prosím o kontrolu logu v HJT

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
fille.de.france
nováček
Příspěvky: 26
Registrován: duben 11
Pohlaví: Žena
Stav:
Offline

prosím o kontrolu logu v HJT

Příspěvekod fille.de.france » 17 zář 2012 11:56

Dobrý den,
prosím, zda byste mohli provést kontrolu logu z HJT. Připadá mi že, by v PC mohl být nějaký Spyware či něco podobného. Např. se mi najednou nestahují aktualizace od Microsoftu automaticky, i když to je nastaveno. Antivir (NOD32) nic nenašel.
Moc děkuji.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:44:06, on 2012/09/17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Motyl\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Motyl\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Motyl\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Motyl\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Motyl\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Motyl\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Motyl\Dokumenty\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mediacoderhq.com/start/insta ... -R3&b=5138
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DelPnPDirver] C:\Program Files\panasonic\panasonic KX-P7100\DelPnPD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Motyl\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7693156859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7785829000
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8725 bytes
Nahoru
Reklama
Top
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu v HJT

Příspěvekod memphisto » 17 zář 2012 13:48

v logu fixni:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mediacoderhq.com/start/insta ... -R3&b=5138
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Nahoru
fille.de.france
nováček
Příspěvky: 26
Registrován: duben 11
Pohlaví: Žena
Stav:
Offline

Re: prosím o kontrolu logu v HJT

Příspěvekod fille.de.france » 17 zář 2012 15:27

Po proběhnutí kontroly od MBAM se objevilo toto (tedy, že to nic nenašlo):


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Verze databáze: v2012.09.17.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Motyl :: HLAVNIPC [administrátor]

2012/09/17 15:15:41
mbam-log-2012-09-17 (15-15-41).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 185306
Uplynulý čas: 3 minut, 58 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)
Nahoru
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu v HJT

Příspěvekod memphisto » 17 zář 2012 15:43

Vypadá to ok, ale pro jistotu...

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Nahoru
fille.de.france
nováček
Příspěvky: 26
Registrován: duben 11
Pohlaví: Žena
Stav:
Offline

Re: prosím o kontrolu logu v HJT

Příspěvekod fille.de.france » 17 zář 2012 17:34

Tady je log z TDSSKiller:


17:25:34.0062 2804 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:25:38.0312 2804 ============================================================
17:25:38.0312 2804 Current date / time: 2012/09/17 17:25:38.0312
17:25:38.0312 2804 SystemInfo:
17:25:38.0312 2804
17:25:38.0312 2804 OS Version: 5.1.2600 ServicePack: 3.0
17:25:38.0312 2804 Product type: Workstation
17:25:38.0312 2804 ComputerName: HLAVNIPC
17:25:38.0312 2804 UserName: Motyl
17:25:38.0312 2804 Windows directory: C:\WINDOWS
17:25:38.0312 2804 System windows directory: C:\WINDOWS
17:25:38.0312 2804 Processor architecture: Intel x86
17:25:38.0312 2804 Number of processors: 2
17:25:38.0312 2804 Page size: 0x1000
17:25:38.0312 2804 Boot type: Normal boot
17:25:38.0312 2804 ============================================================
17:25:42.0328 2804 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:25:42.0328 2804 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:25:42.0343 2804 ============================================================
17:25:42.0343 2804 \Device\Harddisk0\DR0:
17:25:42.0343 2804 MBR partitions:
17:25:42.0343 2804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3D08FC7E
17:25:42.0359 2804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3D08FCFC, BlocksNum 0x37671E04
17:25:42.0359 2804 \Device\Harddisk1\DR1:
17:25:42.0359 2804 MBR partitions:
17:25:42.0359 2804 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
17:25:42.0375 2804 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x190DA4F5
17:25:42.0375 2804 ============================================================
17:25:42.0421 2804 C: <-> \Device\Harddisk0\DR0\Partition1
17:25:42.0453 2804 D: <-> \Device\Harddisk0\DR0\Partition2
17:25:42.0484 2804 F: <-> \Device\Harddisk1\DR1\Partition1
17:25:42.0500 2804 G: <-> \Device\Harddisk1\DR1\Partition2
17:25:42.0500 2804 ============================================================
17:25:42.0500 2804 Initialize success
17:25:42.0500 2804 ============================================================
17:26:10.0296 2336 ============================================================
17:26:10.0296 2336 Scan started
17:26:10.0296 2336 Mode: Manual;
17:26:10.0296 2336 ============================================================
17:26:11.0031 2336 ================ Scan system memory ========================
17:26:11.0031 2336 System memory - ok
17:26:11.0031 2336 ================ Scan services =============================
17:26:11.0140 2336 [ F11D68E40ED62FDB7C460C445F1EC4E5 ] 602XML Updater C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
17:26:11.0140 2336 602XML Updater - ok
17:26:11.0234 2336 Abiosdsk - ok
17:26:11.0234 2336 abp480n5 - ok
17:26:11.0390 2336 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:26:11.0437 2336 ACPI - ok
17:26:11.0468 2336 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:26:11.0484 2336 ACPIEC - ok
17:26:11.0500 2336 adpu160m - ok
17:26:11.0546 2336 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:26:11.0578 2336 aec - ok
17:26:11.0578 2336 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:26:11.0640 2336 AFD - ok
17:26:11.0640 2336 Aha154x - ok
17:26:11.0656 2336 aic78u2 - ok
17:26:11.0656 2336 aic78xx - ok
17:26:11.0703 2336 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:26:11.0703 2336 Alerter - ok
17:26:11.0718 2336 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
17:26:11.0718 2336 ALG - ok
17:26:11.0718 2336 AliIde - ok
17:26:11.0734 2336 amsint - ok
17:26:11.0750 2336 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:26:11.0750 2336 AppMgmt - ok
17:26:11.0750 2336 asc - ok
17:26:11.0765 2336 asc3350p - ok
17:26:11.0765 2336 asc3550 - ok
17:26:11.0812 2336 [ 5B01AF89D16D562825C4DB4530F20CBB ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
17:26:11.0828 2336 Aspi32 - ok
17:26:11.0984 2336 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:26:11.0984 2336 aspnet_state - ok
17:26:12.0015 2336 [ DE91D0D73C3E61E6826D98FAC2FAC729 ] Asushwio C:\WINDOWS\system32\drivers\Asushwio.sys
17:26:12.0015 2336 Asushwio - ok
17:26:12.0062 2336 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:26:12.0078 2336 AsyncMac - ok
17:26:12.0093 2336 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:26:12.0093 2336 atapi - ok
17:26:12.0093 2336 Atdisk - ok
17:26:12.0156 2336 [ C4B5144443A368741E6427FAA44C5491 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:26:12.0156 2336 Ati HotKey Poller - ok
17:26:12.0171 2336 [ 48B441DC9CE7CA32152AEDBD2243FCD9 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
17:26:12.0187 2336 ATI Smart - ok
17:26:12.0203 2336 [ 221F0A33229CCE7BF2F7640D3BB8845D ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:26:12.0234 2336 ati2mtag - ok
17:26:12.0250 2336 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:26:12.0265 2336 Atmarpc - ok
17:26:12.0296 2336 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:26:12.0312 2336 AudioSrv - ok
17:26:12.0328 2336 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:26:12.0343 2336 audstub - ok
17:26:12.0359 2336 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:26:12.0375 2336 Beep - ok
17:26:12.0406 2336 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
17:26:12.0421 2336 BITS - ok
17:26:12.0453 2336 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
17:26:12.0453 2336 Browser - ok
17:26:12.0500 2336 [ 16A5DF6E8F9275410CF7EBE2BC12E5FE ] BulkUsb C:\WINDOWS\system32\Drivers\usbprn.sys
17:26:12.0515 2336 BulkUsb - ok
17:26:12.0515 2336 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:26:12.0546 2336 cbidf2k - ok
17:26:12.0562 2336 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:26:12.0578 2336 CCDECODE - ok
17:26:12.0593 2336 cd20xrnt - ok
17:26:12.0593 2336 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:26:12.0609 2336 Cdaudio - ok
17:26:12.0640 2336 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:26:12.0671 2336 Cdfs - ok
17:26:12.0671 2336 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:26:12.0703 2336 Cdrom - ok
17:26:12.0703 2336 Changer - ok
17:26:12.0734 2336 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:26:12.0734 2336 CiSvc - ok
17:26:12.0750 2336 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:26:12.0750 2336 ClipSrv - ok
17:26:12.0781 2336 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:26:12.0781 2336 clr_optimization_v2.0.50727_32 - ok
17:26:12.0781 2336 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:26:12.0796 2336 clr_optimization_v4.0.30319_32 - ok
17:26:12.0796 2336 CmdIde - ok
17:26:12.0812 2336 COMSysApp - ok
17:26:12.0828 2336 Cpqarray - ok
17:26:12.0828 2336 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:26:12.0843 2336 CryptSvc - ok
17:26:12.0859 2336 [ F054744F67576A01139885173392502B ] CrystalSysInfo C:\Program Files\MediaCoder\SysInfo.sys
17:26:12.0875 2336 CrystalSysInfo - ok
17:26:12.0875 2336 dac2w2k - ok
17:26:12.0890 2336 dac960nt - ok
17:26:12.0906 2336 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:26:12.0921 2336 DcomLaunch - ok
17:26:12.0953 2336 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:26:12.0953 2336 Dhcp - ok
17:26:12.0953 2336 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:26:12.0984 2336 Disk - ok
17:26:12.0984 2336 dmadmin - ok
17:26:13.0031 2336 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:26:13.0140 2336 dmboot - ok
17:26:13.0140 2336 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:26:13.0171 2336 dmio - ok
17:26:13.0171 2336 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:26:13.0203 2336 dmload - ok
17:26:13.0218 2336 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:26:13.0218 2336 dmserver - ok
17:26:13.0250 2336 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:26:13.0250 2336 DMusic - ok
17:26:13.0281 2336 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:26:13.0281 2336 Dnscache - ok
17:26:13.0296 2336 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:26:13.0296 2336 Dot3svc - ok
17:26:13.0296 2336 dpti2o - ok
17:26:13.0312 2336 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:26:13.0328 2336 drmkaud - ok
17:26:13.0343 2336 [ 4590C6FE0B9FEE3EF6592DF041C6CDE7 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
17:26:13.0375 2336 e1express - ok
17:26:13.0390 2336 [ D42DD9021ACD47683B33ADF21BCA49AA ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
17:26:13.0406 2336 eamon - ok
17:26:13.0437 2336 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:26:13.0437 2336 EapHost - ok
17:26:13.0437 2336 [ FE7824239D132AD9EBD8645FE1199B30 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
17:26:13.0468 2336 ehdrv - ok
17:26:13.0500 2336 [ 68D91A34CE51CF15C45DD68F7F1257E8 ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
17:26:13.0500 2336 EhttpSrv - ok
17:26:13.0546 2336 [ 191D8ECCC40F05B52FAC0513F35BA01D ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
17:26:13.0546 2336 ekrn - ok
17:26:13.0671 2336 [ AA0667EB9A92414ABB784C101A6C7FEC ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
17:26:13.0703 2336 epfwtdir - ok
17:26:13.0718 2336 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:26:13.0718 2336 ERSvc - ok
17:26:13.0750 2336 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
17:26:13.0750 2336 Eventlog - ok
17:26:13.0781 2336 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
17:26:13.0781 2336 EventSystem - ok
17:26:13.0796 2336 [ 3EF58F2EAE3AECAB45D682152DB2F67D ] exFat C:\WINDOWS\system32\drivers\exFat.sys
17:26:13.0828 2336 exFat - ok
17:26:13.0828 2336 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:26:13.0843 2336 Fastfat - ok
17:26:13.0890 2336 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:26:13.0890 2336 FastUserSwitchingCompatibility - ok
17:26:13.0906 2336 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:26:13.0921 2336 Fdc - ok
17:26:13.0921 2336 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:26:13.0953 2336 Fips - ok
17:26:13.0953 2336 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:26:13.0984 2336 Flpydisk - ok
17:26:13.0984 2336 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:26:14.0015 2336 FltMgr - ok
17:26:14.0062 2336 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:26:14.0078 2336 FontCache3.0.0.0 - ok
17:26:14.0078 2336 [ C865B83411D7347627A4BEEC22543FB1 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:26:14.0093 2336 Fs_Rec - ok
17:26:14.0109 2336 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:26:14.0125 2336 Ftdisk - ok
17:26:14.0140 2336 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:26:14.0156 2336 Gpc - ok
17:26:14.0187 2336 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:26:14.0187 2336 gupdate - ok
17:26:14.0187 2336 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:26:14.0203 2336 gupdatem - ok
17:26:14.0203 2336 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:26:14.0218 2336 gusvc - ok
17:26:14.0218 2336 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:26:14.0250 2336 HDAudBus - ok
17:26:14.0265 2336 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:26:14.0281 2336 helpsvc - ok
17:26:14.0296 2336 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:26:14.0296 2336 HidServ - ok
17:26:14.0312 2336 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:26:14.0343 2336 hidusb - ok
17:26:14.0343 2336 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:26:14.0343 2336 hkmsvc - ok
17:26:14.0359 2336 hpn - ok
17:26:14.0390 2336 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:26:14.0453 2336 HTTP - ok
17:26:14.0484 2336 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:26:14.0484 2336 HTTPFilter - ok
17:26:14.0484 2336 i2omgmt - ok
17:26:14.0500 2336 i2omp - ok
17:26:14.0500 2336 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:26:14.0531 2336 i8042prt - ok
17:26:14.0578 2336 [ 81EFE1C5542AFB2570758F39AE3B1151 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:26:14.0625 2336 ialm - ok
17:26:14.0671 2336 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:26:14.0687 2336 idsvc - ok
17:26:14.0703 2336 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:26:14.0718 2336 Imapi - ok
17:26:14.0750 2336 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:26:14.0765 2336 ImapiService - ok
17:26:14.0765 2336 ini910u - ok
17:26:14.0812 2336 [ B3ED6DAA38BDFFA48E453D7D6007CE1B ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:26:14.0890 2336 IntcAzAudAddService - ok
17:26:14.0890 2336 IntelIde - ok
17:26:14.0921 2336 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:26:14.0953 2336 intelppm - ok
17:26:14.0953 2336 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:26:14.0984 2336 Ip6Fw - ok
17:26:15.0015 2336 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:26:15.0046 2336 IpFilterDriver - ok
17:26:15.0046 2336 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:26:15.0078 2336 IpInIp - ok
17:26:15.0109 2336 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:26:15.0125 2336 IpNat - ok
17:26:15.0140 2336 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:26:15.0156 2336 IPSec - ok
17:26:15.0187 2336 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:26:15.0203 2336 IRENUM - ok
17:26:15.0218 2336 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:26:15.0250 2336 isapnp - ok
17:26:15.0265 2336 [ 39A2F7EBCB6817C4A016B544921C7982 ] iteatapi C:\WINDOWS\system32\DRIVERS\iteatapi.sys
17:26:15.0312 2336 iteatapi - ok
17:26:15.0359 2336 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
17:26:15.0359 2336 JavaQuickStarterService - ok
17:26:15.0375 2336 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:26:15.0390 2336 Kbdclass - ok
17:26:15.0406 2336 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:26:15.0421 2336 kbdhid - ok
17:26:15.0437 2336 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:26:15.0468 2336 kmixer - ok
17:26:15.0500 2336 [ 75856FEA665C153AC1E371842C05C72C ] KPSYSDRV C:\WINDOWS\system32\drivers\KPSYSDRV.sys
17:26:15.0515 2336 KPSYSDRV - ok
17:26:15.0531 2336 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:26:15.0562 2336 KSecDD - ok
17:26:15.0593 2336 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:26:15.0609 2336 lanmanserver - ok
17:26:15.0656 2336 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:26:15.0656 2336 lanmanworkstation - ok
17:26:15.0671 2336 lbrtfdc - ok
17:26:15.0718 2336 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:26:15.0718 2336 LmHosts - ok
17:26:15.0765 2336 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:26:15.0765 2336 MDM - ok
17:26:15.0781 2336 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:26:15.0781 2336 Messenger - ok
17:26:15.0796 2336 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:26:15.0812 2336 mnmdd - ok
17:26:15.0812 2336 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:26:15.0828 2336 mnmsrvc - ok
17:26:15.0859 2336 [ 059FEFC9F7B53D33B12471C90E9D619F ] mod7700 C:\WINDOWS\system32\DRIVERS\mod7700.sys
17:26:15.0859 2336 mod7700 - ok
17:26:15.0875 2336 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:26:15.0890 2336 Modem - ok
17:26:15.0906 2336 [ 1E16CE1AAA46344148D14A737416C13C ] MODRC C:\WINDOWS\system32\DRIVERS\modrc.sys
17:26:15.0906 2336 MODRC - ok
17:26:15.0906 2336 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:26:15.0937 2336 Mouclass - ok
17:26:15.0953 2336 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:26:15.0968 2336 mouhid - ok
17:26:15.0984 2336 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:26:16.0000 2336 MountMgr - ok
17:26:16.0046 2336 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
17:26:16.0062 2336 MPE - ok
17:26:16.0078 2336 mraid35x - ok
17:26:16.0078 2336 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:26:16.0125 2336 MRxDAV - ok
17:26:16.0140 2336 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:26:16.0171 2336 MRxSmb - ok
17:26:16.0187 2336 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:26:16.0187 2336 MSDTC - ok
17:26:16.0203 2336 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:26:16.0234 2336 Msfs - ok
17:26:16.0234 2336 MSIServer - ok
17:26:16.0250 2336 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:26:16.0265 2336 MSKSSRV - ok
17:26:16.0296 2336 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:26:16.0312 2336 MSPCLOCK - ok
17:26:16.0328 2336 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:26:16.0343 2336 MSPQM - ok
17:26:16.0359 2336 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:26:16.0375 2336 mssmbios - ok
17:26:16.0390 2336 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:26:16.0421 2336 MSTEE - ok
17:26:16.0437 2336 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:26:16.0453 2336 MTsensor - ok
17:26:16.0468 2336 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:26:16.0484 2336 Mup - ok
17:26:16.0500 2336 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:26:16.0515 2336 NABTSFEC - ok
17:26:16.0531 2336 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:26:16.0546 2336 napagent - ok
17:26:16.0562 2336 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:26:16.0562 2336 NDIS - ok
17:26:16.0578 2336 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:26:16.0609 2336 NdisIP - ok
17:26:16.0625 2336 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:26:16.0656 2336 NdisTapi - ok
17:26:16.0671 2336 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:26:16.0687 2336 Ndisuio - ok
17:26:16.0703 2336 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:26:16.0718 2336 NdisWan - ok
17:26:16.0718 2336 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:26:16.0750 2336 NDProxy - ok
17:26:16.0750 2336 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:26:16.0781 2336 NetBIOS - ok
17:26:16.0781 2336 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:26:16.0812 2336 NetBT - ok
17:26:16.0812 2336 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
17:26:16.0828 2336 NetDDE - ok
17:26:16.0828 2336 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:26:16.0828 2336 NetDDEdsdm - ok
17:26:16.0843 2336 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:26:16.0859 2336 Netlogon - ok
17:26:16.0875 2336 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
17:26:16.0875 2336 Netman - ok
17:26:16.0875 2336 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:26:16.0890 2336 NetTcpPortSharing - ok
17:26:16.0906 2336 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
17:26:16.0906 2336 Nla - ok
17:26:16.0953 2336 [ 65AC8BAA2F916EE9203EE48D7FCEE605 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
17:26:16.0984 2336 nmwcd - ok
17:26:17.0000 2336 [ 29AF182734A247240D89A0FE63DBEF03 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
17:26:17.0000 2336 nmwcdc - ok
17:26:17.0000 2336 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:26:17.0031 2336 Npfs - ok
17:26:17.0046 2336 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:26:17.0062 2336 Ntfs - ok
17:26:17.0078 2336 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:26:17.0078 2336 NtLmSsp - ok
17:26:17.0109 2336 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:26:17.0125 2336 NtmsSvc - ok
17:26:17.0125 2336 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:26:17.0156 2336 Null - ok
17:26:17.0250 2336 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:26:17.0281 2336 NwlnkFlt - ok
17:26:17.0281 2336 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:26:17.0312 2336 NwlnkFwd - ok
17:26:17.0328 2336 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:26:17.0328 2336 ose - ok
17:26:17.0343 2336 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:26:17.0359 2336 Parport - ok
17:26:17.0359 2336 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:26:17.0390 2336 PartMgr - ok
17:26:17.0421 2336 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:26:17.0437 2336 ParVdm - ok
17:26:17.0453 2336 [ 175CC28DCF819F78CAA3FBD44AD9E52A ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
17:26:17.0468 2336 pccsmcfd - ok
17:26:17.0468 2336 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:26:17.0484 2336 PCI - ok
17:26:17.0500 2336 PCIDump - ok
17:26:17.0515 2336 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:26:17.0531 2336 PCIIde - ok
17:26:17.0531 2336 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:26:17.0578 2336 Pcmcia - ok
17:26:17.0578 2336 PDCOMP - ok
17:26:17.0593 2336 PDFRAME - ok
17:26:17.0609 2336 PDRELI - ok
17:26:17.0609 2336 PDRFRAME - ok
17:26:17.0625 2336 perc2 - ok
17:26:17.0625 2336 perc2hib - ok
17:26:17.0671 2336 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
17:26:17.0671 2336 PlugPlay - ok
17:26:17.0687 2336 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:26:17.0687 2336 PolicyAgent - ok
17:26:17.0687 2336 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:26:17.0718 2336 PptpMiniport - ok
17:26:17.0718 2336 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:26:17.0718 2336 ProtectedStorage - ok
17:26:17.0734 2336 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:26:17.0765 2336 PSched - ok
17:26:17.0796 2336 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:26:17.0828 2336 Ptilink - ok
17:26:17.0828 2336 ql1080 - ok
17:26:17.0843 2336 Ql10wnt - ok
17:26:17.0843 2336 ql12160 - ok
17:26:17.0859 2336 ql1240 - ok
17:26:17.0859 2336 ql1280 - ok
17:26:17.0875 2336 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:26:17.0890 2336 RasAcd - ok
17:26:17.0906 2336 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:26:17.0906 2336 RasAuto - ok
17:26:17.0921 2336 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:26:17.0937 2336 Rasl2tp - ok
17:26:17.0968 2336 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:26:17.0968 2336 RasMan - ok
17:26:17.0984 2336 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:26:18.0000 2336 RasPppoe - ok
17:26:18.0015 2336 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:26:18.0031 2336 Raspti - ok
17:26:18.0046 2336 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:26:18.0125 2336 Rdbss - ok
17:26:18.0125 2336 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:26:18.0140 2336 RDPCDD - ok
17:26:18.0156 2336 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:26:18.0187 2336 rdpdr - ok
17:26:18.0218 2336 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:26:18.0234 2336 RDPWD - ok
17:26:18.0265 2336 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:26:18.0265 2336 RDSessMgr - ok
17:26:18.0265 2336 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:26:18.0296 2336 redbook - ok
17:26:18.0296 2336 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:26:18.0312 2336 RemoteAccess - ok
17:26:18.0328 2336 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:26:18.0328 2336 RemoteRegistry - ok
17:26:18.0328 2336 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
17:26:18.0343 2336 RpcLocator - ok
17:26:18.0359 2336 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:26:18.0359 2336 RpcSs - ok
17:26:18.0375 2336 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:26:18.0375 2336 RSVP - ok
17:26:18.0390 2336 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
17:26:18.0390 2336 SamSs - ok
17:26:18.0390 2336 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:26:18.0406 2336 SCardSvr - ok
17:26:18.0421 2336 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:26:18.0421 2336 Schedule - ok
17:26:18.0437 2336 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:26:18.0453 2336 Secdrv - ok
17:26:18.0468 2336 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:26:18.0468 2336 seclogon - ok
17:26:18.0484 2336 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
17:26:18.0484 2336 SENS - ok
17:26:18.0484 2336 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:26:18.0515 2336 serenum - ok
17:26:18.0515 2336 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:26:18.0562 2336 Serial - ok
17:26:18.0640 2336 [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
17:26:18.0640 2336 ServiceLayer - ok
17:26:18.0671 2336 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:26:18.0687 2336 Sfloppy - ok
17:26:18.0734 2336 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:26:18.0750 2336 SharedAccess - ok
17:26:18.0765 2336 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:26:18.0765 2336 ShellHWDetection - ok
17:26:18.0781 2336 Simbad - ok
17:26:18.0828 2336 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:26:18.0859 2336 SkypeUpdate - ok
17:26:18.0890 2336 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:26:18.0906 2336 SLIP - ok
17:26:18.0921 2336 Sparrow - ok
17:26:18.0953 2336 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:26:18.0968 2336 splitter - ok
17:26:18.0984 2336 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:26:19.0000 2336 Spooler - ok
17:26:19.0031 2336 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:26:19.0046 2336 sr - ok
17:26:19.0062 2336 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
17:26:19.0062 2336 srservice - ok
17:26:19.0078 2336 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:26:19.0109 2336 Srv - ok
17:26:19.0125 2336 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:26:19.0125 2336 SSDPSRV - ok
17:26:19.0140 2336 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:26:19.0156 2336 stisvc - ok
17:26:19.0171 2336 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:26:19.0203 2336 streamip - ok
17:26:19.0203 2336 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:26:19.0218 2336 swenum - ok
17:26:19.0234 2336 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:26:19.0265 2336 swmidi - ok
17:26:19.0281 2336 SwPrv - ok
17:26:19.0296 2336 symc810 - ok
17:26:19.0296 2336 symc8xx - ok
17:26:19.0312 2336 sym_hi - ok
17:26:19.0312 2336 sym_u3 - ok
17:26:19.0328 2336 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:26:19.0343 2336 sysaudio - ok
17:26:19.0359 2336 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:26:19.0359 2336 SysmonLog - ok
17:26:19.0375 2336 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:26:19.0390 2336 TapiSrv - ok
17:26:19.0390 2336 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:26:19.0421 2336 Tcpip - ok
17:26:19.0453 2336 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:26:19.0468 2336 TDPIPE - ok
17:26:19.0468 2336 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:26:19.0500 2336 TDTCP - ok
17:26:19.0500 2336 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:26:19.0562 2336 TermDD - ok
17:26:19.0578 2336 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
17:26:19.0593 2336 TermService - ok
17:26:19.0609 2336 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:26:19.0609 2336 Themes - ok
17:26:19.0625 2336 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:26:19.0640 2336 TlntSvr - ok
17:26:19.0640 2336 TosIde - ok
17:26:19.0656 2336 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:26:19.0656 2336 TrkWks - ok
17:26:19.0671 2336 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:26:19.0687 2336 Udfs - ok
17:26:19.0703 2336 ultra - ok
17:26:19.0718 2336 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:26:19.0750 2336 Update - ok
17:26:19.0781 2336 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
17:26:19.0796 2336 upnphost - ok
17:26:19.0812 2336 [ 2522747BA661514E3770E508CCE45B64 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
17:26:19.0828 2336 upperdev - ok
17:26:19.0828 2336 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
17:26:19.0843 2336 UPS - ok
17:26:19.0843 2336 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:26:19.0859 2336 usbehci - ok
17:26:19.0875 2336 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:26:19.0890 2336 usbhub - ok
17:26:19.0921 2336 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:26:19.0953 2336 usbscan - ok
17:26:19.0968 2336 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
17:26:20.0000 2336 usbser - ok
17:26:20.0000 2336 [ 8AA5F86A6C3B3234BEED9556D145BFAC ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
17:26:20.0015 2336 UsbserFilt - ok
17:26:20.0015 2336 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:26:20.0031 2336 USBSTOR - ok
17:26:20.0046 2336 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:26:20.0062 2336 usbuhci - ok
17:26:20.0078 2336 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:26:20.0093 2336 VgaSave - ok
17:26:20.0109 2336 ViaIde - ok
17:26:20.0109 2336 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:26:20.0156 2336 VolSnap - ok
17:26:20.0156 2336 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
17:26:20.0171 2336 VSS - ok
17:26:20.0203 2336 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
17:26:20.0203 2336 W32Time - ok
17:26:20.0234 2336 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:26:20.0250 2336 Wanarp - ok
17:26:20.0296 2336 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:26:20.0328 2336 Wdf01000 - ok
17:26:20.0328 2336 WDICA - ok
17:26:20.0359 2336 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:26:20.0390 2336 wdmaud - ok
17:26:20.0390 2336 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:26:20.0406 2336 WebClient - ok
17:26:20.0453 2336 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:26:20.0453 2336 winmgmt - ok
17:26:20.0500 2336 [ 4D34CEDD74BDBF2B6A935EAE3BF80543 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
17:26:20.0515 2336 WinRM - ok
17:26:20.0562 2336 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:26:20.0562 2336 WmdmPmSN - ok
17:26:20.0609 2336 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:26:20.0625 2336 Wmi - ok
17:26:20.0640 2336 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:26:20.0640 2336 WmiApSrv - ok
17:26:20.0687 2336 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:26:20.0703 2336 WMPNetworkSvc - ok
17:26:20.0765 2336 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:26:20.0781 2336 WPFFontCache_v0400 - ok
17:26:20.0812 2336 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:26:20.0812 2336 wscsvc - ok
17:26:20.0843 2336 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:26:20.0859 2336 WSTCODEC - ok
17:26:20.0890 2336 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:26:20.0890 2336 wuauserv - ok
17:26:20.0906 2336 [ 50EB9E21963B4F06FD010D007D54351B ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:26:20.0968 2336 WudfPf - ok
17:26:20.0984 2336 [ 6E209664BDEA8A15B5E8E480D6C607C2 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:26:20.0984 2336 WudfRd - ok
17:26:21.0000 2336 [ AE93084D2D236887BA56467AE42B4955 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:26:21.0000 2336 WudfSvc - ok
17:26:21.0015 2336 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:26:21.0031 2336 WZCSVC - ok
17:26:21.0062 2336 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:26:21.0062 2336 xmlprov - ok
17:26:21.0078 2336 ================ Scan global ===============================
17:26:21.0125 2336 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
17:26:21.0125 2336 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
17:26:21.0140 2336 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
17:26:21.0156 2336 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
17:26:21.0156 2336 [Global] - ok
17:26:21.0156 2336 ================ Scan MBR ==================================
17:26:21.0187 2336 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
17:26:21.0343 2336 \Device\Harddisk0\DR0 - ok
17:26:21.0359 2336 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk1\DR1
17:26:21.0500 2336 \Device\Harddisk1\DR1 - ok
17:26:21.0500 2336 ================ Scan VBR ==================================
17:26:21.0500 2336 [ 7EA6E6E9D6015772461EC747A3B3C341 ] \Device\Harddisk0\DR0\Partition1
17:26:21.0515 2336 \Device\Harddisk0\DR0\Partition1 - ok
17:26:21.0531 2336 [ B82ADE91B55A49931937F5C5657E255A ] \Device\Harddisk0\DR0\Partition2
17:26:21.0531 2336 \Device\Harddisk0\DR0\Partition2 - ok
17:26:21.0531 2336 [ 8596CBE14D251D0540521BCEE25E06FF ] \Device\Harddisk1\DR1\Partition1
17:26:21.0546 2336 \Device\Harddisk1\DR1\Partition1 - ok
17:26:21.0546 2336 [ 8FF5EA1DE6A4490DA854F244899F25B0 ] \Device\Harddisk1\DR1\Partition2
17:26:21.0546 2336 \Device\Harddisk1\DR1\Partition2 - ok
17:26:21.0546 2336 ============================================================
17:26:21.0546 2336 Scan finished
17:26:21.0546 2336 ============================================================
17:26:21.0562 4008 Detected object count: 0
17:26:21.0562 4008 Actual detected object count: 0
17:27:07.0187 0848 Deinitialize success
Nahoru
fille.de.france
nováček
Příspěvky: 26
Registrován: duben 11
Pohlaví: Žena
Stav:
Offline

Re: prosím o kontrolu logu v HJT

Příspěvekod fille.de.france » 17 zář 2012 18:03

Zde je log z Combofix:


ComboFix 12-09-16.01 - Motyl 2012/09/17 17:55:52.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.574 [GMT 2:00]
Spuštěný z: c:\documents and settings\Motyl\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Motyl\Dokumenty\ultima_prog2.bin
c:\windows\system32\CddbCdda.dll
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET28B.tmp
c:\windows\system32\SET28C.tmp
c:\windows\system32\SET28D.tmp
c:\windows\system32\SET521.tmp
c:\windows\system32\SET524.tmp
c:\windows\system32\SET528.tmp
c:\windows\system32\SET529.tmp
c:\windows\system32\SET530.tmp
c:\windows\system32\SET595.tmp
c:\windows\system32\SET596.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-17 do 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-09-17 13:14 . 2012-09-17 13:14 -------- d-----w- c:\documents and settings\Motyl\Data aplikací\Malwarebytes
2012-09-17 13:13 . 2012-09-17 13:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-09-17 13:13 . 2012-09-17 13:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-17 13:13 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-17 09:24 . 2012-06-02 13:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-09-16 18:02 . 2012-09-16 18:03 -------- d-----w- c:\program files\Cartoonist
2012-09-16 13:29 . 2012-09-16 13:29 -------- d-----w- c:\program files\Common Files\Skype
2012-09-16 13:29 . 2012-09-16 13:29 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 18:24 . 2012-04-27 12:07 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2011-08-26 21:33 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 16:39 . 2012-04-27 12:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 13:58 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-08-01 18:06 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2004-08-18 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 14396416]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-03 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"DelPnPDirver"="c:\program files\panasonic\panasonic KX-P7100\DelPnPD.exe" [2001-05-24 24576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Motyl^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Motyl\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-08 15:49 136176 ----atw- c:\documents and settings\Motyl\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010/12/21 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010/12/21 13:47 94872]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011/10/10 12:55 85344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011/01/12 16:41 810144]
R2 KPSYSDRV;KPSYSDRV;c:\windows\system32\drivers\Kpsysdrv.sys [2011/10/08 16:47 17016]
S2 BulkUsb;Genesys Logic USB Controller NT 5.0;c:\windows\system32\drivers\usbprn.sys [2011/10/08 16:46 7552]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012/03/29 21:23 116648]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012/07/13 13:28 160944]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [2011/08/01 23:42 5824]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012/03/29 21:23 116648]
S3 MODRC;Ultima Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2011/09/13 08:43 13440]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-29 19:23]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-29 19:23]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-17 18:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-09-17 18:02:06
ComboFix-quarantined-files.txt 2012-09-17 16:02
.
Před spuštěním: Volných bajtů: 449 390 612 480
Po spuštění: Volných bajtů: 449 458 286 592
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DD11248CE04D28875E4B6A8ACBB0720D
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu v HJT

Příspěvekod jaro3 » 18 zář 2012 10:28

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\program files\Skype\Updater\Updater.exe

Folder::
c:\program files\Google\Update
c:\program files\Skype\Updater

Driver::
gupdate
SkypeUpdate
gupdatem


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
fille.de.france
nováček
Příspěvky: 26
Registrován: duben 11
Pohlaví: Žena
Stav:
Offline

Re: prosím o kontrolu logu v HJT

Příspěvekod fille.de.france » 18 zář 2012 16:15

Dobrý den,
posílám log z Comboxifu:


ComboFix 12-09-18.05 - Motyl 2012/09/18 15:59:26.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.423 [GMT 2:00]
Spuštěný z: c:\documents and settings\Motyl\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Motyl\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\program files\Google\Update\GoogleUpdate.exe"
"c:\program files\Skype\Updater\Updater.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.115\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.115\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.115\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.115\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.115\goopdate.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.115\psmachine.dll
c:\program files\Google\Update\1.3.21.115\psuser.dll
c:\program files\Google\Update\Download\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88}\0.0.0.0\GoogleEarth-Win-Plugin-6.2.1.6014.exe
c:\program files\Google\Update\Download\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88}\0.0.0.0\GoogleEarth-Win-Plugin-6.2.2.6613.exe
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.115\GoogleUpdateSetup.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_SKYPEUPDATE
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-18 do 2012-09-18 )))))))))))))))))))))))))))))))
.
.
2012-09-17 13:14 . 2012-09-17 13:14 -------- d-----w- c:\documents and settings\Motyl\Data aplikací\Malwarebytes
2012-09-17 13:13 . 2012-09-17 13:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-09-17 13:13 . 2012-09-17 13:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-17 13:13 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-17 09:24 . 2012-06-02 13:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-09-16 18:02 . 2012-09-16 18:03 -------- d-----w- c:\program files\Cartoonist
2012-09-16 13:29 . 2012-09-16 13:29 -------- d-----w- c:\program files\Common Files\Skype
2012-09-16 13:29 . 2012-09-18 14:04 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 18:24 . 2012-04-27 12:07 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2011-08-26 21:33 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 16:39 . 2012-04-27 12:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 13:58 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-08-01 18:06 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2004-08-18 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-17_16.00.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-18 14:07 . 2012-09-18 14:07 16384 c:\windows\temp\Perflib_Perfdata_6d0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 14396416]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-03 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"DelPnPDirver"="c:\program files\panasonic\panasonic KX-P7100\DelPnPD.exe" [2001-05-24 24576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Motyl^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Motyl\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-08 15:49 136176 ----atw- c:\documents and settings\Motyl\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010/12/21 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010/12/21 13:47 94872]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011/10/10 12:55 85344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011/01/12 16:41 810144]
R2 KPSYSDRV;KPSYSDRV;c:\windows\system32\drivers\Kpsysdrv.sys [2011/10/08 16:47 17016]
S2 BulkUsb;Genesys Logic USB Controller NT 5.0;c:\windows\system32\drivers\usbprn.sys [2011/10/08 16:46 7552]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [2011/08/01 23:42 5824]
S3 MODRC;Ultima Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2011/09/13 08:43 13440]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-18 16:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2660)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Celkový čas: 2012-09-18 16:10:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-18 14:10
ComboFix2.txt 2012-09-17 16:02
.
Před spuštěním: Volných bajtů: 449 364 713 472
Po spuštění: Volných bajtů: 449 244 925 952
.
- - End Of File - - AEF9D7FC2EA0762E0E06869126737B8E
Nahoru
fille.de.france
nováček
Příspěvky: 26
Registrován: duben 11
Pohlaví: Žena
Stav:
Offline

Re: prosím o kontrolu logu v HJT

Příspěvekod fille.de.france » 18 zář 2012 16:24

Zde je také nový log z HJT:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:23:23, on 2012/09/18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Motyl\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Motyl\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Motyl\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Motyl\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Motyl\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Motyl\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Motyl\Dokumenty\Downloads\HijackThis (1).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [DelPnPDirver] C:\Program Files\panasonic\panasonic KX-P7100\DelPnPD.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7693156859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7785829000
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7149 bytes
Nahoru
fille.de.france
nováček
Příspěvky: 26
Registrován: duben 11
Pohlaví: Žena
Stav:
Offline

Re: prosím o kontrolu logu v HJT

Příspěvekod fille.de.france » 18 zář 2012 16:30

Tady je log z aswMBR:


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-18 16:28:53
-----------------------------
16:28:53.984 OS Version: Windows 5.1.2600 Service Pack 3
16:28:53.984 Number of processors: 2 586 0x409
16:28:53.984 ComputerName: HLAVNIPC UserName: Motyl
16:28:57.906 Initialize success
16:29:08.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
16:29:08.015 Disk 0 Vendor: WDC_WD10EARS-00Y5B1 80.00A80 Size: 953869MB BusType: 3
16:29:08.015 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-19
16:29:08.015 Disk 1 Vendor: WDC_WD3200JS-00PDB0 21.00M21 Size: 305245MB BusType: 3
16:29:08.031 Disk 0 MBR read successfully
16:29:08.031 Disk 0 MBR scan
16:29:08.031 Disk 0 Windows XP default MBR code
16:29:08.046 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 499999 MB offset 63
16:29:08.046 Disk 0 Partition - 00 0F Extended LBA 453859 MB offset 1023999165
16:29:08.062 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 453859 MB offset 1023999228
16:29:08.062 Disk 0 scanning sectors +1953504000
16:29:08.140 Disk 0 scanning C:\WINDOWS\system32\drivers
16:29:17.015 Service scanning
16:29:22.593 Modules scanning
16:29:27.156 Disk 0 trace - called modules:
16:29:27.203 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
16:29:27.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86720ab8]
16:29:27.203 3 CLASSPNP.SYS[f787ffd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x86723d98]
16:29:27.218 Scan finished successfully
16:29:56.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Motyl\Plocha\MBR.dat"
16:29:56.125 The log file has been saved successfully to "C:\Documents and Settings\Motyl\Plocha\aswMBR.txt"
Nahoru
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu v HJT

Příspěvekod memphisto » 18 zář 2012 16:50

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

LOgy ok

Jak se chová PC?
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Nahoru
fille.de.france
nováček
Příspěvky: 26
Registrován: duben 11
Pohlaví: Žena
Stav:
Offline

Re: prosím o kontrolu logu v HJT

Příspěvekod fille.de.france » 18 zář 2012 18:01

Tak jsem to provedla, akorát ten T-Cleaner jsem musela stáhnout odjinud, protože z toho odkazu mi to hlásilo chybu při stahování.
Jinak PC se chová normálně, akorát ještě nevím, jestli se mi stáhnou automaticky ty aktualizace, protože ještě dnes, než jsem dokončila celý ten výše zmiňovaný postup se automaticky nestahovaly.
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 87 hostů