Prosím o kontrolu logu HJT Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Fucza
Level 3.5
Level 3.5
Příspěvky: 868
Registrován: červenec 08
Pohlaví: Muž
Stav:
Offline

Prosím o kontrolu logu HJT

Příspěvekod Fucza » 03 led 2013 10:43

Dám to raději sem, z HW jsem to smazal.

Zdravím.
Neznám moc důvod (HW konfigurace, pročistit systém?), ale po najetí systému, spuštění exploreru, nic - načítá a ani se neobjeví domácí stránka, chtěl jsem pročistit CCleanerem. Dlouho zanalyzuje, při čištění se sekne na 3% a maže historii a maže asi 2 hodiny. Po stisknutí storna musím ukončit úlohu ve správci úloh. Pokusy o aktualizaci placeného Nod32 selhávají. neaktualizuje se. Myslíte, že by to mohl být virus? Nebo spíš prozkoumat HW, zda je systém vyvážený? Nebo Reinstal windows?
Díky.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:32, on 3.1.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SiteRanker\SiteRankTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\HPBPRO.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] c:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Direct -p DOT4_002 -pn "hp LaserJet 1300 PCL 6" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SiteRanker] "C:\Program Files\SiteRanker\SiteRankTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe

--
End of file - 6576 bytes

Reklama
Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod Žbeky » 03 led 2013 11:08

Fixni:

Kód: Vybrat vše

O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [SiteRanker] "C:\Program Files\SiteRanker\SiteRankTray.exe"

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

Fucza
Level 3.5
Level 3.5
Příspěvky: 868
Registrován: červenec 08
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod Fucza » 03 led 2013 11:33

Jsem teprve u toho ATF Cleaneru, ale chová se to jako všechny ostatní aplikace (mimo HJT), otevře se, dám empty selected a dle mého je to tuhé. Jaká je tak max. doba, po kterou čekat? Nebo, co dělat, pokud to nepůjde? Přejet na další krok?

Fucza
Level 3.5
Level 3.5
Příspěvky: 868
Registrován: červenec 08
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod Fucza » 03 led 2013 13:33

edit: Povedlo se mi to nakonec. Zkusil jsem Nouzový režim, to sem nerozjel, ale po restartu najednou ten Cleaner šel, tak ten druhý. Mban nic nenašel, problémy trvají (až na ty cleanery, ty jedou)
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Verze: v2013.01.03.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ucitel :: UC2 [administrátor]

3.1.2013 13:24:00
mbam-log-2013-01-03 (13-24-00).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 286589
Uplynulý čas: 5 minut, 10 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod Žbeky » 03 led 2013 13:48

Zkontroluj řadič disku na PIO/DMA

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

Fucza
Level 3.5
Level 3.5
Příspěvky: 868
Registrován: červenec 08
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod Fucza » 03 led 2013 16:00

Ad: kontrola řadiče disku na PIO/DMA.

Netuším oč běží, ale zde je postup (http://www.lisak.cz/nastaveni-rezimu-prenosu-dma.html). Na co to mám nastavit?

Ještě jsem zaznamenal jednu věc. Při zapnutí exploreru to chvíli najíždělo, a najelo toto:
Ref A: f9b9130f4a6446fc8097b97b39e5ada2 Ref B: C792DA718A0986D95331F31E8E7AD6F0 Ref C: Thu Jan 03 04:35:59 2013 PST

Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod Žbeky » 03 led 2013 16:22

DMA

Odesláno z mého Galaxy Nexus pomocí Tapatalk 2
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

Fucza
Level 3.5
Level 3.5
Příspěvky: 868
Registrován: červenec 08
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod Fucza » 04 led 2013 09:13

Kontrola řadiče se mi nepodařila. Přikládám screen a ten primární kanál IDE jak je v návodu, který jsem zde postnul jsem tam nenašel.
radice.jpg

Dva logy z toho TDSS Killeru:
07:47:40.0515 5156 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:47:40.0656 5156 ============================================================
07:47:40.0656 5156 Current date / time: 2013/01/04 07:47:40.0656
07:47:40.0656 5156 SystemInfo:
07:47:40.0656 5156
07:47:40.0656 5156 OS Version: 5.1.2600 ServicePack: 3.0
07:47:40.0656 5156 Product type: Workstation
07:47:40.0656 5156 ComputerName: UC2
07:47:40.0656 5156 UserName: Ucitel
07:47:40.0656 5156 Windows directory: C:\WINDOWS
07:47:40.0656 5156 System windows directory: C:\WINDOWS
07:47:40.0656 5156 Processor architecture: Intel x86
07:47:40.0656 5156 Number of processors: 2
07:47:40.0656 5156 Page size: 0x1000
07:47:40.0656 5156 Boot type: Normal boot
07:47:40.0656 5156 ============================================================
07:47:41.0015 5156 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020
07:47:41.0015 5156 ============================================================
07:47:41.0015 5156 \Device\Harddisk0\DR0:
07:47:41.0015 5156 MBR partitions:
07:47:41.0015 5156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23424417
07:47:41.0015 5156 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23428317, BlocksNum 0x20014E9
07:47:41.0015 5156 ============================================================
07:47:41.0046 5156 C: <-> \Device\Harddisk0\DR0\Partition1
07:47:41.0078 5156 D: <-> \Device\Harddisk0\DR0\Partition2
07:47:41.0078 5156 ============================================================
07:47:43.0984 5804 Deinitialize success


2. log:
07:48:30.0437 0352 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:48:30.0703 0352 ============================================================
07:48:30.0718 0352 Current date / time: 2013/01/04 07:48:30.0703
07:48:30.0718 0352 SystemInfo:
07:48:30.0718 0352
07:48:30.0718 0352 OS Version: 5.1.2600 ServicePack: 3.0
07:48:30.0718 0352 Product type: Workstation
07:48:30.0718 0352 ComputerName: UC2
07:48:30.0718 0352 UserName: Ucitel
07:48:30.0718 0352 Windows directory: C:\WINDOWS
07:48:30.0718 0352 System windows directory: C:\WINDOWS
07:48:30.0718 0352 Processor architecture: Intel x86
07:48:30.0718 0352 Number of processors: 2
07:48:30.0718 0352 Page size: 0x1000
07:48:30.0718 0352 Boot type: Normal boot
07:48:30.0718 0352 ============================================================
07:48:34.0812 0352 BG loaded
07:48:35.0140 0352 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x000000A0
07:48:35.0140 0352 ============================================================
07:48:35.0140 0352 \Device\Harddisk0\DR0:
07:48:35.0140 0352 MBR partitions:
07:48:35.0140 0352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23424417
07:48:35.0140 0352 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23428317, BlocksNum 0x20014E9
07:48:35.0140 0352 ============================================================
07:48:35.0218 0352 C: <-> \Device\Harddisk0\DR0\Partition1
07:48:35.0250 0352 D: <-> \Device\Harddisk0\DR0\Partition2
07:48:35.0296 0352 ============================================================
07:48:35.0296 0352 Initialize success
07:48:35.0296 0352 ============================================================
07:48:39.0640 2388 ============================================================
07:48:39.0640 2388 Scan started
07:48:39.0640 2388 Mode: Manual;
07:48:39.0640 2388 ============================================================
07:48:40.0562 2388 ================ Scan system memory ========================
07:48:41.0562 2388 System memory - ok
07:48:41.0562 2388 ================ Scan services =============================
07:48:41.0718 2388 Abiosdsk - ok
07:48:41.0718 2388 abp480n5 - ok
07:48:41.0750 2388 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
07:48:41.0750 2388 ac97intc - ok
07:48:41.0765 2388 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:48:41.0765 2388 ACPI - ok
07:48:41.0781 2388 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
07:48:41.0796 2388 ACPIEC - ok
07:48:41.0812 2388 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:48:41.0812 2388 adpu160m - ok
07:48:41.0812 2388 [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
07:48:41.0812 2388 adpu320 - ok
07:48:41.0828 2388 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:48:41.0828 2388 aec - ok
07:48:41.0859 2388 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:48:41.0859 2388 AFD - ok
07:48:41.0859 2388 Aha154x - ok
07:48:41.0875 2388 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:48:41.0875 2388 aic78u2 - ok
07:48:41.0875 2388 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:48:41.0890 2388 aic78xx - ok
07:48:41.0906 2388 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:48:41.0906 2388 Alerter - ok
07:48:41.0921 2388 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
07:48:41.0921 2388 ALG - ok
07:48:41.0937 2388 AliIde - ok
07:48:41.0937 2388 amsint - ok
07:48:41.0953 2388 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
07:48:41.0953 2388 AppMgmt - ok
07:48:41.0984 2388 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
07:48:41.0984 2388 Arp1394 - ok
07:48:41.0984 2388 asc - ok
07:48:41.0984 2388 asc3350p - ok
07:48:41.0984 2388 asc3550 - ok
07:48:42.0078 2388 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:48:42.0156 2388 aspnet_state - ok
07:48:42.0156 2388 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:48:42.0156 2388 AsyncMac - ok
07:48:42.0171 2388 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:48:42.0187 2388 atapi - ok
07:48:42.0187 2388 Atdisk - ok
07:48:42.0203 2388 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:48:42.0203 2388 Atmarpc - ok
07:48:42.0234 2388 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:48:42.0234 2388 AudioSrv - ok
07:48:42.0265 2388 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:48:42.0265 2388 audstub - ok
07:48:42.0359 2388 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
07:48:42.0375 2388 BcmSqlStartupSvc - ok
07:48:42.0390 2388 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:48:42.0390 2388 Beep - ok
07:48:42.0437 2388 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
07:48:42.0437 2388 BITS - ok
07:48:42.0468 2388 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
07:48:42.0468 2388 Browser - ok
07:48:42.0484 2388 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:48:42.0484 2388 cbidf2k - ok
07:48:42.0484 2388 cd20xrnt - ok
07:48:42.0515 2388 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:48:42.0515 2388 Cdaudio - ok
07:48:42.0515 2388 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:48:42.0515 2388 Cdfs - ok
07:48:42.0531 2388 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:48:42.0531 2388 Cdrom - ok
07:48:42.0531 2388 Changer - ok
07:48:42.0562 2388 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:48:42.0562 2388 CiSvc - ok
07:48:42.0593 2388 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:48:42.0593 2388 ClipSrv - ok
07:48:42.0640 2388 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:48:42.0703 2388 clr_optimization_v2.0.50727_32 - ok
07:48:42.0703 2388 CmdIde - ok
07:48:42.0718 2388 COMSysApp - ok
07:48:42.0718 2388 Cpqarray - ok
07:48:42.0750 2388 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:48:42.0750 2388 CryptSvc - ok
07:48:42.0750 2388 dac2w2k - ok
07:48:42.0750 2388 dac960nt - ok
07:48:42.0796 2388 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:48:42.0796 2388 DcomLaunch - ok
07:48:42.0812 2388 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:48:42.0812 2388 Dhcp - ok
07:48:42.0828 2388 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:48:42.0828 2388 Disk - ok
07:48:42.0828 2388 dmadmin - ok
07:48:42.0859 2388 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:48:42.0859 2388 dmboot - ok
07:48:42.0875 2388 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:48:42.0890 2388 dmio - ok
07:48:42.0890 2388 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:48:42.0890 2388 dmload - ok
07:48:42.0906 2388 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
07:48:42.0906 2388 dmserver - ok
07:48:42.0906 2388 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:48:42.0921 2388 DMusic - ok
07:48:42.0937 2388 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:48:42.0953 2388 Dnscache - ok
07:48:42.0953 2388 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:48:42.0953 2388 Dot3svc - ok
07:48:42.0984 2388 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
07:48:42.0984 2388 dot4 - ok
07:48:43.0000 2388 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
07:48:43.0000 2388 Dot4Print - ok
07:48:43.0031 2388 [ CCC4092DFC85336F2E1C142483ADEB42 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
07:48:43.0031 2388 dot4usb - ok
07:48:43.0031 2388 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:48:43.0031 2388 dpti2o - ok
07:48:43.0046 2388 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:48:43.0046 2388 drmkaud - ok
07:48:43.0062 2388 [ 866B8EE30E4504C11AE0D29ED6F8824B ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:48:43.0062 2388 E100B - ok
07:48:43.0093 2388 [ 6A738BEE58FF3D2F237157082E799DE8 ] e1yexpress C:\WINDOWS\system32\DRIVERS\e1y5132.sys
07:48:43.0093 2388 e1yexpress - ok
07:48:43.0125 2388 [ D42DD9021ACD47683B33ADF21BCA49AA ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
07:48:43.0125 2388 eamon - ok
07:48:43.0171 2388 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:48:43.0171 2388 EapHost - ok
07:48:43.0187 2388 [ FE7824239D132AD9EBD8645FE1199B30 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
07:48:43.0187 2388 ehdrv - ok
07:48:43.0250 2388 [ 68D91A34CE51CF15C45DD68F7F1257E8 ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
07:48:43.0250 2388 EhttpSrv - ok
07:48:43.0312 2388 [ 191D8ECCC40F05B52FAC0513F35BA01D ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
07:48:43.0312 2388 ekrn - ok
07:48:43.0359 2388 [ AA0667EB9A92414ABB784C101A6C7FEC ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
07:48:43.0359 2388 epfwtdir - ok
07:48:43.0390 2388 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:48:43.0390 2388 ERSvc - ok
07:48:43.0421 2388 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
07:48:43.0421 2388 Eventlog - ok
07:48:43.0453 2388 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
07:48:43.0468 2388 EventSystem - ok
07:48:43.0500 2388 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:48:43.0500 2388 Fastfat - ok
07:48:43.0531 2388 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:48:43.0531 2388 FastUserSwitchingCompatibility - ok
07:48:43.0546 2388 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
07:48:43.0546 2388 Fdc - ok
07:48:43.0562 2388 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:48:43.0562 2388 Fips - ok
07:48:43.0562 2388 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
07:48:43.0562 2388 Flpydisk - ok
07:48:43.0609 2388 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:48:43.0609 2388 FltMgr - ok
07:48:43.0671 2388 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:48:43.0671 2388 FontCache3.0.0.0 - ok
07:48:43.0687 2388 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:48:43.0687 2388 Fs_Rec - ok
07:48:43.0703 2388 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:48:43.0703 2388 Ftdisk - ok
07:48:43.0734 2388 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:48:43.0734 2388 Gpc - ok
07:48:43.0765 2388 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:48:43.0765 2388 HDAudBus - ok
07:48:43.0812 2388 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:48:43.0828 2388 helpsvc - ok
07:48:43.0843 2388 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
07:48:43.0843 2388 HidServ - ok
07:48:43.0859 2388 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:48:43.0859 2388 HidUsb - ok
07:48:43.0890 2388 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:48:43.0890 2388 hkmsvc - ok
07:48:43.0890 2388 hpn - ok
07:48:44.0000 2388 [ A0FA5AC8B360780524D7A68376BAF4E0 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
07:48:44.0062 2388 hpqcxs08 - ok
07:48:44.0093 2388 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:48:44.0109 2388 HTTP - ok
07:48:44.0125 2388 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:48:44.0125 2388 HTTPFilter - ok
07:48:44.0125 2388 i2omgmt - ok
07:48:44.0125 2388 i2omp - ok
07:48:44.0156 2388 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:48:44.0156 2388 i8042prt - ok
07:48:44.0171 2388 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
07:48:44.0171 2388 i81x - ok
07:48:44.0187 2388 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
07:48:44.0187 2388 iAimFP0 - ok
07:48:44.0203 2388 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
07:48:44.0203 2388 iAimFP1 - ok
07:48:44.0203 2388 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
07:48:44.0203 2388 iAimFP2 - ok
07:48:44.0218 2388 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
07:48:44.0218 2388 iAimFP3 - ok
07:48:44.0218 2388 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
07:48:44.0218 2388 iAimFP4 - ok
07:48:44.0218 2388 [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5 C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
07:48:44.0218 2388 iAimFP5 - ok
07:48:44.0218 2388 [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6 C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
07:48:44.0218 2388 iAimFP6 - ok
07:48:44.0218 2388 [ 7BB3AA595E4507A788DE1CDC63F4C8C4 ] iAimFP7 C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
07:48:44.0218 2388 iAimFP7 - ok
07:48:44.0218 2388 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
07:48:44.0218 2388 iAimTV0 - ok
07:48:44.0234 2388 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
07:48:44.0234 2388 iAimTV1 - ok
07:48:44.0234 2388 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
07:48:44.0250 2388 iAimTV3 - ok
07:48:44.0250 2388 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
07:48:44.0250 2388 iAimTV4 - ok
07:48:44.0250 2388 [ 791CC45DE6E50445BE72E8AD6401FF45 ] iAimTV5 C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
07:48:44.0250 2388 iAimTV5 - ok
07:48:44.0250 2388 [ 352FA0E98BC461CE1CE5D41F64DB558D ] iAimTV6 C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
07:48:44.0250 2388 iAimTV6 - ok
07:48:44.0437 2388 [ 00CD8ECE5983C6175A78230653FFDBF1 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
07:48:44.0453 2388 ialm - ok
07:48:44.0500 2388 [ 5867AC9573483BA5585777888B1E1E60 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
07:48:44.0500 2388 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\iaStor.sys. Real md5: 5867AC9573483BA5585777888B1E1E60, Fake md5: B582D51B8BC8BF08FBB31A7DF429B6F4
07:48:44.0500 2388 iaStor ( ForgedFile.Multi.Generic ) - warning
07:48:44.0500 2388 iaStor - detected ForgedFile.Multi.Generic (1)
07:48:44.0578 2388 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:48:44.0593 2388 idsvc - ok
07:48:44.0625 2388 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:48:44.0625 2388 Imapi - ok
07:48:44.0640 2388 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
07:48:44.0640 2388 ImapiService - ok
07:48:44.0656 2388 ini910u - ok
07:48:44.0750 2388 [ 3FD00A073361937B705822775255D4E0 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
07:48:44.0765 2388 IntcAzAudAddService - ok
07:48:44.0781 2388 [ 57D928E548B38502ABBA7A77A6EB7312 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
07:48:44.0781 2388 IntelIde - ok
07:48:44.0796 2388 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:48:44.0796 2388 intelppm - ok
07:48:44.0796 2388 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:48:44.0812 2388 Ip6Fw - ok
07:48:44.0828 2388 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:48:44.0828 2388 IpFilterDriver - ok
07:48:44.0859 2388 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:48:44.0859 2388 IpInIp - ok
07:48:44.0875 2388 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:48:44.0875 2388 IpNat - ok
07:48:44.0875 2388 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:48:44.0875 2388 IPSec - ok
07:48:44.0890 2388 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:48:44.0890 2388 IRENUM - ok
07:48:44.0906 2388 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:48:44.0906 2388 isapnp - ok
07:48:44.0953 2388 [ 4AC11B2250106774F694DF2DB4FFED61 ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
07:48:44.0953 2388 Iviaspi - ok
07:48:45.0000 2388 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
07:48:45.0015 2388 IviRegMgr - ok
07:48:45.0156 2388 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
07:48:45.0187 2388 JavaQuickStarterService - ok
07:48:45.0203 2388 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:48:45.0203 2388 Kbdclass - ok
07:48:45.0250 2388 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:48:45.0250 2388 kbdhid - ok
07:48:45.0265 2388 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:48:45.0265 2388 kmixer - ok
07:48:45.0296 2388 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:48:45.0296 2388 KSecDD - ok
07:48:45.0328 2388 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
07:48:45.0343 2388 LanmanServer - ok
07:48:45.0375 2388 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:48:45.0375 2388 lanmanworkstation - ok
07:48:45.0375 2388 lbrtfdc - ok
07:48:45.0437 2388 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:48:45.0453 2388 LmHosts - ok
07:48:45.0484 2388 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:48:45.0484 2388 Messenger - ok
07:48:45.0500 2388 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:48:45.0500 2388 mnmdd - ok
07:48:45.0546 2388 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
07:48:45.0546 2388 mnmsrvc - ok
07:48:45.0578 2388 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:48:45.0578 2388 Modem - ok
07:48:45.0609 2388 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:48:45.0609 2388 Mouclass - ok
07:48:45.0640 2388 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:48:45.0640 2388 mouhid - ok
07:48:45.0656 2388 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:48:45.0656 2388 MountMgr - ok
07:48:45.0656 2388 mraid35x - ok
07:48:45.0687 2388 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:48:45.0687 2388 MRxDAV - ok
07:48:45.0718 2388 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:48:45.0718 2388 MRxSmb - ok
07:48:45.0734 2388 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
07:48:45.0734 2388 MSDTC - ok
07:48:45.0750 2388 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:48:45.0750 2388 Msfs - ok
07:48:45.0750 2388 MSIServer - ok
07:48:45.0765 2388 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:48:45.0765 2388 MSKSSRV - ok
07:48:45.0765 2388 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:48:45.0765 2388 MSPCLOCK - ok
07:48:45.0765 2388 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:48:45.0765 2388 MSPQM - ok
07:48:45.0796 2388 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:48:45.0796 2388 mssmbios - ok
07:48:45.0843 2388 MSSQL$MSSMLBIZ - ok
07:48:45.0890 2388 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
07:48:45.0906 2388 MSSQLServerADHelper - ok
07:48:45.0921 2388 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:48:45.0921 2388 Mup - ok
07:48:45.0953 2388 [ 03CA886BA148B6B9996BE1368DDC3FC0 ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
07:48:45.0953 2388 NAL - ok
07:48:45.0984 2388 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
07:48:45.0984 2388 napagent - ok
07:48:46.0031 2388 [ B5B1080D35974C0E718D64280761BCD5 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:48:46.0031 2388 NDIS - ok
07:48:46.0062 2388 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:48:46.0062 2388 NdisTapi - ok
07:48:46.0062 2388 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:48:46.0078 2388 Ndisuio - ok
07:48:46.0093 2388 [ B053A8411045FD0664B389A090CB2BBC ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:48:46.0093 2388 NdisWan - ok
07:48:46.0109 2388 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:48:46.0109 2388 NDProxy - ok
07:48:46.0140 2388 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
07:48:46.0140 2388 Net Driver HPZ12 - ok
07:48:46.0140 2388 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:48:46.0140 2388 NetBIOS - ok
07:48:46.0171 2388 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:48:46.0187 2388 NetBT - ok
07:48:46.0203 2388 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
07:48:46.0218 2388 NetDDE - ok
07:48:46.0218 2388 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:48:46.0218 2388 NetDDEdsdm - ok
07:48:46.0218 2388 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:48:46.0218 2388 Netlogon - ok
07:48:46.0234 2388 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
07:48:46.0234 2388 Netman - ok
07:48:46.0281 2388 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:48:46.0281 2388 NetTcpPortSharing - ok
07:48:46.0296 2388 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
07:48:46.0296 2388 NIC1394 - ok
07:48:46.0343 2388 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
07:48:46.0343 2388 Nla - ok
07:48:46.0375 2388 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:48:46.0375 2388 Npfs - ok
07:48:46.0390 2388 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:48:46.0390 2388 Ntfs - ok
07:48:46.0406 2388 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
07:48:46.0406 2388 NtLmSsp - ok
07:48:46.0453 2388 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:48:46.0453 2388 NtmsSvc - ok
07:48:46.0468 2388 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
07:48:46.0468 2388 Null - ok
07:48:46.0484 2388 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:48:46.0484 2388 NwlnkFlt - ok
07:48:46.0500 2388 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:48:46.0500 2388 NwlnkFwd - ok
07:48:46.0578 2388 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:48:46.0593 2388 odserv - ok
07:48:46.0609 2388 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
07:48:46.0609 2388 ohci1394 - ok
07:48:46.0656 2388 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:48:46.0656 2388 ose - ok
07:48:46.0687 2388 [ 3FC38E7FBE91DB40C34731195F4116C2 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
07:48:46.0687 2388 P3 - ok
07:48:46.0687 2388 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
07:48:46.0687 2388 Parport - ok
07:48:46.0703 2388 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:48:46.0703 2388 PartMgr - ok
07:48:46.0718 2388 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:48:46.0718 2388 ParVdm - ok
07:48:46.0765 2388 [ 2A42DDAEAAE7743C55A3FA68A7AD9538 ] PCA C:\WINDOWS\SMINST\PCAngel.exe
07:48:46.0781 2388 PCA - ok
07:48:46.0781 2388 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:48:46.0781 2388 PCI - ok
07:48:46.0796 2388 PCIDump - ok
07:48:46.0812 2388 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
07:48:46.0812 2388 PCIIde - ok
07:48:46.0828 2388 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
07:48:46.0843 2388 Pcmcia - ok
07:48:46.0843 2388 PDCOMP - ok
07:48:46.0859 2388 pdfcDispatcher - ok
07:48:46.0875 2388 PDFRAME - ok
07:48:46.0875 2388 PDRELI - ok
07:48:46.0875 2388 PDRFRAME - ok
07:48:46.0875 2388 perc2 - ok
07:48:46.0875 2388 perc2hib - ok
07:48:46.0890 2388 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
07:48:46.0890 2388 PlugPlay - ok
07:48:46.0906 2388 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
07:48:46.0906 2388 Pml Driver HPZ12 - ok
07:48:46.0906 2388 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
07:48:46.0906 2388 PolicyAgent - ok
07:48:46.0921 2388 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:48:46.0921 2388 PptpMiniport - ok
07:48:46.0921 2388 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:48:46.0921 2388 ProtectedStorage - ok
07:48:46.0921 2388 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:48:46.0937 2388 PSched - ok
07:48:46.0984 2388 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
07:48:46.0984 2388 PSI_SVC_2 - ok
07:48:46.0984 2388 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:48:46.0984 2388 Ptilink - ok
07:48:47.0000 2388 q3dmga.sys - ok
07:48:47.0000 2388 ql1080 - ok
07:48:47.0015 2388 Ql10wnt - ok
07:48:47.0015 2388 ql12160 - ok
07:48:47.0015 2388 ql1240 - ok
07:48:47.0015 2388 ql1280 - ok
07:48:47.0015 2388 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:48:47.0015 2388 RasAcd - ok
07:48:47.0062 2388 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:48:47.0062 2388 RasAuto - ok
07:48:47.0078 2388 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:48:47.0078 2388 Rasl2tp - ok
07:48:47.0093 2388 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:48:47.0093 2388 RasMan - ok
07:48:47.0109 2388 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:48:47.0109 2388 RasPppoe - ok
07:48:47.0109 2388 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:48:47.0109 2388 Raspti - ok
07:48:47.0140 2388 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:48:47.0140 2388 Rdbss - ok
07:48:47.0140 2388 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:48:47.0140 2388 RDPCDD - ok
07:48:47.0156 2388 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:48:47.0156 2388 rdpdr - ok
07:48:47.0203 2388 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:48:47.0203 2388 RDPWD - ok
07:48:47.0234 2388 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:48:47.0234 2388 RDSessMgr - ok
07:48:47.0265 2388 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:48:47.0265 2388 redbook - ok
07:48:47.0296 2388 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\WINDOWS\system32\drivers\regi.sys
07:48:47.0296 2388 regi - ok
07:48:47.0343 2388 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:48:47.0343 2388 RemoteAccess - ok
07:48:47.0359 2388 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
07:48:47.0359 2388 RemoteRegistry - ok
07:48:47.0375 2388 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
07:48:47.0375 2388 RpcLocator - ok
07:48:47.0406 2388 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
07:48:47.0406 2388 RpcSs - ok
07:48:47.0421 2388 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
07:48:47.0421 2388 RSVP - ok
07:48:47.0437 2388 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
07:48:47.0437 2388 SamSs - ok
07:48:47.0453 2388 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:48:47.0453 2388 SCardSvr - ok
07:48:47.0468 2388 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:48:47.0468 2388 Schedule - ok
07:48:47.0500 2388 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:48:47.0500 2388 Secdrv - ok
07:48:47.0515 2388 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:48:47.0515 2388 seclogon - ok
07:48:47.0531 2388 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
07:48:47.0531 2388 SENS - ok
07:48:47.0546 2388 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
07:48:47.0546 2388 serenum - ok
07:48:47.0562 2388 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
07:48:47.0562 2388 Serial - ok
07:48:47.0578 2388 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:48:47.0578 2388 Sfloppy - ok
07:48:47.0609 2388 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
07:48:47.0609 2388 SharedAccess - ok
07:48:47.0625 2388 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:48:47.0625 2388 ShellHWDetection - ok
07:48:47.0625 2388 Simbad - ok
07:48:47.0640 2388 Sparrow - ok
07:48:47.0640 2388 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:48:47.0640 2388 splitter - ok
07:48:47.0671 2388 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:48:47.0671 2388 Spooler - ok
07:48:47.0703 2388 [ D2B096CD2F56FAC6EEEED9A77DDF6DC8 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
07:48:47.0718 2388 SQLBrowser - ok
07:48:47.0734 2388 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
07:48:47.0750 2388 SQLWriter - ok
07:48:47.0765 2388 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:48:47.0765 2388 sr - ok
07:48:47.0796 2388 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
07:48:47.0812 2388 srservice - ok
07:48:47.0843 2388 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:48:47.0843 2388 Srv - ok
07:48:47.0859 2388 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:48:47.0859 2388 SSDPSRV - ok
07:48:47.0875 2388 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:48:47.0890 2388 stisvc - ok
07:48:47.0921 2388 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:48:47.0921 2388 swenum - ok
07:48:47.0921 2388 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:48:47.0921 2388 swmidi - ok
07:48:47.0937 2388 SwPrv - ok
07:48:47.0937 2388 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
07:48:47.0937 2388 symc810 - ok
07:48:47.0953 2388 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:48:47.0953 2388 symc8xx - ok
07:48:47.0953 2388 [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
07:48:47.0953 2388 Symmpi - ok
07:48:47.0968 2388 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:48:47.0968 2388 sym_hi - ok
07:48:47.0968 2388 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:48:47.0968 2388 sym_u3 - ok
07:48:47.0984 2388 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:48:47.0984 2388 sysaudio - ok
07:48:48.0015 2388 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:48:48.0015 2388 SysmonLog - ok
07:48:48.0031 2388 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:48:48.0046 2388 TapiSrv - ok
07:48:48.0078 2388 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:48:48.0078 2388 Tcpip - ok
07:48:48.0109 2388 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:48:48.0109 2388 TDPIPE - ok
07:48:48.0125 2388 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:48:48.0125 2388 TDTCP - ok
07:48:48.0140 2388 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:48:48.0140 2388 TermDD - ok
07:48:48.0187 2388 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
07:48:48.0187 2388 TermService - ok
07:48:48.0203 2388 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
07:48:48.0203 2388 Themes - ok
07:48:48.0218 2388 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
07:48:48.0218 2388 TlntSvr - ok
07:48:48.0218 2388 TosIde - ok
07:48:48.0234 2388 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:48:48.0234 2388 TrkWks - ok
07:48:48.0265 2388 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:48:48.0265 2388 Udfs - ok
07:48:48.0265 2388 ultra - ok
07:48:48.0265 2388 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
07:48:48.0265 2388 upnphost - ok
07:48:48.0281 2388 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
07:48:48.0281 2388 UPS - ok
07:48:48.0343 2388 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:48:48.0343 2388 usbccgp - ok
07:48:48.0390 2388 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:48:48.0390 2388 usbehci - ok
07:48:48.0390 2388 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:48:48.0390 2388 usbhub - ok
07:48:48.0421 2388 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:48:48.0421 2388 usbprint - ok
07:48:48.0453 2388 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:48:48.0453 2388 usbscan - ok
07:48:48.0484 2388 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:48:48.0484 2388 USBSTOR - ok
07:48:48.0500 2388 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:48:48.0500 2388 usbuhci - ok
07:48:48.0546 2388 [ 15B7C128E9CD61AC21053F62F5D35285 ] UserAccess C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe
07:48:48.0546 2388 UserAccess - ok
07:48:48.0578 2388 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:48:48.0578 2388 VgaSave - ok
07:48:48.0593 2388 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
07:48:48.0593 2388 ViaIde - ok
07:48:48.0609 2388 [ 1B8F371423BB41426632B704A0FD466E ] VirtDisk C:\WINDOWS\SMINST\VirtDisk.sys
07:48:48.0625 2388 VirtDisk - ok
07:48:48.0640 2388 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:48:48.0656 2388 VolSnap - ok
07:48:48.0687 2388 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
07:48:48.0703 2388 VSS - ok
07:48:48.0718 2388 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
07:48:48.0734 2388 W32Time - ok
07:48:48.0734 2388 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:48:48.0734 2388 Wanarp - ok
07:48:48.0734 2388 WDICA - ok
07:48:48.0750 2388 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:48:48.0750 2388 wdmaud - ok
07:48:48.0781 2388 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
07:48:48.0781 2388 WebClient - ok
07:48:48.0828 2388 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:48:48.0843 2388 winmgmt - ok
07:48:48.0875 2388 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
07:48:48.0875 2388 WmdmPmSN - ok
07:48:48.0890 2388 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
07:48:48.0906 2388 Wmi - ok
07:48:48.0937 2388 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:48:48.0937 2388 WmiApSrv - ok
07:48:49.0015 2388 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
07:48:49.0015 2388 WMPNetworkSvc - ok
07:48:49.0031 2388 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:48:49.0031 2388 WS2IFSL - ok
07:48:49.0078 2388 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
07:48:49.0078 2388 wscsvc - ok
07:48:49.0078 2388 WSearch - ok
07:48:49.0093 2388 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
07:48:49.0093 2388 wuauserv - ok
07:48:49.0125 2388 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:48:49.0125 2388 WudfPf - ok
07:48:49.0140 2388 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:48:49.0140 2388 WudfRd - ok
07:48:49.0140 2388 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
07:48:49.0140 2388 WudfSvc - ok
07:48:49.0156 2388 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:48:49.0171 2388 WZCSVC - ok
07:48:49.0171 2388 xcpip - ok
07:48:49.0171 2388 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:48:49.0187 2388 xmlprov - ok
07:48:49.0187 2388 xpsec - ok
07:48:49.0187 2388 ================ Scan global ===============================
07:48:49.0218 2388 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
07:48:49.0250 2388 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
07:48:49.0250 2388 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
07:48:49.0265 2388 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
07:48:49.0281 2388 [Global] - ok
07:48:49.0281 2388 ================ Scan MBR ==================================
07:48:49.0296 2388 [ 4F02A8D4048A138C450ED7F867EB0144 ] \Device\Harddisk0\DR0
07:48:49.0546 2388 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
07:48:49.0546 2388 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
07:48:49.0546 2388 ================ Scan VBR ==================================
07:48:49.0546 2388 [ 8837EFD22B7272B1B26C535683281FF2 ] \Device\Harddisk0\DR0\Partition1
07:48:49.0546 2388 \Device\Harddisk0\DR0\Partition1 - ok
07:48:49.0578 2388 [ 3903AE92CA9678D52330EC887BC4773C ] \Device\Harddisk0\DR0\Partition2
07:48:49.0578 2388 \Device\Harddisk0\DR0\Partition2 - ok
07:48:49.0578 2388 ============================================================
07:48:49.0578 2388 Scan finished
07:48:49.0578 2388 ============================================================
07:48:49.0578 2380 Detected object count: 2
07:48:49.0578 2380 Actual detected object count: 2
07:49:05.0468 2380 iaStor ( ForgedFile.Multi.Generic ) - skipped by user
07:49:05.0468 2380 iaStor ( ForgedFile.Multi.Generic ) - User select action: Skip
07:49:05.0468 2380 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user
07:49:05.0468 2380 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip
07:49:10.0718 1932 Deinitialize success

Log z Combofixu:
ComboFix 13-01-03.05 - Ucitel 04.01.2013 7:54.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2013.1377 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ucitel\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-04 do 2013-01-04 )))))))))))))))))))))))))))))))
.
.
2013-01-03 09:30 . 2013-01-03 09:30 388096 ----a-r- c:\documents and settings\Ucitel\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-03 09:30 . 2013-01-03 09:30 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2008-04-14 01:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 15:49 . 2012-09-20 09:18 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 11:55 . 2008-04-14 01:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2008-04-14 01:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2008-04-14 01:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2008-04-14 01:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2008-04-14 01:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2008-04-14 01:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-01 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-01 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"HPLJ Config"="c:\program files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe" [2003-03-31 28672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 12:27 94872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [4.8.2009 22:10 576024]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 19:09 11032]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [5.8.2009 6:44 243856]
S3 q3dmga.sys;q3dmga.sys;\??\c:\windows\system32\drivers\q3dmga.sys --> c:\windows\system32\drivers\q3dmga.sys [?]
S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\SMINST\virtdisk.sys [4.8.2009 22:13 57344]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - xcpip
*Deregistered* - xpsec
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 81.91.208.2 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-83487411.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-04 08:01
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(4128)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
c:\windows\system32\dwwin.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Celkový čas: 2013-01-04 08:02:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-04 07:02
.
Před spuštěním: Volných bajtů: 252 570 951 680
Po spuštění: Volných bajtů: 252 552 491 008
.
- - End Of File - - EE7BE4C0A0F59703D3BE79E4E70DC99C

Ještě jsem objevil divnou věc v céčku. Třeba to má souvislost. Je tam asi 10 adresářů (viz screen) a co sem se díval, tak mají stejný obsah (viz druhý screen).
cecko1.jpg

cecko2.jpg

Díky moc za tvůj čas a pomoc.

Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod Žbeky » 04 led 2013 13:58

07:48:49.0578 2380 Detected object count: 2
07:48:49.0578 2380 Actual detected object count: 2
07:49:05.0468 2380 iaStor ( ForgedFile.Multi.Generic ) - skipped by user
07:49:05.0468 2380 iaStor ( ForgedFile.Multi.Generic ) - User select action: Skip
07:49:05.0468 2380 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user
07:49:05.0468 2380 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip

Proč jsi to přeskakoval???


"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services

Máš otevřené tyto porty naschvál?


Toto otestuj na Virustotal
c:\windows\system32\drivers\regi.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.


Stáhni si aswMBR na svojí plochu.
Poklepej na aswMBR.exe. Klikni na Scan.
Po skenu klikni na aswASW.log a ulož si ho na plochu, vlož sem celý obsah toho logu.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

Fucza
Level 3.5
Level 3.5
Příspěvky: 868
Registrován: červenec 08
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod Fucza » 04 led 2013 14:02

Nepřeskakoval jsem snad nic (nevím o ničem).
Edit: Aha, Zkusil jsem to ještě jednou ten TDSS Killer - detekuje to Threat - Forged file, Service: iaStor. suspicious object, medium risk a jsou nad tím 2 možnosti Copy do karantény, Restore default actions a vedle rozbalovací "Skip, Copy do karantény a Delete. Jsem tu zvyknutý "sám nic nemaž", tak jinak než ponechat skip a dát Continue mě nenapadlo.

Porty schválně asi nemám.
Může to na skopírovat na flešku ten soubor a otestovat na jiném PC? Na tom nerozjedu net.

Tak jsem to i udělal:
https://www.virustotal.com/file/92a95b0 ... 357305066/

Zde je ten log:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-04 14:11:27
-----------------------------
14:11:27.125 OS Version: Windows 5.1.2600 Service Pack 3
14:11:27.125 Number of processors: 2 586 0x170A
14:11:27.125 ComputerName: UC2 UserName:
14:11:28.203 Initialize success
14:12:01.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:12:01.828 Disk 0 Vendor: ST332081 HP14 Size: 305245MB BusType: 3
14:12:01.828 Disk 0 MBR read successfully
14:12:01.828 Disk 0 MBR scan
14:12:01.828 Disk 0 unknown MBR code
14:12:01.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 288840 MB offset 63
14:12:01.843 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 16386 MB offset 591561495
14:12:01.843 Disk 0 scanning sectors +625121280
14:12:01.890 Disk 0 scanning C:\WINDOWS\system32\drivers
14:12:06.953 Service scanning
14:12:14.953 Service iaStor C:\WINDOWS\System32\DRIVERS\iaStor.sys **LOCKED** 32
14:12:30.687 Modules scanning
14:12:41.109 Disk 0 trace - called modules:
14:12:41.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:12:41.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3dc7a8]
14:12:41.125 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a387028]
14:12:41.140 Scan finished successfully
14:13:25.781 Disk 0 MBR has been saved successfully to "F:\doc_odvir\MBR.dat"
14:13:25.781 The log file has been saved successfully to "F:\doc_odvir\aswMBR.txt"

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod jaro3 » 04 led 2013 21:16

Udělej znovu TDSSKiller.

Ty složky , patří k aktualizacím , ponech je všechny..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
Driver::
q3dmga

DDS::
uInternet Settings,ProxyOverride = <local>

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si RogueKiller
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Až se objeví úvodní okno programu , klikni na „Prohledat“.
- Program skenuje PC. Po proskenování klikni na „Zpráva“, celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Fucza
Level 3.5
Level 3.5
Příspěvky: 868
Registrován: červenec 08
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod Fucza » 07 led 2013 08:12

Pořád to hází i nějakou hlášku Set Config (tak nějak :-) )

ComboFix 13-01-03.05 - Ucitel 07.01.2013 7:40.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2013.1481 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ucitel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ucitel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-07 do 2013-01-07 )))))))))))))))))))))))))))))))
.
.
2013-01-04 13:31 . 2013-01-04 13:34 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-04 13:31 . 2013-01-04 13:31 177496 ----a-w- c:\windows\system32\drivers\05860992.sys
2013-01-03 09:30 . 2013-01-03 09:30 388096 ----a-r- c:\documents and settings\Ucitel\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-03 09:30 . 2013-01-03 09:30 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2008-04-14 01:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 15:49 . 2012-09-20 09:18 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 11:55 . 2008-04-14 01:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2008-04-14 01:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2008-04-14 01:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2008-04-14 01:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2008-04-14 01:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2008-04-14 01:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Chyba šifrovací služby !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-01 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-01 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"HPLJ Config"="c:\program files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe" [2003-03-31 28672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R3 q3dmga.sys;q3dmga.sys;c:\windows\system32\drivers\q3dmga.sys [x]
R3 VirtDisk;XSS Virtual Disk Driver;c:\windows\SMINST\VirtDisk.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y5132.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - xcpip
*Deregistered* - xpsec
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 81.91.208.2 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-49186592.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-07 07:47
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2956)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\WgaTray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
.
**************************************************************************
.
Celkový čas: 2013-01-07 07:47:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-07 06:47
ComboFix2.txt 2013-01-04 07:02
.
Před spuštěním: Volných bajtů: 252 507 316 224
Po spuštění: Volných bajtů: 252 497 788 928
.
- - End Of File - - 420D15EC9958289287397B149A2E413D


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:48:44, on 7.1.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] c:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Direct -p DOT4_002 -pn "hp LaserJet 1300 PCL 6" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe

--
End of file - 6068 bytes


RogueKiller V8.4.2 [Jan 6 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Ucitel [Práva správce]
Mód : Kontrola -- Datum : 01/07/2013 07:49:25

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\45157067 (C:\WINDOWS\system32\drivers\05860992.sys) -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : Root.MBR ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3320813AS +++++
--- User ---
[MBR] bcfb6eb22f993ad003c1bdfea6495e63
[BSP] 4354702c8f0fe7e5ab4d2ba9f58111eb : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 288840 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 591561495 | Size: 16386 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] db8bfe35b8e8fffd68897234f41eaef3
[BSP] fdea8067419aad9895862891842f3519 : Whistler/Sinowal MBR Code!
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 288840 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 591561495 | Size: 16386 Mo

+++++ PhysicalDrive1: USB DISK 2.0 USB Device +++++
--- User ---
[MBR] 2cf326407a2b40e10f50ef3150ca4cbf
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 8064 | Size: 3696 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1]_S_01072013_02d0749.txt >>
RKreport[1]_S_01072013_02d0749.txt



Děkuji.


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 110 hostů