Prosím o kontrolu logu s RSIt (preventivka)

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

hriba350
nováček
Příspěvky: 8
Registrován: leden 13
Pohlaví: Nespecifikováno
Stav:
Offline

Prosím o kontrolu logu s RSIt (preventivka)

Příspěvekod hriba350 » 02 led 2013 20:17

Logfile of random's system information tool 1.09 (written by random/random)
Run by Owner at 2013-01-02 20:16:30
WIN_XP Service Pack 3
System drive C: has 17 GB (11%) free of 153 GB
Total RAM: 1023 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:16:53, on 2.1.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17115)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Plocha\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-682003330-57989841-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Owner\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - (no file)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6934 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\Auslogics Disk Defrag Prof Task {00000001-C3A2-4E89-B997-2510B2D90E89} for Owner.job
C:\WINDOWS\tasks\Auslogics Disk Defrag Prof Task {00000001-E941-4E93-A63D-2CA6A84A917E} for Owner.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-57989841-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-57989841-839522115-1003UA.job
C:\WINDOWS\tasks\Registry Winner Schedule.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-29 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Avira SearchFree Toolbar plus Web Protection - C:\Program Files\Ask.com\GenericAskToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-29 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Avira SearchFree Toolbar plus Web Protection - C:\Program Files\Ask.com\GenericAskToolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
""= []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-11-16 384800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntivirusCommunicatorAgent]
c:\program files\trustport\antivirus\bin\avcom.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files\Ask.com\Updater\Updater.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [2007-07-12 380928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-04-03 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
c:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
C:\Program Files\GameFace Messenger\GameFace.exe [2006-11-01 2154496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2007-04-04 1822720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrustPortDiskProtectionWatchDog]
c:\program files\trustport\diskprotection\bin\tdwatch.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrustPortTray]
c:\program files\common files\trustport\bin\tptray.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-07-04 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avasdmft]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avas_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avss_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\gozer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro36]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro36.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ioloSystemService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdifw]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpavdrw_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpmgma_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpsec]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoInstrumentation"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveTrack"=1
"NoDriveTypeAutorun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Cracked Steam\steam.exe"="C:\Program Files\Cracked Steam\steam.exe:*:Enabled:Steam"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=i263_32.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\SYSTEM32\IAC25_32.AX
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.I263"=I263_32.drv
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2020-04-23 08:01:06 ----D---- C:\WINDOWS\system32\GroupPolicy
2013-01-02 13:50:22 ----D---- C:\WINDOWS\Lost Inca Prophecy 2 - The Hollow Island
2013-01-02 13:50:22 ----D---- C:\Program Files\Lost Inca Prophecy 2 - The Hollow Island
2013-01-02 13:50:13 ----A---- C:\WINDOWS\Lost Inca Prophecy 2 - The Hollow Island Setup Log.txt
2013-01-02 12:02:07 ----D---- C:\Documents and Settings\Owner\Data aplikací\Avira
2013-01-02 11:51:36 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2013-01-02 11:51:33 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys
2013-01-02 11:51:33 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2013-01-02 11:51:33 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2013-01-02 11:51:32 ----D---- C:\Program Files\Avira
2013-01-02 11:49:35 ----D---- C:\Program Files\Bitdefender
2013-01-02 11:32:38 ----A---- C:\bdlog.txt
2013-01-02 11:29:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\BDLogging
2013-01-02 11:29:32 ----A---- C:\WINDOWS\capicom.dll
2013-01-02 11:20:57 ----D---- C:\Program Files\Common Files\Bitdefender
2013-01-01 20:57:42 ----D---- C:\Documents and Settings\Owner\Data aplikací\vlc
2012-12-29 18:05:05 ----D---- C:\Program Files\Jantarova kletba
2012-12-27 16:32:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Trend Micro
2012-12-27 16:06:12 ----D---- C:\Program Files\F-Secure
2012-12-27 16:05:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\fssg
2012-12-23 20:28:10 ----D---- C:\Program Files\ProgDVB
2012-12-23 16:27:17 ----D---- C:\WINDOWS\Transcripted
2012-12-23 16:13:27 ----D---- C:\WINDOWS\DD1865F0AD7340FBB23E1822E02396FF.TMP
2012-12-22 22:33:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Trymedia
2012-12-21 11:17:32 ----A---- C:\AdwCleaner[S2].txt
2012-12-21 11:17:13 ----A---- C:\AdwCleaner[R4].txt
2012-12-21 10:58:27 ----ASH---- C:\hiberfil.sys
2012-12-19 20:37:28 ----A---- C:\WINDOWS\resetlog.txt
2012-12-18 12:46:09 ----D---- C:\Program Files\Fantom - Zlocin v Benatkach - Sberatelska edice
2012-12-18 12:40:37 ----A---- C:\WINDOWS\Transcripted Setup Log.txt
2012-12-18 12:34:06 ----A---- C:\WINDOWS\Farm Fables Uninstall Log.txt
2012-12-17 17:19:19 ----D---- C:\Program Files\18 Wheels of Steel American Long Haul
2012-12-16 16:28:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$
2012-12-16 16:27:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2779030$
2012-12-16 16:26:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2779562$
2012-12-16 16:24:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$
2012-12-16 16:24:14 ----A---- C:\WINDOWS\imsins.BAK
2012-12-16 10:25:15 ----D---- C:\Documents and Settings\Owner\Data aplikací\AVG2013
2012-12-16 00:00:29 ----D---- C:\Program Files\Common Files\Comodo
2012-12-15 23:52:23 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Shared Space
2012-12-15 22:46:41 ----A---- C:\WINDOWS\ntbtlog.txt
2012-12-07 19:22:09 ----D---- C:\rsit
2012-12-05 21:31:12 ----A---- C:\WINDOWS\system32\drivers\pccsmcfd.sys
2012-12-05 21:31:01 ----D---- C:\Program Files\PC Connectivity Solution
2012-12-05 21:29:42 ----D---- C:\Program Files\Nokia

======List of files/folders modified in the last 1 month======

2013-12-04 19:35:12 ----D---- C:\WINDOWS\system32\NtmsData
2013-12-04 19:34:26 ----D---- C:\WINDOWS\Registration
2013-01-02 20:16:38 ----D---- C:\WINDOWS\Prefetch
2013-01-02 20:16:35 ----D---- C:\WINDOWS\Temp
2013-01-02 20:16:34 ----D---- C:\Program Files\trend micro
2013-01-02 16:20:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-01-02 13:50:22 ----D---- C:\WINDOWS
2013-01-02 13:50:22 ----D---- C:\Program Files
2013-01-02 11:56:26 ----D---- C:\WINDOWS\system32\drivers
2013-01-02 11:53:14 ----D---- C:\WINDOWS\system32\CatRoot
2013-01-02 11:51:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2013-01-02 11:49:10 ----D---- C:\WINDOWS\system32\CatRoot2
2013-01-02 11:47:44 ----D---- C:\WINDOWS\system32
2013-01-02 11:46:34 ----D---- C:\WINDOWS\system32\drivers\etc
2013-01-02 11:29:59 ----HD---- C:\WINDOWS\inf
2013-01-02 11:20:57 ----D---- C:\Program Files\Common Files
2012-12-31 16:35:56 ----D---- C:\Program Files\Ashampoo
2012-12-31 16:24:07 ----D---- C:\Documents and Settings\Owner\Data aplikací\Ashampoo
2012-12-31 16:22:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\ashampoo
2012-12-29 19:58:59 ----RASH---- C:\boot.ini
2012-12-29 19:58:59 ----A---- C:\WINDOWS\win.ini
2012-12-29 19:58:59 ----A---- C:\WINDOWS\system.ini
2012-12-29 19:58:53 ----D---- C:\WINDOWS\pss
2012-12-29 19:50:30 ----SHD---- C:\WINDOWS\Installer
2012-12-29 19:50:29 ----SD---- C:\WINDOWS\Tasks
2012-12-29 18:14:48 ----D---- C:\Documents and Settings\Owner\Data aplikací\ERS Game Studios
2012-12-29 18:11:41 ----D---- C:\Documents and Settings\Owner\Data aplikací\Špidla Data Processing, s.r.o
2012-12-29 18:11:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Špidla Data Processing, s.r.o
2012-12-29 18:00:38 ----D---- C:\Program Files\Registry Winner
2012-12-27 16:27:50 ----D---- C:\Program Files\SUPERAntiSpyware
2012-12-27 16:15:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\f-secure
2012-12-27 16:07:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-12-27 15:55:28 ----D---- C:\WINDOWS\WinSxS
2012-12-23 16:15:00 ----D---- C:\WINDOWS\system32\DirectX
2012-12-23 16:14:28 ----RSD---- C:\WINDOWS\assembly
2012-12-23 16:13:31 ----D---- C:\WINDOWS\Logs
2012-12-23 16:13:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2012-12-23 16:13:10 ----D---- C:\Program Files\Xvid
2012-12-20 21:54:53 ----D---- C:\Program Files\Alawarhry.cz
2012-12-20 21:54:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
2012-12-18 12:34:12 ----D---- C:\Program Files\Farm Fables
2012-12-17 14:17:37 ----D---- C:\WINDOWS\Microsoft.NET
2012-12-16 16:28:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-12-16 16:23:53 ----D---- C:\WINDOWS\system32\cs-cz
2012-12-16 16:23:53 ----D---- C:\Program Files\Internet Explorer
2012-12-16 16:23:28 ----D---- C:\WINDOWS\ie7updates
2012-12-16 16:17:59 ----D---- C:\WINDOWS\Debug
2012-12-16 16:17:55 ----A---- C:\WINDOWS\system32\MRT.exe
2012-12-16 11:15:48 ----D---- C:\Qoobox
2012-12-16 11:01:19 ----HD---- C:\WINDOWS\$hf_mig$
2012-12-16 10:33:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2012-12-16 10:12:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo
2012-12-15 22:54:03 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-12-15 22:38:55 ----D---- C:\Documents and Settings\Owner\Data aplikací\DAEMON Tools Lite
2012-12-15 22:07:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2012-12-15 22:06:47 ----SHD---- C:\System Volume Information
2012-12-14 22:59:20 ----D---- C:\WINDOWS\system32\config
2012-12-14 17:01:15 ----D---- C:\Documents and Settings\Owner\Data aplikací\Alawar Entertainment
2012-12-12 20:48:56 ----D---- C:\Documents and Settings\Owner\Data aplikací\FarmFables
2012-12-11 19:54:49 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-12-08 23:04:32 ----D---- C:\Program Files\CapsuleGames
2012-12-05 21:40:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Zoom Player
2012-12-03 22:44:13 ----D---- C:\Program Files\TrustPort

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 360HookOem;360HookOem; C:\WINDOWS\system32\drivers\360HookOem.sys [2012-05-02 54912]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2006-03-26 51200]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-03-13 6656]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\WINDOWS\System32\drivers\sfsync04.sys [2006-03-24 50176]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-08-13 477240]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 360FileOem;360FileOem; \??\C:\WINDOWS\system32\drivers\360FileOem.sys []
R1 360RegOem;360RegOem; \??\C:\WINDOWS\system32\drivers\360RegOem.sys []
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2007-07-12 11136]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-11-16 133824]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2012-11-16 36552]
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2012-08-27 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2011-04-01 278984]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-11-16 83432]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2011-04-01 25416]
R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 39424]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-07-04 7874560]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2012-05-14 103040]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-09-01 242240]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 MouseCap;MouseCapture Driver; C:\WINDOWS\System32\Drivers\MouseCap.sys [2005-08-08 6640]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2007-07-12 10752]
S1 HMFAxCore46691b2fe72383a3b643d95081ef1d95;HMFAxCore46691b2fe72383a3b643d95081ef1d95; C:\WINDOWS\system32\drivers\HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys []
S3 a3qlapfq;a3qlapfq; C:\WINDOWS\system32\drivers\a3qlapfq.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2007-05-14 14336]
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
S3 AVFSFilter;AVFSFilter; C:\WINDOWS\system32\drivers\AVFSFilter.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 EuDisk;EASEUS Disk Enumerator; C:\WINDOWS\system32\DRIVERS\EuDisk.sys [2009-12-02 122504]
S3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 naecd;naecd; C:\WINDOWS\system32\drivers\naecd.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-06-11 18560]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-06-11 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-27 19072]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-06-11 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-06-11 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\WINDOWS\system32\drivers\VBoxNetFlt.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WISOVD;WISOVD; \??\C:\Program Files\WinISO Computing\WinISO\bin\driver\WISOVD_xp.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-11-19 109344]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-11-19 85280]
R2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-11-16 565024]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-07-04 643072]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-09-29 161768]
R2 wlidsvc;Windows Live ID Sign-in Assistant; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2007-07-12 257024]
S2 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe [2009-08-24 406016]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-06 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-11 250808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-06 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-10-03 725400]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
:D díky

Reklama
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu s RSIt (preventivka)

Příspěvekod memphisto » 02 led 2013 20:52

Dej sem log z HijackThis

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji

hriba350
nováček
Příspěvky: 8
Registrován: leden 13
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu s RSIt (preventivka)

Příspěvekod hriba350 » 03 led 2013 17:54

OK tady je log z hijack this jenom by me zajimalo proc ne rsit vždyt je pokrocilejsi a detajlnejsi nez hijack this

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:55:26, on 3.1.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17115)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-682003330-57989841-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Owner\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - (no file)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6902 bytes

hriba350
nováček
Příspěvky: 8
Registrován: leden 13
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu s RSIt (preventivka)

Příspěvekod hriba350 » 03 led 2013 18:14

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.01.03.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Owner :: X-C7AEB9DE05B14 [administrátor]

Ochrana: Zakázána

3.1.2013 18:03:22
MBAM-log-2013-01-03 (18-14-39).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 255888
Uplynulý čas: 10 minut, 38 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Documents and Settings\Owner\Local Settings\temp\Crypted.exe (Trojan.Agent) -> Nebyla provedena žádná instrukce.

(konec)

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu s RSIt (preventivka)

Příspěvekod jaro3 » 03 led 2013 20:41

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

hriba350
nováček
Příspěvky: 8
Registrován: leden 13
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu s RSIt (preventivka)

Příspěvekod hriba350 » 04 led 2013 19:37

19:36:33.0796 2924 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:36:34.0484 2924 ============================================================
19:36:34.0484 2924 Current date / time: 2013/01/04 19:36:34.0484
19:36:34.0484 2924 SystemInfo:
19:36:34.0484 2924
19:36:34.0484 2924 OS Version: 5.1.2600 ServicePack: 3.0
19:36:34.0484 2924 Product type: Workstation
19:36:34.0484 2924 ComputerName: X-C7AEB9DE05B14
19:36:34.0484 2924 UserName: Owner
19:36:34.0484 2924 Windows directory: C:\WINDOWS
19:36:34.0484 2924 System windows directory: C:\WINDOWS
19:36:34.0484 2924 Processor architecture: Intel x86
19:36:34.0484 2924 Number of processors: 2
19:36:34.0484 2924 Page size: 0x1000
19:36:34.0484 2924 Boot type: Normal boot
19:36:34.0484 2924 ============================================================
19:36:35.0859 2924 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:36:35.0890 2924 ============================================================
19:36:35.0890 2924 \Device\Harddisk0\DR0:
19:36:35.0890 2924 MBR partitions:
19:36:35.0890 2924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A011FC
19:36:35.0890 2924 ============================================================
19:36:35.0937 2924 C: <-> \Device\Harddisk0\DR0\Partition1
19:36:35.0937 2924 ============================================================
19:36:35.0937 2924 Initialize success
19:36:35.0937 2924 ============================================================
19:36:39.0640 3176 ============================================================
19:36:39.0640 3176 Scan started
19:36:39.0640 3176 Mode: Manual;
19:36:39.0640 3176 ============================================================
19:36:40.0328 3176 ================ Scan system memory ========================
19:36:40.0328 3176 System memory - ok
19:36:40.0343 3176 ================ Scan services =============================
19:36:40.0437 3176 [ BDECE634F62B3656DE73D51CA8EA32A9 ] 360FileOem C:\WINDOWS\system32\drivers\360FileOem.sys
19:36:40.0437 3176 360FileOem - ok
19:36:40.0468 3176 [ 092E3658FC760F3D9694A848CAB1E43E ] 360HookOem C:\WINDOWS\system32\drivers\360HookOem.sys
19:36:40.0468 3176 360HookOem - ok
19:36:40.0484 3176 [ 4CDB39659C17FAA5BE56AC4F89387520 ] 360RegOem C:\WINDOWS\system32\drivers\360RegOem.sys
19:36:40.0484 3176 360RegOem - ok
19:36:40.0500 3176 Abiosdsk - ok
19:36:40.0500 3176 abp480n5 - ok
19:36:40.0562 3176 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:36:40.0593 3176 ACPI - ok
19:36:40.0625 3176 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:36:40.0656 3176 ACPIEC - ok
19:36:40.0703 3176 [ 05BDD706A847BBFA9FD5948CD636EB1A ] Ad-Watch Connect Filter C:\WINDOWS\system32\drivers\NSDriver.sys
19:36:40.0703 3176 Ad-Watch Connect Filter - ok
19:36:40.0843 3176 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:36:40.0906 3176 AdobeFlashPlayerUpdateSvc - ok
19:36:40.0906 3176 adpu160m - ok
19:36:40.0953 3176 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:36:40.0953 3176 aec - ok
19:36:40.0984 3176 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:36:40.0984 3176 AFD - ok
19:36:40.0984 3176 Aha154x - ok
19:36:41.0000 3176 aic78u2 - ok
19:36:41.0000 3176 aic78xx - ok
19:36:41.0031 3176 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:36:41.0031 3176 Alerter - ok
19:36:41.0062 3176 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
19:36:41.0062 3176 ALG - ok
19:36:41.0062 3176 AliIde - ok
19:36:41.0125 3176 [ D716473C4F66C1173D3CA4E679F68743 ] Amfilter C:\WINDOWS\system32\DRIVERS\Amfilter.sys
19:36:41.0125 3176 Amfilter - ok
19:36:41.0156 3176 [ F0F3C6865ACF65971B9570201DFAE68F ] Amps2prt C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
19:36:41.0156 3176 Amps2prt - ok
19:36:41.0171 3176 amsint - ok
19:36:41.0187 3176 [ 0E264A9ACB592F3FD91E742983DB6A96 ] Amusbprt C:\WINDOWS\system32\DRIVERS\Amusbprt.sys
19:36:41.0187 3176 Amusbprt - ok
19:36:41.0250 3176 [ 99EEA1B057FA11CF069A4870D218A003 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:36:41.0250 3176 AntiVirSchedulerService - ok
19:36:41.0265 3176 [ 4C040249F009A4807B2955D5E5210104 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:36:41.0281 3176 AntiVirService - ok
19:36:41.0312 3176 [ D17EA5129F29E819B3DCFCB7123291C0 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:36:41.0328 3176 AntiVirWebService - ok
19:36:41.0328 3176 AppMgmt - ok
19:36:41.0343 3176 asc - ok
19:36:41.0343 3176 asc3350p - ok
19:36:41.0343 3176 asc3550 - ok
19:36:41.0437 3176 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:36:41.0437 3176 aspnet_state - ok
19:36:41.0468 3176 [ D320732BCF5FF856120BD06855C66867 ] asusgsb C:\WINDOWS\system32\drivers\asusgsb.sys
19:36:41.0468 3176 asusgsb - ok
19:36:41.0484 3176 [ B3B881EB81013AAC11594A5400ADA47A ] asuskbnt C:\WINDOWS\system32\drivers\atkkbnt.sys
19:36:41.0484 3176 asuskbnt - ok
19:36:41.0515 3176 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:36:41.0515 3176 AsyncMac - ok
19:36:41.0531 3176 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:36:41.0531 3176 atapi - ok
19:36:41.0562 3176 [ CF63C4060F86350FEB84555AEF80EF6D ] AtcL001 C:\WINDOWS\system32\DRIVERS\l151x86.sys
19:36:41.0562 3176 AtcL001 - ok
19:36:41.0562 3176 Atdisk - ok
19:36:41.0625 3176 [ 8FDB05AFF463CB36BE0FD3BC779121CD ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:36:41.0640 3176 Ati HotKey Poller - ok
19:36:41.0875 3176 [ 175DDF9AE328CB0D8696094FA1346361 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:36:42.0046 3176 ati2mtag - ok
19:36:42.0093 3176 [ 924971A182E07463765EF9FA8876F24F ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
19:36:42.0093 3176 AtiHDAudioService - ok
19:36:42.0140 3176 [ B453700B9EB83FEF29811B28DAE27D29 ] ATKKeyboardService C:\WINDOWS\ATKKBService.exe
19:36:42.0171 3176 ATKKeyboardService - ok
19:36:42.0203 3176 [ 3C4B9850A2631C2263507400D029057B ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
19:36:42.0203 3176 atksgt - ok
19:36:42.0218 3176 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:36:42.0218 3176 Atmarpc - ok
19:36:42.0250 3176 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:36:42.0250 3176 AudioSrv - ok
19:36:42.0281 3176 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:36:42.0281 3176 audstub - ok
19:36:42.0281 3176 AVFSFilter - ok
19:36:42.0312 3176 [ 680B3A1BE559B5D5AAC04C7949469DD6 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:36:42.0312 3176 avgntflt - ok
19:36:42.0343 3176 [ 6B289080B9752DAD39C1C2B98B479DCE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:36:42.0343 3176 avipbb - ok
19:36:42.0359 3176 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:36:42.0359 3176 avkmgr - ok
19:36:42.0390 3176 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:36:42.0390 3176 Beep - ok
19:36:42.0421 3176 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
19:36:42.0437 3176 BITS - ok
19:36:42.0468 3176 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
19:36:42.0468 3176 Browser - ok
19:36:42.0484 3176 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:36:42.0500 3176 cbidf2k - ok
19:36:42.0515 3176 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:36:42.0515 3176 CCDECODE - ok
19:36:42.0515 3176 cd20xrnt - ok
19:36:42.0546 3176 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:36:42.0546 3176 Cdaudio - ok
19:36:42.0562 3176 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:36:42.0562 3176 Cdfs - ok
19:36:42.0578 3176 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:36:42.0578 3176 Cdrom - ok
19:36:42.0578 3176 Changer - ok
19:36:42.0609 3176 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:36:42.0609 3176 CiSvc - ok
19:36:42.0625 3176 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:36:42.0625 3176 ClipSrv - ok
19:36:42.0656 3176 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:42.0656 3176 clr_optimization_v2.0.50727_32 - ok
19:36:42.0671 3176 CmdIde - ok
19:36:42.0671 3176 COMSysApp - ok
19:36:42.0687 3176 Cpqarray - ok
19:36:42.0718 3176 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:36:42.0718 3176 CryptSvc - ok
19:36:42.0718 3176 dac2w2k - ok
19:36:42.0734 3176 dac960nt - ok
19:36:42.0765 3176 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:36:42.0781 3176 DcomLaunch - ok
19:36:42.0875 3176 [ 92AE26F2CAF4A67E24A0BA6DDF32CC3C ] DfSdkS C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe
19:36:42.0875 3176 DfSdkS - ok
19:36:42.0921 3176 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:36:42.0984 3176 Dhcp - ok
19:36:43.0000 3176 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:36:43.0000 3176 Disk - ok
19:36:43.0000 3176 dmadmin - ok
19:36:43.0046 3176 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:36:43.0078 3176 dmboot - ok
19:36:43.0109 3176 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:36:43.0109 3176 dmio - ok
19:36:43.0125 3176 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:36:43.0125 3176 dmload - ok
19:36:43.0156 3176 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:36:43.0156 3176 dmserver - ok
19:36:43.0171 3176 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:36:43.0171 3176 DMusic - ok
19:36:43.0203 3176 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:36:43.0203 3176 Dnscache - ok
19:36:43.0234 3176 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:36:43.0234 3176 Dot3svc - ok
19:36:43.0250 3176 dpti2o - ok
19:36:43.0281 3176 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:36:43.0281 3176 drmkaud - ok
19:36:43.0312 3176 [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32 C:\WINDOWS\system32\Drivers\DrvAgent32.sys
19:36:43.0312 3176 DrvAgent32 - ok
19:36:43.0343 3176 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
19:36:43.0343 3176 dtsoftbus01 - ok
19:36:43.0390 3176 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:36:43.0390 3176 EapHost - ok
19:36:43.0421 3176 [ 0DAF3544804650526751C478AECCCE63 ] EIO C:\WINDOWS\system32\drivers\EIO.sys
19:36:43.0421 3176 EIO - ok
19:36:43.0453 3176 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:36:43.0453 3176 ERSvc - ok
19:36:43.0484 3176 [ 37ABA51F85518FC381CEFC8D76F2E2C4 ] EuDisk C:\WINDOWS\system32\DRIVERS\EuDisk.sys
19:36:43.0484 3176 EuDisk - ok
19:36:43.0515 3176 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
19:36:43.0515 3176 Eventlog - ok
19:36:43.0546 3176 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
19:36:43.0546 3176 EventSystem - ok
19:36:43.0562 3176 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:36:43.0578 3176 Fastfat - ok
19:36:43.0593 3176 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:36:43.0593 3176 FastUserSwitchingCompatibility - ok
19:36:43.0609 3176 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:36:43.0609 3176 Fdc - ok
19:36:43.0640 3176 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:36:43.0640 3176 Fips - ok
19:36:43.0656 3176 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:36:43.0656 3176 Flpydisk - ok
19:36:43.0671 3176 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:36:43.0671 3176 FltMgr - ok
19:36:43.0734 3176 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:36:43.0734 3176 FontCache3.0.0.0 - ok
19:36:43.0750 3176 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:36:43.0750 3176 Fs_Rec - ok
19:36:43.0765 3176 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:36:43.0781 3176 Ftdisk - ok
19:36:43.0812 3176 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:36:43.0812 3176 Gpc - ok
19:36:43.0875 3176 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:36:43.0875 3176 gupdate - ok
19:36:43.0875 3176 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:36:43.0875 3176 gupdatem - ok
19:36:43.0953 3176 [ 56BF27D7A539F9E6BBC1DE201ABA0EDF ] HdAudAddService C:\WINDOWS\system32\drivers\AtiHdAud.sys
19:36:43.0953 3176 HdAudAddService - ok
19:36:43.0968 3176 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:36:43.0968 3176 HDAudBus - ok
19:36:43.0984 3176 HidServ - ok
19:36:44.0031 3176 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:36:44.0031 3176 hidusb - ok
19:36:44.0062 3176 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:36:44.0062 3176 hkmsvc - ok
19:36:44.0078 3176 HMFAxCore46691b2fe72383a3b643d95081ef1d95 - ok
19:36:44.0078 3176 hpn - ok
19:36:44.0109 3176 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:36:44.0109 3176 HTTP - ok
19:36:44.0140 3176 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:36:44.0140 3176 HTTPFilter - ok
19:36:44.0140 3176 i2omgmt - ok
19:36:44.0156 3176 i2omp - ok
19:36:44.0171 3176 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:36:44.0171 3176 i8042prt - ok
19:36:44.0250 3176 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:36:44.0250 3176 IDriverT - ok
19:36:44.0312 3176 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:36:44.0328 3176 idsvc - ok
19:36:44.0359 3176 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:36:44.0359 3176 Imapi - ok
19:36:44.0390 3176 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:36:44.0390 3176 ImapiService - ok
19:36:44.0406 3176 ini910u - ok
19:36:44.0531 3176 [ CDFD5A68A2E1CAA89C5C0E0B3CB98731 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:36:44.0640 3176 IntcAzAudAddService - ok
19:36:44.0640 3176 IntelIde - ok
19:36:44.0671 3176 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:36:44.0671 3176 intelppm - ok
19:36:44.0687 3176 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:36:44.0687 3176 Ip6Fw - ok
19:36:44.0718 3176 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:36:44.0718 3176 IpFilterDriver - ok
19:36:44.0750 3176 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:36:44.0750 3176 IpInIp - ok
19:36:44.0765 3176 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:36:44.0765 3176 IpNat - ok
19:36:44.0781 3176 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:36:44.0781 3176 IPSec - ok
19:36:44.0796 3176 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:36:44.0796 3176 IRENUM - ok
19:36:44.0828 3176 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:36:44.0828 3176 isapnp - ok
19:36:44.0890 3176 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:36:44.0906 3176 JavaQuickStarterService - ok
19:36:44.0921 3176 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:36:44.0921 3176 Kbdclass - ok
19:36:44.0953 3176 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:36:44.0953 3176 kmixer - ok
19:36:44.0968 3176 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:36:45.0031 3176 KSecDD - ok
19:36:45.0062 3176 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:36:45.0062 3176 lanmanserver - ok
19:36:45.0078 3176 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:36:45.0078 3176 lanmanworkstation - ok
19:36:45.0093 3176 lbrtfdc - ok
19:36:45.0125 3176 [ 4127E8B6DDB4090E815C1F8852C277D3 ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
19:36:45.0125 3176 lirsgt - ok
19:36:45.0156 3176 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:36:45.0156 3176 LmHosts - ok
19:36:45.0187 3176 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:36:45.0187 3176 Messenger - ok
19:36:45.0218 3176 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:36:45.0218 3176 mnmdd - ok
19:36:45.0250 3176 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:36:45.0250 3176 mnmsrvc - ok
19:36:45.0265 3176 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:36:45.0265 3176 Modem - ok
19:36:45.0296 3176 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:36:45.0296 3176 Mouclass - ok
19:36:45.0312 3176 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:36:45.0328 3176 mouhid - ok
19:36:45.0343 3176 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:36:45.0343 3176 MountMgr - ok
19:36:45.0359 3176 [ D0AC7AC40FFF21056B1A3401361958CA ] MouseCap C:\WINDOWS\system32\Drivers\MouseCap.sys
19:36:45.0359 3176 MouseCap - ok
19:36:45.0375 3176 mraid35x - ok
19:36:45.0437 3176 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:36:45.0437 3176 MRxDAV - ok
19:36:45.0468 3176 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:36:45.0484 3176 MRxSmb - ok
19:36:45.0500 3176 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:36:45.0500 3176 MSDTC - ok
19:36:45.0531 3176 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:36:45.0531 3176 Msfs - ok
19:36:45.0531 3176 MSIServer - ok
19:36:45.0546 3176 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:36:45.0546 3176 MSKSSRV - ok
19:36:45.0562 3176 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:36:45.0578 3176 MSPCLOCK - ok
19:36:45.0578 3176 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:36:45.0593 3176 MSPQM - ok
19:36:45.0609 3176 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:36:45.0609 3176 mssmbios - ok
19:36:45.0625 3176 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:36:45.0625 3176 MSTEE - ok
19:36:45.0656 3176 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:36:45.0656 3176 MTsensor - ok
19:36:45.0687 3176 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:36:45.0687 3176 Mup - ok
19:36:45.0703 3176 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:36:45.0703 3176 NABTSFEC - ok
19:36:45.0718 3176 naecd - ok
19:36:45.0750 3176 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:36:45.0765 3176 napagent - ok
19:36:45.0781 3176 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:36:45.0781 3176 NDIS - ok
19:36:45.0796 3176 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:36:45.0796 3176 NdisIP - ok
19:36:45.0828 3176 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:36:45.0828 3176 NdisTapi - ok
19:36:45.0843 3176 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:36:45.0843 3176 Ndisuio - ok
19:36:45.0859 3176 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:36:45.0859 3176 NdisWan - ok
19:36:45.0890 3176 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:36:45.0906 3176 NDProxy - ok
19:36:45.0921 3176 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:36:45.0921 3176 NetBIOS - ok
19:36:45.0937 3176 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:36:45.0937 3176 NetBT - ok
19:36:45.0953 3176 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
19:36:45.0968 3176 NetDDE - ok
19:36:45.0968 3176 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:36:45.0968 3176 NetDDEdsdm - ok
19:36:45.0984 3176 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:36:46.0000 3176 Netlogon - ok
19:36:46.0015 3176 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
19:36:46.0031 3176 Netman - ok
19:36:46.0062 3176 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:36:46.0062 3176 NetTcpPortSharing - ok
19:36:46.0125 3176 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
19:36:46.0125 3176 Nla - ok
19:36:46.0187 3176 [ 33A4B24A4C4DCF3C168E2C1151A62FC5 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
19:36:46.0187 3176 nmwcd - ok
19:36:46.0203 3176 [ A77265EF7BF998B8BB22A1A23E72B45D ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
19:36:46.0203 3176 nmwcdc - ok
19:36:46.0218 3176 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:36:46.0218 3176 Npfs - ok
19:36:46.0250 3176 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:36:46.0265 3176 Ntfs - ok
19:36:46.0265 3176 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:36:46.0265 3176 NtLmSsp - ok
19:36:46.0296 3176 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:36:46.0312 3176 NtmsSvc - ok
19:36:46.0328 3176 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:36:46.0328 3176 Null - ok
19:36:46.0359 3176 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:36:46.0359 3176 NwlnkFlt - ok
19:36:46.0375 3176 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:36:46.0375 3176 NwlnkFwd - ok
19:36:46.0406 3176 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:36:46.0406 3176 Parport - ok
19:36:46.0421 3176 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:36:46.0421 3176 PartMgr - ok
19:36:46.0453 3176 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:36:46.0453 3176 ParVdm - ok
19:36:46.0468 3176 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:36:46.0468 3176 pccsmcfd - ok
19:36:46.0484 3176 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:36:46.0484 3176 PCI - ok
19:36:46.0500 3176 PCIDump - ok
19:36:46.0531 3176 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:36:46.0531 3176 PCIIde - ok
19:36:46.0546 3176 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:36:46.0546 3176 Pcmcia - ok
19:36:46.0562 3176 PDCOMP - ok
19:36:46.0562 3176 PDFRAME - ok
19:36:46.0578 3176 PDRELI - ok
19:36:46.0578 3176 PDRFRAME - ok
19:36:46.0578 3176 perc2 - ok
19:36:46.0593 3176 perc2hib - ok
19:36:46.0609 3176 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
19:36:46.0625 3176 PlugPlay - ok
19:36:46.0625 3176 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:36:46.0625 3176 PolicyAgent - ok
19:36:46.0640 3176 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:36:46.0640 3176 PptpMiniport - ok
19:36:46.0671 3176 [ 960BCE3ED38761B446AABAC06C76BADF ] prosync1 C:\WINDOWS\system32\drivers\prosync1.sys
19:36:46.0671 3176 prosync1 - ok
19:36:46.0671 3176 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:36:46.0687 3176 ProtectedStorage - ok
19:36:46.0687 3176 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:36:46.0703 3176 PSched - ok
19:36:46.0718 3176 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:36:46.0718 3176 Ptilink - ok
19:36:46.0718 3176 ql1080 - ok
19:36:46.0718 3176 Ql10wnt - ok
19:36:46.0734 3176 ql12160 - ok
19:36:46.0734 3176 ql1240 - ok
19:36:46.0734 3176 ql1280 - ok
19:36:46.0765 3176 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:36:46.0765 3176 RasAcd - ok
19:36:46.0781 3176 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:36:46.0781 3176 RasAuto - ok
19:36:46.0796 3176 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:36:46.0796 3176 Rasl2tp - ok
19:36:46.0828 3176 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:36:46.0828 3176 RasMan - ok
19:36:46.0843 3176 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:36:46.0843 3176 RasPppoe - ok
19:36:46.0859 3176 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:36:46.0875 3176 Raspti - ok
19:36:46.0890 3176 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:36:46.0890 3176 Rdbss - ok
19:36:46.0906 3176 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:36:46.0906 3176 RDPCDD - ok
19:36:46.0953 3176 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:36:46.0953 3176 RDPWD - ok
19:36:46.0984 3176 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:36:46.0984 3176 RDSessMgr - ok
19:36:47.0000 3176 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:36:47.0015 3176 redbook - ok
19:36:47.0031 3176 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:36:47.0093 3176 RemoteAccess - ok
19:36:47.0125 3176 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
19:36:47.0125 3176 RpcLocator - ok
19:36:47.0140 3176 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:36:47.0140 3176 RpcSs - ok
19:36:47.0171 3176 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:36:47.0171 3176 RSVP - ok
19:36:47.0187 3176 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
19:36:47.0187 3176 SamSs - ok
19:36:47.0218 3176 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:36:47.0218 3176 SCardSvr - ok
19:36:47.0250 3176 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:36:47.0250 3176 Schedule - ok
19:36:47.0281 3176 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:36:47.0281 3176 Secdrv - ok
19:36:47.0312 3176 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:36:47.0312 3176 seclogon - ok
19:36:47.0343 3176 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
19:36:47.0343 3176 SENS - ok
19:36:47.0359 3176 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:36:47.0359 3176 serenum - ok
19:36:47.0375 3176 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:36:47.0390 3176 Serial - ok
19:36:47.0453 3176 [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:36:47.0468 3176 ServiceLayer - ok
19:36:47.0500 3176 [ 9E7DEE11FD5A4355941A45F13C0ED59A ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
19:36:47.0515 3176 sfdrv01 - ok
19:36:47.0515 3176 [ ECEFB59D2206D281E6D317AF0EA0D8BD ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
19:36:47.0515 3176 sfhlp02 - ok
19:36:47.0531 3176 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:36:47.0531 3176 Sfloppy - ok
19:36:47.0578 3176 [ 05E3038180CD846B0BCA0E915163606A ] sfsync04 C:\WINDOWS\system32\drivers\sfsync04.sys
19:36:47.0578 3176 sfsync04 - ok
19:36:47.0593 3176 [ D5A7E09D2C6A702809E49190D52ADC9F ] sfvfs02 C:\WINDOWS\system32\drivers\sfvfs02.sys
19:36:47.0593 3176 sfvfs02 - ok
19:36:47.0625 3176 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:36:47.0625 3176 SharedAccess - ok
19:36:47.0656 3176 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:36:47.0656 3176 ShellHWDetection - ok
19:36:47.0656 3176 Simbad - ok
19:36:47.0671 3176 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:36:47.0671 3176 SLIP - ok
19:36:47.0671 3176 Sparrow - ok
19:36:47.0687 3176 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:36:47.0687 3176 splitter - ok
19:36:47.0718 3176 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:36:47.0734 3176 Spooler - ok
19:36:47.0765 3176 [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
19:36:47.0781 3176 sptd - ok
19:36:47.0796 3176 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:36:47.0796 3176 sr - ok
19:36:47.0828 3176 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
19:36:47.0828 3176 srservice - ok
19:36:47.0859 3176 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:36:47.0875 3176 Srv - ok
19:36:47.0890 3176 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:36:47.0890 3176 SSDPSRV - ok
19:36:47.0921 3176 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:36:47.0921 3176 ssmdrv - ok
19:36:47.0953 3176 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:36:47.0953 3176 stisvc - ok
19:36:47.0968 3176 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:36:47.0984 3176 streamip - ok
19:36:47.0984 3176 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:36:47.0984 3176 swenum - ok
19:36:48.0015 3176 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:36:48.0015 3176 swmidi - ok
19:36:48.0015 3176 SwPrv - ok
19:36:48.0031 3176 symc810 - ok
19:36:48.0031 3176 symc8xx - ok
19:36:48.0031 3176 sym_hi - ok
19:36:48.0046 3176 sym_u3 - ok
19:36:48.0062 3176 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:36:48.0062 3176 sysaudio - ok
19:36:48.0078 3176 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:36:48.0078 3176 SysmonLog - ok
19:36:48.0109 3176 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:36:48.0109 3176 TapiSrv - ok
19:36:48.0140 3176 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:36:48.0156 3176 Tcpip - ok
19:36:48.0171 3176 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:36:48.0171 3176 TDPIPE - ok
19:36:48.0250 3176 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:36:48.0281 3176 TDTCP - ok
19:36:48.0390 3176 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:36:48.0437 3176 TermDD - ok
19:36:48.0765 3176 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
19:36:48.0781 3176 TermService - ok
19:36:48.0796 3176 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:36:48.0796 3176 Themes - ok
19:36:48.0796 3176 TosIde - ok
19:36:48.0843 3176 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:36:48.0843 3176 TrkWks - ok
19:36:48.0859 3176 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:36:48.0859 3176 Udfs - ok
19:36:48.0859 3176 ultra - ok
19:36:48.0906 3176 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:36:48.0906 3176 Update - ok
19:36:48.0921 3176 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
19:36:48.0921 3176 upnphost - ok
19:36:48.0953 3176 [ B671514497DF7417F83919A6A5BD6BB9 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
19:36:48.0953 3176 upperdev - ok
19:36:48.0968 3176 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
19:36:48.0968 3176 UPS - ok
19:36:49.0000 3176 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:36:49.0000 3176 usbccgp - ok
19:36:49.0015 3176 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:36:49.0015 3176 usbehci - ok
19:36:49.0046 3176 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:36:49.0046 3176 usbhub - ok
19:36:49.0078 3176 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:36:49.0078 3176 usbprint - ok
19:36:49.0109 3176 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:36:49.0171 3176 usbscan - ok
19:36:49.0203 3176 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
19:36:49.0203 3176 usbser - ok
19:36:49.0218 3176 [ FF358FD3176B2E5605C4ACCD5026A5AC ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
19:36:49.0218 3176 UsbserFilt - ok
19:36:49.0250 3176 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:36:49.0250 3176 USBSTOR - ok
19:36:49.0265 3176 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:36:49.0265 3176 usbuhci - ok
19:36:49.0265 3176 VBoxNetFlt - ok
19:36:49.0312 3176 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:36:49.0312 3176 VgaSave - ok
19:36:49.0328 3176 ViaIde - ok
19:36:49.0359 3176 [ 8643DA4A6C83DA6C10FCAB1E5AB6632D ] Video3D C:\WINDOWS\system32\Drivers\Video3D32.sys
19:36:49.0359 3176 Video3D - ok
19:36:49.0390 3176 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:36:49.0390 3176 VolSnap - ok
19:36:49.0421 3176 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
19:36:49.0437 3176 VSS - ok
19:36:49.0468 3176 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
19:36:49.0484 3176 W32Time - ok
19:36:49.0515 3176 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:36:49.0515 3176 Wanarp - ok
19:36:49.0546 3176 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
19:36:49.0562 3176 Wdf01000 - ok
19:36:49.0562 3176 WDICA - ok
19:36:49.0593 3176 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:36:49.0593 3176 wdmaud - ok
19:36:49.0625 3176 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:36:49.0625 3176 WebClient - ok
19:36:49.0718 3176 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:36:49.0718 3176 winmgmt - ok
19:36:49.0765 3176 [ 4D34CEDD74BDBF2B6A935EAE3BF80543 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
19:36:49.0781 3176 WinRM - ok
19:36:49.0859 3176 [ 5817AA5B3FA37629A78A01697E43A16C ] WISOVD C:\Program Files\WinISO Computing\WinISO\bin\driver\WISOVD_xp.sys
19:36:49.0859 3176 WISOVD - ok
19:36:49.0953 3176 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:36:49.0984 3176 wlidsvc - ok
19:36:50.0015 3176 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:36:50.0015 3176 WmdmPmSN - ok
19:36:50.0031 3176 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:36:50.0031 3176 WmiApSrv - ok
19:36:50.0093 3176 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:36:50.0125 3176 WMPNetworkSvc - ok
19:36:50.0140 3176 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:36:50.0140 3176 WpdUsb - ok
19:36:50.0171 3176 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:36:50.0171 3176 WS2IFSL - ok
19:36:50.0203 3176 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:36:50.0203 3176 wscsvc - ok
19:36:50.0234 3176 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:36:50.0234 3176 WSTCODEC - ok
19:36:50.0265 3176 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:36:50.0265 3176 wuauserv - ok
19:36:50.0281 3176 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:36:50.0281 3176 WudfPf - ok
19:36:50.0296 3176 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:36:50.0296 3176 WudfRd - ok
19:36:50.0312 3176 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:36:50.0328 3176 WudfSvc - ok
19:36:50.0359 3176 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:36:50.0390 3176 WZCSVC - ok
19:36:50.0406 3176 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:36:50.0421 3176 xmlprov - ok
19:36:50.0421 3176 ================ Scan global ===============================
19:36:50.0453 3176 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
19:36:50.0484 3176 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
19:36:50.0500 3176 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
19:36:50.0531 3176 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
19:36:50.0531 3176 [Global] - ok
19:36:50.0531 3176 ================ Scan MBR ==================================
19:36:50.0546 3176 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
19:36:50.0750 3176 \Device\Harddisk0\DR0 - ok
19:36:50.0750 3176 ================ Scan VBR ==================================
19:36:50.0750 3176 [ A4B8E689FB561D9DD219E4CC63739974 ] \Device\Harddisk0\DR0\Partition1
19:36:50.0750 3176 \Device\Harddisk0\DR0\Partition1 - ok
19:36:50.0750 3176 ============================================================
19:36:50.0750 3176 Scan finished
19:36:50.0750 3176 ============================================================
19:36:50.0765 1528 Detected object count: 0
19:36:50.0765 1528 Actual detected object count: 0

hriba350
nováček
Příspěvky: 8
Registrován: leden 13
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu s RSIt (preventivka)

Příspěvekod hriba350 » 04 led 2013 20:08

ComboFix 13-01-04.03 - Owner 04.01.2013 19:44:46.4.2 - x86
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\fsmsiuninstall.log
c:\windows\system32\TZLog.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-04 do 2013-01-04 )))))))))))))))))))))))))))))))
.
.
2020-04-23 07:01 . 2011-06-01 19:42 -------- d-----w- c:\windows\system32\GroupPolicy
2013-01-03 17:27 . 2013-01-03 17:27 -------- d-----w- c:\documents and settings\Owner\Data aplikací\dvdcss
2013-01-02 12:50 . 2013-01-02 12:50 -------- d-----w- c:\program files\Lost Inca Prophecy 2 - The Hollow Island
2013-01-02 12:50 . 2013-01-02 12:50 -------- d-----w- c:\windows\Lost Inca Prophecy 2 - The Hollow Island
2013-01-02 11:02 . 2013-01-02 11:02 -------- d-----w- c:\documents and settings\Owner\Data aplikací\Avira
2013-01-02 10:51 . 2012-11-16 19:17 83432 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-01-02 10:51 . 2012-11-16 19:17 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-01-02 10:51 . 2012-11-16 19:17 133824 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-01-02 10:51 . 2013-01-02 10:51 -------- d-----w- c:\program files\Avira
2013-01-02 10:49 . 2013-01-02 10:49 204924 ----a-w- c:\documents and settings\All Users\Data aplikací\1357123719.bdinstall.bin
2013-01-02 10:49 . 2013-01-02 10:49 -------- d-----w- c:\program files\Bitdefender
2013-01-02 10:31 . 2013-01-02 10:31 808289 ----a-w- c:\documents and settings\All Users\Data aplikací\1357122068.bdinstall.bin
2013-01-02 10:29 . 2013-01-02 10:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BDLogging
2013-01-02 10:29 . 2007-04-11 09:11 511328 ----a-w- c:\windows\capicom.dll
2013-01-02 10:20 . 2013-01-02 10:49 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-01-01 19:57 . 2013-01-03 19:38 -------- d-----w- c:\documents and settings\Owner\Data aplikací\vlc
2012-12-29 17:05 . 2012-12-30 19:43 -------- d-----w- c:\program files\Jantarova kletba
2012-12-28 10:54 . 2012-12-28 10:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2012-12-27 15:36 . 2012-12-27 15:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Trend Micro
2012-12-27 15:32 . 2012-12-27 15:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Trend Micro
2012-12-27 15:08 . 2012-12-27 15:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\F-Secure
2012-12-27 15:06 . 2012-12-27 15:29 -------- d-----w- c:\program files\F-Secure
2012-12-27 15:05 . 2012-12-27 15:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\fssg
2012-12-23 19:28 . 2012-12-23 19:33 -------- d-----w- c:\program files\ProgDVB
2012-12-23 15:31 . 2012-12-23 15:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Transcripted
2012-12-23 15:27 . 2012-12-23 15:27 -------- d-----w- c:\windows\Transcripted
2012-12-23 15:13 . 2012-12-23 15:13 -------- d-----w- c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
2012-12-22 21:33 . 2012-12-22 21:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Trymedia
2012-12-18 11:46 . 2012-12-29 17:19 -------- d-----w- c:\program files\Fantom - Zlocin v Benatkach - Sberatelska edice
2012-12-17 16:19 . 2012-12-17 16:22 -------- d-----w- c:\program files\18 Wheels of Steel American Long Haul
2012-12-16 09:25 . 2012-12-16 09:25 -------- d-----w- c:\documents and settings\Owner\Data aplikací\AVG2013
2012-12-16 09:18 . 2012-12-16 09:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\MFAData
2012-12-16 09:18 . 2012-12-16 09:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Avg2013
2012-12-16 09:12 . 2012-12-16 09:12 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\GeekBuddyRSP
2012-12-15 23:00 . 2012-12-15 23:00 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\GeekBuddyRSP
2012-12-15 23:00 . 2012-12-16 09:53 -------- d-----w- c:\program files\Common Files\Comodo
2012-12-15 22:55 . 2012-12-15 22:55 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\TightVNC
2012-12-15 22:52 . 2012-12-15 22:52 -------- d-s---w- c:\documents and settings\All Users\Data aplikací\Shared Space
2012-12-15 22:47 . 2012-12-16 09:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\COMODO
2012-12-15 22:46 . 2012-12-15 22:46 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\TightVNC
2012-12-15 22:45 . 2012-12-16 09:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\COMODO
2012-12-07 18:22 . 2012-12-07 18:22 -------- d-----w- C:\rsit
2012-12-05 20:31 . 2012-06-27 14:18 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-12-05 20:31 . 2012-12-05 20:31 -------- d-----w- c:\program files\PC Connectivity Solution
2012-12-05 20:29 . 2012-12-07 17:03 -------- d-----w- c:\program files\Nokia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 18:54 . 2012-06-09 11:27 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 18:54 . 2011-10-01 19:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-21 10:49 . 2012-04-07 13:05 46248 ----a-w- c:\windows\system32\drivers\tpsec.sys
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 03:45 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 03:45 . 2006-03-02 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 03:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-11-01 03:45 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2012-10-15 14:53 . 2012-10-15 14:53 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-16 384800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0tpnative
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 18:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
2007-07-12 09:03 380928 ----a-w- c:\program files\ASUS\GamerOSD\GamerOSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-04-03 16:00 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
2006-11-01 13:50 2154496 ----a-w- c:\program files\GameFace Messenger\GameFace.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-04-04 17:22 1822720 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 11:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
.
R1 HMFAxCore46691b2fe72383a3b643d95081ef1d95;HMFAxCore46691b2fe72383a3b643d95081ef1d95; [x]
R2 ioloSystemService;iolo System Service; [x]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [x]
R3 AVFSFilter;AVFSFilter; [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [x]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [x]
R3 naecd;naecd; [x]
R3 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; [x]
R3 WISOVD;WISOVD;c:\program files\WinISO Computing\WinISO\bin\driver\WISOVD_xp.sys [x]
S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [x]
S1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l151x86.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 MouseCap;MouseCapture Driver;c:\windows\system32\Drivers\MouseCap.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 40933377
*Deregistered* - 40933377
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 18:54]
.
2012-10-07 c:\windows\Tasks\Auslogics Disk Defrag Prof Task {00000001-C3A2-4E89-B997-2510B2D90E89} for Owner.job
- c:\program files\Auslogics\Auslogics Disk Defrag Professional\DiskDefrag.exe [2012-10-05 09:35]
.
2012-10-07 c:\windows\Tasks\Auslogics Disk Defrag Prof Task {00000001-E941-4E93-A63D-2CA6A84A917E} for Owner.job
- c:\program files\Auslogics\Auslogics Disk Defrag Professional\DiskDefrag.exe [2012-10-05 09:35]
.
2012-12-29 c:\windows\Tasks\Registry Winner Schedule.job
- c:\program files\Registry Winner\RegistryWinner.exe [2012-05-24 12:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Owner\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
MSConfigStartUp-AntivirusCommunicatorAgent - c:\program files\trustport\antivirus\bin\avcom.exe
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-TrustPortDiskProtectionWatchDog - c:\program files\trustport\diskprotection\bin\tdwatch.exe
MSConfigStartUp-TrustPortTray - c:\program files\common files\trustport\bin\tptray.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-04 20:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2013-01-04 20:08:09
ComboFix-quarantined-files.txt 2013-01-04 19:08
ComboFix2.txt 2012-11-26 20:41
.
Před spuštěním: Volných bajtů: 17 433 808 896
Po spuštění: Volných bajtů: 18 363 281 408
.
- - End Of File - - F635C6ED5C19FC7B9EDDB20A1729FE13

Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu s RSIt (preventivka)

Příspěvekod Žbeky » 04 led 2013 22:52

To jako děláš testera antivirovým společnostem?

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
c:\documents and settings\Owner\Local Settings\Data aplikací\Trend Micro
c:\documents and settings\All Users\Data aplikací\Trend Micro
c:\documents and settings\NetworkService\Local Settings\Data aplikací\F-Secure
c:\program files\F-Secure
c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
c:\documents and settings\Owner\Data aplikací\AVG2013
c:\documents and settings\Owner\Local Settings\Data aplikací\MFAData
c:\documents and settings\Owner\Local Settings\Data aplikací\Avg2013
c:\program files\Ask.com
c:\program files\trustport
c:\program files\common files\trustport

File::
c:\windows\Tasks\Auslogics Disk Defrag Prof Task {00000001-C3A2-4E89-B997-2510B2D90E89} for Owner.job
c:\windows\Tasks\Auslogics Disk Defrag Prof Task {00000001-E941-4E93-A63D-2CA6A84A917E} for Owner.job
c:\windows\Tasks\Registry Winner Schedule.job

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Driver::
naecd

DDS::
uInternet Settings,ProxyOverride = *.local

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu


Toto otestuj na Virustotal
c:\windows\system32\drivers\360HookOem.sys
c:\windows\system32\drivers\360FileOem.sys
c:\windows\system32\drivers\360RegOem.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra


hriba350
nováček
Příspěvky: 8
Registrován: leden 13
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu s RSIt (preventivka)

Příspěvekod hriba350 » 06 led 2013 12:19

ComboFix 13-01-04.03 - Owner 06.01.2013 11:56:23.5.2 - x86
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\Auslogics Disk Defrag Prof Task {00000001-C3A2-4E89-B997-2510B2D90E89} for Owner.job"
"c:\windows\Tasks\Auslogics Disk Defrag Prof Task {00000001-E941-4E93-A63D-2CA6A84A917E} for Owner.job"
"c:\windows\Tasks\Registry Winner Schedule.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\F-Secure
c:\program files\F-Secure\Anti-Virus\fa_gem.log
c:\program files\F-Secure\Anti-Virus\fa_peg.log
c:\program files\F-Secure\Common\daas2_cdsa.cr
c:\program files\F-Secure\config.xml.P00000444
c:\program files\F-Secure\FSGUI\POSTINSTALL.apilog
c:\program files\trustport
c:\program files\trustport\unins000.exe
c:\program files\trustport\unins000.msg
c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP\WiseCustomCalla.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NAECD
-------\Service_naecd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-06 do 2013-01-06 )))))))))))))))))))))))))))))))
.
.
2020-04-23 07:01 . 2011-06-01 19:42 -------- d-----w- c:\windows\system32\GroupPolicy
2013-01-03 17:27 . 2013-01-03 17:27 -------- d-----w- c:\documents and settings\Owner\Data aplikací\dvdcss
2013-01-02 12:50 . 2013-01-02 12:50 -------- d-----w- c:\program files\Lost Inca Prophecy 2 - The Hollow Island
2013-01-02 12:50 . 2013-01-02 12:50 -------- d-----w- c:\windows\Lost Inca Prophecy 2 - The Hollow Island
2013-01-02 11:02 . 2013-01-02 11:02 -------- d-----w- c:\documents and settings\Owner\Data aplikací\Avira
2013-01-02 10:51 . 2013-01-04 19:13 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-01-02 10:51 . 2013-01-04 19:13 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-01-02 10:51 . 2012-11-16 19:17 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-01-02 10:51 . 2013-01-02 10:51 -------- d-----w- c:\program files\Avira
2013-01-02 10:49 . 2013-01-02 10:49 204924 ----a-w- c:\documents and settings\All Users\Data aplikací\1357123719.bdinstall.bin
2013-01-02 10:49 . 2013-01-02 10:49 -------- d-----w- c:\program files\Bitdefender
2013-01-02 10:31 . 2013-01-02 10:31 808289 ----a-w- c:\documents and settings\All Users\Data aplikací\1357122068.bdinstall.bin
2013-01-02 10:29 . 2013-01-02 10:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BDLogging
2013-01-02 10:29 . 2007-04-11 09:11 511328 ----a-w- c:\windows\capicom.dll
2013-01-02 10:20 . 2013-01-02 10:49 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-01-01 19:57 . 2013-01-05 18:01 -------- d-----w- c:\documents and settings\Owner\Data aplikací\vlc
2012-12-29 17:05 . 2012-12-30 19:43 -------- d-----w- c:\program files\Jantarova kletba
2012-12-28 10:54 . 2012-12-28 10:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2012-12-27 15:36 . 2012-12-27 15:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Trend Micro
2012-12-27 15:32 . 2012-12-27 15:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Trend Micro
2012-12-27 15:08 . 2012-12-27 15:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\F-Secure
2012-12-27 15:05 . 2012-12-27 15:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\fssg
2012-12-23 19:28 . 2012-12-23 19:33 -------- d-----w- c:\program files\ProgDVB
2012-12-23 15:31 . 2012-12-23 15:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Transcripted
2012-12-23 15:27 . 2012-12-23 15:27 -------- d-----w- c:\windows\Transcripted
2012-12-22 21:33 . 2012-12-22 21:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Trymedia
2012-12-18 11:46 . 2012-12-29 17:19 -------- d-----w- c:\program files\Fantom - Zlocin v Benatkach - Sberatelska edice
2012-12-17 16:19 . 2012-12-17 16:22 -------- d-----w- c:\program files\18 Wheels of Steel American Long Haul
2012-12-16 09:25 . 2012-12-16 09:25 -------- d-----w- c:\documents and settings\Owner\Data aplikací\AVG2013
2012-12-16 09:18 . 2012-12-16 09:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\MFAData
2012-12-16 09:18 . 2012-12-16 09:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Avg2013
2012-12-16 09:12 . 2012-12-16 09:12 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\GeekBuddyRSP
2012-12-15 23:00 . 2012-12-15 23:00 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\GeekBuddyRSP
2012-12-15 23:00 . 2012-12-16 09:53 -------- d-----w- c:\program files\Common Files\Comodo
2012-12-15 22:55 . 2012-12-15 22:55 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\TightVNC
2012-12-15 22:52 . 2012-12-15 22:52 -------- d-s---w- c:\documents and settings\All Users\Data aplikací\Shared Space
2012-12-15 22:47 . 2012-12-16 09:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\COMODO
2012-12-15 22:46 . 2012-12-15 22:46 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\TightVNC
2012-12-15 22:45 . 2012-12-16 09:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\COMODO
2012-12-07 18:22 . 2012-12-07 18:22 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 18:54 . 2012-06-09 11:27 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 18:54 . 2011-10-01 19:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-21 10:49 . 2012-04-07 13:05 46248 ----a-w- c:\windows\system32\drivers\tpsec.sys
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 03:45 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 03:45 . 2006-03-02 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 03:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-11-01 03:45 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2012-10-15 14:53 . 2012-10-15 14:53 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-01-04 384800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0tpnative
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 18:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
2007-07-12 09:03 380928 ----a-w- c:\program files\ASUS\GamerOSD\GamerOSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-04-03 16:00 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
2006-11-01 13:50 2154496 ----a-w- c:\program files\GameFace Messenger\GameFace.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-04-04 17:22 1822720 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 11:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
R1 HMFAxCore46691b2fe72383a3b643d95081ef1d95;HMFAxCore46691b2fe72383a3b643d95081ef1d95; [x]
R2 ioloSystemService;iolo System Service; [x]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [x]
R3 AVFSFilter;AVFSFilter; [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [x]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [x]
R3 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; [x]
R3 WISOVD;WISOVD;c:\program files\WinISO Computing\WinISO\bin\driver\WISOVD_xp.sys [x]
S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [x]
S1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l151x86.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 MouseCap;MouseCapture Driver;c:\windows\system32\Drivers\MouseCap.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 18:54]
.
2012-10-07 c:\windows\Tasks\Auslogics Disk Defrag Prof Task {00000001-C3A2-4E89-B997-2510B2D90E89} for Owner.job
- c:\program files\Auslogics\Auslogics Disk Defrag Professional\DiskDefrag.exe [2012-10-05 09:35]
.
2012-10-07 c:\windows\Tasks\Auslogics Disk Defrag Prof Task {00000001-E941-4E93-A63D-2CA6A84A917E} for Owner.job
- c:\program files\Auslogics\Auslogics Disk Defrag Professional\DiskDefrag.exe [2012-10-05 09:35]
.
2013-01-05 c:\windows\Tasks\Registry Winner Schedule.job
- c:\program files\Registry Winner\RegistryWinner.exe [2012-05-24 12:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Owner\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-06 12:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3104)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2013-01-06 12:19:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-06 11:19
ComboFix2.txt 2013-01-04 19:08
ComboFix3.txt 2012-11-26 20:41
.
Před spuštěním: Volných bajtů: 18 318 893 056
Po spuštění: Volných bajtů: 18 200 952 832
.
- - End Of File - - 441E46BCCC7717CDCFFD62670A0344E8

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu s RSIt (preventivka)

Příspěvekod Orcus » 06 led 2013 13:06

Spusť ten CF v nouzáku ještě. Neprovedlo se všechno
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.

hriba350
nováček
Příspěvky: 8
Registrován: leden 13
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu s RSIt (preventivka)

Příspěvekod hriba350 » 06 led 2013 15:50

se skriptem nebo bez něj


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 103 hostů