Dvojitý hacek a carka, HiJack log mam Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

hranicar
nováček
Příspěvky: 16
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Dvojitý hacek a carka, HiJack log mam

Příspěvekod hranicar » 10 led 2013 01:09

Děkuji za Váš čas!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:55:50, on 10.1.2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Max Spyware Detector\MaxSDTray.exe
C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Max Spyware Detector\MaxMerger.exe
C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
C:\Program Files\Max Spyware Detector\MaxActMon.exe
C:\Program Files\Max Spyware Detector\MaxDBServer.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://puvodni.centrum.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SDActiveMonitor] "C:\Program Files\Max Spyware Detector\MaxSDTray.exe" -AUTO
O4 - HKLM\..\Run: [MaxUSBProc] "C:\Program Files\Max Spyware Detector\MaxUSBProc.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [kuq8wsop] C:\WINDOWS\system32\kuq8wsop.exe
O4 - HKCU\..\Run: [Afluvis] "C:\Documents and Settings\Intellect\Data aplikací\Fami\hyyv.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Zástupce - WD SmartWare.lnk = O:\WD SmartWare.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate1ca864e325b75ca) (gupdate1ca864e325b75ca) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MaxMerger - Max Secure Software - C:\Program Files\Max Spyware Detector\MaxMerger.exe
O23 - Service: MaxWatchDogService - Max Secure Software - C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 6748 bytes

Reklama
Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Dvojitý hacek a carka, HiJack log mam

Příspěvekod Žbeky » 10 led 2013 07:01

Odinstaluj Google toolbar a Max Spyware Detector

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe"
O4 - HKLM\..\Run: [SDActiveMonitor] "C:\Program Files\Max Spyware Detector\MaxSDTray.exe" -AUTO
O4 - HKLM\..\Run: [MaxUSBProc] "C:\Program Files\Max Spyware Detector\MaxUSBProc.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [kuq8wsop] C:\WINDOWS\system32\kuq8wsop.exe
O4 - HKCU\..\Run: [Afluvis] "C:\Documents and Settings\Intellect\Data aplikací\Fami\hyyv.exe"

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

hranicar
nováček
Příspěvky: 16
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Dvojitý hacek a carka, HiJack log mam

Příspěvekod hranicar » 10 led 2013 10:50

Děkuji, byl to boj, ale asi se povedlo všechno.

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.01.10.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Intellect :: ADMIN-81B34D523 [administrátor]

Ochrana: Povolena

10.1.2013 10:35:33
MBAM-log-2013-01-10 (10-46-45).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 208301
Uplynulý čas: 2 minut, 19 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Nebyla provedena žádná instrukce.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Documents and Settings\Intellect\Data aplikací\avdrn.dat (Malware.Trace) -> Nebyla provedena žádná instrukce.

(konec)

Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Dvojitý hacek a carka, HiJack log mam

Příspěvekod Žbeky » 10 led 2013 14:37

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

hranicar
nováček
Příspěvky: 16
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Dvojitý hacek a carka, HiJack log mam

Příspěvekod hranicar » 10 led 2013 15:29

Zatím posílám MbaM log, na ostatním pilně pracuji. Mimochodem HÁČKY už jdou - děkuji tisíckrát!
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.01.10.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Intellect :: ADMIN-81B34D523 [administrátor]

Ochrana: Povolena

10.1.2013 15:17:32
mbam-log-2013-01-10 (15-17-32).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 208207
Uplynulý čas: 2 minut, 25 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Přesun do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Přesun do karantény a opravení se zdařilo.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Documents and Settings\Intellect\Data aplikací\avdrn.dat (Malware.Trace) -> Přesun do karantény a smazání se zdařilo.

(konec)

hranicar
nováček
Příspěvky: 16
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Dvojitý hacek a carka, HiJack log mam

Příspěvekod hranicar » 10 led 2013 16:03

TDSS log 1 část
15:52:14.0437 1272 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:52:14.0562 1272 ============================================================
15:52:14.0562 1272 Current date / time: 2013/01/10 15:52:14.0562
15:52:14.0562 1272 SystemInfo:
15:52:14.0562 1272
15:52:14.0562 1272 OS Version: 5.1.2600 ServicePack: 2.0
15:52:14.0562 1272 Product type: Workstation
15:52:14.0562 1272 ComputerName: ADMIN-81B34D523
15:52:14.0562 1272 UserName: Intellect
15:52:14.0562 1272 Windows directory: C:\WINDOWS
15:52:14.0562 1272 System windows directory: C:\WINDOWS
15:52:14.0562 1272 Processor architecture: Intel x86
15:52:14.0562 1272 Number of processors: 2
15:52:14.0562 1272 Page size: 0x1000
15:52:14.0562 1272 Boot type: Normal boot
15:52:14.0562 1272 ============================================================
15:52:15.0515 1272 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:52:15.0578 1272 Drive \Device\Harddisk2\DR4 - Size: 0x7D00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:52:15.0593 1272 Drive \Device\Harddisk5\DR7 - Size: 0x3D800000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:52:15.0593 1272 ============================================================
15:52:15.0593 1272 \Device\Harddisk0\DR0:
15:52:15.0593 1272 MBR partitions:
15:52:15.0593 1272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
15:52:15.0593 1272 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x190DA4F5
15:52:15.0593 1272 \Device\Harddisk2\DR4:
15:52:15.0593 1272 MBR partitions:
15:52:15.0593 1272 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x4, StartLBA 0x2F, BlocksNum 0x3E7D1
15:52:15.0593 1272 \Device\Harddisk5\DR7:
15:52:15.0593 1272 MBR partitions:
15:52:15.0593 1272 \Device\Harddisk5\DR7\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x1EBFE0
15:52:15.0593 1272 ============================================================
15:52:15.0625 1272 C: <-> \Device\Harddisk0\DR0\Partition1
15:52:15.0671 1272 D: <-> \Device\Harddisk0\DR0\Partition2
15:52:15.0687 1272 ============================================================
15:52:15.0687 1272 Initialize success
15:52:15.0687 1272 ============================================================
15:52:18.0781 2508 ============================================================
15:52:18.0781 2508 Scan started
15:52:18.0781 2508 Mode: Manual;
15:52:18.0781 2508 ============================================================
15:52:19.0593 2508 ================ Scan system memory ========================
15:52:19.0593 2508 System memory - ok
15:52:19.0593 2508 ================ Scan services =============================
15:52:19.0671 2508 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
15:52:19.0687 2508 Aavmker4 - ok
15:52:19.0687 2508 Abiosdsk - ok
15:52:19.0687 2508 abp480n5 - ok
15:52:19.0703 2508 [ FA2FBCDA96D2385F773B059FE5A125A6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:52:19.0703 2508 ACPI - ok
15:52:19.0718 2508 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:52:19.0718 2508 ACPIEC - ok
15:52:19.0718 2508 adpu160m - ok
15:52:19.0750 2508 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:52:19.0750 2508 aec - ok
15:52:19.0750 2508 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:52:19.0765 2508 AFD - ok
15:52:19.0765 2508 Aha154x - ok
15:52:19.0765 2508 aic78u2 - ok
15:52:19.0765 2508 aic78xx - ok
15:52:19.0781 2508 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:52:19.0781 2508 Alerter - ok
15:52:19.0796 2508 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG C:\WINDOWS\System32\alg.exe
15:52:19.0812 2508 ALG - ok
15:52:19.0812 2508 AliIde - ok
15:52:19.0812 2508 amsint - ok
15:52:19.0828 2508 [ 421184F91EAE5C6E78E653C6B32AAE84 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:52:19.0828 2508 AppMgmt - ok
15:52:19.0828 2508 asc - ok
15:52:19.0843 2508 asc3350p - ok
15:52:19.0843 2508 asc3550 - ok
15:52:19.0890 2508 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:52:19.0906 2508 aspnet_state - ok
15:52:19.0937 2508 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:52:19.0937 2508 aswFsBlk - ok
15:52:19.0953 2508 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
15:52:19.0953 2508 aswMon2 - ok
15:52:19.0968 2508 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
15:52:19.0968 2508 AswRdr - ok
15:52:20.0000 2508 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
15:52:20.0000 2508 aswSnx - ok
15:52:20.0015 2508 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
15:52:20.0015 2508 aswSP - ok
15:52:20.0031 2508 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
15:52:20.0031 2508 aswTdi - ok
15:52:20.0046 2508 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:52:20.0046 2508 atapi - ok
15:52:20.0046 2508 Atdisk - ok
15:52:20.0062 2508 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:52:20.0062 2508 AudioSrv - ok
15:52:20.0093 2508 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:52:20.0093 2508 audstub - ok
15:52:20.0171 2508 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:52:20.0171 2508 avast! Antivirus - ok
15:52:20.0187 2508 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:52:20.0187 2508 Beep - ok
15:52:20.0218 2508 [ E774A26610EC92674273486612C11CFC ] BITS C:\WINDOWS\system32\qmgr.dll
15:52:20.0281 2508 BITS - ok
15:52:20.0328 2508 [ F219E27E88107A50544153898DD8178E ] Browser C:\WINDOWS\System32\browser.dll
15:52:20.0343 2508 Browser - ok
15:52:20.0406 2508 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:52:20.0406 2508 cbidf2k - ok
15:52:20.0406 2508 cd20xrnt - ok
15:52:20.0437 2508 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:52:20.0437 2508 Cdfs - ok
15:52:20.0453 2508 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:52:20.0453 2508 Cdrom - ok
15:52:20.0453 2508 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:52:20.0468 2508 CiSvc - ok
15:52:20.0468 2508 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:52:20.0468 2508 ClipSrv - ok
15:52:20.0500 2508 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:52:20.0531 2508 clr_optimization_v2.0.50727_32 - ok
15:52:20.0531 2508 CmdIde - ok
15:52:20.0546 2508 COMSysApp - ok
15:52:20.0546 2508 Cpqarray - ok
15:52:20.0562 2508 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:52:20.0562 2508 CryptSvc - ok
15:52:20.0562 2508 dac2w2k - ok
15:52:20.0578 2508 dac960nt - ok
15:52:20.0593 2508 [ C72C15EE57E248C66E57C76CAB086CF2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:52:20.0593 2508 DcomLaunch - ok
15:52:20.0609 2508 [ 562830EFB7CF367FB773FEA5256E67C8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:52:20.0609 2508 Dhcp - ok
15:52:20.0625 2508 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:52:20.0625 2508 Disk - ok
15:52:20.0625 2508 dmadmin - ok
15:52:20.0656 2508 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:52:20.0671 2508 dmboot - ok
15:52:20.0671 2508 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:52:20.0671 2508 dmio - ok
15:52:20.0671 2508 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:52:20.0671 2508 dmload - ok
15:52:20.0687 2508 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:52:20.0687 2508 dmserver - ok
15:52:20.0703 2508 [ F605B3F5674D67587C4B6C9E92A3E025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:52:20.0703 2508 Dnscache - ok
15:52:20.0703 2508 dpti2o - ok
15:52:20.0718 2508 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:52:20.0718 2508 ERSvc - ok
15:52:20.0734 2508 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] Eventlog C:\WINDOWS\system32\services.exe
15:52:20.0734 2508 Eventlog - ok
15:52:20.0734 2508 [ 972378B907070F64932A87C90A035487 ] EventSystem C:\WINDOWS\system32\es.dll
15:52:20.0750 2508 EventSystem - ok
15:52:20.0750 2508 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:52:20.0750 2508 Fastfat - ok
15:52:20.0765 2508 [ 8BA76BD2A943F642F267A296A15776D2 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:52:20.0765 2508 FastUserSwitchingCompatibility - ok
15:52:20.0781 2508 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:52:20.0781 2508 Fips - ok
15:52:20.0796 2508 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:52:20.0796 2508 FltMgr - ok
15:52:20.0812 2508 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:52:20.0812 2508 Fs_Rec - ok
15:52:20.0812 2508 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:52:20.0812 2508 Ftdisk - ok
15:52:20.0828 2508 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:52:20.0828 2508 Gpc - ok
15:52:20.0875 2508 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca864e325b75ca C:\Program Files\Google\Update\GoogleUpdate.exe
15:52:20.0875 2508 gupdate1ca864e325b75ca - ok
15:52:20.0875 2508 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:52:20.0890 2508 gupdatem - ok
15:52:20.0921 2508 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:52:20.0921 2508 HDAudBus - ok
15:52:20.0921 2508 [ F59152272782FED8A8197FA788287F68 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:52:20.0921 2508 helpsvc - ok
15:52:20.0937 2508 HidServ - ok
15:52:20.0953 2508 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:52:20.0953 2508 HidUsb - ok
15:52:20.0953 2508 hpn - ok
15:52:20.0984 2508 [ E51B7370D35E0006EDF0E12B610C3489 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
15:52:20.0984 2508 HSFHWBS2 - ok
15:52:21.0015 2508 [ 0E44AF3828111D4C3E73C33AC95226D8 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:52:21.0031 2508 HSF_DPV - ok
15:52:21.0046 2508 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:52:21.0046 2508 HTTP - ok
15:52:21.0062 2508 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:52:21.0078 2508 HTTPFilter - ok
15:52:21.0093 2508 [ 8F09F91B5C91363B77BCD15599570F2C ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
15:52:21.0093 2508 i2omgmt - ok
15:52:21.0093 2508 i2omp - ok
15:52:21.0109 2508 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:52:21.0109 2508 i8042prt - ok
15:52:21.0234 2508 [ 9ACB03875CFE068D5CC0E98FB2CF7017 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:52:21.0328 2508 ialm - ok
15:52:21.0343 2508 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:52:21.0343 2508 ImapiService - ok
15:52:21.0359 2508 ini910u - ok
15:52:21.0468 2508 [ DB589671E0C403D65884CF0B50600FCD ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:52:21.0500 2508 IntcAzAudAddService - ok
15:52:21.0500 2508 IntelIde - ok
15:52:21.0515 2508 [ 10A3AC0F0DF720AD3C3FD13861D50EB9 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:52:21.0515 2508 intelppm - ok
15:52:21.0531 2508 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:52:21.0531 2508 IpNat - ok
15:52:21.0546 2508 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:52:21.0546 2508 IPSec - ok
15:52:21.0562 2508 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:52:21.0562 2508 isapnp - ok
15:52:21.0593 2508 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:52:21.0593 2508 Kbdclass - ok
15:52:21.0609 2508 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:52:21.0625 2508 kmixer - ok
15:52:21.0625 2508 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:52:21.0625 2508 KSecDD - ok
15:52:21.0640 2508 [ 6D6BDD68B775986577C48A8DF961A05C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:52:21.0640 2508 lanmanserver - ok
15:52:21.0656 2508 [ 69B0569AAE33F0D5057CA0E8577AAF07 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:52:21.0656 2508 lanmanworkstation - ok
15:52:21.0671 2508 [ CC50A66548C2F285BC8A7B0B8AA578E3 ] lbrtfdc C:\WINDOWS\system32\drivers\lbrtfdc.sys
15:52:21.0671 2508 lbrtfdc - ok
15:52:21.0703 2508 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:52:21.0703 2508 LightScribeService - ok
15:52:21.0718 2508 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:52:21.0718 2508 LmHosts - ok
15:52:21.0750 2508 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
15:52:21.0750 2508 MBAMProtector - ok
15:52:21.0796 2508 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:52:21.0796 2508 MBAMScheduler - ok
15:52:21.0828 2508 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:52:21.0828 2508 MBAMService - ok
15:52:21.0859 2508 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:52:21.0859 2508 mdmxsdk - ok
15:52:21.0875 2508 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:52:21.0875 2508 Messenger - ok
15:52:21.0890 2508 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:52:21.0890 2508 mnmdd - ok
15:52:21.0906 2508 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:52:21.0921 2508 mnmsrvc - ok
15:52:21.0937 2508 [ 60210DEB037846AFE521EBF349964F6B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:52:21.0937 2508 Modem - ok
15:52:21.0937 2508 [ B160EC94114715675509115986400FD9 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:52:21.0937 2508 Mouclass - ok
15:52:21.0953 2508 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:52:21.0953 2508 mouhid - ok
15:52:21.0953 2508 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:52:21.0953 2508 MountMgr - ok
15:52:21.0984 2508 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:52:22.0000 2508 MozillaMaintenance - ok
15:52:22.0000 2508 mraid35x - ok
15:52:22.0000 2508 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:52:22.0000 2508 MRxDAV - ok
15:52:22.0015 2508 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:52:22.0031 2508 MRxSmb - ok
15:52:22.0046 2508 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:52:22.0046 2508 MSDTC - ok
15:52:22.0062 2508 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:52:22.0062 2508 Msfs - ok
15:52:22.0062 2508 MSIServer - ok
15:52:22.0062 2508 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:52:22.0062 2508 mssmbios - ok
15:52:22.0078 2508 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:52:22.0078 2508 Mup - ok
15:52:22.0093 2508 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:52:22.0093 2508 NDIS - ok
15:52:22.0109 2508 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:52:22.0109 2508 NdisTapi - ok
15:52:22.0125 2508 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:52:22.0125 2508 Ndisuio - ok
15:52:22.0125 2508 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:52:22.0125 2508 NdisWan - ok
15:52:22.0140 2508 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:52:22.0140 2508 NDProxy - ok
15:52:22.0140 2508 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:52:22.0140 2508 NetBIOS - ok
15:52:22.0156 2508 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:52:22.0156 2508 NetBT - ok
15:52:22.0171 2508 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE C:\WINDOWS\system32\netdde.exe
15:52:22.0171 2508 NetDDE - ok
15:52:22.0187 2508 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:52:22.0187 2508 NetDDEdsdm - ok
15:52:22.0203 2508 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:52:22.0203 2508 Netlogon - ok
15:52:22.0218 2508 [ AF342D2781225A8769686E0D47E3123E ] Netman C:\WINDOWS\System32\netman.dll
15:52:22.0218 2508 Netman - ok
15:52:22.0234 2508 [ 64C078BD4EFD441C3F159EDC5EA4420A ] Nla C:\WINDOWS\System32\mswsock.dll
15:52:22.0250 2508 Nla - ok
15:52:22.0296 2508 NMIndexingService - ok
15:52:22.0296 2508 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:52:22.0296 2508 Npfs - ok
15:52:22.0312 2508 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:52:22.0312 2508 Ntfs - ok
15:52:22.0312 2508 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:52:22.0328 2508 NtLmSsp - ok
15:52:22.0343 2508 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:52:22.0359 2508 NtmsSvc - ok
15:52:22.0375 2508 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:52:22.0375 2508 Null - ok
15:52:22.0406 2508 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:52:22.0406 2508 ose - ok
15:52:22.0421 2508 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:52:22.0421 2508 Parport - ok
15:52:22.0421 2508 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:52:22.0421 2508 PartMgr - ok
15:52:22.0453 2508 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:52:22.0453 2508 ParVdm - ok
15:52:22.0468 2508 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:52:22.0468 2508 PCI - ok
15:52:22.0484 2508 PCIDump - ok
15:52:22.0484 2508 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:52:22.0484 2508 PCIIde - ok
15:52:22.0500 2508 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:52:22.0500 2508 Pcmcia - ok
15:52:22.0500 2508 PDCOMP - ok
15:52:22.0500 2508 PDFRAME - ok
15:52:22.0515 2508 PDRELI - ok
15:52:22.0515 2508 PDRFRAME - ok
15:52:22.0515 2508 perc2 - ok
15:52:22.0515 2508 perc2hib - ok
15:52:22.0546 2508 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] PlugPlay C:\WINDOWS\system32\services.exe
15:52:22.0546 2508 PlugPlay - ok
15:52:22.0546 2508 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:52:22.0562 2508 PolicyAgent - ok
15:52:22.0562 2508 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:52:22.0562 2508 PptpMiniport - ok
15:52:22.0562 2508 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:52:22.0578 2508 ProtectedStorage - ok
15:52:22.0578 2508 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:52:22.0578 2508 PSched - ok
15:52:22.0578 2508 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:52:22.0578 2508 Ptilink - ok
15:52:22.0609 2508 [ 183EF96BCC2EC3D5294CB2C2C0ECBCD1 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:52:22.0609 2508 PxHelp20 - ok
15:52:22.0625 2508 ql1080 - ok
15:52:22.0625 2508 Ql10wnt - ok
15:52:22.0625 2508 ql12160 - ok
15:52:22.0625 2508 ql1240 - ok
15:52:22.0640 2508 ql1280 - ok
15:52:22.0640 2508 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:52:22.0640 2508 RasAcd - ok
15:52:22.0656 2508 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:52:22.0671 2508 RasAuto - ok
15:52:22.0671 2508 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:52:22.0671 2508 Rasl2tp - ok
15:52:22.0687 2508 [ 6E519D777C91E90592403C9F981FDF03 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:52:22.0703 2508 RasMan - ok
15:52:22.0703 2508 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:52:22.0703 2508 RasPppoe - ok
15:52:22.0703 2508 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:52:22.0703 2508 Raspti - ok
15:52:22.0718 2508 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:52:22.0718 2508 Rdbss - ok
15:52:22.0718 2508 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:52:22.0718 2508 RDPCDD - ok
15:52:22.0734 2508 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:52:22.0734 2508 rdpdr - ok
15:52:22.0765 2508 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:52:22.0765 2508 RDSessMgr - ok
15:52:22.0781 2508 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:52:22.0781 2508 RemoteAccess - ok
15:52:22.0796 2508 [ 5B21208FCF8970BB61FE98E19D828714 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:52:22.0812 2508 RemoteRegistry - ok
15:52:22.0828 2508 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:52:22.0828 2508 RpcLocator - ok
15:52:22.0859 2508 [ C72C15EE57E248C66E57C76CAB086CF2 ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:52:22.0859 2508 RpcSs - ok
15:52:22.0875 2508 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:52:22.0890 2508 RSVP - ok
15:52:22.0906 2508 [ 839141088AD7EE90F5B441B2D1AFD22C ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
15:52:22.0906 2508 RTLE8023xp - ok
15:52:22.0906 2508 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs C:\WINDOWS\system32\lsass.exe
15:52:22.0906 2508 SamSs - ok
15:52:22.0921 2508 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:52:22.0937 2508 SCardSvr - ok
15:52:22.0953 2508 [ 29AC93307C6182DBE336BCA314947F28 ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:52:22.0968 2508 Schedule - ok
15:52:22.0984 2508 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:52:22.0984 2508 seclogon - ok
15:52:22.0984 2508 [ 220AD85BA9C5B3011296354011B901CC ] SENS C:\WINDOWS\system32\sens.dll
15:52:23.0000 2508 SENS - ok
15:52:23.0000 2508 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:52:23.0015 2508 serenum - ok
15:52:23.0015 2508 [ C1DDBC85251551A840212999DA3D95F3 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:52:23.0015 2508 Serial - ok
15:52:23.0031 2508 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:52:23.0031 2508 SharedAccess - ok
15:52:23.0046 2508 [ 8BA76BD2A943F642F267A296A15776D2 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:52:23.0046 2508 ShellHWDetection - ok
15:52:23.0062 2508 Simbad - ok
15:52:23.0062 2508 Sparrow - ok
15:52:23.0062 2508 [ 21B6FAA88044A41640E03EBB68BE93E8 ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:52:23.0078 2508 Spooler - ok
15:52:23.0078 2508 [ A74035EA526DB97D9D50D2143A55F5CF ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:52:23.0078 2508 sr - ok
15:52:23.0093 2508 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice C:\WINDOWS\system32\srsvc.dll
15:52:23.0093 2508 srservice - ok
15:52:23.0109 2508 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:52:23.0109 2508 Srv - ok
15:52:23.0125 2508 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:52:23.0125 2508 SSDPSRV - ok
15:52:23.0156 2508 [ 0645CCDDDD27F96EEA3534C1DEF736D9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:52:23.0156 2508 stisvc - ok
15:52:23.0171 2508 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:52:23.0171 2508 swenum - ok
15:52:23.0171 2508 SwPrv - ok
15:52:23.0187 2508 symc810 - ok
15:52:23.0187 2508 symc8xx - ok
15:52:23.0187 2508 sym_hi - ok
15:52:23.0187 2508 sym_u3 - ok
15:52:23.0203 2508 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:52:23.0203 2508 sysaudio - ok
15:52:23.0218 2508 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:52:23.0234 2508 SysmonLog - ok
15:52:23.0250 2508 [ 37162D29CD61519E6F5EA0DE99786FF6 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:52:23.0265 2508 TapiSrv - ok
15:52:23.0281 2508 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:52:23.0281 2508 Tcpip - ok
15:52:23.0281 2508 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:52:23.0281 2508 TermDD - ok
15:52:23.0296 2508 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService C:\WINDOWS\System32\termsrv.dll
15:52:23.0312 2508 TermService - ok
15:52:23.0312 2508 [ 8BA76BD2A943F642F267A296A15776D2 ] Themes C:\WINDOWS\System32\shsvcs.dll
15:52:23.0328 2508 Themes - ok
15:52:23.0343 2508 [ 535C2FB97336BAFA509F4783DD1E5746 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:52:23.0343 2508 TlntSvr - ok
15:52:23.0343 2508 TosIde - ok
15:52:23.0359 2508 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:52:23.0359 2508 TrkWks - ok
15:52:23.0390 2508 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:52:23.0390 2508 Udfs - ok
15:52:23.0390 2508 ultra - ok
15:52:23.0406 2508 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
15:52:23.0421 2508 UMWdf - ok
15:52:23.0421 2508 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:52:23.0437 2508 Update - ok
15:52:23.0437 2508 [ 984FC1518B0D5B31D76F0E63608E0500 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:52:23.0453 2508 upnphost - ok
15:52:23.0453 2508 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS C:\WINDOWS\System32\ups.exe
15:52:23.0468 2508 UPS - ok
15:52:23.0484 2508 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:52:23.0484 2508 usbehci - ok
15:52:23.0500 2508 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:52:23.0500 2508 usbhub - ok
15:52:23.0500 2508 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:52:23.0500 2508 usbstor - ok
15:52:23.0515 2508 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:52:23.0515 2508 usbuhci - ok
15:52:23.0515 2508 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:52:23.0531 2508 VgaSave - ok
15:52:23.0531 2508 ViaIde - ok
15:52:23.0546 2508 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:52:23.0546 2508 VolSnap - ok
15:52:23.0546 2508 [ 043539881667BB37B07524032D6FFC3E ] VSS C:\WINDOWS\System32\vssvc.exe
15:52:23.0562 2508 VSS - ok
15:52:23.0578 2508 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time C:\WINDOWS\system32\w32time.dll
15:52:23.0578 2508 W32Time - ok
15:52:23.0593 2508 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:52:23.0593 2508 Wanarp - ok
15:52:23.0609 2508 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
15:52:23.0609 2508 WDC_SAM - ok
15:52:23.0640 2508 [ 7D1E301E2EEAF6D3730887DE933413E6 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
15:52:23.0640 2508 WDDMService - ok
15:52:23.0640 2508 WDICA - ok
15:52:23.0671 2508 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:52:23.0671 2508 wdmaud - ok
15:52:23.0671 2508 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
15:52:23.0671 2508 WDSmartWareBackgroundService - ok
15:52:23.0687 2508 [ 3791ADF1D3466AC6B4B662D3F79CBFEC ] WebClient C:\WINDOWS\System32\webclnt.dll
15:52:23.0703 2508 WebClient - ok
15:52:23.0718 2508 [ 214BC3AD84907AD6AD655AC5465F449A ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:52:23.0734 2508 winachsf - ok
15:52:23.0781 2508 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:52:23.0781 2508 winmgmt - ok
15:52:23.0812 2508 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:52:23.0812 2508 WmdmPmSN - ok
15:52:23.0843 2508 [ 0CDC4A0C6B820FAD99FB4CA74CD0C476 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:52:23.0843 2508 Wmi - ok
15:52:23.0875 2508 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:52:23.0875 2508 WmiApSrv - ok
15:52:23.0890 2508 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:52:23.0906 2508 wscsvc - ok
15:52:23.0921 2508 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:52:23.0921 2508 wuauserv - ok
15:52:23.0937 2508 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:52:23.0953 2508 WZCSVC - ok
15:52:23.0968 2508 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:52:23.0984 2508 xmlprov - ok
15:52:23.0984 2508 ================ Scan global ===============================
15:52:24.0000 2508 [ F642F3368D2839798DA79E7BA9218481 ] C:\WINDOWS\system32\basesrv.dll
15:52:24.0000 2508 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
15:52:24.0015 2508 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
15:52:24.0031 2508 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] C:\WINDOWS\system32\services.exe
15:52:24.0046 2508 [Global] - ok
15:52:24.0046 2508 ================ Scan MBR ==================================
15:52:24.0046 2508 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
15:52:24.0203 2508 \Device\Harddisk0\DR0 - ok
15:52:24.0218 2508 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR4
15:52:24.0250 2508 \Device\Harddisk2\DR4 - ok
15:52:24.0265 2508 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk5\DR7
15:52:24.0875 2508 \Device\Harddisk5\DR7 - ok
15:52:24.0875 2508 ================ Scan VBR ==================================
15:52:24.0921 2508 [ D2DEE9A27E9EADF9B9AA042E3331E8E9 ] \Device\Harddisk0\DR0\Partition1
15:52:24.0921 2508 \Device\Harddisk0\DR0\Partition1 - ok
15:52:24.0937 2508 [ 21AD761C151492EBB5B9194E61C0F7CF ] \Device\Harddisk0\DR0\Partition2
15:52:24.0937 2508 \Device\Harddisk0\DR0\Partition2 - ok
15:52:24.0937 2508 [ E925E3D4D7073B8A68E6CE3588265FBF ] \Device\Harddisk2\DR4\Partition1
15:52:24.0953 2508 \Device\Harddisk2\DR4\Partition1 - ok
15:52:24.0953 2508 [ E1E8D65DA13F9547D25C9DD85D09AD29 ] \Device\Harddisk5\DR7\Partition1
15:52:24.0953 2508 \Device\Harddisk5\DR7\Partition1 - ok
15:52:24.0953 2508 ============================================================
15:52:24.0953 2508 Scan finished
15:52:24.0953 2508 ============================================================
15:52:24.0953 0608 Detected object count: 0
15:52:24.0953 0608 Actual detected object count: 0
15:52:36.0828 2860 ============================================================
15:52:36.0828 2860 Scan started
15:52:36.0828 2860 Mode: Manual;
15:52:36.0828 2860 ============================================================
15:52:36.0984 2860 ================ Scan system memory ========================
15:52:36.0984 2860 System memory - ok
15:52:36.0984 2860 ================ Scan services =============================
15:52:37.0046 2860 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
15:52:37.0046 2860 Aavmker4 - ok
15:52:37.0046 2860 Abiosdsk - ok
15:52:37.0046 2860 abp480n5 - ok
15:52:37.0062 2860 [ FA2FBCDA96D2385F773B059FE5A125A6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:52:37.0078 2860 ACPI - ok
15:52:37.0093 2860 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:52:37.0093 2860 ACPIEC - ok
15:52:37.0093 2860 adpu160m - ok
15:52:37.0109 2860 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:52:37.0109 2860 aec - ok
15:52:37.0125 2860 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:52:37.0125 2860 AFD - ok
15:52:37.0125 2860 Aha154x - ok
15:52:37.0125 2860 aic78u2 - ok
15:52:37.0140 2860 aic78xx - ok
15:52:37.0156 2860 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:52:37.0156 2860 Alerter - ok
15:52:37.0171 2860 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG C:\WINDOWS\System32\alg.exe
15:52:37.0171 2860 ALG - ok
15:52:37.0171 2860 AliIde - ok
15:52:37.0171 2860 amsint - ok
15:52:37.0187 2860 [ 421184F91EAE5C6E78E653C6B32AAE84 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:52:37.0187 2860 AppMgmt - ok
15:52:37.0203 2860 asc - ok
15:52:37.0203 2860 asc3350p - ok
15:52:37.0203 2860 asc3550 - ok
15:52:37.0250 2860 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:52:37.0250 2860 aspnet_state - ok
15:52:37.0265 2860 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:52:37.0265 2860 aswFsBlk - ok
15:52:37.0281 2860 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
15:52:37.0281 2860 aswMon2 - ok
15:52:37.0312 2860 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
15:52:37.0312 2860 AswRdr - ok
15:52:37.0328 2860 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
15:52:37.0328 2860 aswSnx - ok
15:52:37.0359 2860 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
15:52:37.0359 2860 aswSP - ok
15:52:37.0359 2860 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
15:52:37.0359 2860 aswTdi - ok
15:52:37.0375 2860 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:52:37.0375 2860 atapi - ok
15:52:37.0390 2860 Atdisk - ok
15:52:37.0406 2860 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:52:37.0406 2860 AudioSrv - ok
15:52:37.0421 2860 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:52:37.0421 2860 audstub - ok
15:52:37.0484 2860 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:52:37.0484 2860 avast! Antivirus - ok
15:52:37.0515 2860 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:52:37.0515 2860 Beep - ok
15:52:37.0531 2860 [ E774A26610EC92674273486612C11CFC ] BITS C:\WINDOWS\system32\qmgr.dll
15:52:37.0546 2860 BITS - ok
15:52:37.0562 2860 [ F219E27E88107A50544153898DD8178E ] Browser C:\WINDOWS\System32\browser.dll
15:52:37.0562 2860 Browser - ok
15:52:37.0578 2860 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:52:37.0578 2860 cbidf2k - ok
15:52:37.0593 2860 cd20xrnt - ok
15:52:37.0609 2860 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:52:37.0609 2860 Cdfs - ok
15:52:37.0625 2860 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:52:37.0625 2860 Cdrom - ok
15:52:37.0640 2860 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:52:37.0640 2860 CiSvc - ok
15:52:37.0640 2860 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:52:37.0640 2860 ClipSrv - ok
15:52:37.0671 2860 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:52:37.0671 2860 clr_optimization_v2.0.50727_32 - ok
15:52:37.0671 2860 CmdIde - ok
15:52:37.0687 2860 COMSysApp - ok
15:52:37.0687 2860 Cpqarray - ok
15:52:37.0703 2860 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:52:37.0703 2860 CryptSvc - ok
15:52:37.0703 2860 dac2w2k - ok
15:52:37.0718 2860 dac960nt - ok
15:52:37.0734 2860 [ C72C15EE57E248C66E57C76CAB086CF2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:52:37.0734 2860 DcomLaunch - ok
15:52:37.0750 2860 [ 562830EFB7CF367FB773FEA5256E67C8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:52:37.0750 2860 Dhcp - ok
15:52:37.0765 2860 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:52:37.0765 2860 Disk - ok
15:52:37.0765 2860 dmadmin - ok
15:52:37.0796 2860 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:52:37.0796 2860 dmboot - ok
15:52:37.0812 2860 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:52:37.0812 2860 dmio - ok
15:52:37.0812 2860 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:52:37.0812 2860 dmload - ok
15:52:37.0812 2860 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:52:37.0812 2860 dmserver - ok
15:52:37.0843 2860 [ F605B3F5674D67587C4B6C9E92A3E025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:52:37.0843 2860 Dnscache - ok
15:52:37.0843 2860 dpti2o - ok
15:52:37.0859 2860 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:52:37.0859 2860 ERSvc - ok
15:52:37.0875 2860 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] Eventlog C:\WINDOWS\system32\services.exe
15:52:37.0875 2860 Eventlog - ok
15:52:37.0875 2860 [ 972378B907070F64932A87C90A035487 ] EventSystem C:\WINDOWS\system32\es.dll
15:52:37.0890 2860 EventSystem - ok
15:52:37.0890 2860 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:52:37.0890 2860 Fastfat - ok
15:52:37.0906 2860 [ 8BA76BD2A943F642F267A296A15776D2 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:52:37.0906 2860 FastUserSwitchingCompatibility - ok
15:52:37.0921 2860 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:52:37.0921 2860 Fips - ok
15:52:37.0937 2860 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:52:37.0937 2860 FltMgr - ok
15:52:37.0953 2860 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:52:37.0953 2860 Fs_Rec - ok
15:52:37.0953 2860 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:52:37.0953 2860 Ftdisk - ok
15:52:37.0968 2860 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:52:37.0968 2860 Gpc - ok

hranicar
nováček
Příspěvky: 16
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Dvojitý hacek a carka, HiJack log mam

Příspěvekod hranicar » 10 led 2013 16:04

TDSS log 2 část

15:52:38.0015 2860 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca864e325b75ca C:\Program Files\Google\Update\GoogleUpdate.exe
15:52:38.0015 2860 gupdate1ca864e325b75ca - ok
15:52:38.0015 2860 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:52:38.0031 2860 gupdatem - ok
15:52:38.0062 2860 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:52:38.0062 2860 HDAudBus - ok
15:52:38.0062 2860 [ F59152272782FED8A8197FA788287F68 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:52:38.0062 2860 helpsvc - ok
15:52:38.0078 2860 HidServ - ok
15:52:38.0093 2860 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:52:38.0093 2860 HidUsb - ok
15:52:38.0093 2860 hpn - ok
15:52:38.0125 2860 [ E51B7370D35E0006EDF0E12B610C3489 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
15:52:38.0125 2860 HSFHWBS2 - ok
15:52:38.0156 2860 [ 0E44AF3828111D4C3E73C33AC95226D8 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:52:38.0156 2860 HSF_DPV - ok
15:52:38.0187 2860 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:52:38.0187 2860 HTTP - ok
15:52:38.0203 2860 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:52:38.0203 2860 HTTPFilter - ok
15:52:38.0234 2860 [ 8F09F91B5C91363B77BCD15599570F2C ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
15:52:38.0234 2860 i2omgmt - ok
15:52:38.0234 2860 i2omp - ok
15:52:38.0234 2860 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:52:38.0234 2860 i8042prt - ok
15:52:38.0375 2860 [ 9ACB03875CFE068D5CC0E98FB2CF7017 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:52:38.0406 2860 ialm - ok
15:52:38.0421 2860 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:52:38.0437 2860 ImapiService - ok
15:52:38.0437 2860 ini910u - ok
15:52:38.0546 2860 [ DB589671E0C403D65884CF0B50600FCD ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:52:38.0578 2860 IntcAzAudAddService - ok
15:52:38.0578 2860 IntelIde - ok
15:52:38.0609 2860 [ 10A3AC0F0DF720AD3C3FD13861D50EB9 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:52:38.0609 2860 intelppm - ok
15:52:38.0609 2860 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:52:38.0609 2860 IpNat - ok
15:52:38.0625 2860 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:52:38.0625 2860 IPSec - ok
15:52:38.0656 2860 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:52:38.0656 2860 isapnp - ok
15:52:38.0687 2860 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:52:38.0687 2860 Kbdclass - ok
15:52:38.0703 2860 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:52:38.0703 2860 kmixer - ok
15:52:38.0703 2860 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:52:38.0703 2860 KSecDD - ok
15:52:38.0718 2860 [ 6D6BDD68B775986577C48A8DF961A05C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:52:38.0718 2860 lanmanserver - ok
15:52:38.0734 2860 [ 69B0569AAE33F0D5057CA0E8577AAF07 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:52:38.0750 2860 lanmanworkstation - ok
15:52:38.0750 2860 [ CC50A66548C2F285BC8A7B0B8AA578E3 ] lbrtfdc C:\WINDOWS\system32\drivers\lbrtfdc.sys
15:52:38.0750 2860 lbrtfdc - ok
15:52:38.0781 2860 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:52:38.0781 2860 LightScribeService - ok
15:52:38.0796 2860 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:52:38.0812 2860 LmHosts - ok
15:52:38.0843 2860 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
15:52:38.0843 2860 MBAMProtector - ok
15:52:38.0890 2860 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:52:38.0890 2860 MBAMScheduler - ok
15:52:38.0906 2860 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:52:38.0906 2860 MBAMService - ok
15:52:38.0937 2860 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:52:38.0937 2860 mdmxsdk - ok
15:52:38.0953 2860 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:52:38.0953 2860 Messenger - ok
15:52:38.0968 2860 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:52:38.0968 2860 mnmdd - ok
15:52:39.0000 2860 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:52:39.0000 2860 mnmsrvc - ok
15:52:39.0015 2860 [ 60210DEB037846AFE521EBF349964F6B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:52:39.0015 2860 Modem - ok
15:52:39.0015 2860 [ B160EC94114715675509115986400FD9 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:52:39.0015 2860 Mouclass - ok
15:52:39.0046 2860 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:52:39.0046 2860 mouhid - ok
15:52:39.0046 2860 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:52:39.0046 2860 MountMgr - ok
15:52:39.0078 2860 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:52:39.0078 2860 MozillaMaintenance - ok
15:52:39.0078 2860 mraid35x - ok
15:52:39.0078 2860 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:52:39.0078 2860 MRxDAV - ok
15:52:39.0109 2860 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:52:39.0109 2860 MRxSmb - ok
15:52:39.0125 2860 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:52:39.0140 2860 MSDTC - ok
15:52:39.0140 2860 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:52:39.0140 2860 Msfs - ok
15:52:39.0140 2860 MSIServer - ok
15:52:39.0156 2860 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:52:39.0156 2860 mssmbios - ok
15:52:39.0156 2860 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:52:39.0156 2860 Mup - ok
15:52:39.0171 2860 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:52:39.0171 2860 NDIS - ok
15:52:39.0187 2860 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:52:39.0187 2860 NdisTapi - ok
15:52:39.0203 2860 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:52:39.0203 2860 Ndisuio - ok
15:52:39.0218 2860 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:52:39.0218 2860 NdisWan - ok
15:52:39.0218 2860 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:52:39.0218 2860 NDProxy - ok
15:52:39.0218 2860 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:52:39.0218 2860 NetBIOS - ok
15:52:39.0234 2860 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:52:39.0234 2860 NetBT - ok
15:52:39.0250 2860 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE C:\WINDOWS\system32\netdde.exe
15:52:39.0265 2860 NetDDE - ok
15:52:39.0265 2860 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:52:39.0265 2860 NetDDEdsdm - ok
15:52:39.0281 2860 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:52:39.0296 2860 Netlogon - ok
15:52:39.0296 2860 [ AF342D2781225A8769686E0D47E3123E ] Netman C:\WINDOWS\System32\netman.dll
15:52:39.0296 2860 Netman - ok
15:52:39.0312 2860 [ 64C078BD4EFD441C3F159EDC5EA4420A ] Nla C:\WINDOWS\System32\mswsock.dll
15:52:39.0312 2860 Nla - ok
15:52:39.0359 2860 NMIndexingService - ok
15:52:39.0375 2860 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:52:39.0375 2860 Npfs - ok
15:52:39.0375 2860 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:52:39.0390 2860 Ntfs - ok
15:52:39.0390 2860 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:52:39.0390 2860 NtLmSsp - ok
15:52:39.0421 2860 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:52:39.0421 2860 NtmsSvc - ok
15:52:39.0437 2860 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:52:39.0437 2860 Null - ok
15:52:39.0468 2860 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:52:39.0468 2860 ose - ok
15:52:39.0484 2860 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:52:39.0484 2860 Parport - ok
15:52:39.0515 2860 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:52:39.0515 2860 PartMgr - ok
15:52:39.0531 2860 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:52:39.0531 2860 ParVdm - ok
15:52:39.0546 2860 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:52:39.0546 2860 PCI - ok
15:52:39.0546 2860 PCIDump - ok
15:52:39.0562 2860 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:52:39.0562 2860 PCIIde - ok
15:52:39.0578 2860 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:52:39.0578 2860 Pcmcia - ok
15:52:39.0578 2860 PDCOMP - ok
15:52:39.0578 2860 PDFRAME - ok
15:52:39.0578 2860 PDRELI - ok
15:52:39.0593 2860 PDRFRAME - ok
15:52:39.0593 2860 perc2 - ok
15:52:39.0593 2860 perc2hib - ok
15:52:39.0625 2860 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] PlugPlay C:\WINDOWS\system32\services.exe
15:52:39.0625 2860 PlugPlay - ok
15:52:39.0625 2860 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:52:39.0640 2860 PolicyAgent - ok
15:52:39.0640 2860 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:52:39.0640 2860 PptpMiniport - ok
15:52:39.0656 2860 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:52:39.0656 2860 ProtectedStorage - ok
15:52:39.0656 2860 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:52:39.0656 2860 PSched - ok
15:52:39.0656 2860 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:52:39.0671 2860 Ptilink - ok
15:52:39.0687 2860 [ 183EF96BCC2EC3D5294CB2C2C0ECBCD1 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:52:39.0687 2860 PxHelp20 - ok
15:52:39.0687 2860 ql1080 - ok
15:52:39.0687 2860 Ql10wnt - ok
15:52:39.0687 2860 ql12160 - ok
15:52:39.0703 2860 ql1240 - ok
15:52:39.0703 2860 ql1280 - ok
15:52:39.0703 2860 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:52:39.0703 2860 RasAcd - ok
15:52:39.0718 2860 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:52:39.0718 2860 RasAuto - ok
15:52:39.0734 2860 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:52:39.0750 2860 Rasl2tp - ok
15:52:39.0750 2860 [ 6E519D777C91E90592403C9F981FDF03 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:52:39.0765 2860 RasMan - ok
15:52:39.0765 2860 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:52:39.0765 2860 RasPppoe - ok
15:52:39.0765 2860 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:52:39.0781 2860 Raspti - ok
15:52:39.0781 2860 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:52:39.0781 2860 Rdbss - ok
15:52:39.0781 2860 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:52:39.0781 2860 RDPCDD - ok
15:52:39.0812 2860 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:52:39.0812 2860 rdpdr - ok
15:52:39.0843 2860 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:52:39.0843 2860 RDSessMgr - ok
15:52:39.0859 2860 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:52:39.0859 2860 RemoteAccess - ok
15:52:39.0875 2860 [ 5B21208FCF8970BB61FE98E19D828714 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:52:39.0890 2860 RemoteRegistry - ok
15:52:39.0906 2860 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:52:39.0906 2860 RpcLocator - ok
15:52:39.0937 2860 [ C72C15EE57E248C66E57C76CAB086CF2 ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:52:39.0937 2860 RpcSs - ok
15:52:39.0953 2860 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:52:39.0968 2860 RSVP - ok
15:52:39.0984 2860 [ 839141088AD7EE90F5B441B2D1AFD22C ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
15:52:39.0984 2860 RTLE8023xp - ok
15:52:40.0000 2860 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs C:\WINDOWS\system32\lsass.exe
15:52:40.0000 2860 SamSs - ok
15:52:40.0015 2860 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:52:40.0015 2860 SCardSvr - ok
15:52:40.0046 2860 [ 29AC93307C6182DBE336BCA314947F28 ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:52:40.0046 2860 Schedule - ok
15:52:40.0062 2860 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:52:40.0062 2860 seclogon - ok
15:52:40.0062 2860 [ 220AD85BA9C5B3011296354011B901CC ] SENS C:\WINDOWS\system32\sens.dll
15:52:40.0078 2860 SENS - ok
15:52:40.0093 2860 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:52:40.0093 2860 serenum - ok
15:52:40.0093 2860 [ C1DDBC85251551A840212999DA3D95F3 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:52:40.0093 2860 Serial - ok
15:52:40.0109 2860 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:52:40.0109 2860 SharedAccess - ok
15:52:40.0125 2860 [ 8BA76BD2A943F642F267A296A15776D2 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:52:40.0140 2860 ShellHWDetection - ok
15:52:40.0140 2860 Simbad - ok
15:52:40.0140 2860 Sparrow - ok
15:52:40.0140 2860 [ 21B6FAA88044A41640E03EBB68BE93E8 ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:52:40.0156 2860 Spooler - ok
15:52:40.0171 2860 [ A74035EA526DB97D9D50D2143A55F5CF ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:52:40.0171 2860 sr - ok
15:52:40.0171 2860 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice C:\WINDOWS\system32\srsvc.dll
15:52:40.0171 2860 srservice - ok
15:52:40.0187 2860 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:52:40.0187 2860 Srv - ok
15:52:40.0203 2860 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:52:40.0218 2860 SSDPSRV - ok
15:52:40.0234 2860 [ 0645CCDDDD27F96EEA3534C1DEF736D9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:52:40.0250 2860 stisvc - ok
15:52:40.0250 2860 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:52:40.0265 2860 swenum - ok
15:52:40.0265 2860 SwPrv - ok
15:52:40.0265 2860 symc810 - ok
15:52:40.0265 2860 symc8xx - ok
15:52:40.0265 2860 sym_hi - ok
15:52:40.0281 2860 sym_u3 - ok
15:52:40.0296 2860 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:52:40.0296 2860 sysaudio - ok
15:52:40.0312 2860 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:52:40.0312 2860 SysmonLog - ok
15:52:40.0328 2860 [ 37162D29CD61519E6F5EA0DE99786FF6 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:52:40.0343 2860 TapiSrv - ok
15:52:40.0359 2860 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:52:40.0359 2860 Tcpip - ok
15:52:40.0359 2860 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:52:40.0359 2860 TermDD - ok
15:52:40.0375 2860 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService C:\WINDOWS\System32\termsrv.dll
15:52:40.0390 2860 TermService - ok
15:52:40.0390 2860 [ 8BA76BD2A943F642F267A296A15776D2 ] Themes C:\WINDOWS\System32\shsvcs.dll
15:52:40.0390 2860 Themes - ok
15:52:40.0406 2860 [ 535C2FB97336BAFA509F4783DD1E5746 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:52:40.0421 2860 TlntSvr - ok
15:52:40.0421 2860 TosIde - ok
15:52:40.0421 2860 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:52:40.0437 2860 TrkWks - ok
15:52:40.0453 2860 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:52:40.0453 2860 Udfs - ok
15:52:40.0468 2860 ultra - ok
15:52:40.0484 2860 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
15:52:40.0484 2860 UMWdf - ok
15:52:40.0500 2860 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:52:40.0500 2860 Update - ok
15:52:40.0515 2860 [ 984FC1518B0D5B31D76F0E63608E0500 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:52:40.0531 2860 upnphost - ok
15:52:40.0531 2860 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS C:\WINDOWS\System32\ups.exe
15:52:40.0531 2860 UPS - ok
15:52:40.0562 2860 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:52:40.0562 2860 usbehci - ok
15:52:40.0562 2860 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:52:40.0578 2860 usbhub - ok
15:52:40.0578 2860 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:52:40.0578 2860 usbstor - ok
15:52:40.0593 2860 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:52:40.0593 2860 usbuhci - ok
15:52:40.0593 2860 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:52:40.0593 2860 VgaSave - ok
15:52:40.0609 2860 ViaIde - ok
15:52:40.0625 2860 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:52:40.0625 2860 VolSnap - ok
15:52:40.0625 2860 [ 043539881667BB37B07524032D6FFC3E ] VSS C:\WINDOWS\System32\vssvc.exe
15:52:40.0640 2860 VSS - ok
15:52:40.0640 2860 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time C:\WINDOWS\system32\w32time.dll
15:52:40.0656 2860 W32Time - ok
15:52:40.0656 2860 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:52:40.0656 2860 Wanarp - ok
15:52:40.0687 2860 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
15:52:40.0687 2860 WDC_SAM - ok
15:52:40.0703 2860 [ 7D1E301E2EEAF6D3730887DE933413E6 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
15:52:40.0718 2860 WDDMService - ok
15:52:40.0718 2860 WDICA - ok
15:52:40.0734 2860 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:52:40.0734 2860 wdmaud - ok
15:52:40.0750 2860 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
15:52:40.0750 2860 WDSmartWareBackgroundService - ok
15:52:40.0765 2860 [ 3791ADF1D3466AC6B4B662D3F79CBFEC ] WebClient C:\WINDOWS\System32\webclnt.dll
15:52:40.0781 2860 WebClient - ok
15:52:40.0796 2860 [ 214BC3AD84907AD6AD655AC5465F449A ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:52:40.0796 2860 winachsf - ok
15:52:40.0828 2860 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:52:40.0828 2860 winmgmt - ok
15:52:40.0875 2860 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:52:40.0875 2860 WmdmPmSN - ok
15:52:40.0890 2860 [ 0CDC4A0C6B820FAD99FB4CA74CD0C476 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:52:40.0906 2860 Wmi - ok
15:52:40.0921 2860 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:52:40.0937 2860 WmiApSrv - ok
15:52:40.0953 2860 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:52:40.0953 2860 wscsvc - ok
15:52:40.0968 2860 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:52:40.0984 2860 wuauserv - ok
15:52:41.0000 2860 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:52:41.0015 2860 WZCSVC - ok
15:52:41.0031 2860 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:52:41.0046 2860 xmlprov - ok
15:52:41.0046 2860 ================ Scan global ===============================
15:52:41.0062 2860 [ F642F3368D2839798DA79E7BA9218481 ] C:\WINDOWS\system32\basesrv.dll
15:52:41.0062 2860 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
15:52:41.0078 2860 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
15:52:41.0093 2860 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] C:\WINDOWS\system32\services.exe
15:52:41.0093 2860 [Global] - ok
15:52:41.0093 2860 ================ Scan MBR ==================================
15:52:41.0109 2860 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
15:52:41.0265 2860 \Device\Harddisk0\DR0 - ok
15:52:41.0265 2860 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR4
15:52:41.0312 2860 \Device\Harddisk2\DR4 - ok
15:52:41.0328 2860 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk5\DR7
15:52:41.0937 2860 \Device\Harddisk5\DR7 - ok
15:52:41.0937 2860 ================ Scan VBR ==================================
15:52:41.0937 2860 [ D2DEE9A27E9EADF9B9AA042E3331E8E9 ] \Device\Harddisk0\DR0\Partition1
15:52:41.0937 2860 \Device\Harddisk0\DR0\Partition1 - ok
15:52:41.0968 2860 [ 21AD761C151492EBB5B9194E61C0F7CF ] \Device\Harddisk0\DR0\Partition2
15:52:41.0968 2860 \Device\Harddisk0\DR0\Partition2 - ok
15:52:41.0968 2860 [ E925E3D4D7073B8A68E6CE3588265FBF ] \Device\Harddisk2\DR4\Partition1
15:52:41.0968 2860 \Device\Harddisk2\DR4\Partition1 - ok
15:52:41.0968 2860 [ E1E8D65DA13F9547D25C9DD85D09AD29 ] \Device\Harddisk5\DR7\Partition1
15:52:41.0984 2860 \Device\Harddisk5\DR7\Partition1 - ok
15:52:41.0984 2860 ============================================================
15:52:41.0984 2860 Scan finished
15:52:41.0984 2860 ============================================================
15:52:41.0984 2684 Detected object count: 0
15:52:41.0984 2684 Actual detected object count: 0

hranicar
nováček
Příspěvky: 16
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Dvojitý hacek a carka, HiJack log mam

Příspěvekod hranicar » 10 led 2013 16:19

prosím o kontrolu, vše se zdařilo!

ComboFix 13-01-08.01 - Intellect 10.01.2013 16:11:23.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2037.1330 [GMT 1:00]
Spuštěný z: c:\documents and settings\Intellect\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Intellect\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Intellect\WINDOWS
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\ST6UNST.000
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-10 do 2013-01-10 )))))))))))))))))))))))))))))))
.
.
2013-01-10 14:51 . 2013-01-10 14:52 -------- d-----w- c:\program files\tdss
2013-01-10 09:33 . 2013-01-10 09:33 -------- d-----w- c:\documents and settings\Intellect\Data aplikací\Malwarebytes
2013-01-10 09:33 . 2013-01-10 09:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-01-10 09:33 . 2013-01-10 09:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-10 09:33 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-09 23:55 . 2013-01-09 23:55 388096 ----a-r- c:\documents and settings\Intellect\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-09 23:55 . 2013-01-09 23:55 -------- d-----w- c:\program files\Trend Micro
2013-01-09 23:08 . 2013-01-09 23:08 -------- d-----w- c:\documents and settings\Intellect\Data aplikací\TeamViewer
2013-01-09 21:07 . 2013-01-09 21:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Max Secure
2013-01-09 20:56 . 2013-01-09 20:56 -------- d-----w- c:\documents and settings\Intellect\Local Settings\Data aplikací\Max Secure Software
2013-01-09 20:53 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-09 20:53 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-09 20:53 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-09 20:53 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-09 20:53 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-09 20:52 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-01-09 20:52 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-01-09 20:52 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-01-09 20:52 . 2013-01-09 23:38 -------- d-----w- c:\documents and settings\Intellect\Data aplikací\GetRightToGo
2013-01-09 20:52 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-09 20:52 . 2013-01-09 20:52 -------- d-----w- c:\program files\AVAST Software
2013-01-09 20:51 . 2013-01-09 20:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2013-01-09 08:50 . 2013-01-09 23:06 -------- d-----w- c:\documents and settings\Intellect\Data aplikací\Vyumad
2013-01-09 08:50 . 2013-01-09 08:50 -------- d-----w- c:\documents and settings\Intellect\Data aplikací\Ifek
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:50 . 2010-10-18 08:26 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-24 16:19 . 2012-12-24 16:19 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-10-13 20058152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-24 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-24 141336]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
c:\documents and settings\Intellect\Nabídka Start\Programy\Po spuštění\
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2005-10-23 118784]
Zástupce - WD SmartWare.lnk - O:\WD SmartWare.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\games\\Duke nuken 3D\\JFDuke3D\\duke3d.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9.1.2013 21:53 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.1.2013 21:53 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.1.2013 21:53 21256]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.1.2013 10:33 682344]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [13.11.2009 11:28 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 8:58 20480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.1.2013 10:33 21104]
S2 gupdate1ca864e325b75ca;Služba Google Update (gupdate1ca864e325b75ca);c:\program files\Google\Update\GoogleUpdate.exe [26.12.2009 18:09 133104]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6.1.2010 20:10 11520]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-09 22:50]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 17:09]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 17:09]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.10.10.10 192.168.1.1
FF - ProfilePath - c:\documents and settings\Intellect\Data aplikací\Mozilla\Firefox\Profiles\aqu80erk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.centrum.cz
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=n ... t&hl=cs&q=
FF - ExtSQL: 2013-01-09 21:53; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-Afluvis - c:\documents and settings\Intellect\Data aplikací\Fami\hyyv.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-10 16:15
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2013-01-10 16:17:50
ComboFix-quarantined-files.txt 2013-01-10 15:17
.
Před spuštěním: Volných bajtů: 96 148 193 280
Po spuštění: Volných bajtů: 96 109 522 944
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 129BC2EE418CE07346E15996CBE09813

Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Dvojitý hacek a carka, HiJack log mam

Příspěvekod Žbeky » 10 led 2013 21:37

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

DirLook::
c:\documents and settings\Intellect\Data aplikací\Vyumad
c:\documents and settings\Intellect\Data aplikací\Ifek

File::
C:\WINDOWS\system32\kuq8wsop.exe
C:\Documents and Settings\Intellect\Data aplikací\Fami\hyyv.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\documents and settings\All Users\Data aplikací\Max Secure
c:\documents and settings\Intellect\Local Settings\Data aplikací\Max Secure Software
c:\program files\Google\Update

Driver::
gupdate1ca864e325b75ca

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

hranicar
nováček
Příspěvky: 16
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Dvojitý hacek a carka, HiJack log mam

Příspěvekod hranicar » 11 led 2013 00:59

Ahoj, tak jsem na tom do teď dělal a nešlape. Buď dělám něco špatně (Tvůj návod jsem četl asi pětkrát, opakoval jsem postup víckrát), nebo něco nefunguje. ComboFix se rozjede a pak se zasekne v modrý obrazovce (píše tam, že to může trvat i deset minut nebo i dvacet) ale nechal jsem ho tam i víc než hodinu a je to zamrzlý (disk stojí, nepracuje). Děkuji za pomoc, sám nemam šanci.

Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Dvojitý hacek a carka, HiJack log mam

Příspěvekod Žbeky » 11 led 2013 07:56

Zkus to v nouzovém režimu
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

hranicar
nováček
Příspěvky: 16
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Dvojitý hacek a carka, HiJack log mam

Příspěvekod hranicar » 11 led 2013 09:45

Super to bylo ono. Posílám log.

ComboFix 13-01-08.01 - Intellect 11.01.2013 9:34.2.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2037.1652 [GMT 1:00]
Spuštěný z: c:\documents and settings\Intellect\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Intellect\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\Intellect\Data aplikací\Fami\hyyv.exe"
"c:\windows\system32\kuq8wsop.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Intellect\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.123\goopdate.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.123\psmachine.dll
c:\program files\Google\Update\1.3.21.123\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.123\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{D4604C06-6B43-4630-885E-6FF673C7469F}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.4.3230.2052\GoogleToolbarInstaller_updater_signed.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
Nakažená kopie c:\windows\system32\drivers\ntfs.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\ntfs.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE1CA864E325B75CA
-------\Service_gupdate1ca864e325b75ca
-------\Legacy_gupdatem
-------\Legacy_gupdatem
-------\Service_gupdatem
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-11 do 2013-01-11 )))))))))))))))))))))))))))))))
.
.
2013-01-11 08:29 . 2013-01-11 08:29 -------- d-----w- c:\documents and settings\Administrator.ADMIN-81B34D523
2013-01-10 14:51 . 2013-01-10 14:52 -------- d-----w- c:\program files\tdss
2013-01-10 09:33 . 2013-01-10 09:33 -------- d-----w- c:\documents and settings\Intellect\Data aplikací\Malwarebytes
2013-01-10 09:33 . 2013-01-10 09:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-01-10 09:33 . 2013-01-10 09:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-10 09:33 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-09 23:55 . 2013-01-09 23:55 388096 ----a-r- c:\documents and settings\Intellect\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-09 23:55 . 2013-01-09 23:55 -------- d-----w- c:\program files\Trend Micro
2013-01-09 23:08 . 2013-01-09 23:08 -------- d-----w- c:\documents and settings\Intellect\Data aplikací\TeamViewer
2013-01-09 21:07 . 2013-01-09 21:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Max Secure
2013-01-09 20:56 . 2013-01-09 20:56 -------- d-----w- c:\documents and settings\Intellect\Local Settings\Data aplikací\Max Secure Software
2013-01-09 20:53 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-09 20:53 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-09 20:53 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-09 20:53 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-09 20:53 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-09 20:52 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-01-09 20:52 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-01-09 20:52 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-01-09 20:52 . 2013-01-09 23:38 -------- d-----w- c:\documents and settings\Intellect\Data aplikací\GetRightToGo
2013-01-09 20:52 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-09 20:52 . 2013-01-09 20:52 -------- d-----w- c:\program files\AVAST Software
2013-01-09 20:51 . 2013-01-09 20:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2013-01-09 08:50 . 2013-01-09 23:06 -------- d-----w- c:\documents and settings\Intellect\Data aplikací\Vyumad
2013-01-09 08:50 . 2013-01-09 08:50 -------- d-----w- c:\documents and settings\Intellect\Data aplikací\Ifek
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:50 . 2010-10-18 08:26 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-24 16:19 . 2012-12-24 16:19 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Intellect\Data aplikací\Ifek ----
.
2010-06-14 02:10 . 2010-06-14 02:10 0 ----a-w- c:\documents and settings\Intellect\Data aplikací\Ifek\wayri.eku
.
---- Directory of c:\documents and settings\Intellect\Data aplikací\Vyumad ----
.
2013-01-09 23:06 . 2013-01-10 09:49 17659 ----a-w- c:\documents and settings\Intellect\Data aplikací\Vyumad\ecafz.ula
2013-01-09 21:05 . 2013-01-09 21:06 4735 ----a-w- c:\documents and settings\Intellect\Data aplikací\Vyumad\ecafz.tmp
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-10-13 20058152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-24 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-24 141336]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
c:\documents and settings\Intellect\Nabídka Start\Programy\Po spuštění\
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2005-10-23 118784]
Zástupce - WD SmartWare.lnk - O:\WD SmartWare.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\games\\Duke nuken 3D\\JFDuke3D\\duke3d.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9.1.2013 21:53 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.1.2013 21:53 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.1.2013 21:53 21256]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.1.2013 10:33 682344]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [13.11.2009 11:28 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 8:58 20480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.1.2013 10:33 21104]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6.1.2010 20:10 11520]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-11 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-09 22:50]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.10.10.10 192.168.1.1
FF - ProfilePath - c:\documents and settings\Intellect\Data aplikací\Mozilla\Firefox\Profiles\aqu80erk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.centrum.cz
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=n ... t&hl=cs&q=
FF - ExtSQL: 2013-01-09 21:53; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-11 09:41
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(652)
c:\windows\system32\MSCTF.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-01-11 09:43:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-11 08:43
ComboFix2.txt 2013-01-10 15:17
.
Před spuštěním: Volných bajtů: 95 712 317 440
Po spuštění: Volných bajtů: 95 726 505 984
.
- - End Of File - - BEF293C6C5FF3CE925D3942F8C71BE2A


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 106 hostů