Eset hlásí trojského koně a nejde léčit. Moc díky za pomoc.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:43:06, on 15.2.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] c:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Direct -p DOT4_002 -pn "hp LaserJet 1300 PCL 6" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013a\RpcAgentSrv.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe
--
End of file - 6796 bytes
HJT - trojan
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: HJT - trojan
Kde to hlásí ten vir?
fix:
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.
Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
fix:
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.
Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: HJT - trojan
Omlouvám se za delší prostoj.
Trojana detekuje Eset
Ten ATF Cleaner vůbec nerozjedu, vytuhne a nic, musím ho ukončit přes správce úloh. Mban nic nenajde.
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org
Verze: v2013.02.25.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ucitel :: UC2 [administrátor]
Ochrana: Povolena
25.2.2013 13:44:19
mbam-log-2013-02-25 (13-44-19).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 294065
Uplynulý čas: 14 minut, 30 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
# AdwCleaner v2.113 - Logfile created 02/26/2013 at 09:25:10
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ucitel - UC2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ucitel\Plocha\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Documents and Settings\All Users\Nabídka Start\Programy\SiteRanker
Folder Found : C:\Documents and Settings\Ucitel\Data aplikací\SiteRanker
Folder Found : C:\Program Files\SiteRanker
***** [Registry] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [4653 octets] - [26/02/2013 09:25:10]
########## EOF - C:\AdwCleaner[R1].txt - [4713 octets] ##########
Moc díky.
Trojana detekuje Eset
Ten ATF Cleaner vůbec nerozjedu, vytuhne a nic, musím ho ukončit přes správce úloh. Mban nic nenajde.
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org
Verze: v2013.02.25.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ucitel :: UC2 [administrátor]
Ochrana: Povolena
25.2.2013 13:44:19
mbam-log-2013-02-25 (13-44-19).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 294065
Uplynulý čas: 14 minut, 30 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
# AdwCleaner v2.113 - Logfile created 02/26/2013 at 09:25:10
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ucitel - UC2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ucitel\Plocha\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Documents and Settings\All Users\Nabídka Start\Programy\SiteRanker
Folder Found : C:\Documents and Settings\Ucitel\Data aplikací\SiteRanker
Folder Found : C:\Program Files\SiteRanker
***** [Registry] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [4653 octets] - [26/02/2013 09:25:10]
########## EOF - C:\AdwCleaner[R1].txt - [4713 octets] ##########
Moc díky.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: HJT - trojan
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Delete“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Klikni na „ Delete“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: HJT - trojan
Snad je to vše :-)
# AdwCleaner v2.113 - Logfile created 02/26/2013 at 11:46:50
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ucitel - UC2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ucitel\Plocha\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Nabídka Start\Programy\SiteRanker
Folder Deleted : C:\Documents and Settings\Ucitel\Data aplikací\SiteRanker
Folder Deleted : C:\Program Files\SiteRanker
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [4782 octets] - [26/02/2013 09:25:10]
AdwCleaner[R2].txt - [4842 octets] - [26/02/2013 09:25:47]
AdwCleaner[S1].txt - [4845 octets] - [26/02/2013 11:46:50]
########## EOF - C:\AdwCleaner[S1].txt - [4905 octets] ##########
12:01:04.0796 3728 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:01:04.0906 3728 ============================================================
12:01:04.0906 3728 Current date / time: 2013/02/26 12:01:04.0906
12:01:04.0906 3728 SystemInfo:
12:01:04.0906 3728
12:01:04.0906 3728 OS Version: 5.1.2600 ServicePack: 3.0
12:01:04.0906 3728 Product type: Workstation
12:01:04.0906 3728 ComputerName: UC2
12:01:04.0906 3728 UserName: Ucitel
12:01:04.0906 3728 Windows directory: C:\WINDOWS
12:01:04.0906 3728 System windows directory: C:\WINDOWS
12:01:04.0906 3728 Processor architecture: Intel x86
12:01:04.0906 3728 Number of processors: 2
12:01:04.0906 3728 Page size: 0x1000
12:01:04.0906 3728 Boot type: Normal boot
12:01:04.0906 3728 ============================================================
12:01:05.0265 3728 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:01:05.0281 3728 ============================================================
12:01:05.0281 3728 \Device\Harddisk0\DR0:
12:01:05.0281 3728 MBR partitions:
12:01:05.0281 3728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37186E03
12:01:05.0281 3728 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37186E42, BlocksNum 0x31FDDFF
12:01:05.0281 3728 ============================================================
12:01:05.0296 3728 C: <-> \Device\Harddisk0\DR0\Partition1
12:01:05.0343 3728 D: <-> \Device\Harddisk0\DR0\Partition2
12:01:05.0406 3728 ============================================================
12:01:05.0406 3728 Initialize success
12:01:05.0406 3728 ============================================================
12:01:12.0890 1972 ============================================================
12:01:12.0890 1972 Scan started
12:01:12.0890 1972 Mode: Manual;
12:01:12.0890 1972 ============================================================
12:01:13.0171 1972 ================ Scan system memory ========================
12:01:13.0171 1972 System memory - ok
12:01:13.0171 1972 ================ Scan services =============================
12:01:15.0062 1972 Abiosdsk - ok
12:01:15.0062 1972 abp480n5 - ok
12:01:15.0109 1972 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
12:01:15.0140 1972 ac97intc - ok
12:01:15.0171 1972 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:01:15.0171 1972 ACPI - ok
12:01:15.0203 1972 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:01:15.0234 1972 ACPIEC - ok
12:01:15.0250 1972 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:01:15.0281 1972 adpu160m - ok
12:01:15.0281 1972 [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
12:01:15.0296 1972 adpu320 - ok
12:01:15.0328 1972 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:01:15.0359 1972 aec - ok
12:01:15.0390 1972 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:01:15.0390 1972 AFD - ok
12:01:15.0390 1972 Aha154x - ok
12:01:15.0421 1972 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:01:15.0453 1972 aic78u2 - ok
12:01:15.0453 1972 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:01:15.0468 1972 aic78xx - ok
12:01:15.0484 1972 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:01:15.0484 1972 Alerter - ok
12:01:15.0500 1972 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
12:01:15.0500 1972 ALG - ok
12:01:15.0515 1972 AliIde - ok
12:01:15.0515 1972 amsint - ok
12:01:15.0546 1972 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:01:15.0562 1972 AppMgmt - ok
12:01:15.0578 1972 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:01:15.0593 1972 Arp1394 - ok
12:01:15.0609 1972 asc - ok
12:01:15.0609 1972 asc3350p - ok
12:01:15.0609 1972 asc3550 - ok
12:01:15.0875 1972 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:01:15.0921 1972 aspnet_state - ok
12:01:15.0921 1972 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:01:15.0937 1972 AsyncMac - ok
12:01:15.0953 1972 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:01:15.0968 1972 atapi - ok
12:01:15.0984 1972 Atdisk - ok
12:01:15.0984 1972 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:01:16.0000 1972 Atmarpc - ok
12:01:16.0031 1972 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:01:16.0031 1972 AudioSrv - ok
12:01:16.0062 1972 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:01:16.0093 1972 audstub - ok
12:01:16.0312 1972 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
12:01:16.0312 1972 BcmSqlStartupSvc - ok
12:01:16.0328 1972 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:01:16.0343 1972 Beep - ok
12:01:16.0375 1972 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
12:01:16.0406 1972 BITS - ok
12:01:16.0437 1972 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
12:01:16.0437 1972 Browser - ok
12:01:16.0453 1972 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:01:16.0468 1972 cbidf2k - ok
12:01:16.0468 1972 cd20xrnt - ok
12:01:16.0500 1972 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:01:16.0515 1972 Cdaudio - ok
12:01:16.0531 1972 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:01:16.0546 1972 Cdfs - ok
12:01:16.0562 1972 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:01:16.0578 1972 Cdrom - ok
12:01:16.0609 1972 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:01:16.0625 1972 CiSvc - ok
12:01:16.0656 1972 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:01:16.0656 1972 ClipSrv - ok
12:01:16.0687 1972 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:01:16.0796 1972 clr_optimization_v2.0.50727_32 - ok
12:01:16.0796 1972 CmdIde - ok
12:01:16.0796 1972 COMSysApp - ok
12:01:16.0796 1972 Cpqarray - ok
12:01:16.0828 1972 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:01:16.0828 1972 CryptSvc - ok
12:01:16.0828 1972 dac2w2k - ok
12:01:16.0828 1972 dac960nt - ok
12:01:16.0875 1972 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:01:16.0875 1972 DcomLaunch - ok
12:01:16.0921 1972 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:01:16.0921 1972 Dhcp - ok
12:01:16.0937 1972 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:01:16.0953 1972 Disk - ok
12:01:16.0953 1972 dmadmin - ok
12:01:16.0984 1972 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:01:17.0015 1972 dmboot - ok
12:01:17.0046 1972 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:01:17.0078 1972 dmio - ok
12:01:17.0078 1972 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:01:17.0109 1972 dmload - ok
12:01:17.0125 1972 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:01:17.0125 1972 dmserver - ok
12:01:17.0140 1972 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:01:17.0140 1972 DMusic - ok
12:01:17.0156 1972 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:01:17.0171 1972 Dnscache - ok
12:01:17.0187 1972 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:01:17.0187 1972 Dot3svc - ok
12:01:17.0218 1972 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
12:01:17.0234 1972 dot4 - ok
12:01:17.0250 1972 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
12:01:17.0265 1972 Dot4Print - ok
12:01:17.0265 1972 [ CCC4092DFC85336F2E1C142483ADEB42 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
12:01:17.0281 1972 dot4usb - ok
12:01:17.0296 1972 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:01:17.0312 1972 dpti2o - ok
12:01:17.0328 1972 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:01:17.0359 1972 drmkaud - ok
12:01:17.0359 1972 [ 866B8EE30E4504C11AE0D29ED6F8824B ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:01:17.0390 1972 E100B - ok
12:01:17.0421 1972 [ 6A738BEE58FF3D2F237157082E799DE8 ] e1yexpress C:\WINDOWS\system32\DRIVERS\e1y5132.sys
12:01:17.0437 1972 e1yexpress - ok
12:01:17.0468 1972 [ D42DD9021ACD47683B33ADF21BCA49AA ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
12:01:17.0500 1972 eamon - ok
12:01:17.0531 1972 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:01:17.0531 1972 EapHost - ok
12:01:17.0562 1972 [ FE7824239D132AD9EBD8645FE1199B30 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
12:01:17.0578 1972 ehdrv - ok
12:01:17.0656 1972 [ 68D91A34CE51CF15C45DD68F7F1257E8 ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
12:01:17.0656 1972 EhttpSrv - ok
12:01:17.0703 1972 [ 191D8ECCC40F05B52FAC0513F35BA01D ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
12:01:17.0703 1972 ekrn - ok
12:01:17.0734 1972 [ AA0667EB9A92414ABB784C101A6C7FEC ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
12:01:17.0765 1972 epfwtdir - ok
12:01:17.0781 1972 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:01:17.0781 1972 ERSvc - ok
12:01:17.0796 1972 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
12:01:17.0796 1972 Eventlog - ok
12:01:17.0843 1972 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
12:01:17.0843 1972 EventSystem - ok
12:01:17.0859 1972 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:01:17.0875 1972 Fastfat - ok
12:01:17.0921 1972 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:01:17.0921 1972 FastUserSwitchingCompatibility - ok
12:01:17.0921 1972 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:01:17.0937 1972 Fdc - ok
12:01:17.0953 1972 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:01:17.0968 1972 Fips - ok
12:01:17.0984 1972 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:01:18.0000 1972 Flpydisk - ok
12:01:18.0015 1972 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:01:18.0031 1972 FltMgr - ok
12:01:18.0125 1972 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:01:18.0125 1972 FontCache3.0.0.0 - ok
12:01:18.0125 1972 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:01:18.0156 1972 Fs_Rec - ok
12:01:18.0156 1972 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:01:18.0187 1972 Ftdisk - ok
12:01:18.0203 1972 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:01:18.0218 1972 Gpc - ok
12:01:18.0234 1972 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:01:18.0234 1972 HDAudBus - ok
12:01:18.0312 1972 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:01:18.0328 1972 helpsvc - ok
12:01:18.0343 1972 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:01:18.0343 1972 HidServ - ok
12:01:18.0375 1972 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:01:18.0406 1972 HidUsb - ok
12:01:18.0421 1972 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:01:18.0421 1972 hkmsvc - ok
12:01:18.0421 1972 hpn - ok
12:01:18.0453 1972 [ A0FA5AC8B360780524D7A68376BAF4E0 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:01:18.0468 1972 hpqcxs08 - ok
12:01:18.0500 1972 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:01:18.0500 1972 HTTP - ok
12:01:18.0531 1972 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:01:18.0546 1972 HTTPFilter - ok
12:01:18.0546 1972 i2omp - ok
12:01:18.0578 1972 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:01:18.0593 1972 i8042prt - ok
12:01:18.0593 1972 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
12:01:18.0640 1972 i81x - ok
12:01:18.0656 1972 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
12:01:18.0656 1972 iAimFP0 - ok
12:01:18.0656 1972 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
12:01:18.0656 1972 iAimFP1 - ok
12:01:18.0671 1972 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
12:01:18.0671 1972 iAimFP2 - ok
12:01:18.0671 1972 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
12:01:18.0671 1972 iAimFP3 - ok
12:01:18.0687 1972 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
12:01:18.0703 1972 iAimFP4 - ok
12:01:18.0703 1972 [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5 C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
12:01:18.0703 1972 iAimFP5 - ok
12:01:18.0703 1972 [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6 C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
12:01:18.0703 1972 iAimFP6 - ok
12:01:18.0734 1972 [ 7BB3AA595E4507A788DE1CDC63F4C8C4 ] iAimFP7 C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
12:01:18.0734 1972 iAimFP7 - ok
12:01:18.0734 1972 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
12:01:18.0750 1972 iAimTV0 - ok
12:01:18.0781 1972 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
12:01:18.0796 1972 iAimTV1 - ok
12:01:18.0812 1972 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
12:01:18.0828 1972 iAimTV3 - ok
12:01:18.0843 1972 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
12:01:18.0859 1972 iAimTV4 - ok
12:01:18.0859 1972 [ 791CC45DE6E50445BE72E8AD6401FF45 ] iAimTV5 C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
12:01:18.0875 1972 iAimTV5 - ok
12:01:18.0890 1972 [ 352FA0E98BC461CE1CE5D41F64DB558D ] iAimTV6 C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
12:01:18.0906 1972 iAimTV6 - ok
12:01:19.0015 1972 [ 00CD8ECE5983C6175A78230653FFDBF1 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:01:19.0109 1972 ialm - ok
12:01:19.0125 1972 [ 42BE6406094936A23280D68D9AEC33D0 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
12:01:19.0125 1972 iaStor - ok
12:01:19.0203 1972 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:01:19.0203 1972 idsvc - ok
12:01:19.0218 1972 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:01:19.0250 1972 Imapi - ok
12:01:19.0296 1972 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:01:19.0296 1972 ImapiService - ok
12:01:19.0296 1972 ini910u - ok
12:01:19.0375 1972 [ 3FD00A073361937B705822775255D4E0 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:01:19.0406 1972 IntcAzAudAddService - ok
12:01:19.0406 1972 [ 57D928E548B38502ABBA7A77A6EB7312 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:01:19.0421 1972 IntelIde - ok
12:01:19.0437 1972 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:01:19.0437 1972 intelppm - ok
12:01:19.0437 1972 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:01:19.0468 1972 Ip6Fw - ok
12:01:19.0500 1972 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:01:19.0546 1972 IpFilterDriver - ok
12:01:19.0546 1972 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:01:19.0562 1972 IpInIp - ok
12:01:19.0578 1972 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:01:19.0578 1972 IpNat - ok
12:01:19.0593 1972 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:01:19.0609 1972 IPSec - ok
12:01:19.0640 1972 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:01:19.0656 1972 IRENUM - ok
12:01:19.0671 1972 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:01:19.0687 1972 isapnp - ok
12:01:19.0703 1972 [ 4AC11B2250106774F694DF2DB4FFED61 ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
12:01:19.0703 1972 Iviaspi - ok
12:01:19.0765 1972 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
12:01:19.0765 1972 IviRegMgr - ok
12:01:19.0921 1972 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:01:19.0921 1972 JavaQuickStarterService - ok
12:01:19.0937 1972 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:01:19.0953 1972 Kbdclass - ok
12:01:19.0968 1972 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:01:19.0984 1972 kbdhid - ok
12:01:20.0000 1972 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:01:20.0015 1972 kmixer - ok
12:01:20.0046 1972 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:01:20.0046 1972 KSecDD - ok
12:01:20.0078 1972 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:01:20.0078 1972 LanmanServer - ok
12:01:20.0109 1972 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:01:20.0125 1972 lanmanworkstation - ok
12:01:20.0156 1972 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:01:20.0156 1972 LmHosts - ok
12:01:20.0187 1972 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:01:20.0187 1972 Messenger - ok
12:01:20.0234 1972 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:01:20.0250 1972 mnmdd - ok
12:01:20.0265 1972 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:01:20.0265 1972 mnmsrvc - ok
12:01:20.0281 1972 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:01:20.0296 1972 Modem - ok
12:01:20.0296 1972 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:01:20.0312 1972 Mouclass - ok
12:01:20.0328 1972 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:01:20.0359 1972 mouhid - ok
12:01:20.0359 1972 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:01:20.0375 1972 MountMgr - ok
12:01:20.0375 1972 mraid35x - ok
12:01:20.0406 1972 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:01:20.0453 1972 MRxDAV - ok
12:01:20.0468 1972 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:01:20.0484 1972 MRxSmb - ok
12:01:20.0500 1972 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:01:20.0515 1972 MSDTC - ok
12:01:20.0515 1972 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:01:20.0531 1972 Msfs - ok
12:01:20.0531 1972 MSIServer - ok
12:01:20.0546 1972 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:01:20.0578 1972 MSKSSRV - ok
12:01:20.0578 1972 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:01:20.0593 1972 MSPCLOCK - ok
12:01:20.0593 1972 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:01:20.0609 1972 MSPQM - ok
12:01:20.0625 1972 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:01:20.0625 1972 mssmbios - ok
12:01:20.0671 1972 MSSQL$MSSMLBIZ - ok
12:01:20.0718 1972 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:01:20.0718 1972 MSSQLServerADHelper - ok
12:01:20.0734 1972 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:01:20.0734 1972 Mup - ok
12:01:20.0750 1972 [ 03CA886BA148B6B9996BE1368DDC3FC0 ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
12:01:20.0781 1972 NAL - ok
12:01:20.0812 1972 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:01:20.0828 1972 napagent - ok
12:01:20.0859 1972 [ B5B1080D35974C0E718D64280761BCD5 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:01:20.0859 1972 NDIS - ok
12:01:20.0890 1972 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:01:20.0890 1972 NdisTapi - ok
12:01:20.0890 1972 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:01:20.0921 1972 Ndisuio - ok
12:01:20.0937 1972 [ B053A8411045FD0664B389A090CB2BBC ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:01:20.0953 1972 NdisWan - ok
12:01:20.0984 1972 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:01:20.0984 1972 NDProxy - ok
12:01:21.0031 1972 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:01:21.0031 1972 Net Driver HPZ12 - ok
12:01:21.0031 1972 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:01:21.0046 1972 NetBIOS - ok
12:01:21.0078 1972 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:01:21.0093 1972 NetBT - ok
12:01:21.0125 1972 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
12:01:21.0140 1972 NetDDE - ok
12:01:21.0140 1972 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:01:21.0140 1972 NetDDEdsdm - ok
12:01:21.0171 1972 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:01:21.0187 1972 Netlogon - ok
12:01:21.0218 1972 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
12:01:21.0218 1972 Netman - ok
12:01:21.0234 1972 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:01:21.0250 1972 NetTcpPortSharing - ok
12:01:21.0250 1972 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:01:21.0250 1972 NIC1394 - ok
12:01:21.0265 1972 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
12:01:21.0265 1972 Nla - ok
12:01:21.0296 1972 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:01:21.0312 1972 Npfs - ok
12:01:21.0328 1972 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:01:21.0359 1972 Ntfs - ok
12:01:21.0359 1972 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:01:21.0359 1972 NtLmSsp - ok
12:01:21.0406 1972 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:01:21.0406 1972 NtmsSvc - ok
12:01:21.0421 1972 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:01:21.0453 1972 Null - ok
12:01:21.0453 1972 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:01:21.0468 1972 NwlnkFlt - ok
12:01:21.0484 1972 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:01:21.0500 1972 NwlnkFwd - ok
12:01:21.0593 1972 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:01:21.0609 1972 odserv - ok
12:01:21.0625 1972 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:01:21.0625 1972 ohci1394 - ok
12:01:21.0656 1972 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:01:21.0656 1972 ose - ok
12:01:21.0687 1972 [ 3FC38E7FBE91DB40C34731195F4116C2 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
12:01:21.0703 1972 P3 - ok
12:01:21.0718 1972 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:01:21.0750 1972 Parport - ok
12:01:21.0765 1972 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:01:21.0781 1972 PartMgr - ok
12:01:21.0796 1972 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:01:21.0812 1972 ParVdm - ok
12:01:21.0968 1972 [ 2A42DDAEAAE7743C55A3FA68A7AD9538 ] PCA C:\WINDOWS\SMINST\PCAngel.exe
12:01:21.0968 1972 PCA - ok
12:01:21.0968 1972 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:01:21.0984 1972 PCI - ok
12:01:22.0015 1972 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:01:22.0031 1972 PCIIde - ok
12:01:22.0062 1972 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:01:22.0093 1972 Pcmcia - ok
12:01:22.0140 1972 pdfcDispatcher - ok
12:01:22.0140 1972 perc2 - ok
12:01:22.0140 1972 perc2hib - ok
12:01:22.0156 1972 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
12:01:22.0156 1972 PlugPlay - ok
12:01:22.0171 1972 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:01:22.0171 1972 Pml Driver HPZ12 - ok
12:01:22.0171 1972 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:01:22.0171 1972 PolicyAgent - ok
12:01:22.0203 1972 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:01:22.0234 1972 PptpMiniport - ok
12:01:22.0234 1972 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:01:22.0234 1972 ProtectedStorage - ok
12:01:22.0250 1972 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:01:22.0296 1972 PSched - ok
12:01:22.0328 1972 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:01:22.0328 1972 PSI_SVC_2 - ok
12:01:22.0359 1972 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:01:22.0375 1972 Ptilink - ok
12:01:22.0375 1972 ql1080 - ok
12:01:22.0375 1972 Ql10wnt - ok
12:01:22.0375 1972 ql12160 - ok
12:01:22.0375 1972 ql1240 - ok
12:01:22.0375 1972 ql1280 - ok
12:01:22.0390 1972 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:01:22.0406 1972 RasAcd - ok
12:01:22.0437 1972 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:01:22.0437 1972 RasAuto - ok
12:01:22.0468 1972 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:01:22.0484 1972 Rasl2tp - ok
12:01:22.0515 1972 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:01:22.0515 1972 RasMan - ok
12:01:22.0531 1972 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:01:22.0546 1972 RasPppoe - ok
12:01:22.0546 1972 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:01:22.0562 1972 Raspti - ok
12:01:22.0593 1972 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:01:22.0671 1972 Rdbss - ok
12:01:22.0671 1972 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:01:22.0687 1972 RDPCDD - ok
12:01:22.0687 1972 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:01:22.0718 1972 rdpdr - ok
12:01:22.0765 1972 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:01:22.0765 1972 RDPWD - ok
12:01:22.0796 1972 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:01:22.0796 1972 RDSessMgr - ok
12:01:22.0828 1972 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:01:22.0843 1972 redbook - ok
12:01:22.0875 1972 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\WINDOWS\system32\drivers\regi.sys
12:01:22.0875 1972 regi - ok
12:01:22.0906 1972 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:01:22.0906 1972 RemoteAccess - ok
12:01:22.0921 1972 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:01:22.0921 1972 RemoteRegistry - ok
12:01:22.0921 1972 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
12:01:22.0921 1972 RpcLocator - ok
12:01:22.0953 1972 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:01:22.0953 1972 RpcSs - ok
12:01:22.0984 1972 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:01:23.0000 1972 RSVP - ok
12:01:23.0015 1972 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
12:01:23.0015 1972 SamSs - ok
12:01:23.0093 1972 [ 230FD3749904CA045EA5EC0AA14006E9 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013a\WNt500x86\Sandra.sys
12:01:23.0109 1972 SANDRA - ok
12:01:23.0109 1972 [ 40CBBCAFFDCFD3661119A2D3F892820C ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013a\RpcAgentSrv.exe
12:01:23.0109 1972 SandraAgentSrv - ok
12:01:23.0140 1972 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:01:23.0140 1972 SCardSvr - ok
12:01:23.0171 1972 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:01:23.0171 1972 Schedule - ok
12:01:23.0187 1972 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:01:23.0203 1972 Secdrv - ok
12:01:23.0218 1972 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:01:23.0218 1972 seclogon - ok
12:01:23.0218 1972 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
12:01:23.0218 1972 SENS - ok
12:01:23.0234 1972 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:01:23.0250 1972 serenum - ok
12:01:23.0265 1972 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:01:23.0312 1972 Serial - ok
12:01:23.0343 1972 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:01:23.0375 1972 Sfloppy - ok
12:01:23.0406 1972 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:01:23.0406 1972 SharedAccess - ok
12:01:23.0421 1972 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:01:23.0421 1972 ShellHWDetection - ok
12:01:23.0421 1972 Simbad - ok
12:01:23.0421 1972 Sparrow - ok
12:01:23.0453 1972 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:01:23.0484 1972 splitter - ok
12:01:23.0515 1972 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:01:23.0515 1972 Spooler - ok
12:01:23.0531 1972 [ D2B096CD2F56FAC6EEEED9A77DDF6DC8 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:01:23.0546 1972 SQLBrowser - ok
12:01:23.0562 1972 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:01:23.0562 1972 SQLWriter - ok
12:01:23.0578 1972 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:01:23.0593 1972 sr - ok
12:01:23.0625 1972 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
12:01:23.0625 1972 srservice - ok
12:01:23.0687 1972 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:01:23.0687 1972 Srv - ok
12:01:23.0734 1972 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:01:23.0734 1972 SSDPSRV - ok
12:01:23.0750 1972 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:01:23.0765 1972 stisvc - ok
12:01:23.0796 1972 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:01:23.0812 1972 swenum - ok
12:01:23.0812 1972 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:01:23.0843 1972 swmidi - ok
12:01:23.0843 1972 SwPrv - ok
12:01:23.0859 1972 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
12:01:23.0890 1972 symc810 - ok
12:01:23.0906 1972 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:01:23.0921 1972 symc8xx - ok
12:01:23.0921 1972 [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
12:01:23.0953 1972 Symmpi - ok
12:01:23.0953 1972 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:01:23.0968 1972 sym_hi - ok
12:01:23.0968 1972 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:01:24.0000 1972 sym_u3 - ok
12:01:24.0015 1972 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:01:24.0015 1972 sysaudio - ok
12:01:24.0062 1972 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:01:24.0062 1972 SysmonLog - ok
12:01:24.0093 1972 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:01:24.0093 1972 TapiSrv - ok
12:01:24.0140 1972 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:01:24.0140 1972 Tcpip - ok
12:01:24.0156 1972 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:01:24.0187 1972 TDPIPE - ok
12:01:24.0187 1972 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:01:24.0218 1972 TDTCP - ok
12:01:24.0281 1972 [ 036E9FC81E1A27FDC3E3CBB8C9C324AC ] TeamViewer5 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
12:01:24.0296 1972 TeamViewer5 - ok
12:01:24.0296 1972 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:01:24.0343 1972 TermDD - ok
12:01:24.0375 1972 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
12:01:24.0375 1972 TermService - ok
12:01:24.0390 1972 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:01:24.0390 1972 Themes - ok
12:01:24.0437 1972 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:01:24.0437 1972 TlntSvr - ok
12:01:24.0437 1972 TosIde - ok
12:01:24.0453 1972 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:01:24.0453 1972 TrkWks - ok
12:01:24.0468 1972 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:01:24.0484 1972 Udfs - ok
12:01:24.0500 1972 ultra - ok
12:01:24.0500 1972 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
12:01:24.0500 1972 upnphost - ok
12:01:24.0515 1972 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
12:01:24.0515 1972 UPS - ok
12:01:24.0531 1972 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:01:24.0546 1972 usbccgp - ok
12:01:24.0578 1972 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:01:24.0593 1972 usbehci - ok
12:01:24.0609 1972 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:01:24.0625 1972 usbhub - ok
12:01:24.0671 1972 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:01:24.0687 1972 usbprint - ok
12:01:24.0718 1972 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:01:24.0734 1972 usbscan - ok
12:01:24.0765 1972 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:01:24.0781 1972 USBSTOR - ok
12:01:24.0812 1972 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:01:24.0828 1972 usbuhci - ok
12:01:24.0859 1972 [ 15B7C128E9CD61AC21053F62F5D35285 ] UserAccess C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe
12:01:24.0859 1972 UserAccess - ok
12:01:24.0906 1972 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:01:24.0937 1972 VgaSave - ok
12:01:24.0937 1972 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
12:01:24.0968 1972 ViaIde - ok
12:01:24.0984 1972 [ 1B8F371423BB41426632B704A0FD466E ] VirtDisk C:\WINDOWS\SMINST\VirtDisk.sys
12:01:25.0015 1972 VirtDisk - ok
12:01:25.0046 1972 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:01:25.0078 1972 VolSnap - ok
12:01:25.0109 1972 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
12:01:25.0109 1972 VSS - ok
12:01:25.0156 1972 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
12:01:25.0156 1972 W32Time - ok
12:01:25.0171 1972 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:01:25.0187 1972 Wanarp - ok
12:01:25.0203 1972 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:01:25.0218 1972 wdmaud - ok
12:01:25.0250 1972 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:01:25.0250 1972 WebClient - ok
12:01:25.0281 1972 [ 451F905BC7BFF9E1CFF2E7AE76196B2C ] WinDriver6 C:\WINDOWS\system32\drivers\windrvr6.sys
12:01:25.0296 1972 WinDriver6 - ok
12:01:25.0421 1972 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:01:25.0421 1972 winmgmt - ok
12:01:25.0453 1972 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:01:25.0453 1972 WmdmPmSN - ok
12:01:25.0484 1972 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:01:25.0484 1972 Wmi - ok
12:01:25.0531 1972 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:01:25.0531 1972 WmiApSrv - ok
12:01:25.0593 1972 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:01:25.0609 1972 WMPNetworkSvc - ok
12:01:25.0625 1972 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:01:25.0656 1972 WS2IFSL - ok
12:01:25.0687 1972 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:01:25.0687 1972 wscsvc - ok
12:01:25.0687 1972 WSearch - ok
12:01:25.0718 1972 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:01:25.0750 1972 wuauserv - ok
12:01:25.0750 1972 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:01:25.0765 1972 WudfPf - ok
12:01:25.0796 1972 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:01:25.0796 1972 WudfRd - ok
12:01:25.0796 1972 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:01:25.0796 1972 WudfSvc - ok
12:01:25.0843 1972 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:01:25.0859 1972 WZCSVC - ok
12:01:25.0875 1972 xcpip - ok
12:01:25.0890 1972 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:01:25.0890 1972 xmlprov - ok
12:01:25.0890 1972 xpsec - ok
12:01:25.0890 1972 ================ Scan global ===============================
12:01:25.0921 1972 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
12:01:25.0953 1972 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
12:01:25.0968 1972 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
12:01:25.0968 1972 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
12:01:25.0968 1972 [Global] - ok
12:01:25.0968 1972 ================ Scan MBR ==================================
12:01:25.0984 1972 [ A2FB971839F99220DE5D5AD06ED44CC6 ] \Device\Harddisk0\DR0
12:01:25.0984 1972 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
12:01:25.0984 1972 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
12:01:25.0984 1972 ================ Scan VBR ==================================
12:01:26.0000 1972 [ 871B3C1EC48DE4CAE3B254C17A6930DB ] \Device\Harddisk0\DR0\Partition1
12:01:26.0000 1972 \Device\Harddisk0\DR0\Partition1 - ok
12:01:26.0015 1972 [ AE441970C6BFD8C7741C66BC8C4759CC ] \Device\Harddisk0\DR0\Partition2
12:01:26.0015 1972 \Device\Harddisk0\DR0\Partition2 - ok
12:01:26.0015 1972 ============================================================
12:01:26.0015 1972 Scan finished
12:01:26.0015 1972 ============================================================
12:01:26.0031 1992 Detected object count: 1
12:01:26.0031 1992 Actual detected object count: 1
12:01:39.0765 1992 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - skipped by user
12:01:39.0765 1992 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Skip
12:01:51.0156 3064 Deinitialize success
ComboFix 13-02-24.01 - Ucitel 26.02.2013 12:09:35.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2013.1571 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ucitel\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
.
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-26 do 2013-02-26 )))))))))))))))))))))))))))))))
.
.
2013-02-26 08:36 . 2008-07-03 09:59 193696 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2013-02-26 08:36 . 2013-02-26 10:55 -------- d-----w- c:\program files\Common Files\Vernier Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-26 03:55 . 2008-04-14 01:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-24 07:21 . 2011-02-22 09:27 2516 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2013-01-07 07:26 . 2008-04-14 01:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2008-04-14 01:00 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2008-04-14 01:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 09:30 . 2013-01-03 09:30 388096 ----a-r- c:\documents and settings\Ucitel\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-02 06:49 . 2008-04-14 01:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2008-04-14 01:00 1294848 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:20 . 2008-04-14 01:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:19 . 2008-04-14 01:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:19 . 2008-04-14 01:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2008-04-14 01:00 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2008-04-14 01:00 290560 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-01 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-01 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"HPLJ Config"="c:\program files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe" [2003-03-31 28672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2013a\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2013a\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 12:27 94872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [4.8.2009 22:10 576024]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 19:09 11032]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [26.10.2012 15:13 2048408]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [5.8.2009 6:44 243856]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013a\RpcAgentSrv.exe [9.1.2013 14:06 68760]
S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\SMINST\virtdisk.sys [4.8.2009 22:13 57344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 81.91.208.2 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1 - c:\program files\SiteRanker\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-26 12:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1328)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2013-02-26 12:21:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-26 11:21
.
Před spuštěním: Volných bajtů: 422 943 764 480
Po spuštění: Volných bajtů: 423 301 750 784
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
.
- - End Of File - - CF5285450C3274877CDE5AFCD8F9CB2C
# AdwCleaner v2.113 - Logfile created 02/26/2013 at 11:46:50
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ucitel - UC2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ucitel\Plocha\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Nabídka Start\Programy\SiteRanker
Folder Deleted : C:\Documents and Settings\Ucitel\Data aplikací\SiteRanker
Folder Deleted : C:\Program Files\SiteRanker
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [4782 octets] - [26/02/2013 09:25:10]
AdwCleaner[R2].txt - [4842 octets] - [26/02/2013 09:25:47]
AdwCleaner[S1].txt - [4845 octets] - [26/02/2013 11:46:50]
########## EOF - C:\AdwCleaner[S1].txt - [4905 octets] ##########
12:01:04.0796 3728 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:01:04.0906 3728 ============================================================
12:01:04.0906 3728 Current date / time: 2013/02/26 12:01:04.0906
12:01:04.0906 3728 SystemInfo:
12:01:04.0906 3728
12:01:04.0906 3728 OS Version: 5.1.2600 ServicePack: 3.0
12:01:04.0906 3728 Product type: Workstation
12:01:04.0906 3728 ComputerName: UC2
12:01:04.0906 3728 UserName: Ucitel
12:01:04.0906 3728 Windows directory: C:\WINDOWS
12:01:04.0906 3728 System windows directory: C:\WINDOWS
12:01:04.0906 3728 Processor architecture: Intel x86
12:01:04.0906 3728 Number of processors: 2
12:01:04.0906 3728 Page size: 0x1000
12:01:04.0906 3728 Boot type: Normal boot
12:01:04.0906 3728 ============================================================
12:01:05.0265 3728 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:01:05.0281 3728 ============================================================
12:01:05.0281 3728 \Device\Harddisk0\DR0:
12:01:05.0281 3728 MBR partitions:
12:01:05.0281 3728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37186E03
12:01:05.0281 3728 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37186E42, BlocksNum 0x31FDDFF
12:01:05.0281 3728 ============================================================
12:01:05.0296 3728 C: <-> \Device\Harddisk0\DR0\Partition1
12:01:05.0343 3728 D: <-> \Device\Harddisk0\DR0\Partition2
12:01:05.0406 3728 ============================================================
12:01:05.0406 3728 Initialize success
12:01:05.0406 3728 ============================================================
12:01:12.0890 1972 ============================================================
12:01:12.0890 1972 Scan started
12:01:12.0890 1972 Mode: Manual;
12:01:12.0890 1972 ============================================================
12:01:13.0171 1972 ================ Scan system memory ========================
12:01:13.0171 1972 System memory - ok
12:01:13.0171 1972 ================ Scan services =============================
12:01:15.0062 1972 Abiosdsk - ok
12:01:15.0062 1972 abp480n5 - ok
12:01:15.0109 1972 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
12:01:15.0140 1972 ac97intc - ok
12:01:15.0171 1972 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:01:15.0171 1972 ACPI - ok
12:01:15.0203 1972 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:01:15.0234 1972 ACPIEC - ok
12:01:15.0250 1972 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:01:15.0281 1972 adpu160m - ok
12:01:15.0281 1972 [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
12:01:15.0296 1972 adpu320 - ok
12:01:15.0328 1972 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:01:15.0359 1972 aec - ok
12:01:15.0390 1972 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:01:15.0390 1972 AFD - ok
12:01:15.0390 1972 Aha154x - ok
12:01:15.0421 1972 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:01:15.0453 1972 aic78u2 - ok
12:01:15.0453 1972 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:01:15.0468 1972 aic78xx - ok
12:01:15.0484 1972 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:01:15.0484 1972 Alerter - ok
12:01:15.0500 1972 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
12:01:15.0500 1972 ALG - ok
12:01:15.0515 1972 AliIde - ok
12:01:15.0515 1972 amsint - ok
12:01:15.0546 1972 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:01:15.0562 1972 AppMgmt - ok
12:01:15.0578 1972 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:01:15.0593 1972 Arp1394 - ok
12:01:15.0609 1972 asc - ok
12:01:15.0609 1972 asc3350p - ok
12:01:15.0609 1972 asc3550 - ok
12:01:15.0875 1972 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:01:15.0921 1972 aspnet_state - ok
12:01:15.0921 1972 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:01:15.0937 1972 AsyncMac - ok
12:01:15.0953 1972 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:01:15.0968 1972 atapi - ok
12:01:15.0984 1972 Atdisk - ok
12:01:15.0984 1972 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:01:16.0000 1972 Atmarpc - ok
12:01:16.0031 1972 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:01:16.0031 1972 AudioSrv - ok
12:01:16.0062 1972 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:01:16.0093 1972 audstub - ok
12:01:16.0312 1972 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
12:01:16.0312 1972 BcmSqlStartupSvc - ok
12:01:16.0328 1972 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:01:16.0343 1972 Beep - ok
12:01:16.0375 1972 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
12:01:16.0406 1972 BITS - ok
12:01:16.0437 1972 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
12:01:16.0437 1972 Browser - ok
12:01:16.0453 1972 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:01:16.0468 1972 cbidf2k - ok
12:01:16.0468 1972 cd20xrnt - ok
12:01:16.0500 1972 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:01:16.0515 1972 Cdaudio - ok
12:01:16.0531 1972 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:01:16.0546 1972 Cdfs - ok
12:01:16.0562 1972 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:01:16.0578 1972 Cdrom - ok
12:01:16.0609 1972 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:01:16.0625 1972 CiSvc - ok
12:01:16.0656 1972 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:01:16.0656 1972 ClipSrv - ok
12:01:16.0687 1972 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:01:16.0796 1972 clr_optimization_v2.0.50727_32 - ok
12:01:16.0796 1972 CmdIde - ok
12:01:16.0796 1972 COMSysApp - ok
12:01:16.0796 1972 Cpqarray - ok
12:01:16.0828 1972 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:01:16.0828 1972 CryptSvc - ok
12:01:16.0828 1972 dac2w2k - ok
12:01:16.0828 1972 dac960nt - ok
12:01:16.0875 1972 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:01:16.0875 1972 DcomLaunch - ok
12:01:16.0921 1972 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:01:16.0921 1972 Dhcp - ok
12:01:16.0937 1972 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:01:16.0953 1972 Disk - ok
12:01:16.0953 1972 dmadmin - ok
12:01:16.0984 1972 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:01:17.0015 1972 dmboot - ok
12:01:17.0046 1972 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:01:17.0078 1972 dmio - ok
12:01:17.0078 1972 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:01:17.0109 1972 dmload - ok
12:01:17.0125 1972 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:01:17.0125 1972 dmserver - ok
12:01:17.0140 1972 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:01:17.0140 1972 DMusic - ok
12:01:17.0156 1972 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:01:17.0171 1972 Dnscache - ok
12:01:17.0187 1972 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:01:17.0187 1972 Dot3svc - ok
12:01:17.0218 1972 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
12:01:17.0234 1972 dot4 - ok
12:01:17.0250 1972 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
12:01:17.0265 1972 Dot4Print - ok
12:01:17.0265 1972 [ CCC4092DFC85336F2E1C142483ADEB42 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
12:01:17.0281 1972 dot4usb - ok
12:01:17.0296 1972 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:01:17.0312 1972 dpti2o - ok
12:01:17.0328 1972 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:01:17.0359 1972 drmkaud - ok
12:01:17.0359 1972 [ 866B8EE30E4504C11AE0D29ED6F8824B ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:01:17.0390 1972 E100B - ok
12:01:17.0421 1972 [ 6A738BEE58FF3D2F237157082E799DE8 ] e1yexpress C:\WINDOWS\system32\DRIVERS\e1y5132.sys
12:01:17.0437 1972 e1yexpress - ok
12:01:17.0468 1972 [ D42DD9021ACD47683B33ADF21BCA49AA ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
12:01:17.0500 1972 eamon - ok
12:01:17.0531 1972 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:01:17.0531 1972 EapHost - ok
12:01:17.0562 1972 [ FE7824239D132AD9EBD8645FE1199B30 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
12:01:17.0578 1972 ehdrv - ok
12:01:17.0656 1972 [ 68D91A34CE51CF15C45DD68F7F1257E8 ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
12:01:17.0656 1972 EhttpSrv - ok
12:01:17.0703 1972 [ 191D8ECCC40F05B52FAC0513F35BA01D ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
12:01:17.0703 1972 ekrn - ok
12:01:17.0734 1972 [ AA0667EB9A92414ABB784C101A6C7FEC ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
12:01:17.0765 1972 epfwtdir - ok
12:01:17.0781 1972 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:01:17.0781 1972 ERSvc - ok
12:01:17.0796 1972 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
12:01:17.0796 1972 Eventlog - ok
12:01:17.0843 1972 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
12:01:17.0843 1972 EventSystem - ok
12:01:17.0859 1972 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:01:17.0875 1972 Fastfat - ok
12:01:17.0921 1972 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:01:17.0921 1972 FastUserSwitchingCompatibility - ok
12:01:17.0921 1972 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:01:17.0937 1972 Fdc - ok
12:01:17.0953 1972 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:01:17.0968 1972 Fips - ok
12:01:17.0984 1972 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:01:18.0000 1972 Flpydisk - ok
12:01:18.0015 1972 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:01:18.0031 1972 FltMgr - ok
12:01:18.0125 1972 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:01:18.0125 1972 FontCache3.0.0.0 - ok
12:01:18.0125 1972 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:01:18.0156 1972 Fs_Rec - ok
12:01:18.0156 1972 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:01:18.0187 1972 Ftdisk - ok
12:01:18.0203 1972 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:01:18.0218 1972 Gpc - ok
12:01:18.0234 1972 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:01:18.0234 1972 HDAudBus - ok
12:01:18.0312 1972 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:01:18.0328 1972 helpsvc - ok
12:01:18.0343 1972 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:01:18.0343 1972 HidServ - ok
12:01:18.0375 1972 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:01:18.0406 1972 HidUsb - ok
12:01:18.0421 1972 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:01:18.0421 1972 hkmsvc - ok
12:01:18.0421 1972 hpn - ok
12:01:18.0453 1972 [ A0FA5AC8B360780524D7A68376BAF4E0 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:01:18.0468 1972 hpqcxs08 - ok
12:01:18.0500 1972 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:01:18.0500 1972 HTTP - ok
12:01:18.0531 1972 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:01:18.0546 1972 HTTPFilter - ok
12:01:18.0546 1972 i2omp - ok
12:01:18.0578 1972 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:01:18.0593 1972 i8042prt - ok
12:01:18.0593 1972 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
12:01:18.0640 1972 i81x - ok
12:01:18.0656 1972 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
12:01:18.0656 1972 iAimFP0 - ok
12:01:18.0656 1972 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
12:01:18.0656 1972 iAimFP1 - ok
12:01:18.0671 1972 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
12:01:18.0671 1972 iAimFP2 - ok
12:01:18.0671 1972 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
12:01:18.0671 1972 iAimFP3 - ok
12:01:18.0687 1972 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
12:01:18.0703 1972 iAimFP4 - ok
12:01:18.0703 1972 [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5 C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
12:01:18.0703 1972 iAimFP5 - ok
12:01:18.0703 1972 [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6 C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
12:01:18.0703 1972 iAimFP6 - ok
12:01:18.0734 1972 [ 7BB3AA595E4507A788DE1CDC63F4C8C4 ] iAimFP7 C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
12:01:18.0734 1972 iAimFP7 - ok
12:01:18.0734 1972 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
12:01:18.0750 1972 iAimTV0 - ok
12:01:18.0781 1972 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
12:01:18.0796 1972 iAimTV1 - ok
12:01:18.0812 1972 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
12:01:18.0828 1972 iAimTV3 - ok
12:01:18.0843 1972 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
12:01:18.0859 1972 iAimTV4 - ok
12:01:18.0859 1972 [ 791CC45DE6E50445BE72E8AD6401FF45 ] iAimTV5 C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
12:01:18.0875 1972 iAimTV5 - ok
12:01:18.0890 1972 [ 352FA0E98BC461CE1CE5D41F64DB558D ] iAimTV6 C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
12:01:18.0906 1972 iAimTV6 - ok
12:01:19.0015 1972 [ 00CD8ECE5983C6175A78230653FFDBF1 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:01:19.0109 1972 ialm - ok
12:01:19.0125 1972 [ 42BE6406094936A23280D68D9AEC33D0 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
12:01:19.0125 1972 iaStor - ok
12:01:19.0203 1972 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:01:19.0203 1972 idsvc - ok
12:01:19.0218 1972 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:01:19.0250 1972 Imapi - ok
12:01:19.0296 1972 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:01:19.0296 1972 ImapiService - ok
12:01:19.0296 1972 ini910u - ok
12:01:19.0375 1972 [ 3FD00A073361937B705822775255D4E0 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:01:19.0406 1972 IntcAzAudAddService - ok
12:01:19.0406 1972 [ 57D928E548B38502ABBA7A77A6EB7312 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:01:19.0421 1972 IntelIde - ok
12:01:19.0437 1972 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:01:19.0437 1972 intelppm - ok
12:01:19.0437 1972 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:01:19.0468 1972 Ip6Fw - ok
12:01:19.0500 1972 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:01:19.0546 1972 IpFilterDriver - ok
12:01:19.0546 1972 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:01:19.0562 1972 IpInIp - ok
12:01:19.0578 1972 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:01:19.0578 1972 IpNat - ok
12:01:19.0593 1972 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:01:19.0609 1972 IPSec - ok
12:01:19.0640 1972 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:01:19.0656 1972 IRENUM - ok
12:01:19.0671 1972 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:01:19.0687 1972 isapnp - ok
12:01:19.0703 1972 [ 4AC11B2250106774F694DF2DB4FFED61 ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
12:01:19.0703 1972 Iviaspi - ok
12:01:19.0765 1972 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
12:01:19.0765 1972 IviRegMgr - ok
12:01:19.0921 1972 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:01:19.0921 1972 JavaQuickStarterService - ok
12:01:19.0937 1972 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:01:19.0953 1972 Kbdclass - ok
12:01:19.0968 1972 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:01:19.0984 1972 kbdhid - ok
12:01:20.0000 1972 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:01:20.0015 1972 kmixer - ok
12:01:20.0046 1972 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:01:20.0046 1972 KSecDD - ok
12:01:20.0078 1972 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:01:20.0078 1972 LanmanServer - ok
12:01:20.0109 1972 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:01:20.0125 1972 lanmanworkstation - ok
12:01:20.0156 1972 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:01:20.0156 1972 LmHosts - ok
12:01:20.0187 1972 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:01:20.0187 1972 Messenger - ok
12:01:20.0234 1972 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:01:20.0250 1972 mnmdd - ok
12:01:20.0265 1972 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:01:20.0265 1972 mnmsrvc - ok
12:01:20.0281 1972 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:01:20.0296 1972 Modem - ok
12:01:20.0296 1972 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:01:20.0312 1972 Mouclass - ok
12:01:20.0328 1972 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:01:20.0359 1972 mouhid - ok
12:01:20.0359 1972 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:01:20.0375 1972 MountMgr - ok
12:01:20.0375 1972 mraid35x - ok
12:01:20.0406 1972 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:01:20.0453 1972 MRxDAV - ok
12:01:20.0468 1972 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:01:20.0484 1972 MRxSmb - ok
12:01:20.0500 1972 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:01:20.0515 1972 MSDTC - ok
12:01:20.0515 1972 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:01:20.0531 1972 Msfs - ok
12:01:20.0531 1972 MSIServer - ok
12:01:20.0546 1972 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:01:20.0578 1972 MSKSSRV - ok
12:01:20.0578 1972 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:01:20.0593 1972 MSPCLOCK - ok
12:01:20.0593 1972 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:01:20.0609 1972 MSPQM - ok
12:01:20.0625 1972 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:01:20.0625 1972 mssmbios - ok
12:01:20.0671 1972 MSSQL$MSSMLBIZ - ok
12:01:20.0718 1972 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:01:20.0718 1972 MSSQLServerADHelper - ok
12:01:20.0734 1972 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:01:20.0734 1972 Mup - ok
12:01:20.0750 1972 [ 03CA886BA148B6B9996BE1368DDC3FC0 ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
12:01:20.0781 1972 NAL - ok
12:01:20.0812 1972 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:01:20.0828 1972 napagent - ok
12:01:20.0859 1972 [ B5B1080D35974C0E718D64280761BCD5 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:01:20.0859 1972 NDIS - ok
12:01:20.0890 1972 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:01:20.0890 1972 NdisTapi - ok
12:01:20.0890 1972 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:01:20.0921 1972 Ndisuio - ok
12:01:20.0937 1972 [ B053A8411045FD0664B389A090CB2BBC ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:01:20.0953 1972 NdisWan - ok
12:01:20.0984 1972 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:01:20.0984 1972 NDProxy - ok
12:01:21.0031 1972 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:01:21.0031 1972 Net Driver HPZ12 - ok
12:01:21.0031 1972 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:01:21.0046 1972 NetBIOS - ok
12:01:21.0078 1972 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:01:21.0093 1972 NetBT - ok
12:01:21.0125 1972 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
12:01:21.0140 1972 NetDDE - ok
12:01:21.0140 1972 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:01:21.0140 1972 NetDDEdsdm - ok
12:01:21.0171 1972 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:01:21.0187 1972 Netlogon - ok
12:01:21.0218 1972 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
12:01:21.0218 1972 Netman - ok
12:01:21.0234 1972 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:01:21.0250 1972 NetTcpPortSharing - ok
12:01:21.0250 1972 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:01:21.0250 1972 NIC1394 - ok
12:01:21.0265 1972 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
12:01:21.0265 1972 Nla - ok
12:01:21.0296 1972 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:01:21.0312 1972 Npfs - ok
12:01:21.0328 1972 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:01:21.0359 1972 Ntfs - ok
12:01:21.0359 1972 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:01:21.0359 1972 NtLmSsp - ok
12:01:21.0406 1972 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:01:21.0406 1972 NtmsSvc - ok
12:01:21.0421 1972 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:01:21.0453 1972 Null - ok
12:01:21.0453 1972 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:01:21.0468 1972 NwlnkFlt - ok
12:01:21.0484 1972 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:01:21.0500 1972 NwlnkFwd - ok
12:01:21.0593 1972 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:01:21.0609 1972 odserv - ok
12:01:21.0625 1972 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:01:21.0625 1972 ohci1394 - ok
12:01:21.0656 1972 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:01:21.0656 1972 ose - ok
12:01:21.0687 1972 [ 3FC38E7FBE91DB40C34731195F4116C2 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
12:01:21.0703 1972 P3 - ok
12:01:21.0718 1972 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:01:21.0750 1972 Parport - ok
12:01:21.0765 1972 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:01:21.0781 1972 PartMgr - ok
12:01:21.0796 1972 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:01:21.0812 1972 ParVdm - ok
12:01:21.0968 1972 [ 2A42DDAEAAE7743C55A3FA68A7AD9538 ] PCA C:\WINDOWS\SMINST\PCAngel.exe
12:01:21.0968 1972 PCA - ok
12:01:21.0968 1972 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:01:21.0984 1972 PCI - ok
12:01:22.0015 1972 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:01:22.0031 1972 PCIIde - ok
12:01:22.0062 1972 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:01:22.0093 1972 Pcmcia - ok
12:01:22.0140 1972 pdfcDispatcher - ok
12:01:22.0140 1972 perc2 - ok
12:01:22.0140 1972 perc2hib - ok
12:01:22.0156 1972 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
12:01:22.0156 1972 PlugPlay - ok
12:01:22.0171 1972 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:01:22.0171 1972 Pml Driver HPZ12 - ok
12:01:22.0171 1972 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:01:22.0171 1972 PolicyAgent - ok
12:01:22.0203 1972 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:01:22.0234 1972 PptpMiniport - ok
12:01:22.0234 1972 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:01:22.0234 1972 ProtectedStorage - ok
12:01:22.0250 1972 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:01:22.0296 1972 PSched - ok
12:01:22.0328 1972 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:01:22.0328 1972 PSI_SVC_2 - ok
12:01:22.0359 1972 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:01:22.0375 1972 Ptilink - ok
12:01:22.0375 1972 ql1080 - ok
12:01:22.0375 1972 Ql10wnt - ok
12:01:22.0375 1972 ql12160 - ok
12:01:22.0375 1972 ql1240 - ok
12:01:22.0375 1972 ql1280 - ok
12:01:22.0390 1972 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:01:22.0406 1972 RasAcd - ok
12:01:22.0437 1972 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:01:22.0437 1972 RasAuto - ok
12:01:22.0468 1972 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:01:22.0484 1972 Rasl2tp - ok
12:01:22.0515 1972 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:01:22.0515 1972 RasMan - ok
12:01:22.0531 1972 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:01:22.0546 1972 RasPppoe - ok
12:01:22.0546 1972 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:01:22.0562 1972 Raspti - ok
12:01:22.0593 1972 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:01:22.0671 1972 Rdbss - ok
12:01:22.0671 1972 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:01:22.0687 1972 RDPCDD - ok
12:01:22.0687 1972 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:01:22.0718 1972 rdpdr - ok
12:01:22.0765 1972 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:01:22.0765 1972 RDPWD - ok
12:01:22.0796 1972 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:01:22.0796 1972 RDSessMgr - ok
12:01:22.0828 1972 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:01:22.0843 1972 redbook - ok
12:01:22.0875 1972 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\WINDOWS\system32\drivers\regi.sys
12:01:22.0875 1972 regi - ok
12:01:22.0906 1972 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:01:22.0906 1972 RemoteAccess - ok
12:01:22.0921 1972 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:01:22.0921 1972 RemoteRegistry - ok
12:01:22.0921 1972 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
12:01:22.0921 1972 RpcLocator - ok
12:01:22.0953 1972 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:01:22.0953 1972 RpcSs - ok
12:01:22.0984 1972 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:01:23.0000 1972 RSVP - ok
12:01:23.0015 1972 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
12:01:23.0015 1972 SamSs - ok
12:01:23.0093 1972 [ 230FD3749904CA045EA5EC0AA14006E9 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013a\WNt500x86\Sandra.sys
12:01:23.0109 1972 SANDRA - ok
12:01:23.0109 1972 [ 40CBBCAFFDCFD3661119A2D3F892820C ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013a\RpcAgentSrv.exe
12:01:23.0109 1972 SandraAgentSrv - ok
12:01:23.0140 1972 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:01:23.0140 1972 SCardSvr - ok
12:01:23.0171 1972 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:01:23.0171 1972 Schedule - ok
12:01:23.0187 1972 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:01:23.0203 1972 Secdrv - ok
12:01:23.0218 1972 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:01:23.0218 1972 seclogon - ok
12:01:23.0218 1972 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
12:01:23.0218 1972 SENS - ok
12:01:23.0234 1972 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:01:23.0250 1972 serenum - ok
12:01:23.0265 1972 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:01:23.0312 1972 Serial - ok
12:01:23.0343 1972 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:01:23.0375 1972 Sfloppy - ok
12:01:23.0406 1972 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:01:23.0406 1972 SharedAccess - ok
12:01:23.0421 1972 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:01:23.0421 1972 ShellHWDetection - ok
12:01:23.0421 1972 Simbad - ok
12:01:23.0421 1972 Sparrow - ok
12:01:23.0453 1972 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:01:23.0484 1972 splitter - ok
12:01:23.0515 1972 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:01:23.0515 1972 Spooler - ok
12:01:23.0531 1972 [ D2B096CD2F56FAC6EEEED9A77DDF6DC8 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:01:23.0546 1972 SQLBrowser - ok
12:01:23.0562 1972 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:01:23.0562 1972 SQLWriter - ok
12:01:23.0578 1972 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:01:23.0593 1972 sr - ok
12:01:23.0625 1972 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
12:01:23.0625 1972 srservice - ok
12:01:23.0687 1972 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:01:23.0687 1972 Srv - ok
12:01:23.0734 1972 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:01:23.0734 1972 SSDPSRV - ok
12:01:23.0750 1972 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:01:23.0765 1972 stisvc - ok
12:01:23.0796 1972 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:01:23.0812 1972 swenum - ok
12:01:23.0812 1972 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:01:23.0843 1972 swmidi - ok
12:01:23.0843 1972 SwPrv - ok
12:01:23.0859 1972 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
12:01:23.0890 1972 symc810 - ok
12:01:23.0906 1972 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:01:23.0921 1972 symc8xx - ok
12:01:23.0921 1972 [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
12:01:23.0953 1972 Symmpi - ok
12:01:23.0953 1972 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:01:23.0968 1972 sym_hi - ok
12:01:23.0968 1972 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:01:24.0000 1972 sym_u3 - ok
12:01:24.0015 1972 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:01:24.0015 1972 sysaudio - ok
12:01:24.0062 1972 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:01:24.0062 1972 SysmonLog - ok
12:01:24.0093 1972 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:01:24.0093 1972 TapiSrv - ok
12:01:24.0140 1972 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:01:24.0140 1972 Tcpip - ok
12:01:24.0156 1972 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:01:24.0187 1972 TDPIPE - ok
12:01:24.0187 1972 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:01:24.0218 1972 TDTCP - ok
12:01:24.0281 1972 [ 036E9FC81E1A27FDC3E3CBB8C9C324AC ] TeamViewer5 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
12:01:24.0296 1972 TeamViewer5 - ok
12:01:24.0296 1972 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:01:24.0343 1972 TermDD - ok
12:01:24.0375 1972 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
12:01:24.0375 1972 TermService - ok
12:01:24.0390 1972 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:01:24.0390 1972 Themes - ok
12:01:24.0437 1972 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:01:24.0437 1972 TlntSvr - ok
12:01:24.0437 1972 TosIde - ok
12:01:24.0453 1972 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:01:24.0453 1972 TrkWks - ok
12:01:24.0468 1972 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:01:24.0484 1972 Udfs - ok
12:01:24.0500 1972 ultra - ok
12:01:24.0500 1972 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
12:01:24.0500 1972 upnphost - ok
12:01:24.0515 1972 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
12:01:24.0515 1972 UPS - ok
12:01:24.0531 1972 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:01:24.0546 1972 usbccgp - ok
12:01:24.0578 1972 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:01:24.0593 1972 usbehci - ok
12:01:24.0609 1972 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:01:24.0625 1972 usbhub - ok
12:01:24.0671 1972 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:01:24.0687 1972 usbprint - ok
12:01:24.0718 1972 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:01:24.0734 1972 usbscan - ok
12:01:24.0765 1972 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:01:24.0781 1972 USBSTOR - ok
12:01:24.0812 1972 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:01:24.0828 1972 usbuhci - ok
12:01:24.0859 1972 [ 15B7C128E9CD61AC21053F62F5D35285 ] UserAccess C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe
12:01:24.0859 1972 UserAccess - ok
12:01:24.0906 1972 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:01:24.0937 1972 VgaSave - ok
12:01:24.0937 1972 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
12:01:24.0968 1972 ViaIde - ok
12:01:24.0984 1972 [ 1B8F371423BB41426632B704A0FD466E ] VirtDisk C:\WINDOWS\SMINST\VirtDisk.sys
12:01:25.0015 1972 VirtDisk - ok
12:01:25.0046 1972 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:01:25.0078 1972 VolSnap - ok
12:01:25.0109 1972 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
12:01:25.0109 1972 VSS - ok
12:01:25.0156 1972 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
12:01:25.0156 1972 W32Time - ok
12:01:25.0171 1972 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:01:25.0187 1972 Wanarp - ok
12:01:25.0203 1972 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:01:25.0218 1972 wdmaud - ok
12:01:25.0250 1972 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:01:25.0250 1972 WebClient - ok
12:01:25.0281 1972 [ 451F905BC7BFF9E1CFF2E7AE76196B2C ] WinDriver6 C:\WINDOWS\system32\drivers\windrvr6.sys
12:01:25.0296 1972 WinDriver6 - ok
12:01:25.0421 1972 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:01:25.0421 1972 winmgmt - ok
12:01:25.0453 1972 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:01:25.0453 1972 WmdmPmSN - ok
12:01:25.0484 1972 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:01:25.0484 1972 Wmi - ok
12:01:25.0531 1972 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:01:25.0531 1972 WmiApSrv - ok
12:01:25.0593 1972 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:01:25.0609 1972 WMPNetworkSvc - ok
12:01:25.0625 1972 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:01:25.0656 1972 WS2IFSL - ok
12:01:25.0687 1972 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:01:25.0687 1972 wscsvc - ok
12:01:25.0687 1972 WSearch - ok
12:01:25.0718 1972 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:01:25.0750 1972 wuauserv - ok
12:01:25.0750 1972 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:01:25.0765 1972 WudfPf - ok
12:01:25.0796 1972 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:01:25.0796 1972 WudfRd - ok
12:01:25.0796 1972 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:01:25.0796 1972 WudfSvc - ok
12:01:25.0843 1972 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:01:25.0859 1972 WZCSVC - ok
12:01:25.0875 1972 xcpip - ok
12:01:25.0890 1972 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:01:25.0890 1972 xmlprov - ok
12:01:25.0890 1972 xpsec - ok
12:01:25.0890 1972 ================ Scan global ===============================
12:01:25.0921 1972 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
12:01:25.0953 1972 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
12:01:25.0968 1972 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
12:01:25.0968 1972 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
12:01:25.0968 1972 [Global] - ok
12:01:25.0968 1972 ================ Scan MBR ==================================
12:01:25.0984 1972 [ A2FB971839F99220DE5D5AD06ED44CC6 ] \Device\Harddisk0\DR0
12:01:25.0984 1972 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
12:01:25.0984 1972 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
12:01:25.0984 1972 ================ Scan VBR ==================================
12:01:26.0000 1972 [ 871B3C1EC48DE4CAE3B254C17A6930DB ] \Device\Harddisk0\DR0\Partition1
12:01:26.0000 1972 \Device\Harddisk0\DR0\Partition1 - ok
12:01:26.0015 1972 [ AE441970C6BFD8C7741C66BC8C4759CC ] \Device\Harddisk0\DR0\Partition2
12:01:26.0015 1972 \Device\Harddisk0\DR0\Partition2 - ok
12:01:26.0015 1972 ============================================================
12:01:26.0015 1972 Scan finished
12:01:26.0015 1972 ============================================================
12:01:26.0031 1992 Detected object count: 1
12:01:26.0031 1992 Actual detected object count: 1
12:01:39.0765 1992 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - skipped by user
12:01:39.0765 1992 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Skip
12:01:51.0156 3064 Deinitialize success
ComboFix 13-02-24.01 - Ucitel 26.02.2013 12:09:35.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2013.1571 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ucitel\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
.
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-26 do 2013-02-26 )))))))))))))))))))))))))))))))
.
.
2013-02-26 08:36 . 2008-07-03 09:59 193696 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2013-02-26 08:36 . 2013-02-26 10:55 -------- d-----w- c:\program files\Common Files\Vernier Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-26 03:55 . 2008-04-14 01:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-24 07:21 . 2011-02-22 09:27 2516 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2013-01-07 07:26 . 2008-04-14 01:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2008-04-14 01:00 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2008-04-14 01:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 09:30 . 2013-01-03 09:30 388096 ----a-r- c:\documents and settings\Ucitel\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-02 06:49 . 2008-04-14 01:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2008-04-14 01:00 1294848 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:20 . 2008-04-14 01:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:19 . 2008-04-14 01:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:19 . 2008-04-14 01:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2008-04-14 01:00 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2008-04-14 01:00 290560 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-01 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-01 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"HPLJ Config"="c:\program files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe" [2003-03-31 28672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2013a\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2013a\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 12:27 94872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [4.8.2009 22:10 576024]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 19:09 11032]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [26.10.2012 15:13 2048408]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [5.8.2009 6:44 243856]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013a\RpcAgentSrv.exe [9.1.2013 14:06 68760]
S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\SMINST\virtdisk.sys [4.8.2009 22:13 57344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 81.91.208.2 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1 - c:\program files\SiteRanker\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-26 12:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1328)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2013-02-26 12:21:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-26 11:21
.
Před spuštěním: Volných bajtů: 422 943 764 480
Po spuštění: Volných bajtů: 423 301 750 784
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
.
- - End Of File - - CF5285450C3274877CDE5AFCD8F9CB2C
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: HJT - trojan
Udělej znovu TDSSKiller , zda je nákaza pryč.
Hlásí ještě něco antivir?
Hlásí ještě něco antivir?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 125 hostů