prosím o kontrolu logu

[hady9]

Zdravím,
prosím o kontrolu logu,děkuji


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30, on 2012-11-05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: CENZURA Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: CENZURA Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: CENZURA Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate1c98707d8154244) (gupdate1c98707d8154244) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7787 bytes

[Reklama]

[memphisto]

odinstaluj CENZURA Toolbar

v logu fixni:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: CENZURA Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CENZURA Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
O3 - Toolbar: CENZURA Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[hady9]

v logu sem to fixnul,ale CENZURA Toolbar mi nejde odinstalovat,dám odebrat a hodí mi to hlášku instalační služby,že mám zadat jinej zdroj "cestu" obsahující instalační balíček

[Žbeky]

Tak pokračuj dál dle instrukcí

[hady9]

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.11.07.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Hadi :: SMRD-1C57128332 [administrátor]

2012-11-07 13:42
mbam-log-2012-11-07 (13-50-01).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 205489
Uplynulý čas: 2 minut, 55 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 3
HKCU\SOFTWARE\5DR8ZAD8GX (Trojan.FakeAlert) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\TG0PTF86JH (Trojan.FakeAlert) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Žádná instrukce nebyla provedena.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Žádná instrukce nebyla provedena.

(konec)

[memphisto]

V Mbam nech vše smazat

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[hady9]

18:45:21.0078 3968 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:45:21.0156 3968 ============================================================
18:45:21.0156 3968 Current date / time: 2012/11/08 18:45:21.0156
18:45:21.0156 3968 SystemInfo:
18:45:21.0156 3968
18:45:21.0156 3968 OS Version: 5.1.2600 ServicePack: 3.0
18:45:21.0156 3968 Product type: Workstation
18:45:21.0156 3968 ComputerName: SMRD-1C57128332
18:45:21.0156 3968 UserName: Hadi
18:45:21.0156 3968 Windows directory: C:\WINDOWS
18:45:21.0156 3968 System windows directory: C:\WINDOWS
18:45:21.0156 3968 Processor architecture: Intel x86
18:45:21.0156 3968 Number of processors: 2
18:45:21.0156 3968 Page size: 0x1000
18:45:21.0156 3968 Boot type: Normal boot
18:45:21.0156 3968 ============================================================
18:45:21.0984 3968 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:45:21.0984 3968 ============================================================
18:45:21.0984 3968 \Device\Harddisk0\DR0:
18:45:21.0984 3968 MBR partitions:
18:45:21.0984 3968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
18:45:21.0984 3968 ============================================================
18:45:22.0015 3968 C: <-> \Device\Harddisk0\DR0\Partition1
18:45:22.0015 3968 ============================================================
18:45:22.0015 3968 Initialize success
18:45:22.0015 3968 ============================================================
18:45:32.0343 0724 ============================================================
18:45:32.0343 0724 Scan started
18:45:32.0343 0724 Mode: Manual;
18:45:32.0343 0724 ============================================================
18:45:32.0468 0724 ================ Scan system memory ========================
18:45:32.0468 0724 System memory - ok
18:45:32.0468 0724 ================ Scan services =============================
18:45:32.0562 0724 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys
18:45:32.0593 0724 61883 - ok
18:45:32.0625 0724 [ 1F61CACACB521215F39061789147968C ] a347bus C:\WINDOWS\system32\DRIVERS\a347bus.sys
18:45:32.0625 0724 a347bus - ok
18:45:32.0656 0724 [ 113E4B318BBAA7483CA4E582A4D63F49 ] a347scsi C:\WINDOWS\system32\Drivers\a347scsi.sys
18:45:32.0671 0724 a347scsi - ok
18:45:32.0671 0724 Abiosdsk - ok
18:45:32.0671 0724 abp480n5 - ok
18:45:32.0718 0724 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:45:32.0750 0724 ACPI - ok
18:45:32.0765 0724 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:45:32.0781 0724 ACPIEC - ok
18:45:32.0828 0724 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:45:32.0828 0724 AdobeFlashPlayerUpdateSvc - ok
18:45:32.0828 0724 adpu160m - ok
18:45:32.0859 0724 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:45:32.0875 0724 aec - ok
18:45:32.0921 0724 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:45:32.0921 0724 AFD - ok
18:45:32.0921 0724 Aha154x - ok
18:45:32.0937 0724 aic78u2 - ok
18:45:32.0937 0724 aic78xx - ok
18:45:32.0953 0724 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:45:32.0953 0724 Alerter - ok
18:45:32.0968 0724 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
18:45:32.0968 0724 ALG - ok
18:45:32.0968 0724 AliIde - ok
18:45:32.0968 0724 amsint - ok
18:45:33.0046 0724 [ 592F7AE254995274E166EEC95C28F551 ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
18:45:33.0062 0724 Application Updater - ok
18:45:33.0093 0724 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:45:33.0093 0724 AppMgmt - ok
18:45:33.0125 0724 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:45:33.0140 0724 Arp1394 - ok
18:45:33.0171 0724 [ 4F9CBBF95E8F7A0D4C0EDCFE3B78102E ] ASAPIW2k C:\WINDOWS\system32\drivers\ASAPIW2k.sys
18:45:33.0187 0724 ASAPIW2k - ok
18:45:33.0187 0724 asc - ok
18:45:33.0187 0724 asc3350p - ok
18:45:33.0203 0724 asc3550 - ok
18:45:33.0250 0724 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:45:33.0296 0724 aspnet_state - ok
18:45:33.0312 0724 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:45:33.0328 0724 AsyncMac - ok
18:45:33.0359 0724 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:45:33.0359 0724 atapi - ok
18:45:33.0359 0724 Atdisk - ok
18:45:33.0406 0724 [ 3E4AF7ACC483ED4DB791C5A38E85BF73 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
18:45:33.0406 0724 Ati HotKey Poller - ok
18:45:33.0453 0724 [ B979BA0120B6DB757196A8E2E873FE3C ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
18:45:33.0468 0724 ATI Smart - ok
18:45:33.0546 0724 [ A48792ACEFC965CEEF1B634B533C334E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:45:33.0546 0724 ati2mtag - ok
18:45:33.0578 0724 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:45:33.0593 0724 Atmarpc - ok
18:45:33.0625 0724 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:45:33.0625 0724 AudioSrv - ok
18:45:33.0671 0724 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:45:33.0687 0724 audstub - ok
18:45:33.0703 0724 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
18:45:33.0703 0724 Avc - ok
18:45:33.0750 0724 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:45:33.0765 0724 Beep - ok
18:45:33.0796 0724 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
18:45:33.0875 0724 BITS - ok
18:45:33.0890 0724 [ 249276D3EF1E74B992299CB96099E4D7 ] Browser C:\WINDOWS\System32\browser.dll
18:45:33.0890 0724 Browser - ok
18:45:33.0937 0724 [ 42EBCE48178CE5D0998EB1CA62DB1E9B ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
18:45:33.0953 0724 btaudio - ok
18:45:33.0968 0724 [ 39309739BADD058C8F4B845D9A3C58D2 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
18:45:34.0000 0724 BTDriver - ok
18:45:34.0046 0724 [ C9253AB5F6611FA2CA5C914D0FE384C5 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
18:45:34.0078 0724 BTKRNL - ok
18:45:34.0078 0724 BTSERIAL - ok
18:45:34.0078 0724 BTSLBCSP - ok
18:45:34.0171 0724 [ A1E2ED3E0640999DE683367A4F716F61 ] btwdins C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
18:45:34.0171 0724 btwdins - ok
18:45:34.0187 0724 [ 9A794455B18D815DB25D991452D4266A ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
18:45:34.0218 0724 BTWDNDIS - ok
18:45:34.0250 0724 [ B42E484F624A39AD8A5B06D9B26D6BC1 ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
18:45:34.0265 0724 btwmodem - ok
18:45:34.0296 0724 [ 843E656DB562FFFF197AFAF98042FACA ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
18:45:34.0328 0724 BTWUSB - ok
18:45:34.0359 0724 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:45:34.0375 0724 cbidf2k - ok
18:45:34.0406 0724 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:45:34.0421 0724 CCDECODE - ok
18:45:34.0421 0724 cd20xrnt - ok
18:45:34.0453 0724 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:45:34.0468 0724 Cdaudio - ok
18:45:34.0500 0724 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:45:34.0531 0724 Cdfs - ok
18:45:34.0562 0724 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:45:34.0578 0724 Cdrom - ok
18:45:34.0593 0724 Changer - ok
18:45:34.0625 0724 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:45:34.0625 0724 CiSvc - ok
18:45:34.0656 0724 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:45:34.0656 0724 ClipSrv - ok
18:45:34.0687 0724 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:45:34.0828 0724 clr_optimization_v2.0.50727_32 - ok
18:45:34.0843 0724 CmdIde - ok
18:45:34.0843 0724 COMSysApp - ok
18:45:34.0843 0724 Cpqarray - ok
18:45:34.0875 0724 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:45:34.0875 0724 CryptSvc - ok
18:45:34.0875 0724 dac2w2k - ok
18:45:34.0890 0724 dac960nt - ok
18:45:34.0921 0724 [ C868F3AE15CF71A93F2AA3A32856D839 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:45:34.0921 0724 DcomLaunch - ok
18:45:34.0968 0724 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:45:34.0968 0724 Dhcp - ok
18:45:35.0000 0724 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:45:35.0015 0724 Disk - ok
18:45:35.0015 0724 dmadmin - ok
18:45:35.0078 0724 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:45:35.0109 0724 dmboot - ok
18:45:35.0109 0724 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:45:35.0156 0724 dmio - ok
18:45:35.0171 0724 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:45:35.0187 0724 dmload - ok
18:45:35.0234 0724 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:45:35.0234 0724 dmserver - ok
18:45:35.0234 0724 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:45:35.0250 0724 DMusic - ok
18:45:35.0250 0724 [ 0634B791684B84F4A331F3D3536FEEF8 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:45:35.0250 0724 Dnscache - ok
18:45:35.0296 0724 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:45:35.0312 0724 Dot3svc - ok
18:45:35.0312 0724 dpti2o - ok
18:45:35.0328 0724 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:45:35.0343 0724 drmkaud - ok
18:45:35.0375 0724 [ 7A25AD652A3003B8854E873A3324E672 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
18:45:35.0375 0724 eamon - ok
18:45:35.0406 0724 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:45:35.0406 0724 EapHost - ok
18:45:35.0421 0724 [ C7C17BC80B7264322207ABC31F20EA84 ] easdrv C:\WINDOWS\system32\DRIVERS\easdrv.sys
18:45:35.0421 0724 easdrv - ok
18:45:35.0468 0724 [ 5171CE57B3A004E30CA2B4062C053085 ] EhttpSrv C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
18:45:35.0468 0724 EhttpSrv - ok
18:45:35.0500 0724 [ D5D4124827086BA54F6BFE75CE330531 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
18:45:35.0500 0724 ekrn - ok
18:45:35.0531 0724 [ 075D91E4DE09A6F1EDE77C341803D454 ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
18:45:35.0546 0724 ElbyCDFL - ok
18:45:35.0562 0724 [ AAA8999A169E39FB8B48AE49CD6AC30A ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
18:45:35.0562 0724 ElbyCDIO - ok
18:45:35.0578 0724 [ E205C313417DA6FA7AFE85912A310A65 ] ElbyDelay C:\WINDOWS\system32\Drivers\ElbyDelay.sys
18:45:35.0578 0724 ElbyDelay - ok
18:45:35.0609 0724 [ FD9FC82F134B1C91004FFC76A5AE494B ] ENTECH C:\WINDOWS\system32\DRIVERS\ENTECH.sys
18:45:35.0625 0724 ENTECH - ok
18:45:35.0656 0724 [ 28C76F783EBDDB71643B8BC0821779F0 ] epfw C:\WINDOWS\system32\DRIVERS\epfw.sys
18:45:35.0656 0724 epfw - ok
18:45:35.0687 0724 [ 711C459909E10659F4A0456EA10E2A51 ] Epfwndis C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
18:45:35.0687 0724 Epfwndis - ok
18:45:35.0703 0724 [ 630A3F48F5D211FCFC16F1DD9E4A8580 ] epfwtdi C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
18:45:35.0703 0724 epfwtdi - ok
18:45:35.0734 0724 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:45:35.0734 0724 ERSvc - ok
18:45:35.0765 0724 [ F0D2AE69035092BF22DAD6B50FAB85C2 ] Eventlog C:\WINDOWS\system32\services.exe
18:45:35.0765 0724 Eventlog - ok
18:45:35.0812 0724 [ 260C69FD67687B0DC062FC3D31655857 ] EventSystem C:\WINDOWS\system32\es.dll
18:45:35.0812 0724 EventSystem - ok
18:45:35.0843 0724 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:45:35.0875 0724 Fastfat - ok
18:45:35.0906 0724 [ B927443008910B412BEC72FC41C1BAD0 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:45:35.0906 0724 FastUserSwitchingCompatibility - ok
18:45:35.0921 0724 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:45:35.0937 0724 Fdc - ok
18:45:35.0953 0724 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:45:35.0968 0724 Fips - ok
18:45:35.0968 0724 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:45:35.0984 0724 Flpydisk - ok
18:45:36.0015 0724 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:45:36.0062 0724 FltMgr - ok
18:45:36.0109 0724 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:45:36.0109 0724 FontCache3.0.0.0 - ok
18:45:36.0125 0724 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:45:36.0140 0724 Fs_Rec - ok
18:45:36.0156 0724 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:45:36.0171 0724 Ftdisk - ok
18:45:36.0218 0724 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:45:36.0234 0724 Gpc - ok
18:45:36.0296 0724 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c98707d8154244 C:\Program Files\Google\Update\GoogleUpdate.exe
18:45:36.0312 0724 gupdate1c98707d8154244 - ok
18:45:36.0312 0724 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:45:36.0312 0724 gupdatem - ok
18:45:36.0343 0724 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:45:36.0359 0724 HDAudBus - ok
18:45:36.0406 0724 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:45:36.0406 0724 helpsvc - ok
18:45:36.0421 0724 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
18:45:36.0437 0724 HidServ - ok
18:45:36.0453 0724 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:45:36.0468 0724 HidUsb - ok
18:45:36.0500 0724 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:45:36.0500 0724 hkmsvc - ok
18:45:36.0500 0724 hpn - ok
18:45:36.0515 0724 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:45:36.0546 0724 HTTP - ok
18:45:36.0562 0724 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:45:36.0562 0724 HTTPFilter - ok
18:45:36.0625 0724 [ AC1E9496BA0AC3B27B45F2228ED51B2C ] HWiNFO32 C:\Program Files\HWiNFO32\HWiNFO32.SYS
18:45:36.0625 0724 HWiNFO32 - ok
18:45:36.0640 0724 i2omgmt - ok
18:45:36.0640 0724 i2omp - ok
18:45:36.0640 0724 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:45:36.0671 0724 i8042prt - ok
18:45:36.0750 0724 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:45:36.0750 0724 IDriverT - ok
18:45:36.0796 0724 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:45:36.0828 0724 idsvc - ok
18:45:36.0843 0724 [ 25EDD75E23C5EF6B33D0FBCCE125A601 ] imagedrv C:\WINDOWS\system32\Drivers\imagedrv.sys
18:45:36.0843 0724 imagedrv - ok
18:45:36.0859 0724 [ 9C4BBACF4E9B9543C3CE23F1FE556941 ] imagesrv C:\WINDOWS\system32\DRIVERS\imagesrv.sys
18:45:36.0859 0724 imagesrv - ok
18:45:36.0890 0724 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:45:36.0906 0724 Imapi - ok
18:45:36.0953 0724 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:45:36.0953 0724 ImapiService - ok
18:45:36.0953 0724 ini910u - ok
18:45:37.0078 0724 [ 12F4D2AA29745DC2A403FF42E75CF7FA ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:45:37.0140 0724 IntcAzAudAddService - ok
18:45:37.0140 0724 IntelIde - ok
18:45:37.0187 0724 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:45:37.0203 0724 intelppm - ok
18:45:37.0203 0724 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:45:37.0250 0724 Ip6Fw - ok
18:45:37.0281 0724 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:45:37.0312 0724 IpFilterDriver - ok
18:45:37.0328 0724 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:45:37.0343 0724 IpInIp - ok
18:45:37.0359 0724 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:45:37.0390 0724 IpNat - ok
18:45:37.0421 0724 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:45:37.0453 0724 IPSec - ok
18:45:37.0484 0724 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:45:37.0500 0724 IRENUM - ok
18:45:37.0515 0724 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:45:37.0531 0724 isapnp - ok
18:45:37.0640 0724 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:45:37.0640 0724 JavaQuickStarterService - ok
18:45:37.0671 0724 [ C995C0E8B4503FAC38793BB0236AD246 ] JGOGO C:\WINDOWS\system32\DRIVERS\JGOGO.sys
18:45:37.0687 0724 JGOGO - ok
18:45:37.0703 0724 [ DAC317A5EFD8FE13FE7EC8E2B2E1D549 ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
18:45:37.0703 0724 JRAID - ok
18:45:37.0718 0724 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:45:37.0734 0724 Kbdclass - ok
18:45:37.0750 0724 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:45:37.0765 0724 kbdhid - ok
18:45:37.0781 0724 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:45:37.0781 0724 kmixer - ok
18:45:37.0796 0724 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:45:37.0812 0724 KSecDD - ok
18:45:37.0828 0724 [ 21920AC69594AB021237054FA728FE46 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:45:37.0828 0724 lanmanserver - ok
18:45:37.0859 0724 [ 5190783F51A2D7A8495202C664D7C963 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:45:37.0859 0724 lanmanworkstation - ok
18:45:37.0859 0724 lbrtfdc - ok
18:45:37.0921 0724 [ 5D4B38A8D8525356798F5E560C3A3090 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:45:37.0937 0724 LightScribeService - ok
18:45:37.0968 0724 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:45:37.0968 0724 LmHosts - ok
18:45:38.0000 0724 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
18:45:38.0031 0724 MarvinBus - ok
18:45:38.0046 0724 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:45:38.0046 0724 Messenger - ok
18:45:38.0062 0724 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:45:38.0078 0724 mnmdd - ok
18:45:38.0109 0724 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:45:38.0125 0724 mnmsrvc - ok
18:45:38.0125 0724 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:45:38.0140 0724 Modem - ok
18:45:38.0140 0724 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:45:38.0171 0724 Mouclass - ok
18:45:38.0203 0724 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:45:38.0218 0724 mouhid - ok
18:45:38.0234 0724 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:45:38.0250 0724 MountMgr - ok
18:45:38.0281 0724 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:45:38.0281 0724 MozillaMaintenance - ok
18:45:38.0296 0724 mraid35x - ok
18:45:38.0296 0724 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:45:38.0343 0724 MRxDAV - ok
18:45:38.0359 0724 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:45:38.0390 0724 MRxSmb - ok
18:45:38.0421 0724 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:45:38.0421 0724 MSDTC - ok
18:45:38.0437 0724 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys
18:45:38.0468 0724 MSDV - ok
18:45:38.0468 0724 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:45:38.0484 0724 Msfs - ok
18:45:38.0500 0724 MSIServer - ok
18:45:38.0500 0724 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:45:38.0515 0724 MSKSSRV - ok
18:45:38.0531 0724 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:45:38.0546 0724 MSPCLOCK - ok
18:45:38.0546 0724 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:45:38.0562 0724 MSPQM - ok
18:45:38.0609 0724 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:45:38.0625 0724 mssmbios - ok
18:45:38.0625 0724 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:45:38.0640 0724 MSTEE - ok
18:45:38.0656 0724 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:45:38.0671 0724 Mup - ok
18:45:38.0718 0724 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:45:38.0734 0724 NABTSFEC - ok
18:45:38.0781 0724 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:45:38.0781 0724 napagent - ok
18:45:38.0828 0724 [ 2C55366B5572A5F7826E42AFA5F3C789 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
18:45:38.0843 0724 NBService - ok
18:45:38.0843 0724 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:45:38.0859 0724 NDIS - ok
18:45:38.0890 0724 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:45:38.0906 0724 NdisIP - ok
18:45:38.0953 0724 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:45:38.0968 0724 NdisTapi - ok
18:45:38.0984 0724 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:45:39.0000 0724 Ndisuio - ok
18:45:39.0015 0724 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:45:39.0046 0724 NdisWan - ok
18:45:39.0062 0724 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:45:39.0078 0724 NDProxy - ok
18:45:39.0078 0724 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:45:39.0109 0724 NetBIOS - ok
18:45:39.0140 0724 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:45:39.0156 0724 NetBT - ok
18:45:39.0171 0724 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
18:45:39.0187 0724 NetDDE - ok
18:45:39.0187 0724 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:45:39.0187 0724 NetDDEdsdm - ok
18:45:39.0203 0724 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:45:39.0203 0724 Netlogon - ok
18:45:39.0218 0724 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
18:45:39.0218 0724 Netman - ok
18:45:39.0250 0724 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:45:39.0250 0724 NetTcpPortSharing - ok
18:45:39.0265 0724 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:45:39.0296 0724 NIC1394 - ok
18:45:39.0296 0724 [ AAC97DAB5F8A0573CF10E0EAC42A7724 ] Nla C:\WINDOWS\System32\mswsock.dll
18:45:39.0312 0724 Nla - ok
18:45:39.0312 0724 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:45:39.0328 0724 Npfs - ok
18:45:39.0343 0724 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:45:39.0375 0724 Ntfs - ok
18:45:39.0375 0724 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:45:39.0390 0724 NtLmSsp - ok
18:45:39.0437 0724 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:45:39.0437 0724 NtmsSvc - ok
18:45:39.0468 0724 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:45:39.0484 0724 Null - ok
18:45:39.0515 0724 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:45:39.0531 0724 NwlnkFlt - ok
18:45:39.0546 0724 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:45:39.0562 0724 NwlnkFwd - ok
18:45:39.0593 0724 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:45:39.0625 0724 ohci1394 - ok
18:45:39.0671 0724 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:45:39.0671 0724 ose - ok
18:45:39.0703 0724 [ DB5E1D29AA509D58067AED5CC83D8170 ] ovt519 C:\WINDOWS\system32\Drivers\ov519vid.sys
18:45:39.0765 0724 ovt519 - ok
18:45:39.0781 0724 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:45:39.0796 0724 Parport - ok
18:45:39.0812 0724 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:45:39.0828 0724 PartMgr - ok
18:45:39.0859 0724 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:45:39.0875 0724 ParVdm - ok
18:45:39.0906 0724 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:45:39.0921 0724 PCI - ok
18:45:39.0921 0724 PCIDump - ok
18:45:39.0937 0724 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:45:39.0953 0724 PCIIde - ok
18:45:39.0968 0724 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:45:40.0015 0724 Pcmcia - ok
18:45:40.0046 0724 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
18:45:40.0078 0724 pcouffin - ok
18:45:40.0078 0724 PDCOMP - ok
18:45:40.0093 0724 PDFRAME - ok
18:45:40.0093 0724 PDRELI - ok
18:45:40.0093 0724 PDRFRAME - ok
18:45:40.0093 0724 perc2 - ok
18:45:40.0093 0724 perc2hib - ok
18:45:40.0140 0724 [ 444F122E68DB44C0589227781F3C8B3F ] pfc C:\WINDOWS\system32\drivers\pfc.sys
18:45:40.0140 0724 pfc - ok
18:45:40.0156 0724 [ F0D2AE69035092BF22DAD6B50FAB85C2 ] PlugPlay C:\WINDOWS\system32\services.exe
18:45:40.0156 0724 PlugPlay - ok
18:45:40.0187 0724 [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
18:45:40.0187 0724 PnkBstrA - ok
18:45:40.0234 0724 [ 9A386EC60A166DF66205343CA12C6B86 ] PnkBstrB C:\WINDOWS\system32\PnkBstrB.exe
18:45:40.0437 0724 PnkBstrB - ok
18:45:40.0468 0724 [ 10BE25C04613B70D8CE1F412E14D9454 ] PnkBstrK C:\WINDOWS\system32\drivers\PnkBstrK.sys
18:45:40.0593 0724 PnkBstrK - ok
18:45:40.0609 0724 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:45:40.0609 0724 PolicyAgent - ok
18:45:40.0625 0724 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:45:40.0640 0724 PptpMiniport - ok
18:45:40.0656 0724 [ F2E3C8F1EB6BA0733E0A1F6373DF7957 ] prodrv06 C:\WINDOWS\System32\drivers\prodrv06.sys
18:45:40.0656 0724 prodrv06 - ok
18:45:40.0671 0724 [ 150307B52807D0C493C605AB913038AD ] prohlp02 C:\WINDOWS\system32\drivers\prohlp02.sys
18:45:40.0671 0724 prohlp02 - ok
18:45:40.0703 0724 [ F3471E7971EE62420451D958DA635064 ] prosync1 C:\WINDOWS\system32\drivers\prosync1.sys
18:45:40.0703 0724 prosync1 - ok
18:45:40.0703 0724 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:45:40.0703 0724 ProtectedStorage - ok
18:45:40.0734 0724 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:45:40.0765 0724 PSched - ok
18:45:40.0765 0724 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:45:40.0796 0724 Ptilink - ok
18:45:40.0796 0724 ql1080 - ok
18:45:40.0796 0724 Ql10wnt - ok
18:45:40.0796 0724 ql12160 - ok
18:45:40.0796 0724 ql1240 - ok
18:45:40.0812 0724 ql1280 - ok
18:45:40.0812 0724 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:45:40.0843 0724 RasAcd - ok
18:45:40.0859 0724 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:45:40.0875 0724 RasAuto - ok
18:45:40.0875 0724 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:45:40.0906 0724 Rasl2tp - ok
18:45:40.0937 0724 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:45:40.0953 0724 RasMan - ok
18:45:40.0953 0724 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:45:40.0984 0724 RasPppoe - ok
18:45:40.0984 0724 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:45:41.0000 0724 Raspti - ok
18:45:41.0031 0724 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:45:41.0109 0724 Rdbss - ok
18:45:41.0125 0724 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:45:41.0140 0724 RDPCDD - ok
18:45:41.0171 0724 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:45:41.0203 0724 rdpdr - ok
18:45:41.0218 0724 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:45:41.0265 0724 RDPWD - ok
18:45:41.0312 0724 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:45:41.0312 0724 RDSessMgr - ok
18:45:41.0343 0724 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:45:41.0359 0724 redbook - ok
18:45:41.0390 0724 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:45:41.0390 0724 RemoteAccess - ok
18:45:41.0421 0724 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:45:41.0437 0724 RemoteRegistry - ok
18:45:41.0437 0724 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
18:45:41.0453 0724 ROOTMODEM - ok
18:45:41.0468 0724 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
18:45:41.0468 0724 RpcLocator - ok
18:45:41.0500 0724 [ C868F3AE15CF71A93F2AA3A32856D839 ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:45:41.0500 0724 RpcSs - ok
18:45:41.0531 0724 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:45:41.0546 0724 RSVP - ok
18:45:41.0578 0724 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
18:45:41.0578 0724 SamSs - ok
18:45:41.0593 0724 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:45:41.0593 0724 SCardSvr - ok
18:45:41.0625 0724 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:45:41.0640 0724 Schedule - ok
18:45:41.0656 0724 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:45:41.0671 0724 Secdrv - ok
18:45:41.0718 0724 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:45:41.0718 0724 seclogon - ok
18:45:41.0750 0724 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
18:45:41.0750 0724 SENS - ok
18:45:41.0781 0724 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:45:41.0796 0724 serenum - ok
18:45:41.0812 0724 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:45:41.0843 0724 Serial - ok
18:45:41.0890 0724 [ 9E7DEE11FD5A4355941A45F13C0ED59A ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
18:45:41.0906 0724 sfdrv01 - ok
18:45:41.0906 0724 [ 4D0CE0FADCA29E7DA68CE597AC9010BD ] sfdrv01a C:\WINDOWS\system32\drivers\sfdrv01a.sys
18:45:41.0937 0724 sfdrv01a - ok
18:45:41.0937 0724 [ 462AEE0EA0481EA8BD45CAC876A4CCC4 ] sfhlp01 C:\WINDOWS\system32\drivers\sfhlp01.sys
18:45:41.0953 0724 sfhlp01 - ok
18:45:41.0953 0724 [ DAAD4C099EBF5094D32C373AC1AC0F3C ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
18:45:41.0968 0724 sfhlp02 - ok
18:45:42.0000 0724 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:45:42.0015 0724 Sfloppy - ok
18:45:42.0015 0724 sfrem01 - ok
18:45:42.0015 0724 [ C526AD307FF1900BC4C864F74553F762 ] sfsync04 C:\WINDOWS\system32\drivers\sfsync04.sys
18:45:42.0046 0724 sfsync04 - ok
18:45:42.0078 0724 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:45:42.0078 0724 SharedAccess - ok
18:45:42.0093 0724 [ B927443008910B412BEC72FC41C1BAD0 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:45:42.0093 0724 ShellHWDetection - ok
18:45:42.0109 0724 Simbad - ok
18:45:42.0140 0724 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:45:42.0156 0724 SLIP - ok
18:45:42.0156 0724 Sparrow - ok
18:45:42.0187 0724 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:45:42.0203 0724 splitter - ok
18:45:42.0234 0724 [ CB1090BCA0E7B40D0B5B4E4D66531809 ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:45:42.0250 0724 Spooler - ok
18:45:42.0265 0724 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
18:45:42.0265 0724 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
18:45:42.0265 0724 sptd ( LockedFile.Multi.Generic ) - warning
18:45:42.0265 0724 sptd - detected LockedFile.Multi.Generic (1)
18:45:42.0312 0724 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:45:42.0343 0724 sr - ok
18:45:42.0359 0724 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
18:45:42.0359 0724 srservice - ok
18:45:42.0375 0724 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:45:42.0421 0724 Srv - ok
18:45:42.0421 0724 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:45:42.0437 0724 SSDPSRV - ok
18:45:42.0453 0724 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:45:42.0453 0724 stisvc - ok
18:45:42.0468 0724 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:45:42.0484 0724 streamip - ok
18:45:42.0515 0724 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:45:42.0531 0724 swenum - ok
18:45:42.0562 0724 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:45:42.0609 0724 swmidi - ok
18:45:42.0609 0724 SwPrv - ok
18:45:42.0609 0724 symc810 - ok
18:45:42.0625 0724 symc8xx - ok
18:45:42.0625 0724 sym_hi - ok
18:45:42.0625 0724 sym_u3 - ok
18:45:42.0656 0724 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:45:42.0656 0724 sysaudio - ok
18:45:42.0687 0724 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:45:42.0687 0724 SysmonLog - ok
18:45:42.0703 0724 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:45:42.0703 0724 TapiSrv - ok
18:45:42.0734 0724 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:45:42.0765 0724 Tcpip - ok
18:45:42.0796 0724 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:45:42.0812 0724 TDPIPE - ok
18:45:42.0828 0724 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:45:42.0843 0724 TDTCP - ok
18:45:42.0859 0724 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:45:42.0921 0724 TermDD - ok
18:45:42.0953 0724 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
18:45:42.0953 0724 TermService - ok
18:45:42.0968 0724 [ B927443008910B412BEC72FC41C1BAD0 ] Themes C:\WINDOWS\System32\shsvcs.dll
18:45:42.0968 0724 Themes - ok
18:45:42.0984 0724 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:45:42.0984 0724 TlntSvr - ok
18:45:43.0000 0724 TosIde - ok
18:45:43.0015 0724 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:45:43.0015 0724 TrkWks - ok
18:45:43.0031 0724 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:45:43.0062 0724 Udfs - ok
18:45:43.0062 0724 ultra - ok
18:45:43.0078 0724 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
18:45:43.0093 0724 UMWdf - ok
18:45:43.0140 0724 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:45:43.0187 0724 Update - ok
18:45:43.0203 0724 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
18:45:43.0203 0724 upnphost - ok
18:45:43.0234 0724 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
18:45:43.0234 0724 UPS - ok
18:45:43.0265 0724 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
18:45:43.0281 0724 usbaudio - ok
18:45:43.0296 0724 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:45:43.0312 0724 usbccgp - ok
18:45:43.0328 0724 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:45:43.0343 0724 usbehci - ok
18:45:43.0359 0724 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:45:43.0390 0724 usbhub - ok
18:45:43.0390 0724 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:45:43.0406 0724 usbprint - ok
18:45:43.0421 0724 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:45:43.0437 0724 usbscan - ok
18:45:43.0437 0724 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:45:43.0468 0724 USBSTOR - ok
18:45:43.0484 0724 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:45:43.0500 0724 usbuhci - ok
18:45:43.0515 0724 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:45:43.0531 0724 VgaSave - ok
18:45:43.0531 0724 ViaIde - ok
18:45:43.0562 0724 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:45:43.0593 0724 VolSnap - ok
18:45:43.0640 0724 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
18:45:43.0640 0724 VSS - ok
18:45:43.0687 0724 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
18:45:43.0687 0724 W32Time - ok
18:45:43.0703 0724 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:45:43.0718 0724 Wanarp - ok
18:45:43.0718 0724 WDICA - ok
18:45:43.0734 0724 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:45:43.0765 0724 wdmaud - ok
18:45:43.0781 0724 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:45:43.0781 0724 WebClient - ok
18:45:43.0828 0724 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:45:43.0828 0724 winmgmt - ok
18:45:43.0875 0724 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:45:43.0875 0724 WmdmPmSN - ok
18:45:43.0906 0724 [ 6538D6BDE04B56737FE743C24D4CE83D ] Wmi C:\WINDOWS\System32\advapi32.dll
18:45:43.0906 0724 Wmi - ok
18:45:43.0937 0724 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:45:43.0953 0724 WmiApSrv - ok
18:45:43.0953 0724 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:45:43.0968 0724 WS2IFSL - ok
18:45:44.0000 0724 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:45:44.0000 0724 wscsvc - ok
18:45:44.0031 0724 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:45:44.0062 0724 WSTCODEC - ok
18:45:44.0093 0724 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:45:44.0093 0724 wuauserv - ok
18:45:44.0125 0724 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:45:44.0140 0724 WudfPf - ok
18:45:44.0156 0724 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:45:44.0156 0724 WudfRd - ok
18:45:44.0171 0724 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:45:44.0171 0724 WudfSvc - ok
18:45:44.0203 0724 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:45:44.0203 0724 WZCSVC - ok
18:45:44.0218 0724 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:45:44.0296 0724 xmlprov - ok
18:45:44.0328 0724 [ 5EE248F1C25579FE3561F7293CDCDC8E ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
18:45:44.0343 0724 yukonwxp - ok
18:45:44.0343 0724 ================ Scan global ===============================
18:45:44.0375 0724 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
18:45:44.0421 0724 [ 77A41C497ADB0C96D1E8DF6F71D843C0 ] C:\WINDOWS\system32\winsrv.dll
18:45:44.0437 0724 [ 77A41C497ADB0C96D1E8DF6F71D843C0 ] C:\WINDOWS\system32\winsrv.dll
18:45:44.0437 0724 [ F0D2AE69035092BF22DAD6B50FAB85C2 ] C:\WINDOWS\system32\services.exe
18:45:44.0437 0724 [Global] - ok
18:45:44.0437 0724 ================ Scan MBR ==================================
18:45:44.0453 0724 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
18:45:44.0578 0724 \Device\Harddisk0\DR0 - ok
18:45:44.0578 0724 ================ Scan VBR ==================================
18:45:44.0593 0724 [ CC375D15EF08D7CCEA2675BF3EEBAB6E ] \Device\Harddisk0\DR0\Partition1
18:45:44.0593 0724 \Device\Harddisk0\DR0\Partition1 - ok
18:45:44.0593 0724 ============================================================
18:45:44.0593 0724 Scan finished
18:45:44.0593 0724 ============================================================
18:45:44.0593 0548 Detected object count: 1
18:45:44.0593 0548 Actual detected object count: 1
18:46:05.0375 0548 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:46:05.0375 0548 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:46:13.0375 3284 Deinitialize success

[hady9]

ComboFix 12-11-08.01 - Hadi 2012-11-08 19:04:23.8.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2047.1445 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hadi\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Hadi\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\tmp343.tmp
c:\windows\system32\tmp344.tmp
c:\windows\system32\tmp3FC.tmp
c:\windows\system32\tmp3FD.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-08 do 2012-11-08 )))))))))))))))))))))))))))))))
.
.
2012-10-30 17:48 . 2012-10-30 17:48 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 12:23 . 2012-04-03 15:07 697272 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-07 12:23 . 2011-05-25 17:55 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 18:54 . 2009-05-12 19:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-09-10 16:47 . 2007-09-10 16:45 13416432 -c--a-w- c:\program files\Google_Earth_BZXV.exe
2004-03-11 12:27 . 2007-01-19 19:02 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2012-10-26 20:18 . 2012-10-26 20:18 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 -c--a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-10-19 00:12 1983816 -c--a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 -c--a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 -c--a-w- c:\program files\ICQ7.1\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-07-21 08:56 16261632 -c----r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-22 15:59 296056 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 -c--a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PcSync"=c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"DataLayer"=c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Half-Life 2\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2007-03-05 5248]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-12-10 691696]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2011-01-07 20088]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2012-06-13 792512]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2006-12-27 47360]
S2 gupdate1c98707d8154244;Google Update Service (gupdate1c98707d8154244);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2007-03-05 160640]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 12:23]
.
2012-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 20:33]
.
2012-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 20:33]
.
2012-11-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-2025429265-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-08-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-2025429265-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Send To &Bluetooth - c:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout Star Downloaderem
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Hadi\Data aplikací\Mozilla\Firefox\Profiles\6cknpic3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =937811&p=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Easy-WebPrint - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-08 19:11
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-2025429265-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1123561945-2025429265-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:2e,6b,25,43,84,28,cf,fb,92,e3,b6,b0,1e,88,66,f6,7b,60,92,d8,d4,
02,5c,ed,3f,87,2f,e6,64,44,b6,69,e1,d4,bb,3a,4a,13,8e,89,f3,e5,2e,6d,67,b8,\
"rkeysecu"=hex:4d,97,db,9a,eb,bb,b6,6f,76,3e,fa,7d,01,be,5e,ec
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\Ň*\
‘|]
"DisplayName"="?\11"
"DeviceDesc"="?\11"
"ProviderName"="?\11???\11\08"
"MFG"="??\09"
"ReinstallString"="8.451.0.0000"
"DeviceInstanceIds"=multi:"c:\\ati\\support\\8-1_xp32_dd_ccc_wdm_enu_57717\\driver\\driver\\xp_inf\\cx_57717.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3332)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\MSI\BToes Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-11-08 19:15:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-08 18:15
.
Před spuštěním: 3,658,960,896
Po spuštění: 3,599,970,304
.
- - End Of File - - A433806BF7349AB368B35DF278D2FC78

[memphisto]

Máš málo místa na disku. Vsadím se, že to je příčina problémů... 3,5 GB na systémovém disku je opravdu málo. YVolného má být 10 - 15 % kapacity!

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Driver::
gupdate1c98707d8154244

Folder::
c:\program files\Google\Update

File::
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-2025429265-725345543-1003.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-2025429265-725345543-1003.job

Firefox::
FF - ProfilePath - c:\documents and settings\Hadi\Data aplikací\Mozilla\Firefox\Profiles\6cknpic3.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =937811&p=

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[hady9]

ComboFix 12-11-08.01 - Hadi 2012-11-08 21:59:53.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2047.1403 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hadi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hadi\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-2025429265-725345543-1003.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-2025429265-725345543-1003.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.123\goopdate.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.123\psmachine.dll
c:\program files\Google\Update\1.3.21.123\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.123\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{CB82A692-BFC6-446B-8DD2-96A2E726255F}\GoogleUpdateSetup.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-2025429265-725345543-1003.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-2025429265-725345543-1003.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE1C98707D8154244
-------\Service_gupdate1c98707d8154244
-------\Service_gupdatem
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-08 do 2012-11-08 )))))))))))))))))))))))))))))))
.
.
2012-11-08 18:36 . 2012-11-08 18:36 -------- d-----w- c:\program files\Common Files\Java
2012-11-08 18:35 . 2012-11-08 18:35 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-08 18:35 . 2012-11-08 18:35 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-30 17:48 . 2012-10-30 17:48 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 18:35 . 2012-01-24 20:23 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-08 18:35 . 2011-01-20 21:51 746984 -c--a-w- c:\windows\system32\deployJava1.dll
2012-11-07 12:23 . 2012-04-03 15:07 697272 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-07 12:23 . 2011-05-25 17:55 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 18:54 . 2009-05-12 19:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-09-10 16:47 . 2007-09-10 16:45 13416432 -c--a-w- c:\program files\Google_Earth_BZXV.exe
2004-03-11 12:27 . 2007-01-19 19:02 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2012-10-26 20:18 . 2012-10-26 20:18 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 -c--a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-10-19 00:12 1983816 -c--a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 -c--a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 -c--a-w- c:\program files\ICQ7.1\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-07-21 08:56 16261632 -c----r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-22 15:59 296056 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 -c--a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PcSync"=c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"DataLayer"=c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Half-Life 2\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2007-03-05 5248]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-12-10 691696]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2011-01-07 20088]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2012-06-13 792512]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2006-12-27 47360]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2007-03-05 160640]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 12:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Send To &Bluetooth - c:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout Star Downloaderem
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Hadi\Data aplikací\Mozilla\Firefox\Profiles\6cknpic3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-08 22:08
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-2025429265-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1123561945-2025429265-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:2e,6b,25,43,84,28,cf,fb,92,e3,b6,b0,1e,88,66,f6,7b,60,92,d8,d4,
02,5c,ed,3f,87,2f,e6,64,44,b6,69,e1,d4,bb,3a,4a,13,8e,89,f3,e5,2e,6d,67,b8,\
"rkeysecu"=hex:4d,97,db,9a,eb,bb,b6,6f,76,3e,fa,7d,01,be,5e,ec
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\Ň*\
‘|]
"DisplayName"="?\11"
"DeviceDesc"="?\11"
"ProviderName"="?\11???\11\08"
"MFG"="??\09"
"ReinstallString"="8.451.0.0000"
"DeviceInstanceIds"=multi:"c:\\ati\\support\\8-1_xp32_dd_ccc_wdm_enu_57717\\driver\\driver\\xp_inf\\cx_57717.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1084)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1336)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\MSI\BToes Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-11-08 22:11:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-08 21:11
ComboFix2.txt 2012-11-08 18:15
.
Před spuštěním: 3,339,403,264
Po spuštění: 3,307,249,664
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
.
- - End Of File - - 0B24A6DF36BD24BB1B7780743AF40FD0

[memphisto]

Tyhle IP znáš?
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37

[hady9]

Zdravím,
neznám,vůbec nevim,nic mi to neříká,co by to mohlo být?
díky