Zdravím,
mám už asi 4 dny problém s google chrome, který mi pořád píše tuto chybovou hlášku a už opravdu nevím co s tím, řešil jsem to zde: viewtopic.php?f=3&t=96520
ale žádné řešení se nenašlo proto zkouším hijackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:24:47, on 14.11.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\IradioVb6\IRadioVB6.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\seoadministrator\sheduler\sheduler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ManageBytes\WinArranger\WinArranger.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe
C:\Program Files\MSI\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\Automatické vypnutí počítače\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\test\Data aplikací\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\test\Dokumenty\Stažené soubory\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=275cd3ae- ... 1fd0559469
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=275cd3ae- ... 1fd0559469
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IRadioVB6] C:\Program Files\IradioVb6\IRadioVB6.exe -start
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SeoAdministrator sheduler] C:\Program Files\seoadministrator\sheduler\sheduler.exe -min
O4 - HKCU\..\Run: [WinArranger] "C:\Program Files\ManageBytes\WinArranger\WinArranger.exe"
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Automatické vypnutí počítače.lnk = ?
O4 - Startup: Dropbox.lnk = ?
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
O4 - Global Startup: Remote Control.lnk = C:\Program Files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\MSI\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\test\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{037BF424-1062-446C-98C8-4275B5909D66}: NameServer = 192.168.254.1,192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{037BF424-1062-446C-98C8-4275B5909D66}: NameServer = 192.168.254.1,192.168.0.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9aa459c3fb63a) (gupdate1c9aa459c3fb63a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 10767 bytes
Prosím o kontrolu +
- memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
Odinstaluj:
Google Toolbar
VShare Toolbar
McAfee Security Scan
v logu fixni:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=275cd3ae- ... 1fd0559469
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=275cd3ae- ... 1fd0559469
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Google Toolbar
VShare Toolbar
McAfee Security Scan
v logu fixni:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=275cd3ae- ... 1fd0559469
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=275cd3ae- ... 1fd0559469
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu
log:
Malwarebytes' Anti-Malware
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
16.11.2012 3:18:44
mbam-log-2012-11-16 (03-18-44).txt
Typ: Rychlá kontrola
Kontrolované objekty: 247583
Uplynulý čas: 1 hodin, 1 minut, 55 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Malwarebytes' Anti-Malware
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
16.11.2012 3:18:44
mbam-log-2012-11-16 (03-18-44).txt
Typ: Rychlá kontrola
Kontrolované objekty: 247583
Uplynulý čas: 1 hodin, 1 minut, 55 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
- memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
Nevypadá to na neřáda, ale ...
Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu
tdskskiler:
12:59:26.0437 4124 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:59:26.0718 4124 ============================================================
12:59:26.0718 4124 Current date / time: 2012/11/16 12:59:26.0718
12:59:26.0718 4124 SystemInfo:
12:59:26.0718 4124
12:59:26.0718 4124 OS Version: 5.1.2600 ServicePack: 2.0
12:59:26.0718 4124 Product type: Workstation
12:59:26.0718 4124 ComputerName: J-PC
12:59:26.0718 4124 UserName: test
12:59:26.0718 4124 Windows directory: C:\WINDOWS
12:59:26.0718 4124 System windows directory: C:\WINDOWS
12:59:26.0718 4124 Processor architecture: Intel x86
12:59:26.0718 4124 Number of processors: 2
12:59:26.0718 4124 Page size: 0x1000
12:59:26.0718 4124 Boot type: Normal boot
12:59:26.0718 4124 ============================================================
12:59:27.0828 4124 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:59:27.0828 4124 ============================================================
12:59:27.0828 4124 \Device\Harddisk0\DR0:
12:59:27.0828 4124 MBR partitions:
12:59:27.0828 4124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F6BF3
12:59:27.0859 4124 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x124F6C71, BlocksNum 0x12F32B8F
12:59:27.0859 4124 ============================================================
12:59:27.0953 4124 C: <-> \Device\Harddisk0\DR0\Partition1
12:59:28.0250 4124 E: <-> \Device\Harddisk0\DR0\Partition2
12:59:28.0281 4124 ============================================================
12:59:28.0281 4124 Initialize success
12:59:28.0281 4124 ============================================================
12:59:29.0921 4748 ============================================================
12:59:29.0921 4748 Scan started
12:59:29.0921 4748 Mode: Manual;
12:59:29.0921 4748 ============================================================
12:59:31.0390 4748 ================ Scan system memory ========================
12:59:31.0390 4748 System memory - ok
12:59:31.0390 4748 ================ Scan services =============================
12:59:31.0531 4748 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
12:59:31.0531 4748 Aavmker4 - ok
12:59:31.0546 4748 Abiosdsk - ok
12:59:31.0546 4748 abp480n5 - ok
12:59:31.0578 4748 [ FA2FBCDA96D2385F773B059FE5A125A6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:59:31.0578 4748 ACPI - ok
12:59:31.0609 4748 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:59:31.0609 4748 ACPIEC - ok
12:59:31.0609 4748 adpu160m - ok
12:59:31.0640 4748 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:59:31.0640 4748 aec - ok
12:59:31.0671 4748 [ 6E1CC5AA9817CD13FBCEB35DAC0A77F7 ] AF15BDA C:\WINDOWS\system32\DRIVERS\AF15BDA.sys
12:59:31.0671 4748 AF15BDA - ok
12:59:31.0703 4748 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
12:59:31.0703 4748 Afc - ok
12:59:31.0734 4748 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:59:31.0734 4748 AFD - ok
12:59:31.0734 4748 Aha154x - ok
12:59:31.0750 4748 aic78u2 - ok
12:59:31.0750 4748 aic78xx - ok
12:59:31.0765 4748 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:59:31.0781 4748 Alerter - ok
12:59:31.0796 4748 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG C:\WINDOWS\System32\alg.exe
12:59:31.0796 4748 ALG - ok
12:59:31.0796 4748 AliIde - ok
12:59:31.0796 4748 amsint - ok
12:59:31.0812 4748 AppMgmt - ok
12:59:31.0828 4748 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:59:31.0828 4748 Arp1394 - ok
12:59:31.0828 4748 asc - ok
12:59:31.0843 4748 asc3350p - ok
12:59:31.0843 4748 asc3550 - ok
12:59:31.0906 4748 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:59:31.0906 4748 aspnet_state - ok
12:59:31.0921 4748 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:59:31.0921 4748 aswFsBlk - ok
12:59:31.0921 4748 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
12:59:31.0921 4748 aswMon2 - ok
12:59:31.0937 4748 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
12:59:31.0937 4748 aswRdr - ok
12:59:31.0953 4748 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
12:59:31.0968 4748 aswSnx - ok
12:59:31.0984 4748 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
12:59:31.0984 4748 aswSP - ok
12:59:32.0000 4748 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
12:59:32.0000 4748 aswTdi - ok
12:59:32.0015 4748 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:59:32.0015 4748 AsyncMac - ok
12:59:32.0031 4748 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:59:32.0031 4748 atapi - ok
12:59:32.0031 4748 Atdisk - ok
12:59:32.0062 4748 [ 96C29C702A9CCD372BA097F3F8B5AC80 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
12:59:32.0078 4748 Ati HotKey Poller - ok
12:59:32.0171 4748 [ C4828A671467C6FB43F2E6D54B5950EE ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:59:32.0218 4748 ati2mtag - ok
12:59:32.0234 4748 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:59:32.0234 4748 Atmarpc - ok
12:59:32.0265 4748 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:59:32.0265 4748 AudioSrv - ok
12:59:32.0296 4748 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:59:32.0296 4748 audstub - ok
12:59:32.0390 4748 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:59:32.0390 4748 avast! Antivirus - ok
12:59:32.0421 4748 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:59:32.0421 4748 Beep - ok
12:59:32.0453 4748 [ E774A26610EC92674273486612C11CFC ] BITS C:\WINDOWS\system32\qmgr.dll
12:59:32.0468 4748 BITS - ok
12:59:32.0500 4748 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:59:32.0515 4748 Bonjour Service - ok
12:59:32.0546 4748 [ F219E27E88107A50544153898DD8178E ] Browser C:\WINDOWS\System32\browser.dll
12:59:32.0546 4748 Browser - ok
12:59:32.0593 4748 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:59:32.0609 4748 cbidf2k - ok
12:59:32.0656 4748 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:59:32.0671 4748 CCDECODE - ok
12:59:32.0671 4748 cd20xrnt - ok
12:59:32.0718 4748 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:59:32.0734 4748 Cdaudio - ok
12:59:32.0765 4748 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:59:32.0765 4748 Cdfs - ok
12:59:32.0765 4748 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:59:32.0781 4748 Cdrom - ok
12:59:32.0781 4748 Changer - ok
12:59:32.0812 4748 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:59:32.0812 4748 CiSvc - ok
12:59:32.0828 4748 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:59:32.0828 4748 ClipSrv - ok
12:59:32.0859 4748 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:59:32.0921 4748 clr_optimization_v2.0.50727_32 - ok
12:59:32.0984 4748 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:59:32.0984 4748 clr_optimization_v4.0.30319_32 - ok
12:59:32.0984 4748 CmdIde - ok
12:59:33.0000 4748 COMSysApp - ok
12:59:33.0000 4748 Cpqarray - ok
12:59:33.0031 4748 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:59:33.0031 4748 CryptSvc - ok
12:59:33.0031 4748 dac2w2k - ok
12:59:33.0046 4748 dac960nt - ok
12:59:33.0078 4748 [ 2B269C916766BDB43404F043B763427D ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:59:33.0093 4748 DcomLaunch - ok
12:59:33.0109 4748 [ 562830EFB7CF367FB773FEA5256E67C8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:59:33.0109 4748 Dhcp - ok
12:59:33.0125 4748 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:59:33.0125 4748 Disk - ok
12:59:33.0125 4748 dmadmin - ok
12:59:33.0156 4748 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:59:33.0171 4748 dmboot - ok
12:59:33.0203 4748 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:59:33.0203 4748 dmio - ok
12:59:33.0234 4748 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:59:33.0234 4748 dmload - ok
12:59:33.0265 4748 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:59:33.0265 4748 dmserver - ok
12:59:33.0312 4748 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:59:33.0312 4748 DMusic - ok
12:59:33.0312 4748 [ F605B3F5674D67587C4B6C9E92A3E025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:59:33.0328 4748 Dnscache - ok
12:59:33.0328 4748 dpti2o - ok
12:59:33.0343 4748 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:59:33.0343 4748 drmkaud - ok
12:59:33.0359 4748 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:59:33.0359 4748 ERSvc - ok
12:59:33.0375 4748 [ 4F9F7B567970B524F31D9970A23F7C24 ] Eventlog C:\WINDOWS\system32\services.exe
12:59:33.0375 4748 Eventlog - ok
12:59:33.0406 4748 [ 398314DF0B21338C4996B469101750D1 ] EventSystem C:\WINDOWS\System32\es.dll
12:59:33.0421 4748 EventSystem - ok
12:59:33.0421 4748 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:59:33.0421 4748 Fastfat - ok
12:59:33.0437 4748 [ 8BA76BD2A943F642F267A296A15776D2 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:59:33.0453 4748 FastUserSwitchingCompatibility - ok
12:59:33.0468 4748 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:59:33.0468 4748 Fdc - ok
12:59:33.0484 4748 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:59:33.0484 4748 Fips - ok
12:59:33.0531 4748 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:59:33.0546 4748 FLEXnet Licensing Service - ok
12:59:33.0546 4748 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:59:33.0546 4748 Flpydisk - ok
12:59:33.0578 4748 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:59:33.0578 4748 FltMgr - ok
12:59:33.0609 4748 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:59:33.0625 4748 FontCache3.0.0.0 - ok
12:59:33.0640 4748 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:59:33.0640 4748 Fs_Rec - ok
12:59:33.0671 4748 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:59:33.0671 4748 Ftdisk - ok
12:59:33.0703 4748 [ 5C230948DD6652228F88CA7AE6CB276C ] gdrv C:\WINDOWS\gdrv.sys
12:59:34.0203 4748 gdrv - ok
12:59:34.0250 4748 GGSAFERDriver - ok
12:59:34.0281 4748 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:59:34.0281 4748 Gpc - ok
12:59:34.0359 4748 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9aa459c3fb63a C:\Program Files\Google\Update\GoogleUpdate.exe
12:59:34.0359 4748 gupdate1c9aa459c3fb63a - ok
12:59:34.0359 4748 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:59:34.0375 4748 gupdatem - ok
12:59:34.0390 4748 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:59:34.0390 4748 gusvc - ok
12:59:34.0421 4748 [ 7929A161F9951D173CA9900FE7067391 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
12:59:34.0421 4748 hamachi - ok
12:59:34.0468 4748 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:59:34.0468 4748 HDAudBus - ok
12:59:34.0515 4748 [ F59152272782FED8A8197FA788287F68 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:59:34.0515 4748 helpsvc - ok
12:59:34.0546 4748 [ D2DCF769E5A70027058AD5BE1F9B55BF ] HidServ C:\WINDOWS\System32\hidserv.dll
12:59:34.0546 4748 HidServ - ok
12:59:34.0562 4748 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:59:34.0578 4748 HidUsb - ok
12:59:34.0578 4748 hpn - ok
12:59:34.0609 4748 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:59:34.0609 4748 HTTP - ok
12:59:34.0656 4748 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:59:34.0656 4748 HTTPFilter - ok
12:59:34.0656 4748 i2omgmt - ok
12:59:34.0671 4748 i2omp - ok
12:59:34.0687 4748 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:59:34.0687 4748 i8042prt - ok
12:59:34.0750 4748 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:59:34.0750 4748 IDriverT - ok
12:59:34.0890 4748 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:59:34.0906 4748 idsvc - ok
12:59:34.0921 4748 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:59:34.0937 4748 Imapi - ok
12:59:34.0968 4748 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:59:34.0968 4748 ImapiService - ok
12:59:34.0968 4748 ini910u - ok
12:59:35.0078 4748 [ 811B31E0E0AC7BE484EFBFFC42AFCBBE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:59:35.0140 4748 IntcAzAudAddService - ok
12:59:35.0140 4748 IntelIde - ok
12:59:35.0171 4748 [ 4448006B6BC60E6C027932CFC38D6855 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:59:35.0171 4748 ip6fw - ok
12:59:35.0203 4748 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:59:35.0203 4748 IpFilterDriver - ok
12:59:35.0218 4748 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:59:35.0218 4748 IpInIp - ok
12:59:35.0250 4748 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:59:35.0250 4748 IpNat - ok
12:59:35.0265 4748 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:59:35.0265 4748 IPSec - ok
12:59:35.0296 4748 [ 86C204836FEEC22510D434982D4221B8 ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
12:59:35.0296 4748 irda - ok
12:59:35.0312 4748 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:59:35.0312 4748 IRENUM - ok
12:59:35.0328 4748 [ E16AC23F81CFE1223AB470F9982DE89D ] Irmon C:\WINDOWS\System32\irmon.dll
12:59:35.0328 4748 Irmon - ok
12:59:35.0343 4748 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:59:35.0343 4748 isapnp - ok
12:59:35.0421 4748 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:59:35.0421 4748 JavaQuickStarterService - ok
12:59:35.0437 4748 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:59:35.0437 4748 Kbdclass - ok
12:59:35.0468 4748 [ 065B5A83AA78C0C7047BF22E0AB5C821 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:59:35.0468 4748 kbdhid - ok
12:59:35.0515 4748 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:59:35.0515 4748 kmixer - ok
12:59:35.0531 4748 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:59:35.0531 4748 KSecDD - ok
12:59:35.0546 4748 [ 6D6BDD68B775986577C48A8DF961A05C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:59:35.0562 4748 lanmanserver - ok
12:59:35.0578 4748 [ 6BF7BAF420DD4422D2C35DFB3E51A29C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:59:35.0578 4748 lanmanworkstation - ok
12:59:35.0578 4748 lbrtfdc - ok
12:59:35.0609 4748 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:59:35.0609 4748 LmHosts - ok
12:59:35.0656 4748 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
12:59:35.0656 4748 LMIGuardianSvc - ok
12:59:35.0671 4748 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
12:59:35.0671 4748 LMIInfo - ok
12:59:35.0687 4748 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
12:59:35.0687 4748 LMIMaint - ok
12:59:35.0718 4748 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
12:59:35.0718 4748 lmimirr - ok
12:59:35.0734 4748 LMIRfsClientNP - ok
12:59:35.0734 4748 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
12:59:35.0750 4748 LMIRfsDriver - ok
12:59:35.0781 4748 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
12:59:35.0781 4748 LogMeIn - ok
12:59:35.0812 4748 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:59:35.0812 4748 Messenger - ok
12:59:35.0828 4748 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:59:35.0828 4748 mnmdd - ok
12:59:35.0875 4748 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
12:59:35.0890 4748 mnmsrvc - ok
12:59:35.0906 4748 [ 60210DEB037846AFE521EBF349964F6B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:59:35.0921 4748 Modem - ok
12:59:35.0937 4748 [ B160EC94114715675509115986400FD9 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:59:35.0937 4748 Mouclass - ok
12:59:35.0953 4748 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:59:35.0953 4748 mouhid - ok
12:59:35.0953 4748 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:59:35.0953 4748 MountMgr - ok
12:59:36.0000 4748 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:59:36.0000 4748 MozillaMaintenance - ok
12:59:36.0015 4748 [ 55A9A7E6BB297BF0F5B144029DCB79CC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
12:59:36.0015 4748 MPE - ok
12:59:36.0015 4748 mraid35x - ok
12:59:36.0031 4748 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:59:36.0031 4748 MRxDAV - ok
12:59:36.0078 4748 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:59:36.0078 4748 MRxSmb - ok
12:59:36.0093 4748 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC C:\WINDOWS\System32\msdtc.exe
12:59:36.0093 4748 MSDTC - ok
12:59:36.0109 4748 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:59:36.0109 4748 Msfs - ok
12:59:36.0140 4748 [ EE55F5C64417CC369866D7EAFE9B07AB ] MSIRCOMM C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
12:59:36.0140 4748 MSIRCOMM - ok
12:59:36.0140 4748 MSIServer - ok
12:59:36.0156 4748 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:59:36.0156 4748 MSKSSRV - ok
12:59:36.0171 4748 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:59:36.0171 4748 MSPCLOCK - ok
12:59:36.0187 4748 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:59:36.0187 4748 MSPQM - ok
12:59:36.0187 4748 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:59:36.0187 4748 mssmbios - ok
12:59:36.0218 4748 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:59:36.0218 4748 MSTEE - ok
12:59:36.0234 4748 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:59:36.0234 4748 Mup - ok
12:59:36.0250 4748 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:59:36.0250 4748 NABTSFEC - ok
12:59:36.0265 4748 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:59:36.0265 4748 NDIS - ok
12:59:36.0281 4748 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:59:36.0281 4748 NdisIP - ok
12:59:36.0296 4748 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:59:36.0312 4748 NdisTapi - ok
12:59:36.0328 4748 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:59:36.0328 4748 Ndisuio - ok
12:59:36.0343 4748 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:59:36.0343 4748 NdisWan - ok
12:59:36.0343 4748 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:59:36.0343 4748 NDProxy - ok
12:59:36.0359 4748 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:59:36.0359 4748 NetBIOS - ok
12:59:36.0375 4748 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:59:36.0375 4748 NetBT - ok
12:59:36.0406 4748 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE C:\WINDOWS\system32\netdde.exe
12:59:36.0406 4748 NetDDE - ok
12:59:36.0421 4748 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:59:36.0421 4748 NetDDEdsdm - ok
12:59:36.0453 4748 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:59:36.0453 4748 Netlogon - ok
12:59:36.0484 4748 [ AF342D2781225A8769686E0D47E3123E ] Netman C:\WINDOWS\System32\netman.dll
12:59:36.0484 4748 Netman - ok
12:59:36.0515 4748 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:59:36.0531 4748 NetTcpPortSharing - ok
12:59:36.0546 4748 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:59:36.0546 4748 NIC1394 - ok
12:59:36.0578 4748 [ A6E79B60AC73241E5721AB6A573D2B24 ] Nla C:\WINDOWS\System32\mswsock.dll
12:59:36.0593 4748 Nla - ok
12:59:36.0593 4748 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:59:36.0593 4748 Npfs - ok
12:59:36.0593 4748 npkcrypt - ok
12:59:36.0609 4748 npkcusb - ok
12:59:36.0625 4748 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:59:36.0625 4748 Ntfs - ok
12:59:36.0640 4748 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
12:59:36.0640 4748 NtLmSsp - ok
12:59:36.0671 4748 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:59:36.0671 4748 NtmsSvc - ok
12:59:36.0687 4748 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:59:36.0687 4748 Null - ok
12:59:36.0703 4748 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:59:36.0703 4748 NwlnkFlt - ok
12:59:36.0718 4748 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:59:36.0718 4748 NwlnkFwd - ok
12:59:36.0718 4748 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:59:36.0718 4748 ohci1394 - ok
12:59:36.0765 4748 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:59:36.0765 4748 ose - ok
12:59:36.0781 4748 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:59:36.0781 4748 Parport - ok
12:59:36.0796 4748 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:59:36.0796 4748 PartMgr - ok
12:59:36.0828 4748 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:59:36.0828 4748 ParVdm - ok
12:59:36.0843 4748 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:59:36.0843 4748 PCI - ok
12:59:36.0843 4748 PCIDump - ok
12:59:36.0859 4748 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:59:36.0859 4748 PCIIde - ok
12:59:36.0875 4748 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:59:36.0875 4748 Pcmcia - ok
12:59:36.0875 4748 PDCOMP - ok
12:59:36.0890 4748 PDFRAME - ok
12:59:36.0890 4748 PDRELI - ok
12:59:36.0906 4748 PDRFRAME - ok
12:59:36.0906 4748 perc2 - ok
12:59:36.0906 4748 perc2hib - ok
12:59:36.0953 4748 [ 4F9F7B567970B524F31D9970A23F7C24 ] PlugPlay C:\WINDOWS\system32\services.exe
12:59:36.0953 4748 PlugPlay - ok
12:59:36.0984 4748 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
12:59:37.0000 4748 PnkBstrA - ok
12:59:37.0000 4748 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:59:37.0000 4748 PolicyAgent - ok
12:59:37.0015 4748 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:59:37.0015 4748 PptpMiniport - ok
12:59:37.0015 4748 [ 9A10E4FD13824823DA50D4758BD0A645 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
12:59:37.0015 4748 Processor - ok
12:59:37.0015 4748 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:59:37.0031 4748 ProtectedStorage - ok
12:59:37.0046 4748 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:59:37.0046 4748 PSched - ok
12:59:37.0046 4748 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:59:37.0046 4748 Ptilink - ok
12:59:37.0062 4748 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:59:37.0078 4748 PxHelp20 - ok
12:59:37.0078 4748 ql1080 - ok
12:59:37.0078 4748 Ql10wnt - ok
12:59:37.0093 4748 ql12160 - ok
12:59:37.0093 4748 ql1240 - ok
12:59:37.0093 4748 ql1280 - ok
12:59:37.0109 4748 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:59:37.0109 4748 RasAcd - ok
12:59:37.0125 4748 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:59:37.0125 4748 RasAuto - ok
12:59:37.0140 4748 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
12:59:37.0140 4748 Rasirda - ok
12:59:37.0140 4748 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:59:37.0156 4748 Rasl2tp - ok
12:59:37.0171 4748 [ 6E519D777C91E90592403C9F981FDF03 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:59:37.0171 4748 RasMan - ok
12:59:37.0187 4748 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:59:37.0187 4748 RasPppoe - ok
12:59:37.0187 4748 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:59:37.0187 4748 Raspti - ok
12:59:37.0203 4748 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:59:37.0218 4748 Rdbss - ok
12:59:37.0218 4748 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:59:37.0218 4748 RDPCDD - ok
12:59:37.0250 4748 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:59:37.0250 4748 RDPWD - ok
12:59:37.0265 4748 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:59:37.0265 4748 RDSessMgr - ok
12:59:37.0281 4748 [ ABA13D33E1F888C9A68599A48A8840D6 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:59:37.0281 4748 redbook - ok
12:59:37.0312 4748 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:59:37.0312 4748 RemoteAccess - ok
12:59:37.0312 4748 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator C:\WINDOWS\System32\locator.exe
12:59:37.0328 4748 RpcLocator - ok
12:59:37.0343 4748 [ 2B269C916766BDB43404F043B763427D ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:59:37.0359 4748 RpcSs - ok
12:59:37.0359 4748 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\System32\rsvp.exe
12:59:37.0375 4748 RSVP - ok
12:59:37.0421 4748 [ EE5AD71A1F576D4D58D8D014560EB856 ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
12:59:37.0421 4748 rt2870 - ok
12:59:37.0515 4748 [ 017CC2E361A47461472BC4C08BD12440 ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtHDMI.sys
12:59:37.0546 4748 RTHDMIAzAudService - ok
12:59:37.0578 4748 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:59:37.0578 4748 RTLE8023xp - ok
12:59:37.0593 4748 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs C:\WINDOWS\system32\lsass.exe
12:59:37.0593 4748 SamSs - ok
12:59:37.0609 4748 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:59:37.0625 4748 SCardSvr - ok
12:59:37.0640 4748 [ 29AC93307C6182DBE336BCA314947F28 ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:59:37.0656 4748 Schedule - ok
12:59:37.0687 4748 [ 07F7F501AD50DE2BA2D5842D9B6D6155 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:59:37.0687 4748 Secdrv - ok
12:59:37.0703 4748 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:59:37.0718 4748 seclogon - ok
12:59:37.0734 4748 [ 220AD85BA9C5B3011296354011B901CC ] SENS C:\WINDOWS\system32\sens.dll
12:59:37.0734 4748 SENS - ok
12:59:37.0750 4748 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:59:37.0765 4748 serenum - ok
12:59:37.0812 4748 [ 4C0D673281178CB496011A2E28571FC8 ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
12:59:37.0812 4748 sfdrv01 - ok
12:59:37.0812 4748 [ 15BE2B5E4DC5B8623CF167720682ABC9 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
12:59:37.0828 4748 sfhlp02 - ok
12:59:37.0828 4748 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:59:37.0828 4748 Sfloppy - ok
12:59:37.0843 4748 [ D5A7E09D2C6A702809E49190D52ADC9F ] sfvfs02 C:\WINDOWS\system32\drivers\sfvfs02.sys
12:59:37.0843 4748 sfvfs02 - ok
12:59:37.0875 4748 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:59:37.0890 4748 SharedAccess - ok
12:59:37.0890 4748 [ 8BA76BD2A943F642F267A296A15776D2 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:59:37.0906 4748 ShellHWDetection - ok
12:59:37.0906 4748 Simbad - ok
12:59:37.0921 4748 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:59:37.0937 4748 SLIP - ok
12:59:37.0937 4748 Sparrow - ok
12:59:37.0968 4748 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:59:37.0968 4748 splitter - ok
12:59:37.0984 4748 [ 21B6FAA88044A41640E03EBB68BE93E8 ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:59:38.0000 4748 Spooler - ok
12:59:38.0031 4748 [ 71E276F6D189413266EA22171806597B ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
12:59:38.0031 4748 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B
12:59:38.0031 4748 sptd ( LockedFile.Multi.Generic ) - warning
12:59:38.0031 4748 sptd - detected LockedFile.Multi.Generic (1)
12:59:38.0046 4748 [ A74035EA526DB97D9D50D2143A55F5CF ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:59:38.0046 4748 sr - ok
12:59:38.0062 4748 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice C:\WINDOWS\system32\srsvc.dll
12:59:38.0062 4748 srservice - ok
12:59:38.0093 4748 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:59:38.0093 4748 Srv - ok
12:59:38.0125 4748 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:59:38.0125 4748 SSDPSRV - ok
12:59:38.0187 4748 [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
12:59:38.0187 4748 StarWindServiceAE - ok
12:59:38.0203 4748 [ A1A16662C6B1A665D965D61B9EECC5A7 ] STIrUsb C:\WINDOWS\system32\DRIVERS\irstusb.sys
12:59:38.0203 4748 STIrUsb - ok
12:59:38.0218 4748 [ 0645CCDDDD27F96EEA3534C1DEF736D9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:59:38.0234 4748 stisvc - ok
12:59:38.0250 4748 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:59:38.0250 4748 streamip - ok
12:59:38.0265 4748 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:59:38.0265 4748 swenum - ok
12:59:38.0281 4748 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:59:38.0281 4748 swmidi - ok
12:59:38.0281 4748 SwPrv - ok
12:59:38.0296 4748 symc810 - ok
12:59:38.0296 4748 symc8xx - ok
12:59:38.0296 4748 sym_hi - ok
12:59:38.0312 4748 sym_u3 - ok
12:59:38.0312 4748 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:59:38.0328 4748 sysaudio - ok
12:59:38.0343 4748 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:59:38.0343 4748 SysmonLog - ok
12:59:38.0375 4748 [ 2D6BF6C02111F9CF9FAF8ACFB933DD78 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
12:59:38.0375 4748 tap0901 - ok
12:59:38.0390 4748 [ 37162D29CD61519E6F5EA0DE99786FF6 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:59:38.0406 4748 TapiSrv - ok
12:59:38.0421 4748 [ 01D5EAAFF224415A7FF513E4C882BE30 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:59:38.0421 4748 Tcpip - ok
12:59:38.0437 4748 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:59:38.0437 4748 TDPIPE - ok
12:59:38.0453 4748 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:59:38.0453 4748 TDTCP - ok
12:59:38.0468 4748 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:59:38.0468 4748 TermDD - ok
12:59:38.0484 4748 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService C:\WINDOWS\System32\termsrv.dll
12:59:38.0500 4748 TermService - ok
12:59:38.0515 4748 [ 8BA76BD2A943F642F267A296A15776D2 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:59:38.0515 4748 Themes - ok
12:59:38.0531 4748 TosIde - ok
12:59:38.0546 4748 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:59:38.0546 4748 TrkWks - ok
12:59:38.0578 4748 [ F69641EFDB19ACB4753B0155F7FDEED5 ] TrueSight c:\windows\system32\drivers\TrueSight.sys
12:59:38.0578 4748 TrueSight - ok
12:59:38.0609 4748 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:59:38.0609 4748 Udfs - ok
12:59:38.0609 4748 ultra - ok
12:59:38.0640 4748 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:59:38.0640 4748 Update - ok
12:59:38.0656 4748 [ 984FC1518B0D5B31D76F0E63608E0500 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:59:38.0671 4748 upnphost - ok
12:59:38.0671 4748 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS C:\WINDOWS\System32\ups.exe
12:59:38.0687 4748 UPS - ok
12:59:38.0703 4748 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:59:38.0703 4748 usbccgp - ok
12:59:38.0750 4748 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:59:38.0750 4748 usbehci - ok
12:59:38.0750 4748 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:59:38.0750 4748 usbhub - ok
12:59:38.0765 4748 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:59:38.0765 4748 usbohci - ok
12:59:38.0781 4748 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:59:38.0781 4748 usbprint - ok
12:59:38.0781 4748 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:59:38.0796 4748 usbscan - ok
12:59:38.0796 4748 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:59:38.0796 4748 usbstor - ok
12:59:38.0828 4748 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:59:38.0828 4748 VgaSave - ok
12:59:38.0828 4748 ViaIde - ok
12:59:38.0859 4748 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:59:38.0859 4748 VolSnap - ok
12:59:38.0890 4748 [ 043539881667BB37B07524032D6FFC3E ] VSS C:\WINDOWS\System32\vssvc.exe
12:59:38.0890 4748 VSS - ok
12:59:38.0906 4748 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time C:\WINDOWS\system32\w32time.dll
12:59:38.0921 4748 W32Time - ok
12:59:38.0953 4748 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:59:38.0953 4748 Wanarp - ok
12:59:38.0953 4748 WDICA - ok
12:59:39.0000 4748 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:59:39.0000 4748 wdmaud - ok
12:59:39.0015 4748 [ 3791ADF1D3466AC6B4B662D3F79CBFEC ] WebClient C:\WINDOWS\System32\webclnt.dll
12:59:39.0031 4748 WebClient - ok
12:59:39.0093 4748 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:59:39.0093 4748 winmgmt - ok
12:59:39.0125 4748 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:59:39.0140 4748 WmdmPmSN - ok
12:59:39.0140 4748 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:59:39.0140 4748 WmiAcpi - ok
12:59:39.0171 4748 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:59:39.0171 4748 WmiApSrv - ok
12:59:39.0187 4748 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
12:59:39.0187 4748 WpdUsb - ok
12:59:39.0250 4748 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:59:39.0250 4748 WPFFontCache_v0400 - ok
12:59:39.0296 4748 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:59:39.0312 4748 wscsvc - ok
12:59:39.0328 4748 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:59:39.0328 4748 WSTCODEC - ok
12:59:39.0343 4748 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:59:39.0343 4748 wuauserv - ok
12:59:39.0359 4748 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:59:39.0359 4748 WudfPf - ok
12:59:39.0375 4748 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:59:39.0375 4748 WudfRd - ok
12:59:39.0390 4748 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:59:39.0406 4748 WudfSvc - ok
12:59:39.0437 4748 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:59:39.0453 4748 WZCSVC - ok
12:59:39.0453 4748 XDva391 - ok
12:59:39.0484 4748 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:59:39.0484 4748 xmlprov - ok
12:59:39.0500 4748 ================ Scan global ===============================
12:59:39.0531 4748 [ F642F3368D2839798DA79E7BA9218481 ] C:\WINDOWS\system32\basesrv.dll
12:59:39.0546 4748 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
12:59:39.0562 4748 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
12:59:39.0578 4748 [ 4F9F7B567970B524F31D9970A23F7C24 ] C:\WINDOWS\system32\services.exe
12:59:39.0578 4748 [Global] - ok
12:59:39.0578 4748 ================ Scan MBR ==================================
12:59:39.0593 4748 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
12:59:39.0812 4748 \Device\Harddisk0\DR0 - ok
12:59:39.0812 4748 ================ Scan VBR ==================================
12:59:39.0812 4748 [ 6BBB86FE34E1E8FE94129D1752A06175 ] \Device\Harddisk0\DR0\Partition1
12:59:39.0812 4748 \Device\Harddisk0\DR0\Partition1 - ok
12:59:39.0843 4748 [ 8CE19933C9E53E9B49E54BD34274BA62 ] \Device\Harddisk0\DR0\Partition2
12:59:39.0843 4748 \Device\Harddisk0\DR0\Partition2 - ok
12:59:39.0843 4748 ============================================================
12:59:39.0843 4748 Scan finished
12:59:39.0843 4748 ============================================================
12:59:39.0843 5360 Detected object count: 1
12:59:39.0843 5360 Actual detected object count: 1
12:59:47.0562 5360 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:59:47.0562 5360 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:00:02.0812 5012 Deinitialize success
12:59:26.0437 4124 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:59:26.0718 4124 ============================================================
12:59:26.0718 4124 Current date / time: 2012/11/16 12:59:26.0718
12:59:26.0718 4124 SystemInfo:
12:59:26.0718 4124
12:59:26.0718 4124 OS Version: 5.1.2600 ServicePack: 2.0
12:59:26.0718 4124 Product type: Workstation
12:59:26.0718 4124 ComputerName: J-PC
12:59:26.0718 4124 UserName: test
12:59:26.0718 4124 Windows directory: C:\WINDOWS
12:59:26.0718 4124 System windows directory: C:\WINDOWS
12:59:26.0718 4124 Processor architecture: Intel x86
12:59:26.0718 4124 Number of processors: 2
12:59:26.0718 4124 Page size: 0x1000
12:59:26.0718 4124 Boot type: Normal boot
12:59:26.0718 4124 ============================================================
12:59:27.0828 4124 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:59:27.0828 4124 ============================================================
12:59:27.0828 4124 \Device\Harddisk0\DR0:
12:59:27.0828 4124 MBR partitions:
12:59:27.0828 4124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F6BF3
12:59:27.0859 4124 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x124F6C71, BlocksNum 0x12F32B8F
12:59:27.0859 4124 ============================================================
12:59:27.0953 4124 C: <-> \Device\Harddisk0\DR0\Partition1
12:59:28.0250 4124 E: <-> \Device\Harddisk0\DR0\Partition2
12:59:28.0281 4124 ============================================================
12:59:28.0281 4124 Initialize success
12:59:28.0281 4124 ============================================================
12:59:29.0921 4748 ============================================================
12:59:29.0921 4748 Scan started
12:59:29.0921 4748 Mode: Manual;
12:59:29.0921 4748 ============================================================
12:59:31.0390 4748 ================ Scan system memory ========================
12:59:31.0390 4748 System memory - ok
12:59:31.0390 4748 ================ Scan services =============================
12:59:31.0531 4748 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
12:59:31.0531 4748 Aavmker4 - ok
12:59:31.0546 4748 Abiosdsk - ok
12:59:31.0546 4748 abp480n5 - ok
12:59:31.0578 4748 [ FA2FBCDA96D2385F773B059FE5A125A6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:59:31.0578 4748 ACPI - ok
12:59:31.0609 4748 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:59:31.0609 4748 ACPIEC - ok
12:59:31.0609 4748 adpu160m - ok
12:59:31.0640 4748 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:59:31.0640 4748 aec - ok
12:59:31.0671 4748 [ 6E1CC5AA9817CD13FBCEB35DAC0A77F7 ] AF15BDA C:\WINDOWS\system32\DRIVERS\AF15BDA.sys
12:59:31.0671 4748 AF15BDA - ok
12:59:31.0703 4748 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
12:59:31.0703 4748 Afc - ok
12:59:31.0734 4748 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:59:31.0734 4748 AFD - ok
12:59:31.0734 4748 Aha154x - ok
12:59:31.0750 4748 aic78u2 - ok
12:59:31.0750 4748 aic78xx - ok
12:59:31.0765 4748 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:59:31.0781 4748 Alerter - ok
12:59:31.0796 4748 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG C:\WINDOWS\System32\alg.exe
12:59:31.0796 4748 ALG - ok
12:59:31.0796 4748 AliIde - ok
12:59:31.0796 4748 amsint - ok
12:59:31.0812 4748 AppMgmt - ok
12:59:31.0828 4748 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:59:31.0828 4748 Arp1394 - ok
12:59:31.0828 4748 asc - ok
12:59:31.0843 4748 asc3350p - ok
12:59:31.0843 4748 asc3550 - ok
12:59:31.0906 4748 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:59:31.0906 4748 aspnet_state - ok
12:59:31.0921 4748 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:59:31.0921 4748 aswFsBlk - ok
12:59:31.0921 4748 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
12:59:31.0921 4748 aswMon2 - ok
12:59:31.0937 4748 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
12:59:31.0937 4748 aswRdr - ok
12:59:31.0953 4748 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
12:59:31.0968 4748 aswSnx - ok
12:59:31.0984 4748 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
12:59:31.0984 4748 aswSP - ok
12:59:32.0000 4748 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
12:59:32.0000 4748 aswTdi - ok
12:59:32.0015 4748 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:59:32.0015 4748 AsyncMac - ok
12:59:32.0031 4748 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:59:32.0031 4748 atapi - ok
12:59:32.0031 4748 Atdisk - ok
12:59:32.0062 4748 [ 96C29C702A9CCD372BA097F3F8B5AC80 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
12:59:32.0078 4748 Ati HotKey Poller - ok
12:59:32.0171 4748 [ C4828A671467C6FB43F2E6D54B5950EE ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:59:32.0218 4748 ati2mtag - ok
12:59:32.0234 4748 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:59:32.0234 4748 Atmarpc - ok
12:59:32.0265 4748 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:59:32.0265 4748 AudioSrv - ok
12:59:32.0296 4748 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:59:32.0296 4748 audstub - ok
12:59:32.0390 4748 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:59:32.0390 4748 avast! Antivirus - ok
12:59:32.0421 4748 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:59:32.0421 4748 Beep - ok
12:59:32.0453 4748 [ E774A26610EC92674273486612C11CFC ] BITS C:\WINDOWS\system32\qmgr.dll
12:59:32.0468 4748 BITS - ok
12:59:32.0500 4748 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:59:32.0515 4748 Bonjour Service - ok
12:59:32.0546 4748 [ F219E27E88107A50544153898DD8178E ] Browser C:\WINDOWS\System32\browser.dll
12:59:32.0546 4748 Browser - ok
12:59:32.0593 4748 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:59:32.0609 4748 cbidf2k - ok
12:59:32.0656 4748 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:59:32.0671 4748 CCDECODE - ok
12:59:32.0671 4748 cd20xrnt - ok
12:59:32.0718 4748 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:59:32.0734 4748 Cdaudio - ok
12:59:32.0765 4748 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:59:32.0765 4748 Cdfs - ok
12:59:32.0765 4748 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:59:32.0781 4748 Cdrom - ok
12:59:32.0781 4748 Changer - ok
12:59:32.0812 4748 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:59:32.0812 4748 CiSvc - ok
12:59:32.0828 4748 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:59:32.0828 4748 ClipSrv - ok
12:59:32.0859 4748 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:59:32.0921 4748 clr_optimization_v2.0.50727_32 - ok
12:59:32.0984 4748 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:59:32.0984 4748 clr_optimization_v4.0.30319_32 - ok
12:59:32.0984 4748 CmdIde - ok
12:59:33.0000 4748 COMSysApp - ok
12:59:33.0000 4748 Cpqarray - ok
12:59:33.0031 4748 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:59:33.0031 4748 CryptSvc - ok
12:59:33.0031 4748 dac2w2k - ok
12:59:33.0046 4748 dac960nt - ok
12:59:33.0078 4748 [ 2B269C916766BDB43404F043B763427D ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:59:33.0093 4748 DcomLaunch - ok
12:59:33.0109 4748 [ 562830EFB7CF367FB773FEA5256E67C8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:59:33.0109 4748 Dhcp - ok
12:59:33.0125 4748 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:59:33.0125 4748 Disk - ok
12:59:33.0125 4748 dmadmin - ok
12:59:33.0156 4748 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:59:33.0171 4748 dmboot - ok
12:59:33.0203 4748 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:59:33.0203 4748 dmio - ok
12:59:33.0234 4748 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:59:33.0234 4748 dmload - ok
12:59:33.0265 4748 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:59:33.0265 4748 dmserver - ok
12:59:33.0312 4748 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:59:33.0312 4748 DMusic - ok
12:59:33.0312 4748 [ F605B3F5674D67587C4B6C9E92A3E025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:59:33.0328 4748 Dnscache - ok
12:59:33.0328 4748 dpti2o - ok
12:59:33.0343 4748 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:59:33.0343 4748 drmkaud - ok
12:59:33.0359 4748 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:59:33.0359 4748 ERSvc - ok
12:59:33.0375 4748 [ 4F9F7B567970B524F31D9970A23F7C24 ] Eventlog C:\WINDOWS\system32\services.exe
12:59:33.0375 4748 Eventlog - ok
12:59:33.0406 4748 [ 398314DF0B21338C4996B469101750D1 ] EventSystem C:\WINDOWS\System32\es.dll
12:59:33.0421 4748 EventSystem - ok
12:59:33.0421 4748 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:59:33.0421 4748 Fastfat - ok
12:59:33.0437 4748 [ 8BA76BD2A943F642F267A296A15776D2 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:59:33.0453 4748 FastUserSwitchingCompatibility - ok
12:59:33.0468 4748 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:59:33.0468 4748 Fdc - ok
12:59:33.0484 4748 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:59:33.0484 4748 Fips - ok
12:59:33.0531 4748 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:59:33.0546 4748 FLEXnet Licensing Service - ok
12:59:33.0546 4748 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:59:33.0546 4748 Flpydisk - ok
12:59:33.0578 4748 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:59:33.0578 4748 FltMgr - ok
12:59:33.0609 4748 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:59:33.0625 4748 FontCache3.0.0.0 - ok
12:59:33.0640 4748 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:59:33.0640 4748 Fs_Rec - ok
12:59:33.0671 4748 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:59:33.0671 4748 Ftdisk - ok
12:59:33.0703 4748 [ 5C230948DD6652228F88CA7AE6CB276C ] gdrv C:\WINDOWS\gdrv.sys
12:59:34.0203 4748 gdrv - ok
12:59:34.0250 4748 GGSAFERDriver - ok
12:59:34.0281 4748 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:59:34.0281 4748 Gpc - ok
12:59:34.0359 4748 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9aa459c3fb63a C:\Program Files\Google\Update\GoogleUpdate.exe
12:59:34.0359 4748 gupdate1c9aa459c3fb63a - ok
12:59:34.0359 4748 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:59:34.0375 4748 gupdatem - ok
12:59:34.0390 4748 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:59:34.0390 4748 gusvc - ok
12:59:34.0421 4748 [ 7929A161F9951D173CA9900FE7067391 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
12:59:34.0421 4748 hamachi - ok
12:59:34.0468 4748 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:59:34.0468 4748 HDAudBus - ok
12:59:34.0515 4748 [ F59152272782FED8A8197FA788287F68 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:59:34.0515 4748 helpsvc - ok
12:59:34.0546 4748 [ D2DCF769E5A70027058AD5BE1F9B55BF ] HidServ C:\WINDOWS\System32\hidserv.dll
12:59:34.0546 4748 HidServ - ok
12:59:34.0562 4748 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:59:34.0578 4748 HidUsb - ok
12:59:34.0578 4748 hpn - ok
12:59:34.0609 4748 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:59:34.0609 4748 HTTP - ok
12:59:34.0656 4748 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:59:34.0656 4748 HTTPFilter - ok
12:59:34.0656 4748 i2omgmt - ok
12:59:34.0671 4748 i2omp - ok
12:59:34.0687 4748 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:59:34.0687 4748 i8042prt - ok
12:59:34.0750 4748 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:59:34.0750 4748 IDriverT - ok
12:59:34.0890 4748 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:59:34.0906 4748 idsvc - ok
12:59:34.0921 4748 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:59:34.0937 4748 Imapi - ok
12:59:34.0968 4748 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:59:34.0968 4748 ImapiService - ok
12:59:34.0968 4748 ini910u - ok
12:59:35.0078 4748 [ 811B31E0E0AC7BE484EFBFFC42AFCBBE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:59:35.0140 4748 IntcAzAudAddService - ok
12:59:35.0140 4748 IntelIde - ok
12:59:35.0171 4748 [ 4448006B6BC60E6C027932CFC38D6855 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:59:35.0171 4748 ip6fw - ok
12:59:35.0203 4748 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:59:35.0203 4748 IpFilterDriver - ok
12:59:35.0218 4748 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:59:35.0218 4748 IpInIp - ok
12:59:35.0250 4748 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:59:35.0250 4748 IpNat - ok
12:59:35.0265 4748 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:59:35.0265 4748 IPSec - ok
12:59:35.0296 4748 [ 86C204836FEEC22510D434982D4221B8 ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
12:59:35.0296 4748 irda - ok
12:59:35.0312 4748 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:59:35.0312 4748 IRENUM - ok
12:59:35.0328 4748 [ E16AC23F81CFE1223AB470F9982DE89D ] Irmon C:\WINDOWS\System32\irmon.dll
12:59:35.0328 4748 Irmon - ok
12:59:35.0343 4748 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:59:35.0343 4748 isapnp - ok
12:59:35.0421 4748 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:59:35.0421 4748 JavaQuickStarterService - ok
12:59:35.0437 4748 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:59:35.0437 4748 Kbdclass - ok
12:59:35.0468 4748 [ 065B5A83AA78C0C7047BF22E0AB5C821 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:59:35.0468 4748 kbdhid - ok
12:59:35.0515 4748 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:59:35.0515 4748 kmixer - ok
12:59:35.0531 4748 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:59:35.0531 4748 KSecDD - ok
12:59:35.0546 4748 [ 6D6BDD68B775986577C48A8DF961A05C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:59:35.0562 4748 lanmanserver - ok
12:59:35.0578 4748 [ 6BF7BAF420DD4422D2C35DFB3E51A29C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:59:35.0578 4748 lanmanworkstation - ok
12:59:35.0578 4748 lbrtfdc - ok
12:59:35.0609 4748 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:59:35.0609 4748 LmHosts - ok
12:59:35.0656 4748 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
12:59:35.0656 4748 LMIGuardianSvc - ok
12:59:35.0671 4748 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
12:59:35.0671 4748 LMIInfo - ok
12:59:35.0687 4748 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
12:59:35.0687 4748 LMIMaint - ok
12:59:35.0718 4748 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
12:59:35.0718 4748 lmimirr - ok
12:59:35.0734 4748 LMIRfsClientNP - ok
12:59:35.0734 4748 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
12:59:35.0750 4748 LMIRfsDriver - ok
12:59:35.0781 4748 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
12:59:35.0781 4748 LogMeIn - ok
12:59:35.0812 4748 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:59:35.0812 4748 Messenger - ok
12:59:35.0828 4748 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:59:35.0828 4748 mnmdd - ok
12:59:35.0875 4748 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
12:59:35.0890 4748 mnmsrvc - ok
12:59:35.0906 4748 [ 60210DEB037846AFE521EBF349964F6B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:59:35.0921 4748 Modem - ok
12:59:35.0937 4748 [ B160EC94114715675509115986400FD9 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:59:35.0937 4748 Mouclass - ok
12:59:35.0953 4748 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:59:35.0953 4748 mouhid - ok
12:59:35.0953 4748 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:59:35.0953 4748 MountMgr - ok
12:59:36.0000 4748 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:59:36.0000 4748 MozillaMaintenance - ok
12:59:36.0015 4748 [ 55A9A7E6BB297BF0F5B144029DCB79CC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
12:59:36.0015 4748 MPE - ok
12:59:36.0015 4748 mraid35x - ok
12:59:36.0031 4748 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:59:36.0031 4748 MRxDAV - ok
12:59:36.0078 4748 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:59:36.0078 4748 MRxSmb - ok
12:59:36.0093 4748 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC C:\WINDOWS\System32\msdtc.exe
12:59:36.0093 4748 MSDTC - ok
12:59:36.0109 4748 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:59:36.0109 4748 Msfs - ok
12:59:36.0140 4748 [ EE55F5C64417CC369866D7EAFE9B07AB ] MSIRCOMM C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
12:59:36.0140 4748 MSIRCOMM - ok
12:59:36.0140 4748 MSIServer - ok
12:59:36.0156 4748 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:59:36.0156 4748 MSKSSRV - ok
12:59:36.0171 4748 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:59:36.0171 4748 MSPCLOCK - ok
12:59:36.0187 4748 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:59:36.0187 4748 MSPQM - ok
12:59:36.0187 4748 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:59:36.0187 4748 mssmbios - ok
12:59:36.0218 4748 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:59:36.0218 4748 MSTEE - ok
12:59:36.0234 4748 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:59:36.0234 4748 Mup - ok
12:59:36.0250 4748 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:59:36.0250 4748 NABTSFEC - ok
12:59:36.0265 4748 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:59:36.0265 4748 NDIS - ok
12:59:36.0281 4748 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:59:36.0281 4748 NdisIP - ok
12:59:36.0296 4748 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:59:36.0312 4748 NdisTapi - ok
12:59:36.0328 4748 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:59:36.0328 4748 Ndisuio - ok
12:59:36.0343 4748 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:59:36.0343 4748 NdisWan - ok
12:59:36.0343 4748 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:59:36.0343 4748 NDProxy - ok
12:59:36.0359 4748 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:59:36.0359 4748 NetBIOS - ok
12:59:36.0375 4748 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:59:36.0375 4748 NetBT - ok
12:59:36.0406 4748 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE C:\WINDOWS\system32\netdde.exe
12:59:36.0406 4748 NetDDE - ok
12:59:36.0421 4748 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:59:36.0421 4748 NetDDEdsdm - ok
12:59:36.0453 4748 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:59:36.0453 4748 Netlogon - ok
12:59:36.0484 4748 [ AF342D2781225A8769686E0D47E3123E ] Netman C:\WINDOWS\System32\netman.dll
12:59:36.0484 4748 Netman - ok
12:59:36.0515 4748 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:59:36.0531 4748 NetTcpPortSharing - ok
12:59:36.0546 4748 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:59:36.0546 4748 NIC1394 - ok
12:59:36.0578 4748 [ A6E79B60AC73241E5721AB6A573D2B24 ] Nla C:\WINDOWS\System32\mswsock.dll
12:59:36.0593 4748 Nla - ok
12:59:36.0593 4748 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:59:36.0593 4748 Npfs - ok
12:59:36.0593 4748 npkcrypt - ok
12:59:36.0609 4748 npkcusb - ok
12:59:36.0625 4748 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:59:36.0625 4748 Ntfs - ok
12:59:36.0640 4748 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
12:59:36.0640 4748 NtLmSsp - ok
12:59:36.0671 4748 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:59:36.0671 4748 NtmsSvc - ok
12:59:36.0687 4748 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:59:36.0687 4748 Null - ok
12:59:36.0703 4748 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:59:36.0703 4748 NwlnkFlt - ok
12:59:36.0718 4748 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:59:36.0718 4748 NwlnkFwd - ok
12:59:36.0718 4748 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:59:36.0718 4748 ohci1394 - ok
12:59:36.0765 4748 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:59:36.0765 4748 ose - ok
12:59:36.0781 4748 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:59:36.0781 4748 Parport - ok
12:59:36.0796 4748 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:59:36.0796 4748 PartMgr - ok
12:59:36.0828 4748 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:59:36.0828 4748 ParVdm - ok
12:59:36.0843 4748 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:59:36.0843 4748 PCI - ok
12:59:36.0843 4748 PCIDump - ok
12:59:36.0859 4748 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:59:36.0859 4748 PCIIde - ok
12:59:36.0875 4748 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:59:36.0875 4748 Pcmcia - ok
12:59:36.0875 4748 PDCOMP - ok
12:59:36.0890 4748 PDFRAME - ok
12:59:36.0890 4748 PDRELI - ok
12:59:36.0906 4748 PDRFRAME - ok
12:59:36.0906 4748 perc2 - ok
12:59:36.0906 4748 perc2hib - ok
12:59:36.0953 4748 [ 4F9F7B567970B524F31D9970A23F7C24 ] PlugPlay C:\WINDOWS\system32\services.exe
12:59:36.0953 4748 PlugPlay - ok
12:59:36.0984 4748 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
12:59:37.0000 4748 PnkBstrA - ok
12:59:37.0000 4748 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:59:37.0000 4748 PolicyAgent - ok
12:59:37.0015 4748 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:59:37.0015 4748 PptpMiniport - ok
12:59:37.0015 4748 [ 9A10E4FD13824823DA50D4758BD0A645 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
12:59:37.0015 4748 Processor - ok
12:59:37.0015 4748 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:59:37.0031 4748 ProtectedStorage - ok
12:59:37.0046 4748 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:59:37.0046 4748 PSched - ok
12:59:37.0046 4748 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:59:37.0046 4748 Ptilink - ok
12:59:37.0062 4748 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:59:37.0078 4748 PxHelp20 - ok
12:59:37.0078 4748 ql1080 - ok
12:59:37.0078 4748 Ql10wnt - ok
12:59:37.0093 4748 ql12160 - ok
12:59:37.0093 4748 ql1240 - ok
12:59:37.0093 4748 ql1280 - ok
12:59:37.0109 4748 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:59:37.0109 4748 RasAcd - ok
12:59:37.0125 4748 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:59:37.0125 4748 RasAuto - ok
12:59:37.0140 4748 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
12:59:37.0140 4748 Rasirda - ok
12:59:37.0140 4748 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:59:37.0156 4748 Rasl2tp - ok
12:59:37.0171 4748 [ 6E519D777C91E90592403C9F981FDF03 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:59:37.0171 4748 RasMan - ok
12:59:37.0187 4748 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:59:37.0187 4748 RasPppoe - ok
12:59:37.0187 4748 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:59:37.0187 4748 Raspti - ok
12:59:37.0203 4748 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:59:37.0218 4748 Rdbss - ok
12:59:37.0218 4748 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:59:37.0218 4748 RDPCDD - ok
12:59:37.0250 4748 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:59:37.0250 4748 RDPWD - ok
12:59:37.0265 4748 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:59:37.0265 4748 RDSessMgr - ok
12:59:37.0281 4748 [ ABA13D33E1F888C9A68599A48A8840D6 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:59:37.0281 4748 redbook - ok
12:59:37.0312 4748 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:59:37.0312 4748 RemoteAccess - ok
12:59:37.0312 4748 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator C:\WINDOWS\System32\locator.exe
12:59:37.0328 4748 RpcLocator - ok
12:59:37.0343 4748 [ 2B269C916766BDB43404F043B763427D ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:59:37.0359 4748 RpcSs - ok
12:59:37.0359 4748 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\System32\rsvp.exe
12:59:37.0375 4748 RSVP - ok
12:59:37.0421 4748 [ EE5AD71A1F576D4D58D8D014560EB856 ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
12:59:37.0421 4748 rt2870 - ok
12:59:37.0515 4748 [ 017CC2E361A47461472BC4C08BD12440 ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtHDMI.sys
12:59:37.0546 4748 RTHDMIAzAudService - ok
12:59:37.0578 4748 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:59:37.0578 4748 RTLE8023xp - ok
12:59:37.0593 4748 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs C:\WINDOWS\system32\lsass.exe
12:59:37.0593 4748 SamSs - ok
12:59:37.0609 4748 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:59:37.0625 4748 SCardSvr - ok
12:59:37.0640 4748 [ 29AC93307C6182DBE336BCA314947F28 ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:59:37.0656 4748 Schedule - ok
12:59:37.0687 4748 [ 07F7F501AD50DE2BA2D5842D9B6D6155 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:59:37.0687 4748 Secdrv - ok
12:59:37.0703 4748 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:59:37.0718 4748 seclogon - ok
12:59:37.0734 4748 [ 220AD85BA9C5B3011296354011B901CC ] SENS C:\WINDOWS\system32\sens.dll
12:59:37.0734 4748 SENS - ok
12:59:37.0750 4748 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:59:37.0765 4748 serenum - ok
12:59:37.0812 4748 [ 4C0D673281178CB496011A2E28571FC8 ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
12:59:37.0812 4748 sfdrv01 - ok
12:59:37.0812 4748 [ 15BE2B5E4DC5B8623CF167720682ABC9 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
12:59:37.0828 4748 sfhlp02 - ok
12:59:37.0828 4748 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:59:37.0828 4748 Sfloppy - ok
12:59:37.0843 4748 [ D5A7E09D2C6A702809E49190D52ADC9F ] sfvfs02 C:\WINDOWS\system32\drivers\sfvfs02.sys
12:59:37.0843 4748 sfvfs02 - ok
12:59:37.0875 4748 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:59:37.0890 4748 SharedAccess - ok
12:59:37.0890 4748 [ 8BA76BD2A943F642F267A296A15776D2 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:59:37.0906 4748 ShellHWDetection - ok
12:59:37.0906 4748 Simbad - ok
12:59:37.0921 4748 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:59:37.0937 4748 SLIP - ok
12:59:37.0937 4748 Sparrow - ok
12:59:37.0968 4748 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:59:37.0968 4748 splitter - ok
12:59:37.0984 4748 [ 21B6FAA88044A41640E03EBB68BE93E8 ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:59:38.0000 4748 Spooler - ok
12:59:38.0031 4748 [ 71E276F6D189413266EA22171806597B ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
12:59:38.0031 4748 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B
12:59:38.0031 4748 sptd ( LockedFile.Multi.Generic ) - warning
12:59:38.0031 4748 sptd - detected LockedFile.Multi.Generic (1)
12:59:38.0046 4748 [ A74035EA526DB97D9D50D2143A55F5CF ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:59:38.0046 4748 sr - ok
12:59:38.0062 4748 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice C:\WINDOWS\system32\srsvc.dll
12:59:38.0062 4748 srservice - ok
12:59:38.0093 4748 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:59:38.0093 4748 Srv - ok
12:59:38.0125 4748 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:59:38.0125 4748 SSDPSRV - ok
12:59:38.0187 4748 [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
12:59:38.0187 4748 StarWindServiceAE - ok
12:59:38.0203 4748 [ A1A16662C6B1A665D965D61B9EECC5A7 ] STIrUsb C:\WINDOWS\system32\DRIVERS\irstusb.sys
12:59:38.0203 4748 STIrUsb - ok
12:59:38.0218 4748 [ 0645CCDDDD27F96EEA3534C1DEF736D9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:59:38.0234 4748 stisvc - ok
12:59:38.0250 4748 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:59:38.0250 4748 streamip - ok
12:59:38.0265 4748 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:59:38.0265 4748 swenum - ok
12:59:38.0281 4748 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:59:38.0281 4748 swmidi - ok
12:59:38.0281 4748 SwPrv - ok
12:59:38.0296 4748 symc810 - ok
12:59:38.0296 4748 symc8xx - ok
12:59:38.0296 4748 sym_hi - ok
12:59:38.0312 4748 sym_u3 - ok
12:59:38.0312 4748 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:59:38.0328 4748 sysaudio - ok
12:59:38.0343 4748 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:59:38.0343 4748 SysmonLog - ok
12:59:38.0375 4748 [ 2D6BF6C02111F9CF9FAF8ACFB933DD78 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
12:59:38.0375 4748 tap0901 - ok
12:59:38.0390 4748 [ 37162D29CD61519E6F5EA0DE99786FF6 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:59:38.0406 4748 TapiSrv - ok
12:59:38.0421 4748 [ 01D5EAAFF224415A7FF513E4C882BE30 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:59:38.0421 4748 Tcpip - ok
12:59:38.0437 4748 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:59:38.0437 4748 TDPIPE - ok
12:59:38.0453 4748 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:59:38.0453 4748 TDTCP - ok
12:59:38.0468 4748 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:59:38.0468 4748 TermDD - ok
12:59:38.0484 4748 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService C:\WINDOWS\System32\termsrv.dll
12:59:38.0500 4748 TermService - ok
12:59:38.0515 4748 [ 8BA76BD2A943F642F267A296A15776D2 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:59:38.0515 4748 Themes - ok
12:59:38.0531 4748 TosIde - ok
12:59:38.0546 4748 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:59:38.0546 4748 TrkWks - ok
12:59:38.0578 4748 [ F69641EFDB19ACB4753B0155F7FDEED5 ] TrueSight c:\windows\system32\drivers\TrueSight.sys
12:59:38.0578 4748 TrueSight - ok
12:59:38.0609 4748 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:59:38.0609 4748 Udfs - ok
12:59:38.0609 4748 ultra - ok
12:59:38.0640 4748 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:59:38.0640 4748 Update - ok
12:59:38.0656 4748 [ 984FC1518B0D5B31D76F0E63608E0500 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:59:38.0671 4748 upnphost - ok
12:59:38.0671 4748 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS C:\WINDOWS\System32\ups.exe
12:59:38.0687 4748 UPS - ok
12:59:38.0703 4748 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:59:38.0703 4748 usbccgp - ok
12:59:38.0750 4748 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:59:38.0750 4748 usbehci - ok
12:59:38.0750 4748 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:59:38.0750 4748 usbhub - ok
12:59:38.0765 4748 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:59:38.0765 4748 usbohci - ok
12:59:38.0781 4748 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:59:38.0781 4748 usbprint - ok
12:59:38.0781 4748 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:59:38.0796 4748 usbscan - ok
12:59:38.0796 4748 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:59:38.0796 4748 usbstor - ok
12:59:38.0828 4748 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:59:38.0828 4748 VgaSave - ok
12:59:38.0828 4748 ViaIde - ok
12:59:38.0859 4748 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:59:38.0859 4748 VolSnap - ok
12:59:38.0890 4748 [ 043539881667BB37B07524032D6FFC3E ] VSS C:\WINDOWS\System32\vssvc.exe
12:59:38.0890 4748 VSS - ok
12:59:38.0906 4748 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time C:\WINDOWS\system32\w32time.dll
12:59:38.0921 4748 W32Time - ok
12:59:38.0953 4748 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:59:38.0953 4748 Wanarp - ok
12:59:38.0953 4748 WDICA - ok
12:59:39.0000 4748 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:59:39.0000 4748 wdmaud - ok
12:59:39.0015 4748 [ 3791ADF1D3466AC6B4B662D3F79CBFEC ] WebClient C:\WINDOWS\System32\webclnt.dll
12:59:39.0031 4748 WebClient - ok
12:59:39.0093 4748 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:59:39.0093 4748 winmgmt - ok
12:59:39.0125 4748 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:59:39.0140 4748 WmdmPmSN - ok
12:59:39.0140 4748 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:59:39.0140 4748 WmiAcpi - ok
12:59:39.0171 4748 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:59:39.0171 4748 WmiApSrv - ok
12:59:39.0187 4748 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
12:59:39.0187 4748 WpdUsb - ok
12:59:39.0250 4748 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:59:39.0250 4748 WPFFontCache_v0400 - ok
12:59:39.0296 4748 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:59:39.0312 4748 wscsvc - ok
12:59:39.0328 4748 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:59:39.0328 4748 WSTCODEC - ok
12:59:39.0343 4748 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:59:39.0343 4748 wuauserv - ok
12:59:39.0359 4748 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:59:39.0359 4748 WudfPf - ok
12:59:39.0375 4748 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:59:39.0375 4748 WudfRd - ok
12:59:39.0390 4748 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:59:39.0406 4748 WudfSvc - ok
12:59:39.0437 4748 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:59:39.0453 4748 WZCSVC - ok
12:59:39.0453 4748 XDva391 - ok
12:59:39.0484 4748 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:59:39.0484 4748 xmlprov - ok
12:59:39.0500 4748 ================ Scan global ===============================
12:59:39.0531 4748 [ F642F3368D2839798DA79E7BA9218481 ] C:\WINDOWS\system32\basesrv.dll
12:59:39.0546 4748 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
12:59:39.0562 4748 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
12:59:39.0578 4748 [ 4F9F7B567970B524F31D9970A23F7C24 ] C:\WINDOWS\system32\services.exe
12:59:39.0578 4748 [Global] - ok
12:59:39.0578 4748 ================ Scan MBR ==================================
12:59:39.0593 4748 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
12:59:39.0812 4748 \Device\Harddisk0\DR0 - ok
12:59:39.0812 4748 ================ Scan VBR ==================================
12:59:39.0812 4748 [ 6BBB86FE34E1E8FE94129D1752A06175 ] \Device\Harddisk0\DR0\Partition1
12:59:39.0812 4748 \Device\Harddisk0\DR0\Partition1 - ok
12:59:39.0843 4748 [ 8CE19933C9E53E9B49E54BD34274BA62 ] \Device\Harddisk0\DR0\Partition2
12:59:39.0843 4748 \Device\Harddisk0\DR0\Partition2 - ok
12:59:39.0843 4748 ============================================================
12:59:39.0843 4748 Scan finished
12:59:39.0843 4748 ============================================================
12:59:39.0843 5360 Detected object count: 1
12:59:39.0843 5360 Actual detected object count: 1
12:59:47.0562 5360 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:59:47.0562 5360 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:00:02.0812 5012 Deinitialize success
Re: Prosím o kontrolu
combofix:
ComboFix 12-11-16.02 - test 16.11.2012 13:26:24.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1790.1227 [GMT 1:00]
Spuštěný z: c:\documents and settings\test\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\test\g2mdlhlpx.exe
c:\program files\Config.ini
c:\program files\StartSearch plugin
c:\program files\StartSearch plugin\IEhelperActiveX.dll
c:\program files\StartSearch plugin\ssBarLcher.dll
c:\program files\StartSearch plugin\StartBar.dll
c:\program files\StartSearch plugin\uninst.exe
c:\program files\StartSearch plugin\vshareplg.crx
c:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-16 do 2012-11-16 )))))))))))))))))))))))))))))))
.
.
2012-11-10 16:32 . 2012-11-10 16:32 -------- d-----w- c:\documents and settings\test\Local Settings\Data aplikací\Sun
2012-11-10 14:33 . 2012-11-10 14:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-11-10 13:40 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-10 13:39 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-10 13:32 . 2012-11-10 13:31 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-10 13:32 . 2012-11-10 13:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-10 13:12 . 2012-11-10 13:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-01 10:22 . 2012-11-01 10:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2012-11-01 10:16 . 2009-07-29 23:31 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2012-11-01 10:16 . 2009-07-29 17:24 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2012-10-31 17:07 . 2012-11-15 21:41 -------- d-----w- c:\program files\Warcraft III
2012-10-30 10:23 . 2012-10-31 09:11 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-10-20 20:02 . 2012-10-20 20:03 -------- d-----w- c:\program files\freebird
2012-10-20 20:01 . 2012-10-20 20:03 -------- d-----w- c:\program files\Windows Audio Recorder Professional
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 11:33 . 2012-10-14 16:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-14 11:33 . 2012-10-14 16:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-10 13:31 . 2010-09-30 19:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-10 13:31 . 2009-03-06 16:23 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-31 17:16 . 2009-03-18 13:25 2829 ----a-w- c:\windows\War3Unin.pif
2012-10-31 17:16 . 2009-03-18 13:25 139264 ----a-w- c:\windows\War3Unin.exe
2012-10-30 22:51 . 2009-03-03 21:39 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2009-03-03 21:39 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2009-03-03 21:39 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2009-03-03 21:39 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2009-03-03 21:39 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2009-03-03 21:39 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2009-03-03 21:39 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:50 . 2009-03-03 21:38 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-13 17:03 . 2012-01-10 18:03 856856656 ----a-w- c:\program files\MicroVolts_0.8.8.1_ENG.exe
2011-11-17 21:18 . 2011-11-17 21:18 27136 ----a-w- c:\program files\FHack.flt
2011-08-19 21:13 . 2011-09-18 08:21 606208 ----a-w- c:\program files\IRadioVB6.exe
2011-07-10 12:57 . 2011-07-10 12:57 27136 ----a-w- c:\program files\ddFHack.flt4
2012-11-11 18:50 . 2012-11-11 18:50 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2003-04-16 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UIWatcher"="c:\program files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe" [2010-11-25 2531672]
"SeoAdministrator sheduler"="c:\program files\seoadministrator\sheduler\sheduler.exe" [2010-02-17 1664512]
"WinArranger"="c:\program files\ManageBytes\WinArranger\WinArranger.exe" [2005-10-10 214016]
"QIP2005"="c:\program files\QIP\qip.exe" [2008-12-09 3259392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16860672]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"IRadioVB6"="c:\program files\IradioVb6\IRadioVB6.exe" [2012-02-26 524288]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2011-12-16 190024]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\test\Nabídka Start\Programy\Po spuštění\
Automatické vypnutí počítače.lnk - c:\program files\Automatické vypnutí počítače\avp.exe [2004-12-28 443392]
Dropbox.lnk - c:\documents and settings\test\Data aplikací\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Remote Control.lnk - c:\program files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe [2009-3-3 81920]
TMMonitor.lnk - c:\program files\MSI\TotalMedia 3.5\TMMonitor.exe [2009-3-3 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-07-12 20:32 87456 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ubi Soft\\Saber Interactive\\Will Rock\\bin\\WillRock.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\11111\\Dokumenty\\Stažené soubory\\utorrent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\test\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\MicrovoltsDownloader\\MVDownloader.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\test\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58779:TCP"= 58779:TCP:Pando Media Booster
"58779:UDP"= 58779:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.3.2009 19:34 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.11.2012 14:40 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.3.2009 22:39 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.3.2009 22:39 21256]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [17.9.2012 12:59 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 18:46 12856]
S2 gupdate1c9aa459c3fb63a;Služba Google Update (gupdate1c9aa459c3fb63a);c:\program files\Google\Update\GoogleUpdate.exe [21.3.2009 17:53 133104]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [10.11.2011 11:39 111872]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-16 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-10 22:50]
.
2012-11-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 08:08]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 16:53]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 16:53]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = socks=
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\test\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: mojebanka.cz\*
TCP: Interfaces\{037BF424-1062-446C-98C8-4275B5909D66}: NameServer = 192.168.254.1,192.168.0.1
FF - ProfilePath - c:\documents and settings\test\Data aplikací\Mozilla\Firefox\Profiles\2agprklr.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=100888&ba ... 1fd0559469
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100888&ba ... 0559469&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-10 14:43; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-11-15 17:52; LogMeInClient@logmein.com; c:\documents and settings\test\Data aplikacĂÂ\Mozilla\Firefox\Profiles\2agprklr.default\extensions\LogMeInClient@logmein.com
FF - ExtSQL: !HIDDEN! 2010-11-22 23:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.BabylonToolbar_i.id - 502f9f58000000000000001fd0559469
FF - user.js: extensions.BabylonToolbar_i.hardId - 502f9f58000000000000001fd0559469
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15366
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:34
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100888
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-LiveVDO plugin - c:\program files\StartSearch plugin\uninst.exe
AddRemove-{5E7A8F05-013C-44FD-B450-5434CA581098}_is1 - c:\program files\MicroVolts\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-16 13:37
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WinArranger = "c:\program files\ManageBytes\WinArranger\WinArranger.exe"??????????Z???S?O?F?T?W?A?R?E?\?M?i?c?r?o?s?o?f?t?\?W?i?n
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
Celkový čas: 2012-11-16 13:38:53
ComboFix-quarantined-files.txt 2012-11-16 12:38
.
Před spuštěním: 5 831 933 952
Po spuštění: 5 877 346 304
.
- - End Of File - - C05F673A02A68237FE0BCC8E4BA135D2
ComboFix 12-11-16.02 - test 16.11.2012 13:26:24.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1790.1227 [GMT 1:00]
Spuštěný z: c:\documents and settings\test\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\test\g2mdlhlpx.exe
c:\program files\Config.ini
c:\program files\StartSearch plugin
c:\program files\StartSearch plugin\IEhelperActiveX.dll
c:\program files\StartSearch plugin\ssBarLcher.dll
c:\program files\StartSearch plugin\StartBar.dll
c:\program files\StartSearch plugin\uninst.exe
c:\program files\StartSearch plugin\vshareplg.crx
c:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-16 do 2012-11-16 )))))))))))))))))))))))))))))))
.
.
2012-11-10 16:32 . 2012-11-10 16:32 -------- d-----w- c:\documents and settings\test\Local Settings\Data aplikací\Sun
2012-11-10 14:33 . 2012-11-10 14:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-11-10 13:40 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-10 13:39 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-10 13:32 . 2012-11-10 13:31 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-10 13:32 . 2012-11-10 13:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-10 13:12 . 2012-11-10 13:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-01 10:22 . 2012-11-01 10:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2012-11-01 10:16 . 2009-07-29 23:31 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2012-11-01 10:16 . 2009-07-29 17:24 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2012-10-31 17:07 . 2012-11-15 21:41 -------- d-----w- c:\program files\Warcraft III
2012-10-30 10:23 . 2012-10-31 09:11 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-10-20 20:02 . 2012-10-20 20:03 -------- d-----w- c:\program files\freebird
2012-10-20 20:01 . 2012-10-20 20:03 -------- d-----w- c:\program files\Windows Audio Recorder Professional
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 11:33 . 2012-10-14 16:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-14 11:33 . 2012-10-14 16:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-10 13:31 . 2010-09-30 19:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-10 13:31 . 2009-03-06 16:23 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-31 17:16 . 2009-03-18 13:25 2829 ----a-w- c:\windows\War3Unin.pif
2012-10-31 17:16 . 2009-03-18 13:25 139264 ----a-w- c:\windows\War3Unin.exe
2012-10-30 22:51 . 2009-03-03 21:39 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2009-03-03 21:39 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2009-03-03 21:39 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2009-03-03 21:39 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2009-03-03 21:39 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2009-03-03 21:39 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2009-03-03 21:39 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:50 . 2009-03-03 21:38 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-13 17:03 . 2012-01-10 18:03 856856656 ----a-w- c:\program files\MicroVolts_0.8.8.1_ENG.exe
2011-11-17 21:18 . 2011-11-17 21:18 27136 ----a-w- c:\program files\FHack.flt
2011-08-19 21:13 . 2011-09-18 08:21 606208 ----a-w- c:\program files\IRadioVB6.exe
2011-07-10 12:57 . 2011-07-10 12:57 27136 ----a-w- c:\program files\ddFHack.flt4
2012-11-11 18:50 . 2012-11-11 18:50 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2003-04-16 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UIWatcher"="c:\program files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe" [2010-11-25 2531672]
"SeoAdministrator sheduler"="c:\program files\seoadministrator\sheduler\sheduler.exe" [2010-02-17 1664512]
"WinArranger"="c:\program files\ManageBytes\WinArranger\WinArranger.exe" [2005-10-10 214016]
"QIP2005"="c:\program files\QIP\qip.exe" [2008-12-09 3259392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16860672]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"IRadioVB6"="c:\program files\IradioVb6\IRadioVB6.exe" [2012-02-26 524288]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2011-12-16 190024]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\test\Nabídka Start\Programy\Po spuštění\
Automatické vypnutí počítače.lnk - c:\program files\Automatické vypnutí počítače\avp.exe [2004-12-28 443392]
Dropbox.lnk - c:\documents and settings\test\Data aplikací\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Remote Control.lnk - c:\program files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe [2009-3-3 81920]
TMMonitor.lnk - c:\program files\MSI\TotalMedia 3.5\TMMonitor.exe [2009-3-3 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-07-12 20:32 87456 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ubi Soft\\Saber Interactive\\Will Rock\\bin\\WillRock.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\11111\\Dokumenty\\Stažené soubory\\utorrent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\test\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\MicrovoltsDownloader\\MVDownloader.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\test\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58779:TCP"= 58779:TCP:Pando Media Booster
"58779:UDP"= 58779:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.3.2009 19:34 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.11.2012 14:40 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.3.2009 22:39 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.3.2009 22:39 21256]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [17.9.2012 12:59 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 18:46 12856]
S2 gupdate1c9aa459c3fb63a;Služba Google Update (gupdate1c9aa459c3fb63a);c:\program files\Google\Update\GoogleUpdate.exe [21.3.2009 17:53 133104]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [10.11.2011 11:39 111872]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-16 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-10 22:50]
.
2012-11-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 08:08]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 16:53]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 16:53]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = socks=
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\test\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: mojebanka.cz\*
TCP: Interfaces\{037BF424-1062-446C-98C8-4275B5909D66}: NameServer = 192.168.254.1,192.168.0.1
FF - ProfilePath - c:\documents and settings\test\Data aplikací\Mozilla\Firefox\Profiles\2agprklr.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=100888&ba ... 1fd0559469
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100888&ba ... 0559469&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-10 14:43; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-11-15 17:52; LogMeInClient@logmein.com; c:\documents and settings\test\Data aplikacĂÂ\Mozilla\Firefox\Profiles\2agprklr.default\extensions\LogMeInClient@logmein.com
FF - ExtSQL: !HIDDEN! 2010-11-22 23:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.BabylonToolbar_i.id - 502f9f58000000000000001fd0559469
FF - user.js: extensions.BabylonToolbar_i.hardId - 502f9f58000000000000001fd0559469
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15366
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:34
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100888
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-LiveVDO plugin - c:\program files\StartSearch plugin\uninst.exe
AddRemove-{5E7A8F05-013C-44FD-B450-5434CA581098}_is1 - c:\program files\MicroVolts\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-16 13:37
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WinArranger = "c:\program files\ManageBytes\WinArranger\WinArranger.exe"??????????Z???S?O?F?T?W?A?R?E?\?M?i?c?r?o?s?o?f?t?\?W?i?n
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
Celkový čas: 2012-11-16 13:38:53
ComboFix-quarantined-files.txt 2012-11-16 12:38
.
Před spuštěním: 5 831 933 952
Po spuštění: 5 877 346 304
.
- - End Of File - - C05F673A02A68237FE0BCC8E4BA135D2
- Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Stáhni si aswMBR na svojí plochu.
Poklepej na aswMBR.exe. Klikni na Scan.
Po skenu klikni na aswASW.log a ulož si ho na plochu, vlož sem celý obsah toho logu.
Toto otestuj na Virustotal
c:\program files\FHack.flt
c:\program files\IRadioVB6.exe
c:\program files\ddFHack.flt4
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
Folder::
c:\documents and settings\All Users\Data aplikací\McAfee
c:\program files\Google\Update
c:\program files\Google\Common\Google Updater
File::
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"=-
Driver::
gupdate1c9aa459c3fb63a
GGSAFERDriver
XDva391
DDS::
uInternet Settings,ProxyServer = socks=
Firefox::
FF - ProfilePath - c:\documents and settings\test\Data aplikací\Mozilla\Firefox\Profiles\2agprklr.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=100888&ba ... 1fd0559469
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100888&ba ... 0559469&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - 502f9f58000000000000001fd0559469
FF - user.js: extensions.BabylonToolbar_i.hardId - 502f9f58000000000000001fd0559469
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15366
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:34
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100888
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Stáhni si aswMBR na svojí plochu.
Poklepej na aswMBR.exe. Klikni na Scan.
Po skenu klikni na aswASW.log a ulož si ho na plochu, vlož sem celý obsah toho logu.
Toto otestuj na Virustotal
c:\program files\FHack.flt
c:\program files\IRadioVB6.exe
c:\program files\ddFHack.flt4
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Prosím o kontrolu
log:
ComboFix 12-11-16.02 - test 17.11.2012 19:48:57.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1790.1347 [GMT 1:00]
Spuštěný z: c:\documents and settings\test\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\test\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\Google Software Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Common\Google Updater
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.123\goopdate.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.123\psmachine.dll
c:\program files\Google\Update\1.3.21.123\psuser.dll
c:\program files\Google\Update\1.3.21.124\psmachine(2).dll
c:\program files\Google\Update\Download\{1F04872A-2BAA-4685-A4F4-DC436FFFBC04}\chrome_updater.exe
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.123\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{7CFE2F62-175C-48E8-B5C5-5C24B5D8A6CA}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\23.0.1271.64\23.0.1271.64_chrome_installer.exe
c:\program files\Google\Update\GoogleUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GGSAFERDRIVER
-------\Legacy_GUPDATE1C9AA459C3FB63A
-------\Legacy_XDVA391
-------\Service_GGSAFERDriver
-------\Service_gupdate1c9aa459c3fb63a
-------\Service_XDva391
-------\Legacy_gupdatem
-------\Legacy_gupdatem
-------\Service_gupdatem
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-17 do 2012-11-17 )))))))))))))))))))))))))))))))
.
.
2012-11-10 16:32 . 2012-11-10 16:32 -------- d-----w- c:\documents and settings\test\Local Settings\Data aplikací\Sun
2012-11-10 14:33 . 2012-11-10 14:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-11-10 13:40 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-10 13:39 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-10 13:32 . 2012-11-10 13:31 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-10 13:32 . 2012-11-10 13:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-10 13:12 . 2012-11-10 13:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-01 10:22 . 2012-11-01 10:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2012-11-01 10:16 . 2009-07-29 23:31 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2012-11-01 10:16 . 2009-07-29 17:24 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2012-10-31 17:07 . 2012-11-15 21:41 -------- d-----w- c:\program files\Warcraft III
2012-10-30 10:23 . 2012-10-31 09:11 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-10-20 20:02 . 2012-10-20 20:03 -------- d-----w- c:\program files\freebird
2012-10-20 20:01 . 2012-10-20 20:03 -------- d-----w- c:\program files\Windows Audio Recorder Professional
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 11:33 . 2012-10-14 16:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-14 11:33 . 2012-10-14 16:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-10 13:31 . 2010-09-30 19:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-10 13:31 . 2009-03-06 16:23 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-31 17:16 . 2009-03-18 13:25 2829 ----a-w- c:\windows\War3Unin.pif
2012-10-31 17:16 . 2009-03-18 13:25 139264 ----a-w- c:\windows\War3Unin.exe
2012-10-30 22:51 . 2009-03-03 21:39 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2009-03-03 21:39 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2009-03-03 21:39 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2009-03-03 21:39 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2009-03-03 21:39 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2009-03-03 21:39 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2009-03-03 21:39 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:50 . 2009-03-03 21:38 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-13 17:03 . 2012-01-10 18:03 856856656 ----a-w- c:\program files\MicroVolts_0.8.8.1_ENG.exe
2011-11-17 21:18 . 2011-11-17 21:18 27136 ----a-w- c:\program files\FHack.flt
2011-08-19 21:13 . 2011-09-18 08:21 606208 ----a-w- c:\program files\IRadioVB6.exe
2011-07-10 12:57 . 2011-07-10 12:57 27136 ----a-w- c:\program files\ddFHack.flt4
2012-11-11 18:50 . 2012-11-11 18:50 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2003-04-16 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UIWatcher"="c:\program files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe" [2010-11-25 2531672]
"SeoAdministrator sheduler"="c:\program files\seoadministrator\sheduler\sheduler.exe" [2010-02-17 1664512]
"WinArranger"="c:\program files\ManageBytes\WinArranger\WinArranger.exe" [2005-10-10 214016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16860672]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"IRadioVB6"="c:\program files\IradioVb6\IRadioVB6.exe" [2012-02-26 524288]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2011-12-16 190024]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\test\Nabídka Start\Programy\Po spuštění\
Automatické vypnutí počítače.lnk - c:\program files\Automatické vypnutí počítače\avp.exe [2004-12-28 443392]
Dropbox.lnk - c:\documents and settings\test\Data aplikací\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Remote Control.lnk - c:\program files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe [2009-3-3 81920]
TMMonitor.lnk - c:\program files\MSI\TotalMedia 3.5\TMMonitor.exe [2009-3-3 258048]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-07-12 20:32 87456 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ubi Soft\\Saber Interactive\\Will Rock\\bin\\WillRock.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\11111\\Dokumenty\\Stažené soubory\\utorrent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\test\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\MicrovoltsDownloader\\MVDownloader.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\test\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58779:TCP"= 58779:TCP:Pando Media Booster
"58779:UDP"= 58779:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.3.2009 19:34 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.11.2012 14:40 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.3.2009 22:39 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.3.2009 22:39 21256]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [17.9.2012 12:59 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 18:46 12856]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [10.11.2011 11:39 111872]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-10 22:50]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\test\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: mojebanka.cz\*
TCP: Interfaces\{037BF424-1062-446C-98C8-4275B5909D66}: NameServer = 192.168.254.1,192.168.0.1
FF - ProfilePath - c:\documents and settings\test\Data aplikací\Mozilla\Firefox\Profiles\2agprklr.default\
FF - ExtSQL: 2012-11-10 14:43; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-11-15 17:52; LogMeInClient@logmein.com; c:\documents and settings\test\Data aplikacĂÂ\Mozilla\Firefox\Profiles\2agprklr.default\extensions\LogMeInClient@logmein.com
FF - ExtSQL: !HIDDEN! 2010-11-22 23:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-17 20:02
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WinArranger = "c:\program files\ManageBytes\WinArranger\WinArranger.exe"??????????????C?o?n?s?o?l?e? ?w?i?n?d?o?w?s???M?o?n?i?t?o
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(3880)
c:\program files\MessengerPlus! 3\MsgPlusLoader.dll
c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
c:\program files\MarkAny\ContentSafer\MaCSProHook.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\System32\MSCTF.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Automatické vypnutí poc:\documents and settings\test\Data aplikací\Dropbox\bin\Dropbox.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Celkový čas: 2012-11-17 20:06:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-17 19:06
ComboFix2.txt 2012-11-16 12:38
.
Před spuštěním: 4 506 456 064
Po spuštění: 4 452 151 296
.
- - End Of File - - D729364D8F4AC4AB11D077A4828E8892
ComboFix 12-11-16.02 - test 17.11.2012 19:48:57.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1790.1347 [GMT 1:00]
Spuštěný z: c:\documents and settings\test\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\test\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\Google Software Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Common\Google Updater
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.123\goopdate.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.123\psmachine.dll
c:\program files\Google\Update\1.3.21.123\psuser.dll
c:\program files\Google\Update\1.3.21.124\psmachine(2).dll
c:\program files\Google\Update\Download\{1F04872A-2BAA-4685-A4F4-DC436FFFBC04}\chrome_updater.exe
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.123\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{7CFE2F62-175C-48E8-B5C5-5C24B5D8A6CA}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\23.0.1271.64\23.0.1271.64_chrome_installer.exe
c:\program files\Google\Update\GoogleUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GGSAFERDRIVER
-------\Legacy_GUPDATE1C9AA459C3FB63A
-------\Legacy_XDVA391
-------\Service_GGSAFERDriver
-------\Service_gupdate1c9aa459c3fb63a
-------\Service_XDva391
-------\Legacy_gupdatem
-------\Legacy_gupdatem
-------\Service_gupdatem
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-17 do 2012-11-17 )))))))))))))))))))))))))))))))
.
.
2012-11-10 16:32 . 2012-11-10 16:32 -------- d-----w- c:\documents and settings\test\Local Settings\Data aplikací\Sun
2012-11-10 14:33 . 2012-11-10 14:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-11-10 13:40 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-10 13:39 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-10 13:32 . 2012-11-10 13:31 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-10 13:32 . 2012-11-10 13:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-10 13:12 . 2012-11-10 13:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-01 10:22 . 2012-11-01 10:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2012-11-01 10:16 . 2009-07-29 23:31 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2012-11-01 10:16 . 2009-07-29 17:24 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2012-10-31 17:07 . 2012-11-15 21:41 -------- d-----w- c:\program files\Warcraft III
2012-10-30 10:23 . 2012-10-31 09:11 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-10-20 20:02 . 2012-10-20 20:03 -------- d-----w- c:\program files\freebird
2012-10-20 20:01 . 2012-10-20 20:03 -------- d-----w- c:\program files\Windows Audio Recorder Professional
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 11:33 . 2012-10-14 16:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-14 11:33 . 2012-10-14 16:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-10 13:31 . 2010-09-30 19:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-10 13:31 . 2009-03-06 16:23 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-31 17:16 . 2009-03-18 13:25 2829 ----a-w- c:\windows\War3Unin.pif
2012-10-31 17:16 . 2009-03-18 13:25 139264 ----a-w- c:\windows\War3Unin.exe
2012-10-30 22:51 . 2009-03-03 21:39 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2009-03-03 21:39 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2009-03-03 21:39 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2009-03-03 21:39 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2009-03-03 21:39 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2009-03-03 21:39 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2009-03-03 21:39 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:50 . 2009-03-03 21:38 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-13 17:03 . 2012-01-10 18:03 856856656 ----a-w- c:\program files\MicroVolts_0.8.8.1_ENG.exe
2011-11-17 21:18 . 2011-11-17 21:18 27136 ----a-w- c:\program files\FHack.flt
2011-08-19 21:13 . 2011-09-18 08:21 606208 ----a-w- c:\program files\IRadioVB6.exe
2011-07-10 12:57 . 2011-07-10 12:57 27136 ----a-w- c:\program files\ddFHack.flt4
2012-11-11 18:50 . 2012-11-11 18:50 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2003-04-16 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UIWatcher"="c:\program files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe" [2010-11-25 2531672]
"SeoAdministrator sheduler"="c:\program files\seoadministrator\sheduler\sheduler.exe" [2010-02-17 1664512]
"WinArranger"="c:\program files\ManageBytes\WinArranger\WinArranger.exe" [2005-10-10 214016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16860672]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"IRadioVB6"="c:\program files\IradioVb6\IRadioVB6.exe" [2012-02-26 524288]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2011-12-16 190024]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\test\Nabídka Start\Programy\Po spuštění\
Automatické vypnutí počítače.lnk - c:\program files\Automatické vypnutí počítače\avp.exe [2004-12-28 443392]
Dropbox.lnk - c:\documents and settings\test\Data aplikací\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Remote Control.lnk - c:\program files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe [2009-3-3 81920]
TMMonitor.lnk - c:\program files\MSI\TotalMedia 3.5\TMMonitor.exe [2009-3-3 258048]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-07-12 20:32 87456 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ubi Soft\\Saber Interactive\\Will Rock\\bin\\WillRock.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\11111\\Dokumenty\\Stažené soubory\\utorrent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\test\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\MicrovoltsDownloader\\MVDownloader.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\test\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58779:TCP"= 58779:TCP:Pando Media Booster
"58779:UDP"= 58779:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.3.2009 19:34 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.11.2012 14:40 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.3.2009 22:39 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.3.2009 22:39 21256]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [17.9.2012 12:59 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 18:46 12856]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [10.11.2011 11:39 111872]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-10 22:50]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\test\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: mojebanka.cz\*
TCP: Interfaces\{037BF424-1062-446C-98C8-4275B5909D66}: NameServer = 192.168.254.1,192.168.0.1
FF - ProfilePath - c:\documents and settings\test\Data aplikací\Mozilla\Firefox\Profiles\2agprklr.default\
FF - ExtSQL: 2012-11-10 14:43; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-11-15 17:52; LogMeInClient@logmein.com; c:\documents and settings\test\Data aplikacĂÂ\Mozilla\Firefox\Profiles\2agprklr.default\extensions\LogMeInClient@logmein.com
FF - ExtSQL: !HIDDEN! 2010-11-22 23:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-17 20:02
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WinArranger = "c:\program files\ManageBytes\WinArranger\WinArranger.exe"??????????????C?o?n?s?o?l?e? ?w?i?n?d?o?w?s???M?o?n?i?t?o
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(3880)
c:\program files\MessengerPlus! 3\MsgPlusLoader.dll
c:\documents and settings\test\Data aplikací\Dropbox\bin\DropboxExt.14.dll
c:\program files\MarkAny\ContentSafer\MaCSProHook.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\System32\MSCTF.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Automatické vypnutí poc:\documents and settings\test\Data aplikací\Dropbox\bin\Dropbox.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Celkový čas: 2012-11-17 20:06:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-17 19:06
ComboFix2.txt 2012-11-16 12:38
.
Před spuštěním: 4 506 456 064
Po spuštění: 4 452 151 296
.
- - End Of File - - D729364D8F4AC4AB11D077A4828E8892
Re: Prosím o kontrolu
akorát nevím jestli je to vše, nic neběželo tak nevím : o).
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-17 20:10:01
-----------------------------
20:10:01.078 OS Version: Windows 5.1.2600 Service Pack 2
20:10:01.078 Number of processors: 2 586 0x6B02
20:10:01.078 ComputerName: J-PC UserName: test
20:10:02.203 Initialize success
20:10:02.312 AVAST engine defs: 12111700
20:10:04.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:10:04.234 Disk 0 Vendor: SAMSUNG_HD322HJ 1AC01113 Size: 305244MB BusType: 3
20:10:04.250 Disk 0 MBR read successfully
20:10:04.250 Disk 0 MBR scan
20:10:04.531 Disk 0 Windows XP default MBR code
20:10:04.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149997 MB offset 63
20:10:04.718 Disk 0 Partition - 00 0F Extended LBA 155237 MB offset 307194930
20:10:04.734 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 155237 MB offset 307194993
20:10:04.734 Disk 0 scanning sectors +625121280
20:10:04.843 Disk 0 scanning C:\WINDOWS\system32\drivers
20:10:25.578 Service scanning
20:10:36.625 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:10:40.015 Modules scanning
20:10:45.656 Disk 0 trace - called modules:
20:10:45.671 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89a211f8]<<
20:10:45.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x899e5ab8]
20:10:45.671 3 CLASSPNP.SYS[f765805b] -> nt!IofCallDriver -> \Device\00000077[0x89991e98]
20:10:45.671 5 ACPI.sys[f7496620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x89a03940]
20:10:45.671 \Driver\atapi[0x89929f38] -> IRP_MJ_CREATE -> 0x89a211f8
20:10:47.875 AVAST engine scan C:\WINDOWS
20:10:55.734 AVAST engine scan C:\WINDOWS\system32
20:13:07.390 AVAST engine scan C:\WINDOWS\system32\drivers
20:13:24.125 AVAST engine scan C:\Documents and Settings\test
21:03:49.593 File: C:\Documents and Settings\test\Local Settings\TempDIR\BetterInstaller.exe **INFECTED** Win32:Ezula-AGE [Adw]
21:40:22.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\test\Plocha\MBR.dat"
21:40:22.203 The log file has been saved successfully to "C:\Documents and Settings\test\Plocha\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-17 20:10:01
-----------------------------
20:10:01.078 OS Version: Windows 5.1.2600 Service Pack 2
20:10:01.078 Number of processors: 2 586 0x6B02
20:10:01.078 ComputerName: J-PC UserName: test
20:10:02.203 Initialize success
20:10:02.312 AVAST engine defs: 12111700
20:10:04.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:10:04.234 Disk 0 Vendor: SAMSUNG_HD322HJ 1AC01113 Size: 305244MB BusType: 3
20:10:04.250 Disk 0 MBR read successfully
20:10:04.250 Disk 0 MBR scan
20:10:04.531 Disk 0 Windows XP default MBR code
20:10:04.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149997 MB offset 63
20:10:04.718 Disk 0 Partition - 00 0F Extended LBA 155237 MB offset 307194930
20:10:04.734 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 155237 MB offset 307194993
20:10:04.734 Disk 0 scanning sectors +625121280
20:10:04.843 Disk 0 scanning C:\WINDOWS\system32\drivers
20:10:25.578 Service scanning
20:10:36.625 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:10:40.015 Modules scanning
20:10:45.656 Disk 0 trace - called modules:
20:10:45.671 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89a211f8]<<
20:10:45.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x899e5ab8]
20:10:45.671 3 CLASSPNP.SYS[f765805b] -> nt!IofCallDriver -> \Device\00000077[0x89991e98]
20:10:45.671 5 ACPI.sys[f7496620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x89a03940]
20:10:45.671 \Driver\atapi[0x89929f38] -> IRP_MJ_CREATE -> 0x89a211f8
20:10:47.875 AVAST engine scan C:\WINDOWS
20:10:55.734 AVAST engine scan C:\WINDOWS\system32
20:13:07.390 AVAST engine scan C:\WINDOWS\system32\drivers
20:13:24.125 AVAST engine scan C:\Documents and Settings\test
21:03:49.593 File: C:\Documents and Settings\test\Local Settings\TempDIR\BetterInstaller.exe **INFECTED** Win32:Ezula-AGE [Adw]
21:40:22.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\test\Plocha\MBR.dat"
21:40:22.203 The log file has been saved successfully to "C:\Documents and Settings\test\Plocha\aswMBR.txt"
- Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
Ještě ty virustotaly
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Prosím o kontrolu
u tech fhack mi to píše:
Detection ratio: 4/43
u iradiovb6:
https://www.virustotal.com/file/348090b ... 353260036/
Detection ratio: 4/43
u iradiovb6:
https://www.virustotal.com/file/348090b ... 353260036/
- Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\program files\FHack.flt
c:\program files\IRadioVB6.exe
c:\program files\ddFHack.flt4
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 82 hostů