C ] NCS C:\PROGRA~1\COMPUW~1\PCShared\NCS.EXE
18:01:54.0703 2128 NCS - ok
18:01:54.0734 2128 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:01:54.0734 2128 NDIS - ok
18:01:54.0765 2128 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:01:54.0765 2128 NdisTapi - ok
18:01:54.0781 2128 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:01:54.0781 2128 Ndisuio - ok
18:01:54.0812 2128 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:01:54.0812 2128 NdisWan - ok
18:01:54.0843 2128 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:01:54.0843 2128 NDProxy - ok
18:01:54.0875 2128 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
18:01:54.0890 2128 Net Driver HPZ12 - ok
18:01:54.0890 2128 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:01:54.0906 2128 NetBIOS - ok
18:01:54.0921 2128 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:01:54.0921 2128 NetBT - ok
18:01:54.0968 2128 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:01:54.0968 2128 NetDDE - ok
18:01:54.0984 2128 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:01:54.0984 2128 NetDDEdsdm - ok
18:01:55.0015 2128 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:01:55.0015 2128 Netlogon - ok
18:01:55.0046 2128 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:01:55.0046 2128 Netman - ok
18:01:55.0078 2128 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:01:55.0093 2128 NetTcpPortSharing - ok
18:01:55.0109 2128 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:01:55.0125 2128 Nla - ok
18:01:55.0140 2128 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
18:01:55.0140 2128 nm - ok
18:01:55.0234 2128 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess E:\Program Files\CDBurnerXP\NMSAccessU.exe
18:01:55.0234 2128 NMSAccess - ok
18:01:55.0265 2128 [ 4A8A2AA0706B659175169DECF198E9D7 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
18:01:55.0265 2128 nmwcd - ok
18:01:55.0296 2128 [ 02E96113511171BA7559386D10D3DAEA ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys
18:01:55.0296 2128 nmwcdnsu - ok
18:01:55.0328 2128 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:01:55.0328 2128 Npfs - ok
18:01:55.0375 2128 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:01:55.0390 2128 Ntfs - ok
18:01:55.0406 2128 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
18:01:55.0406 2128 NtLmSsp - ok
18:01:55.0453 2128 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:01:55.0468 2128 NtmsSvc - ok
18:01:55.0500 2128 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:01:55.0500 2128 Null - ok
18:01:55.0531 2128 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:01:55.0531 2128 NwlnkFlt - ok
18:01:55.0546 2128 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:01:55.0546 2128 NwlnkFwd - ok
18:01:55.0609 2128 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:01:55.0625 2128 odserv - ok
18:01:55.0656 2128 [ 18CD59B762829860F96DC2569F1A7AD2 ] OOD2000 C:\WINDOWS\system32\OOD2000.exe
18:01:55.0671 2128 OOD2000 - ok
18:01:55.0703 2128 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:01:55.0718 2128 ose - ok
18:01:55.0734 2128 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:01:55.0750 2128 Parport - ok
18:01:55.0781 2128 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:01:55.0781 2128 PartMgr - ok
18:01:55.0796 2128 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:01:55.0796 2128 ParVdm - ok
18:01:55.0812 2128 pccsmcfd - ok
18:01:55.0828 2128 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:01:55.0828 2128 PCI - ok
18:01:55.0843 2128 PCIDump - ok
18:01:55.0859 2128 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:01:55.0859 2128 PCIIde - ok
18:01:55.0890 2128 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:01:55.0890 2128 Pcmcia - ok
18:01:55.0890 2128 PDCOMP - ok
18:01:55.0906 2128 PDFRAME - ok
18:01:55.0921 2128 PDRELI - ok
18:01:55.0921 2128 PDRFRAME - ok
18:01:55.0937 2128 perc2 - ok
18:01:55.0953 2128 perc2hib - ok
18:01:56.0000 2128 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:01:56.0000 2128 PlugPlay - ok
18:01:56.0031 2128 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
18:01:56.0031 2128 Pml Driver HPZ12 - ok
18:01:56.0046 2128 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:01:56.0046 2128 PolicyAgent - ok
18:01:56.0078 2128 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:01:56.0093 2128 PptpMiniport - ok
18:01:56.0109 2128 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
18:01:56.0109 2128 Processor - ok
18:01:56.0125 2128 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:01:56.0125 2128 ProtectedStorage - ok
18:01:56.0125 2128 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:01:56.0140 2128 PSched - ok
18:01:56.0140 2128 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:01:56.0140 2128 Ptilink - ok
18:01:56.0171 2128 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:01:56.0187 2128 PxHelp20 - ok
18:01:56.0187 2128 ql1080 - ok
18:01:56.0203 2128 Ql10wnt - ok
18:01:56.0218 2128 ql12160 - ok
18:01:56.0218 2128 ql1240 - ok
18:01:56.0234 2128 ql1280 - ok
18:01:56.0250 2128 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:01:56.0250 2128 RasAcd - ok
18:01:56.0296 2128 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:01:56.0296 2128 RasAuto - ok
18:01:56.0328 2128 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:01:56.0328 2128 Rasl2tp - ok
18:01:56.0359 2128 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:01:56.0375 2128 RasMan - ok
18:01:56.0375 2128 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:01:56.0390 2128 RasPppoe - ok
18:01:56.0406 2128 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:01:56.0406 2128 Raspti - ok
18:01:56.0453 2128 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:01:56.0453 2128 Rdbss - ok
18:01:56.0468 2128 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:01:56.0468 2128 RDPCDD - ok
18:01:56.0500 2128 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:01:56.0515 2128 rdpdr - ok
18:01:56.0546 2128 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:01:56.0546 2128 RDPWD - ok
18:01:56.0593 2128 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:01:56.0593 2128 RDSessMgr - ok
18:01:56.0609 2128 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:01:56.0609 2128 redbook - ok
18:01:56.0640 2128 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:01:56.0640 2128 RemoteAccess - ok
18:01:56.0671 2128 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:01:56.0671 2128 RemoteRegistry - ok
18:01:56.0703 2128 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
18:01:56.0718 2128 RpcLocator - ok
18:01:56.0750 2128 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:01:56.0765 2128 RpcSs - ok
18:01:56.0781 2128 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
18:01:56.0796 2128 RSVP - ok
18:01:56.0812 2128 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:01:56.0828 2128 SamSs - ok
18:01:56.0843 2128 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:01:56.0859 2128 SCardSvr - ok
18:01:56.0890 2128 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:01:56.0890 2128 Schedule - ok
18:01:56.0937 2128 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:01:56.0937 2128 Secdrv - ok
18:01:56.0968 2128 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:01:56.0968 2128 seclogon - ok
18:01:57.0000 2128 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:01:57.0000 2128 SENS - ok
18:01:57.0031 2128 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:01:57.0031 2128 serenum - ok
18:01:57.0046 2128 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:01:57.0062 2128 Serial - ok
18:01:57.0109 2128 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:01:57.0109 2128 Sfloppy - ok
18:01:57.0156 2128 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:01:57.0156 2128 SharedAccess - ok
18:01:57.0187 2128 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:01:57.0203 2128 ShellHWDetection - ok
18:01:57.0203 2128 Simbad - ok
18:01:57.0265 2128 [ FA3368A7039F5ABAA4B933703AC34763 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
18:01:57.0265 2128 smwdm - ok
18:01:57.0328 2128 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
18:01:57.0328 2128 SoundMAX Agent Service (default) - ok
18:01:57.0328 2128 Sparrow - ok
18:01:57.0359 2128 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:01:57.0359 2128 splitter - ok
18:01:57.0390 2128 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:01:57.0390 2128 Spooler - ok
18:01:57.0453 2128 [ D390675B8CE45E5FB359338E5E649329 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
18:01:57.0453 2128 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: D390675B8CE45E5FB359338E5E649329
18:01:57.0453 2128 sptd ( LockedFile.Multi.Generic ) - warning
18:01:57.0453 2128 sptd - detected LockedFile.Multi.Generic (1)
18:01:57.0484 2128 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:01:57.0484 2128 sr - ok
18:01:57.0515 2128 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:01:57.0531 2128 srservice - ok
18:01:57.0562 2128 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:01:57.0562 2128 Srv - ok
18:01:57.0593 2128 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:01:57.0609 2128 SSDPSRV - ok
18:01:57.0625 2128 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
18:01:57.0640 2128 StarOpen - ok
18:01:57.0750 2128 [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
18:01:57.0765 2128 StarWindServiceAE - ok
18:01:57.0781 2128 Steam Client Service - ok
18:01:57.0812 2128 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:01:57.0812 2128 stisvc - ok
18:01:57.0843 2128 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:01:57.0843 2128 swenum - ok
18:01:57.0937 2128 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:01:57.0937 2128 SwitchBoard - ok
18:01:57.0968 2128 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:01:57.0968 2128 swmidi - ok
18:01:57.0968 2128 SwPrv - ok
18:01:58.0000 2128 symc810 - ok
18:01:58.0000 2128 symc8xx - ok
18:01:58.0015 2128 sym_hi - ok
18:01:58.0031 2128 sym_u3 - ok
18:01:58.0046 2128 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:01:58.0046 2128 sysaudio - ok
18:01:58.0093 2128 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:01:58.0093 2128 SysmonLog - ok
18:01:58.0125 2128 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:01:58.0140 2128 TapiSrv - ok
18:01:58.0187 2128 [ D9F19E78F98834CB411D6AD3C68D181A ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:01:58.0203 2128 Tcpip - ok
18:01:58.0218 2128 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:01:58.0218 2128 TDPIPE - ok
18:01:58.0234 2128 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:01:58.0234 2128 TDTCP - ok
18:01:58.0265 2128 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:01:58.0265 2128 TermDD - ok
18:01:58.0296 2128 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:01:58.0296 2128 TermService - ok
18:01:58.0328 2128 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:01:58.0328 2128 Themes - ok
18:01:58.0375 2128 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
18:01:58.0375 2128 TlntSvr - ok
18:01:58.0390 2128 TosIde - ok
18:01:58.0406 2128 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:01:58.0421 2128 TrkWks - ok
18:01:58.0453 2128 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:01:58.0453 2128 Udfs - ok
18:01:58.0515 2128 [ 10C30C9F370CDD89033362BF9AF7CACB ] ufad-ws60 C:\Program Files\VMware\VMware Converter Hosted Agent\vmware-ufad.exe
18:01:58.0515 2128 ufad-ws60 - ok
18:01:58.0531 2128 ultra - ok
18:01:58.0593 2128 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:01:58.0593 2128 Update - ok
18:01:58.0625 2128 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:01:58.0640 2128 upnphost - ok
18:01:58.0671 2128 [ A34560A5D516A2F5240180370866B99D ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
18:01:58.0671 2128 upperdev - ok
18:01:58.0687 2128 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:01:58.0703 2128 UPS - ok
18:01:58.0734 2128 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:01:58.0734 2128 usbehci - ok
18:01:58.0781 2128 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:01:58.0781 2128 usbhub - ok
18:01:58.0796 2128 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:01:58.0812 2128 usbscan - ok
18:01:58.0843 2128 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
18:01:58.0843 2128 usbser - ok
18:01:58.0875 2128 [ 6410EEBD6E0427466812858EE84C8467 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
18:01:58.0875 2128 UsbserFilt - ok
18:01:58.0890 2128 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:01:58.0890 2128 USBSTOR - ok
18:01:58.0921 2128 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:01:58.0937 2128 usbuhci - ok
18:01:58.0953 2128 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:01:58.0953 2128 VgaSave - ok
18:01:58.0968 2128 ViaIde - ok
18:01:59.0046 2128 [ B5BA71EADEED0773D2E0978F962E1BF3 ] Visual Studio Analyzer RPC bridge C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
18:01:59.0046 2128 Visual Studio Analyzer RPC bridge - ok
18:01:59.0062 2128 Vmaa81l80 - ok
18:01:59.0078 2128 VMnetAdapter - ok
18:01:59.0109 2128 [ 2CCBFA08C10CD064FDEE5B31869B0C02 ] VNA C:\WINDOWS\system32\DRIVERS\vna.sys
18:01:59.0109 2128 VNA - ok
18:01:59.0140 2128 [ 4EC979B157D1AA075330362ACB5424E5 ] vncdrv C:\WINDOWS\system32\DRIVERS\vncdrv.sys
18:01:59.0140 2128 vncdrv - ok
18:01:59.0187 2128 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:01:59.0187 2128 VolSnap - ok
18:01:59.0203 2128 VSPerfDrv90 - ok
18:01:59.0234 2128 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:01:59.0250 2128 VSS - ok
18:01:59.0281 2128 [ 476A052B3CE506ED63A94018F3E979D5 ] vstor2-ws60 C:\Program Files\VMware\VMware Converter Hosted Agent\vstor2-ws60.sys
18:01:59.0281 2128 vstor2-ws60 - ok
18:01:59.0328 2128 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:01:59.0328 2128 W32Time - ok
18:01:59.0359 2128 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:01:59.0359 2128 Wanarp - ok
18:01:59.0406 2128 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:01:59.0421 2128 Wdf01000 - ok
18:01:59.0421 2128 WDICA - ok
18:01:59.0453 2128 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:01:59.0453 2128 wdmaud - ok
18:01:59.0468 2128 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:01:59.0484 2128 WebClient - ok
18:01:59.0546 2128 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:01:59.0546 2128 winmgmt - ok
18:01:59.0609 2128 [ 845AF1BA23C8D5E64DEF61BCC441604C ] WinRing0_1_2_0 C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys
18:01:59.0609 2128 WinRing0_1_2_0 - ok
18:01:59.0671 2128 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
18:01:59.0687 2128 WinRM - ok
18:01:59.0734 2128 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:01:59.0750 2128 WmdmPmSN - ok
18:01:59.0796 2128 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:01:59.0812 2128 Wmi - ok
18:01:59.0828 2128 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
18:01:59.0843 2128 WmiApSrv - ok
18:01:59.0921 2128 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:01:59.0937 2128 WMPNetworkSvc - ok
18:01:59.0953 2128 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:01:59.0953 2128 WpdUsb - ok
18:02:00.0015 2128 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:02:00.0031 2128 WPFFontCache_v0400 - ok
18:02:00.0062 2128 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:02:00.0062 2128 WS2IFSL - ok
18:02:00.0093 2128 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:02:00.0093 2128 wscsvc - ok
18:02:00.0109 2128 WSearch - ok
18:02:00.0140 2128 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:02:00.0140 2128 wuauserv - ok
18:02:00.0171 2128 [ 50EB9E21963B4F06FD010D007D54351B ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:02:00.0171 2128 WudfPf - ok
18:02:00.0203 2128 [ 6E209664BDEA8A15B5E8E480D6C607C2 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:02:00.0203 2128 WudfRd - ok
18:02:00.0234 2128 [ AE93084D2D236887BA56467AE42B4955 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:02:00.0250 2128 WudfSvc - ok
18:02:00.0296 2128 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:02:00.0312 2128 WZCSVC - ok
18:02:00.0312 2128 XDva389 - ok
18:02:00.0328 2128 XDva390 - ok
18:02:00.0343 2128 XDva392 - ok
18:02:00.0343 2128 XDva399 - ok
18:02:00.0375 2128 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:02:00.0390 2128 xmlprov - ok
18:02:00.0390 2128 ================ Scan global ===============================
18:02:00.0421 2128 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:02:00.0437 2128 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:02:00.0468 2128 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:02:00.0484 2128 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:02:00.0500 2128 [Global] - ok
18:02:00.0500 2128 ================ Scan MBR ==================================
18:02:00.0500 2128 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:02:00.0687 2128 \Device\Harddisk0\DR0 - ok
18:02:00.0687 2128 ================ Scan VBR ==================================
18:02:00.0703 2128 [ 967A5FF027CE8F70F3A947C27E85B51C ] \Device\Harddisk0\DR0\Partition1
18:02:00.0703 2128 \Device\Harddisk0\DR0\Partition1 - ok
18:02:00.0718 2128 [ EAD5A5C78672426378CA9D03F4033925 ] \Device\Harddisk0\DR0\Partition2
18:02:00.0718 2128 \Device\Harddisk0\DR0\Partition2 - ok
18:02:00.0718 2128 ============================================================
18:02:00.0718 2128 Scan finished
18:02:00.0718 2128 ============================================================
18:02:00.0750 3552 Detected object count: 1
18:02:00.0750 3552 Actual detected object count: 1
18:02:20.0343 3552 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
18:02:20.0515 3552 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
18:02:20.0515 3552 HKLM\SYSTEM\ControlSet004\services\sptd - will be deleted on reboot
18:02:20.0531 3552 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted on reboot
18:02:20.0531 3552 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
18:02:29.0671 1940 Deinitialize success

PS: Nechtiac som vymazal jedno locknute...

mambo158 · Příspěvekod **mambo158** » 03 zář 2012 18:35

ComboFix Log:

ComboFix 12-09-03.07 - marek 03.09.2012 18:19:16.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2513 [GMT 2:00]
Running from: e:\documents and settings\marek\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20110826.txt
c:\cflog\CrashLog_20110905.txt
c:\cflog\CrashLog_20110922.txt
c:\cflog\CrashLog_20111016.txt
c:\cflog\EPLog.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\zeithamo.ENTERPRISE\Local Settings\Application Data\assembly\tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\msssc.dll
c:\windows\system32\MUI\041b\tourstart.exe
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 16:19 . 2012-09-03 16:19 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A54BB82F-B2A2-4D00-8049-AAEF3DE61CFC}\MpKsl1058e94a.sys
2012-09-03 16:02 . 2012-09-03 16:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-03 15:16 . 2012-09-03 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-03 15:16 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-03 13:38 . 2012-09-03 13:38 388096 ----a-r- c:\documents and settings\marek\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-02 18:43 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A54BB82F-B2A2-4D00-8049-AAEF3DE61CFC}\mpengine.dll
2012-09-01 19:59 . 2012-09-01 19:59 -------- d-----w- c:\documents and settings\marek\Application Data\Apple Computer
2012-08-30 09:00 . 2012-08-30 09:00 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-08-26 18:21 . 2012-08-26 18:21 -------- d-----w- c:\documents and settings\marek\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-08-24 14:50 . 2012-08-24 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2012-08-23 16:56 . 2012-08-23 16:56 -------- d-----w- c:\documents and settings\marek\Local Settings\Application Data\LO2AY_V3_INJECTOR
2012-08-22 18:26 . 2012-08-22 18:26 -------- d-----w- c:\documents and settings\marek\Local Settings\Application Data\iZone_Injector
2012-08-21 13:56 . 2012-08-21 13:56 304 ----a-w- C:\user.js
2012-08-21 13:55 . 2012-08-21 13:55 -------- d-----w- c:\documents and settings\marek\Application Data\Babylon
2012-08-21 13:54 . 2012-08-21 13:55 -------- d-----w- c:\program files\YourFileDownloader
2012-08-21 13:54 . 2012-08-21 13:54 -------- d-----w- c:\documents and settings\marek\Application Data\YourFileDownloader
2012-08-21 08:22 . 2012-08-21 08:22 -------- d-----w- c:\documents and settings\marek\Local Settings\Application Data\_
2012-08-20 15:30 . 2012-08-20 20:35 -------- d-----w- c:\documents and settings\marek\Local Settings\Application Data\PMB Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-23 07:15 . 2010-12-26 07:18 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 17:43 . 2012-07-12 17:43 1409 ----a-w- c:\windows\QTFont.for
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msseces.exe"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2012-08-03 4608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-616249376-682003330-1188\Scripts\Logon\0\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-616249376-682003330-1225\Scripts\Logon\0\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-616249376-682003330-3148\Scripts\Logon\0\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^marek^Start Menu^Programs^Startup^Registrace NHL™ 09.lnk]
backup=c:\windows\pss\Registrace NHL™ 09.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakMASTER
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 13:57 282624 ----a-w- e:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 00:12 143360 ----a-w- c:\windows\system32\mobsync.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="e:\program files\Steam\Steam.exe" -silent
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Counter-Strike\\hl.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"e:\\Documents and Settings\\marek\\My Documents\\XtremeMt2-2012\\metin2client.exe"=
"e:\\Program Files\\Aspyr\\Tony Hawks Pro Skater 4\\Game\\Skate4.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"56434:TCP"= 56434:TCP:*:Disabled:Pando Media Booster
"56434:UDP"= 56434:UDP:*:Disabled:Pando Media Booster
"57595:TCP"= 57595:TCP:Pando Media Booster
"57595:UDP"= 57595:UDP:Pando Media Booster
.
R1 MpKsl1058e94a;MpKsl1058e94a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A54BB82F-B2A2-4D00-8049-AAEF3DE61CFC}\MpKsl1058e94a.sys [3.9.2012 18:19 29904]
R2 NCS;Numega Control Service;c:\progra~1\COMPUW~1\PCShared\NCS.EXE [23.8.2005 13:37 45107]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.8.2012 12:03 1385896]
S3 mach5;mach5;c:\windows\system32\mach5.sys [23.8.2005 13:37 20125]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25.6.2009 10:37 136704]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [5.7.2005 18:27 108400]
S3 VSPerfDrv90;Performance Tools Driver 9.0;\??\e:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys --> e:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [3.7.2012 19:59 14416]
S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?]
S3 XDva399;XDva399;\??\c:\windows\system32\XDva399.sys --> c:\windows\system32\XDva399.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 21669691
*NewlyCreated* - 30201864
*NewlyCreated* - MPKSL1058E94A
*NewlyCreated* - MPKSL1C428588
*Deregistered* - 21669691
*Deregistered* - 30201864
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-03 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-07-03 09:21]
.
2012-09-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\marek\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\marek\Application Data\Mozilla\Firefox\Profiles\p5nnd38l.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112555 ... 0e7f6308a0
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555 ... f6308a0&q=
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 186469c4000000000000000e7f6308a0
FF - user.js: extensions.BabylonToolbar.instlDay - 15573
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.615:56
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3412_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
SafeBoot-30201864.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-03 18:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Toolbar\QuickComplete]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1100)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-09-03 18:30:49
ComboFix-quarantined-files.txt 2012-09-03 16:30
.
Pre-Run: 2 068 594 688 bytes free
Post-Run: 2 089 291 776 bytes free
.
- - End Of File - - 3B554148CFF5DA5FC8C62A2477CC5487

Příspěvekod **jaro3** » 03 zář 2012 19:39

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\QTFont.for

Folder::
C:\TDSSKiller_Quarantine
c:\documents and settings\marek\Application Data\Babylon

DirLook::
c:\documents and settings\marek\Local Settings\Application Data\LO2AY_V3_INJECTOR
c:\documents and settings\marek\Local Settings\Application Data\iZone_Injector
c:\documents and settings\marek\Local Settings\Application Data\_

Driver::
VSPerfDrv90
XDva389
XDva390
XDva392
XDva399

Firefox::
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112555 ... 0e7f6308a0
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555 ... f6308a0&q=
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 186469c4000000000000000e7f6308a0
FF - user.js: extensions.BabylonToolbar.instlDay - 15573
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.615:56
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3412_1
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt – ss

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

c:\documents and settings\marek\Local Settings\Application Data\LO2AY_V3_INJECTOR
c:\documents and settings\marek\Local Settings\Application Data\iZone_Injector
c:\documents and settings\marek\Local Settings\Application Data\_
říkají Ti něco ty složky?

mambo158 · Příspěvekod **mambo158** » 03 zář 2012 20:34

Combofix log:
ComboFix 12-09-03.07 - marek 03.09.2012 20:17:11.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2441 [GMT 2:00]
Running from: e:\documents and settings\marek\Desktop\ComboFix.exe
Command switches used :: e:\documents and settings\marek\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\QTFont.for"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\marek\Application Data\Babylon
c:\documents and settings\marek\Application Data\Babylon\log_file.txt
C:\TDSSKiller_Quarantine
c:\tdsskiller_quarantine\03.09.2012_18.01.40\susp0000\object.ini
c:\tdsskiller_quarantine\03.09.2012_18.01.40\susp0000\svc0000\object.ini
c:\tdsskiller_quarantine\03.09.2012_18.01.40\susp0000\svc0000\tsk0000.dta
c:\tdsskiller_quarantine\03.09.2012_18.01.40\susp0000\svc0000\tsk0000.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA389
-------\Legacy_XDVA390
-------\Legacy_XDVA392
-------\Legacy_XDVA399
-------\Service_VSPerfDrv90
-------\Service_XDva389
-------\Service_XDva390
-------\Service_XDva392
-------\Service_XDva399
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 18:25 . 2012-09-03 18:25 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A54BB82F-B2A2-4D00-8049-AAEF3DE61CFC}\MpKslbfa5b805.sys
2012-09-03 18:17 . 2012-09-03 18:17 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A54BB82F-B2A2-4D00-8049-AAEF3DE61CFC}\MpKsl42b9d54b.sys
2012-09-03 16:19 . 2012-09-03 16:19 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A54BB82F-B2A2-4D00-8049-AAEF3DE61CFC}\MpKsl1058e94a.sys
2012-09-03 16:11 . 2012-09-03 16:11 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A54BB82F-B2A2-4D00-8049-AAEF3DE61CFC}\MpKsl1c428588.sys
2012-09-03 16:04 . 2012-09-03 18:24 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A54BB82F-B2A2-4D00-8049-AAEF3DE61CFC}\offreg.dll
2012-09-03 15:16 . 2012-09-03 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-03 15:16 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-03 13:38 . 2012-09-03 13:38 388096 ----a-r- c:\documents and settings\marek\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-02 18:43 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A54BB82F-B2A2-4D00-8049-AAEF3DE61CFC}\mpengine.dll
2012-09-01 19:59 . 2012-09-01 19:59 -------- d-----w- c:\documents and settings\marek\Application Data\Apple Computer
2012-08-30 09:00 . 2012-08-30 09:00 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-08-26 18:21 . 2012-08-26 18:21 -------- d-----w- c:\documents and settings\marek\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-08-24 14:50 . 2012-08-24 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2012-08-23 16:56 . 2012-08-23 16:56 -------- d-----w- c:\documents and settings\marek\Local Settings\Application Data\LO2AY_V3_INJECTOR
2012-08-22 18:26 . 2012-08-22 18:26 -------- d-----w- c:\documents and settings\marek\Local Settings\Application Data\iZone_Injector
2012-08-21 13:56 . 2012-08-21 13:56 304 ----a-w- C:\user.js
2012-08-21 13:54 . 2012-08-21 13:55 -------- d-----w- c:\program files\YourFileDownloader
2012-08-21 13:54 . 2012-08-21 13:54 -------- d-----w- c:\documents and settings\marek\Application Data\YourFileDownloader
2012-08-21 08:22 . 2012-08-21 08:22 -------- d-----w- c:\documents and settings\marek\Local Settings\Application Data\_
2012-08-20 15:30 . 2012-08-20 20:35 -------- d-----w- c:\documents and settings\marek\Local Settings\Application Data\PMB Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-23 07:15 . 2010-12-26 07:18 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 17:43 . 2012-07-12 17:43 1409 ----a-w- c:\windows\QTFont.for
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\marek\Local Settings\Application Data\_ ----
.
2012-08-22 18:32 . 2012-08-22 18:32 893 ----a-w- c:\documents and settings\marek\Local Settings\Application Data\_\Blue_Dragon_v1.exe_Url_ysh55datbia3n1pk1ohvna1jkokmlmc5\1.0.0.0\user.config
2012-08-21 13:16 . 2012-08-22 20:21 895 ----a-w- c:\documents and settings\marek\Local Settings\Application Data\_\Blue_Dragon_v1.exe_Url_kp02pngpbcazld2l5st2ayvffjzh1wzs\1.0.0.0\user.config
2012-08-21 08:22 . 2012-08-21 13:15 894 ----a-w- c:\documents and settings\marek\Local Settings\Application Data\_\Blue_Dragon_v1.exe_Url_0lbnbamhffehq1ssbqhrxrcboqlxzgxf\1.0.0.0\user.config
.
---- Directory of c:\documents and settings\marek\Local Settings\Application Data\iZone_Injector ----
.
2012-08-22 18:28 . 2012-08-22 18:28 802 ----a-w- c:\documents and settings\marek\Local Settings\Application Data\iZone_Injector\iZone_Injector.exe_Url_uiansqan3x0mprdjnl4t0rzyxsdfn5i2\1.0.0.0\user.config
2012-08-22 18:26 . 2012-08-22 18:26 802 ----a-w- c:\documents and settings\marek\Local Settings\Application Data\iZone_Injector\iZone_Injector.exe_Url_jdpxhlev1f4sh2v3odsbrae0i5jocgqa\1.0.0.0\user.config
.
---- Directory of c:\documents and settings\marek\Local Settings\Application Data\LO2AY_V3_INJECTOR ----
.
2012-08-23 16:56 . 2012-08-24 11:24 926 ----a-w- c:\documents and settings\marek\Local Settings\Application Data\LO2AY_V3_INJECTOR\LO2AY_V3_INJECTOR.exe_Url_ynlwj4aa1tfkajzhp4wh5hnkfc0di1lj\1.0.0.0\user.config
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-09-03_16.26.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-03 18:24 . 2012-09-03 18:24 16384 c:\windows\temp\Perflib_Perfdata_1b8.dat
+ 2005-08-17 10:22 . 2012-09-03 18:26 171529 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msseces.exe"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2012-08-03 4608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-616249376-682003330-1188\Scripts\Logon\0\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-616249376-682003330-1225\Scripts\Logon\0\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-616249376-682003330-3148\Scripts\Logon\0\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^marek^Start Menu^Programs^Startup^Registrace NHL™ 09.lnk]
backup=c:\windows\pss\Registrace NHL™ 09.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 13:57 282624 ----a-w- e:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 00:12 143360 ----a-w- c:\windows\system32\mobsync.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="e:\program files\Steam\Steam.exe" -silent
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Counter-Strike\\hl.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"e:\\Documents and Settings\\marek\\My Documents\\XtremeMt2-2012\\metin2client.exe"=
"e:\\Program Files\\Aspyr\\Tony Hawks Pro Skater 4\\Game\\Skate4.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"56434:TCP"= 56434:TCP:*:Disabled:Pando Media Booster
"56434:UDP"= 56434:UDP:*:Disabled:Pando Media Booster
"57595:TCP"= 57595:TCP:Pando Media Booster
"57595:UDP"= 57595:UDP:Pando Media Booster
.
R1 MpKslbfa5b805;MpKslbfa5b805;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A54BB82F-B2A2-4D00-8049-AAEF3DE61CFC}\MpKslbfa5b805.sys [3.9.2012 20:25 29904]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.8.2012 12:03 1385896]
R2 NCS;Numega Control Service;c:\progra~1\COMPUW~1\PCShared\NCS.EXE [23.8.2005 13:37 45107]
S3 mach5;mach5;c:\windows\system32\mach5.sys [23.8.2005 13:37 20125]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25.6.2009 10:37 136704]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [5.7.2005 18:27 108400]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [3.7.2012 19:59 14416]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLBFA5B805
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-03 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-07-03 09:21]
.
2012-09-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\marek\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\marek\Application Data\Mozilla\Firefox\Profiles\p5nnd38l.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112555 ... 0e7f6308a0
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555 ... f6308a0&q=
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 186469c4000000000000000e7f6308a0
FF - user.js: extensions.BabylonToolbar.instlDay - 15573
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.615:56
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3412_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-03 20:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Toolbar\QuickComplete]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1268)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1016)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\inetsrv\inetinfo.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
e:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\VMware\VMware Converter Hosted Agent\vmware-ufad.exe
c:\windows\system32\wscntfy.exe
c:\program files\McAfee\Common Framework\UdaterUI.exe
c:\program files\McAfee\Common Framework\McTray.exe
.
**************************************************************************
.
Completion time: 2012-09-03 20:32:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-03 18:32
ComboFix2.txt 2012-09-03 16:30
.
Pre-Run: 2 069 020 672 bytes free
Post-Run: 1 979 498 496 bytes free
.
- - End Of File - - 119CB22B2066FBC42AD237127471A48B

mambo158 · Příspěvekod **mambo158** » 03 zář 2012 20:39

aswMBR Log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-03 20:36:49
-----------------------------
20:36:49.187 OS Version: Windows 5.1.2600 Service Pack 3
20:36:49.187 Number of processors: 2 586 0x209
20:36:49.187 ComputerName: MAREK-PC UserName: marek
20:36:50.062 Initialize success
20:36:57.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:36:57.453 Disk 0 Vendor: ST3120026A 3.06 Size: 114473MB BusType: 3
20:36:57.468 Disk 0 MBR read successfully
20:36:57.468 Disk 0 MBR scan
20:36:57.468 Disk 0 Windows XP default MBR code
20:36:57.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 63
20:36:57.484 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 94470 MB offset 40960080
20:36:57.500 Disk 0 scanning sectors +234435600
20:36:57.578 Disk 0 scanning C:\WINDOWS\system32\drivers
20:37:04.390 Service scanning
20:37:09.156 Service MpKslbfa5b805 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A54BB82F-B2A2-4D00-8049-AAEF3DE61CFC}\MpKslbfa5b805.sys **LOCKED** 32
20:37:15.296 Modules scanning
20:37:21.953 Disk 0 trace - called modules:
20:37:21.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:37:21.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abf44e8]
20:37:21.968 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000068[0x8abfb510]
20:37:21.984 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8abbd940]
20:37:21.984 Scan finished successfully
20:37:29.953 Disk 0 MBR has been saved successfully to "E:\Documents and Settings\marek\Desktop\MBR.dat"
20:37:29.968 The log file has been saved successfully to "E:\Documents and Settings\marek\Desktop\aswMBR.txt"

áno, tie priečinky sú mi povedomé :) tie sú v poriadku... to je na takú hru hack

DDD

Příspěvekod **jaro3** » 04 zář 2012 09:58

hack jo?

c:\documents and settings\marek\Local Settings\Application Data\_\Blue_Dragon_v1.exe_Url_ysh55datbia3n1pk1ohvna1jkokmlmc5\1.0.0.0\user.config
c:\documents and settings\marek\Local Settings\Application Data\_\Blue_Dragon_v1.exe_Url_kp02pngpbcazld2l5st2ayvffjzh1wzs\1.0.0.0\user.config
c:\documents and settings\marek\Local Settings\Application Data\_\Blue_Dragon_v1.exe_Url_0lbnbamhffehq1ssbqhrxrcboqlxzgxf\1.0.0.0\user.config
c:\documents and settings\marek\Local Settings\Application Data\iZone_Injector\iZone_Injector.exe_Url_uiansqan3x0mprdjnl4t0rzyxsdfn5i2\1.0.0.0\user.config
c:\documents and settings\marek\Local Settings\Application Data\iZone_Injector\iZone_Injector.exe_Url_jdpxhlev1f4sh2v3odsbrae0i5jocgqa\1.0.0.0\user.config
c:\documents and settings\marek\Local Settings\Application Data\LO2AY_V3_INJECTOR\LO2AY_V3_INJECTOR.exe_Url_ynlwj4aa1tfkajzhp4wh5hnkfc0di1lj\1.0.0.0\user.config
projeď to antivirem , MBAM , a můžeš dát na VirusTotal.

Problém s Hacknutím FB Acc

Problém s Hacknutím FB Acc

Re: Problém s Hacknutím FB Acc

Re: Problém s Hacknutím FB Acc

Re: Problém s Hacknutím FB Acc

Re: Problém s Hacknutím FB Acc

Re: Problém s Hacknutím FB Acc

Re: Problém s Hacknutím FB Acc

Re: Problém s Hacknutím FB Acc

Re: Problém s Hacknutím FB Acc

Re: Problém s Hacknutím FB Acc

Re: Problém s Hacknutím FB Acc

Re: Problém s Hacknutím FB Acc

Kdo je online