Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Trojsky kon v operačnej pamäti + log na kontrolu pls pomoc

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
addulka
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 01 led 2012 19:37

Trojsky kon v operačnej pamäti + log na kontrolu pls pomoc

#1 Příspěvek od addulka »

Mám problém s trójskym koňom PSW.Papras.CA.
Mám antivírus Eset NOD 32 ktorý pri kontrole pri štarte vyhodí hlásenie že:
Infiltrácia nájdena v pamäti!
Objekt: explorer.exe (328)
Infiltrácia Win32/PSW.Papras.CA. trojrójsky kôň
Nedá sa liečiť

Skúšala som už asi všetko: Kontrolu s Avastom po reštarte, kontrolu všetkými možnými chytačmi trojanov ako napr : SpywareTerminator, EmsisoftAntiMalware, TrojanRemover a rôzne ďalšie a nič nepomohlo. Skúšala som uviesť PC do režimu dlhodobého spánku a následne potom po stačení F8 som dala vymazať súbory no ani to nepomohlo. Skúsila som ComboFix... vyhodil mi log, no aj napriek tomu mi stále Eset hlási že ten Trojan tam je. Čo s tým?
Prikladám aj log:

ComboFix 12-01-01.01 - Andrej . 01. 2012 19:07:03.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.190 [GMT 1:00]
Running from: c:\documents and settings\Andrej\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Legacy_WUAUSERV
-------\Service_wuauserv
.
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2012-01-01 18:19 . 2012-01-01 18:19 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsleb00f48f.sys
2012-01-01 18:18 . 2012-01-01 18:18 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\offreg.dll
2012-01-01 17:32 . 2012-01-01 17:32 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKslc221fe41.sys
2011-12-31 19:41 . 2011-12-31 19:41 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsla0d30769.sys
2011-12-30 14:59 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-12-30 14:38 . 2011-11-21 01:47 6823496 ------w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\mpengine.dll
2011-12-30 14:19 . 2011-12-30 14:19 -------- d-----w- c:\documents and settings\Andrej\Data aplikací\Simply Super Software
2011-12-30 14:19 . 2011-12-30 14:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Simply Super Software
2011-12-30 11:01 . 2011-12-30 14:00 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-12-30 09:57 . 2009-08-24 21:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2011-12-30 09:56 . 2011-12-30 09:56 -------- d-----w- c:\program files\Ashampoo
2011-12-29 16:25 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-29 16:25 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-29 16:25 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-29 16:25 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-29 16:25 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-29 16:25 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-12-29 16:25 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-12-29 16:25 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-12-29 16:24 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-29 16:24 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-29 16:23 . 2011-12-29 16:23 -------- d-----w- c:\program files\AVAST Software
2011-12-29 16:23 . 2011-12-29 16:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-12-29 13:00 . 2011-12-29 13:00 -------- d-----w- c:\program files\Microsoft Silverlight
2011-12-29 11:43 . 2011-12-29 11:43 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-12-29 11:40 . 2011-12-29 11:40 -------- d-----w- c:\program files\Common Files\Windows Live
2011-12-29 11:36 . 2011-12-29 11:36 -------- d-----w- c:\windows\system32\winrm
2011-12-29 11:35 . 2011-12-29 11:36 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-12-29 10:37 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2011-12-29 10:21 . 2011-12-29 10:21 -------- d-----w- c:\program files\TeamViewer
2011-12-29 10:14 . 2011-12-29 13:31 -------- d-----w- c:\documents and settings\Andrej\Data aplikací\TeamViewer
2011-12-19 10:10 . 2011-12-19 10:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-12-19 10:09 . 2011-12-19 10:09 -------- d-----w- c:\documents and settings\Andrej\Local Settings\Data aplikací\ESET
2011-12-19 10:00 . 2011-12-19 10:00 -------- d-----w- c:\program files\ESET
2011-12-19 10:00 . 2011-12-19 10:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-12-19 09:14 . 2011-12-19 09:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-19 09:13 . 2011-12-19 09:51 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-09 06:05 . 2011-12-09 06:05 -------- d-----w- c:\documents and settings\Andrej\Data aplikací\Search Settings
2011-12-09 06:05 . 2011-12-19 10:10 -------- d-----w- c:\program files\Application Updater
2011-12-09 06:05 . 2011-12-09 06:05 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-12-09 06:05 . 2011-12-09 06:05 -------- d-----w- c:\program files\Common Files\Spigot
2011-12-06 19:37 . 2011-12-19 09:14 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 01:47 . 2011-01-31 08:54 6823496 ------w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-04 19:13 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-14 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2008-04-14 12:00 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2008-04-14 08:06 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-01-26 18:43 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALi5289"="c:\program files\ULI5289\ALi5289.exe" [2005-03-10 405504]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 08:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 16:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-12-09 10:45 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [26. 1. 2011 20:14 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [26. 1. 2011 20:14 44928]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [29. 12. 2011 17:25 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29. 12. 2011 17:25 314456]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4. 8. 2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4. 8. 2011 9:20 103112]
R1 MpKsleb00f48f;MpKsleb00f48f;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsleb00f48f.sys [1. 1. 2012 19:19 29904]
R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [26. 1. 2011 20:14 83596]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29. 12. 2011 17:25 20568]
R2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 8\DfSdkS.exe [30. 12. 2011 10:57 406016]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22. 9. 2011 12:03 974944]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [31. 7. 2011 12:58 90112]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [29. 12. 2011 11:21 2984832]
R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [26. 1. 2011 20:14 5331]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [31. 7. 2011 12:59 27632]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [26. 1. 2011 20:14 28160]
S1 MpKsl0291cfe2;MpKsl0291cfe2;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6D0CF53E-1F76-4B6E-B77C-DF326FA67E8A}\MpKsl0291cfe2.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6D0CF53E-1F76-4B6E-B77C-DF326FA67E8A}\MpKsl0291cfe2.sys [?]
S1 MpKsl09216346;MpKsl09216346;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DD470124-A171-419F-AE37-4B6EF09A058F}\MpKsl09216346.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DD470124-A171-419F-AE37-4B6EF09A058F}\MpKsl09216346.sys [?]
S1 MpKsl170033f7;MpKsl170033f7;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4A2CB5F8-2CC7-421C-B551-781796EF498A}\MpKsl170033f7.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4A2CB5F8-2CC7-421C-B551-781796EF498A}\MpKsl170033f7.sys [?]
S1 MpKsl198c1960;MpKsl198c1960;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DD470124-A171-419F-AE37-4B6EF09A058F}\MpKsl198c1960.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DD470124-A171-419F-AE37-4B6EF09A058F}\MpKsl198c1960.sys [?]
S1 MpKsl1d649da7;MpKsl1d649da7;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl1d649da7.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl1d649da7.sys [?]
S1 MpKsl39a2102d;MpKsl39a2102d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C0EE2217-583F-497D-948F-9D66450859B2}\MpKsl39a2102d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C0EE2217-583F-497D-948F-9D66450859B2}\MpKsl39a2102d.sys [?]
S1 MpKsl4a5c88d6;MpKsl4a5c88d6;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl4a5c88d6.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl4a5c88d6.sys [?]
S1 MpKsl4ab8ec4e;MpKsl4ab8ec4e;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF0701-2968-4948-97E7-B8931527B410}\MpKsl4ab8ec4e.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF0701-2968-4948-97E7-B8931527B410}\MpKsl4ab8ec4e.sys [?]
S1 MpKsl4ebe2678;MpKsl4ebe2678;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{16971267-EAA7-477B-99A5-0DBF6649D69C}\MpKsl4ebe2678.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{16971267-EAA7-477B-99A5-0DBF6649D69C}\MpKsl4ebe2678.sys [?]
S1 MpKsl4f3a2b56;MpKsl4f3a2b56;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl4f3a2b56.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl4f3a2b56.sys [?]
S1 MpKsl50729e58;MpKsl50729e58;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{64403C45-BCED-43D3-96F0-206FD34ECF07}\MpKsl50729e58.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{64403C45-BCED-43D3-96F0-206FD34ECF07}\MpKsl50729e58.sys [?]
S1 MpKsl6d243d40;MpKsl6d243d40;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0A43367D-418B-43FE-AC29-FFCC4176BA81}\MpKsl6d243d40.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0A43367D-418B-43FE-AC29-FFCC4176BA81}\MpKsl6d243d40.sys [?]
S1 MpKsl6da53cd2;MpKsl6da53cd2;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0FFB68F0-09DB-4CE0-8B3D-63EE59AB2BF3}\MpKsl6da53cd2.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0FFB68F0-09DB-4CE0-8B3D-63EE59AB2BF3}\MpKsl6da53cd2.sys [?]
S1 MpKsl788c0a60;MpKsl788c0a60;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0FFB68F0-09DB-4CE0-8B3D-63EE59AB2BF3}\MpKsl788c0a60.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0FFB68F0-09DB-4CE0-8B3D-63EE59AB2BF3}\MpKsl788c0a60.sys [?]
S1 MpKsl7a8c3fbd;MpKsl7a8c3fbd;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl7a8c3fbd.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl7a8c3fbd.sys [?]
S1 MpKsl805c9a21;MpKsl805c9a21;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl805c9a21.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl805c9a21.sys [?]
S1 MpKsl9595b0f9;MpKsl9595b0f9;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A6ED3860-72AB-4BA7-BDC4-EBF38ED88229}\MpKsl9595b0f9.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A6ED3860-72AB-4BA7-BDC4-EBF38ED88229}\MpKsl9595b0f9.sys [?]
S1 MpKsl97cb5649;MpKsl97cb5649;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CC07DEDF-D087-4C01-B58B-2AEAF651B6A1}\MpKsl97cb5649.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CC07DEDF-D087-4C01-B58B-2AEAF651B6A1}\MpKsl97cb5649.sys [?]
S1 MpKsl9bbe3881;MpKsl9bbe3881;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl9bbe3881.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl9bbe3881.sys [?]
S1 MpKslbf9c73f3;MpKslbf9c73f3;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{75555445-74B2-4212-8270-D7B3258FC677}\MpKslbf9c73f3.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{75555445-74B2-4212-8270-D7B3258FC677}\MpKslbf9c73f3.sys [?]
S1 MpKsle85ea9d9;MpKsle85ea9d9;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DF8A9E5C-8181-467C-AB3E-52E89B46799F}\MpKsle85ea9d9.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DF8A9E5C-8181-467C-AB3E-52E89B46799F}\MpKsle85ea9d9.sys [?]
S1 MpKslff5f15b2;MpKslff5f15b2;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{75555445-74B2-4212-8270-D7B3258FC677}\MpKslff5f15b2.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{75555445-74B2-4212-8270-D7B3258FC677}\MpKslff5f15b2.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [31. 1. 2011 18:00 247096]
S3 aligp;USB Composite Device;c:\windows\system32\drivers\AliGP.sys [26. 1. 2011 20:14 10326]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14. 4. 2008 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLEB00F48F
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.119.113.244 217.119.113.245
FF - ProfilePath - c:\documents and settings\Andrej\Data aplikací\Mozilla\Firefox\Profiles\mrqnrq5s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-HP OrderReminder - c:\program files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-01 19:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(328)
c:\windows\system32\msi.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\windows\system32\wscntfy.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2012-01-01 19:28:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-01 18:28
.
Pre-Run: Volných bajtů: 58 694 987 776
Post-Run: Volných bajtů: 58 796 945 408
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 80D7C5E67FE1FE359135295602DF2CFA
Nahoru
Uživatelský avatar
chodnik74
Přítel fóra
Přítel fóra
Příspěvky: 4975
Registrován: 13 zář 2010 21:30
Bydliště: Napajedla
Kontaktovat uživatele:
Kontaktovat uživatele chodnik74

Re: Trojsky kon v operačnej pamäti + log na kontrolu pls pom

#2 Příspěvek od chodnik74 »

Zdravím :welcome:

Příště žádný Combofix jen tak :twisted:

:arrow: Nebezpeči Combofixu
  • Program je primárně určený pro rádce,takže svévolným použitím ztrácíte nárok na pomoc
  • Maže stopy po veškeré havěti,takže když ho použijete sami,tak v RSITU nic nejde vidět
  • Výsledný log je potřeba doluštit a dočistit,protože Combofix neumí mazat vše
  • Combofix může mít chybu,zboří vám systém a pokud nevíte,kam ukládá své zálohy a jak je obnovit,tak vás čeká reinstall systému
  • Combofix nekontroluje důležité knihovny(například hall.dll)

:arrow: Odinstalovat všechny antiviry a nechat pouze JEDEN

:arrow: Odinstalovat ICQ toolbar a všechny nepotřebné toolbary..


:arrow: Stáhněte si TDSSKiller
  • Spuste program a klikněte na Start Scan
  • Pokud program najde infikekci,tak ji bude lecit (Cure), povolte léčení kliknutím na tlačítko Continue
  • Pokud program najde podezrely soubor (suspicious),bude ho chtít přeskočit (Skip), povolte přeskočení kliknutim na tlačítko Continue
  • Po dokončení skenování bude možná potřeba restartovat počítač,ten povolíte programu kliknutím na tlačítko Reboot now
  • Po restartování počítače na vás vyskočí log(pokud se tak nestane,tak ho najdete na disku,kde máte nainstalovaná systém s názvem TDSSKiller.xxxx_log.txt) a vložte mi sem jeho obsah
  • Pokud nebude program požadovat restartování počítače,klikněte na tlačítko Close a následně na Report , čímž se Vám vytvoří log a jeho obsah mu sem vložte
Napiš mi: chodnik74@gmail.com nebo Obrázek

>RSIT<>MBAM<>VirusTotal

Doporučuji:Obrázek | Obrázek

:!: Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. ;-) Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! :!:

:!: Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!

:idea: Jste s naší pomocí spokojeni :???: Neváhejte a podpořte forum ZDE.

Pravidla fora: č.1 a č.2
Nahoru
addulka
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 01 led 2012 19:37

Re: Trojsky kon v operačnej pamäti + log na kontrolu pls pom

#3 Příspěvek od addulka »

Dobrý večer, spravila som čo ste mi poradili, odinštalovala som všetky antivíraky, nechala som si len avast. Mám však problém, predtým som mala Microsoft Security Essentials. Vyhodilo mi že mám trojskeho koňa, neukazovalo však že kde... dala som to liečiť ale nejak sa mi to nezdalo. Stiahla som Kasperskeho ale počas inštalácie som zistila že ide o Bootovacie CD kaspersky tak som inštaláciu zrušila. Potom mi ale vyhodilo preč ten Microsof Security Essentials a odvtedy mi stále pri spustení PC vyhadzuje že je tam nejaká chyba. Nedá sa ani nijako odinštalovať ani vypnúť ani opraviť. Skúšala som to už všetkými možnými spôsobmi ale nič. Potom som dala obnovu PC 3 dni pred a naivne dúfala že to pôjde.. samozrejme nešlo. Potom som teda stiahla ten Eset a až ten mi našiel že mám toho trojskeho koňa v operačnej pamäti.
Takže teraz mám len Avast a ten Microsoft Essentials ktorého sa nemôžem nijako zbaviť...
Odinštalovala som si aj Toolbary.
Ešte okrem toho mi stále ukazuje upozornenie že mám vypnuté automatické aktualizácie, aj napriek tomu že som ich už viac krát zapínala.
S tým combofixom som to asi tiež fayne zbabrala. Treba s ním teda ešte niečo robiť? alebo ho môžem rovno odinštalovať? Môžem už spustiť ten TDSSKiller?

Ďakujem veľmi pekne za pomoc.
Nahoru
Uživatelský avatar
chodnik74
Přítel fóra
Přítel fóra
Příspěvky: 4975
Registrován: 13 zář 2010 21:30
Bydliště: Napajedla
Kontaktovat uživatele:
Kontaktovat uživatele chodnik74

Re: Trojsky kon v operačnej pamäti + log na kontrolu pls pom

#4 Příspěvek od chodnik74 »

Nestalo se nic, přístě budete s Combofixem vědět..


:arrow: Na odinstalování MSE vám dám radu.. :)

Microsoft Security Essentials-Primary Removal Tool
http://go.microsoft.com/?linkid=9748340

Microsoft Security Essentials/OneCare-Secondary Removal Tool
http://download.microsoft.com/download/ ... leanUp.exe
*Poznamka k MSE: Idealni je pouzit nejdrive Primary Tool a pote OneCare Removal (toto pomaha obzvlaste se sluzbami a konflikty MSE firewallu)


Poté pokračujte TDSSKillerem :)
Napiš mi: chodnik74@gmail.com nebo Obrázek

>RSIT<>MBAM<>VirusTotal

Doporučuji:Obrázek | Obrázek

:!: Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. ;-) Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! :!:

:!: Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!

:idea: Jste s naší pomocí spokojeni :???: Neváhejte a podpořte forum ZDE.

Pravidla fora: č.1 a č.2
Nahoru
addulka
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 01 led 2012 19:37

Re: Trojsky kon v operačnej pamäti + log na kontrolu pls pom

#5 Příspěvek od addulka »

ANi takto sa mi to nepodarilo odinštalovať...
Spustila som ale TDSSKiller a našlo mi tam toho viac dala som to zmazať a tu je report:

22:41:40.0578 2360 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
22:41:40.0703 2360 ============================================================
22:41:40.0703 2360 Current date / time: 2012/01/01 22:41:40.0703
22:41:40.0703 2360 SystemInfo:
22:41:40.0703 2360
22:41:40.0703 2360 OS Version: 5.1.2600 ServicePack: 3.0
22:41:40.0703 2360 Product type: Workstation
22:41:40.0703 2360 ComputerName: ANDREJ-PC
22:41:40.0703 2360 UserName: Andrej
22:41:40.0703 2360 Windows directory: C:\WINDOWS
22:41:40.0703 2360 System windows directory: C:\WINDOWS
22:41:40.0703 2360 Processor architecture: Intel x86
22:41:40.0703 2360 Number of processors: 1
22:41:40.0703 2360 Page size: 0x1000
22:41:40.0703 2360 Boot type: Normal boot
22:41:40.0703 2360 ============================================================
22:41:43.0062 2360 Initialize success
22:41:46.0031 2572 ============================================================
22:41:46.0031 2572 Scan started
22:41:46.0031 2572 Mode: Manual;
22:41:46.0031 2572 ============================================================
22:41:47.0140 2572 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:41:47.0140 2572 Aavmker4 - ok
22:41:47.0187 2572 Abiosdsk - ok
22:41:47.0218 2572 abp480n5 - ok
22:41:47.0281 2572 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:41:47.0296 2572 ACPI - ok
22:41:47.0343 2572 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:41:47.0343 2572 ACPIEC - ok
22:41:47.0359 2572 adpu160m - ok
22:41:47.0406 2572 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
22:41:47.0406 2572 aeaudio - ok
22:41:47.0437 2572 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:41:47.0453 2572 aec - ok
22:41:47.0531 2572 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:41:47.0531 2572 AFD - ok
22:41:47.0593 2572 Aha154x - ok
22:41:47.0625 2572 aic78u2 - ok
22:41:47.0656 2572 aic78xx - ok
22:41:47.0703 2572 ALIEHCD (f7c86bad81e4f54de7466b31e44afd41) C:\WINDOWS\system32\Drivers\ALIEHCI.sys
22:41:47.0703 2572 ALIEHCD - ok
22:41:48.0171 2572 aligp (47bd065b228fac65e45730e8cba43d4a) C:\WINDOWS\system32\DRIVERS\AliGP.sys
22:41:48.0171 2572 aligp - ok
22:41:48.0375 2572 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:41:48.0375 2572 AliIde - ok
22:41:48.0421 2572 aliroothub (771ccbf4fefafa3094342e90114c4efc) C:\WINDOWS\system32\DRIVERS\AliRtHub.sys
22:41:48.0437 2572 aliroothub - ok
22:41:48.0484 2572 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
22:41:48.0484 2572 AmdPPM - ok
22:41:48.0500 2572 amsint - ok
22:41:48.0531 2572 asc - ok
22:41:48.0562 2572 asc3350p - ok
22:41:48.0578 2572 asc3550 - ok
22:41:48.0656 2572 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:41:48.0656 2572 aswFsBlk - ok
22:41:48.0718 2572 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
22:41:48.0718 2572 aswMon2 - ok
22:41:48.0781 2572 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
22:41:48.0781 2572 aswRdr - ok
22:41:48.0859 2572 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
22:41:48.0890 2572 aswSnx - ok
22:41:48.0953 2572 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
22:41:48.0984 2572 aswSP - ok
22:41:49.0031 2572 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
22:41:49.0031 2572 aswTdi - ok
22:41:49.0109 2572 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:41:49.0109 2572 AsyncMac - ok
22:41:49.0171 2572 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:41:49.0187 2572 atapi - ok
22:41:49.0234 2572 Atdisk - ok
22:41:49.0359 2572 ati2mtag (49c75e63b8b23b0e534447ba25ce2e76) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:41:49.0390 2572 ati2mtag - ok
22:41:49.0468 2572 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:41:49.0468 2572 Atmarpc - ok
22:41:49.0578 2572 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:41:49.0578 2572 audstub - ok
22:41:49.0640 2572 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:41:49.0640 2572 Beep - ok
22:41:49.0656 2572 catchme - ok
22:41:49.0703 2572 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:41:49.0703 2572 cbidf2k - ok
22:41:49.0734 2572 cd20xrnt - ok
22:41:49.0765 2572 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:41:49.0765 2572 Cdaudio - ok
22:41:49.0828 2572 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:41:49.0828 2572 Cdfs - ok
22:41:49.0921 2572 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:41:49.0921 2572 Cdrom - ok
22:41:49.0953 2572 Changer - ok
22:41:50.0015 2572 CmdIde - ok
22:41:50.0062 2572 Cpqarray - ok
22:41:50.0109 2572 dac2w2k - ok
22:41:50.0140 2572 dac960nt - ok
22:41:50.0187 2572 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:41:50.0187 2572 Disk - ok
22:41:50.0250 2572 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
22:41:50.0281 2572 dmboot - ok
22:41:50.0328 2572 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
22:41:50.0343 2572 dmio - ok
22:41:50.0390 2572 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:41:50.0390 2572 dmload - ok
22:41:50.0437 2572 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:41:50.0437 2572 DMusic - ok
22:41:50.0484 2572 dpti2o - ok
22:41:50.0531 2572 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:41:50.0531 2572 drmkaud - ok
22:41:50.0609 2572 EIO (e41f6ac72e597e5f87b4a9ab0d8ab8bc) C:\WINDOWS\system32\drivers\EIO.sys
22:41:50.0609 2572 EIO - ok
22:41:50.0671 2572 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:41:50.0687 2572 Fastfat - ok
22:41:50.0718 2572 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:41:50.0718 2572 Fdc - ok
22:41:50.0796 2572 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
22:41:50.0796 2572 Fips - ok
22:41:50.0859 2572 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:41:50.0859 2572 Flpydisk - ok
22:41:50.0937 2572 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:41:50.0937 2572 FltMgr - ok
22:41:51.0015 2572 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:41:51.0015 2572 Fs_Rec - ok
22:41:51.0062 2572 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:41:51.0078 2572 Ftdisk - ok
22:41:51.0125 2572 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:41:51.0125 2572 GEARAspiWDM - ok
22:41:51.0218 2572 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:41:51.0218 2572 Gpc - ok
22:41:51.0281 2572 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:41:51.0281 2572 hidusb - ok
22:41:51.0328 2572 hpn - ok
22:41:51.0406 2572 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:41:51.0421 2572 HTTP - ok
22:41:51.0453 2572 i2omgmt - ok
22:41:51.0484 2572 i2omp - ok
22:41:51.0531 2572 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\drivers\i8042prt.sys
22:41:51.0531 2572 i8042prt - ok
22:41:51.0640 2572 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:41:51.0640 2572 Imapi - ok
22:41:51.0687 2572 ini910u - ok
22:41:51.0734 2572 IntelIde - ok
22:41:51.0796 2572 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:41:51.0796 2572 Ip6Fw - ok
22:41:51.0859 2572 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:41:51.0859 2572 IpFilterDriver - ok
22:41:51.0906 2572 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:41:51.0906 2572 IpInIp - ok
22:41:51.0937 2572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:41:51.0937 2572 IpNat - ok
22:41:52.0093 2572 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:41:52.0093 2572 IPSec - ok
22:41:52.0140 2572 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:41:52.0140 2572 IRENUM - ok
22:41:52.0250 2572 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:41:52.0265 2572 isapnp - ok
22:41:52.0328 2572 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:41:52.0328 2572 Kbdclass - ok
22:41:52.0359 2572 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:41:52.0375 2572 kbdhid - ok
22:41:52.0421 2572 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:41:52.0437 2572 kmixer - ok
22:41:52.0484 2572 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:41:52.0500 2572 KSecDD - ok
22:41:52.0546 2572 lbrtfdc - ok
22:41:52.0609 2572 m5289 (2424b13987360840b4bf4e5fb5a66d3f) C:\WINDOWS\system32\DRIVERS\m5289.sys
22:41:52.0609 2572 m5289 - ok
22:41:52.0687 2572 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:41:52.0687 2572 mnmdd - ok
22:41:52.0734 2572 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
22:41:52.0734 2572 Modem - ok
22:41:52.0812 2572 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:41:52.0812 2572 Mouclass - ok
22:41:52.0890 2572 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:41:52.0890 2572 mouhid - ok
22:41:52.0921 2572 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:41:52.0921 2572 MountMgr - ok
22:41:52.0953 2572 MpKsl0291cfe2 - ok
22:41:52.0984 2572 MpKsl09216346 - ok
22:41:53.0015 2572 MpKsl170033f7 - ok
22:41:53.0015 2572 MpKsl198c1960 - ok
22:41:53.0046 2572 MpKsl1d649da7 - ok
22:41:53.0078 2572 MpKsl39a2102d - ok
22:41:53.0078 2572 MpKsl4a5c88d6 - ok
22:41:53.0093 2572 MpKsl4ab8ec4e - ok
22:41:53.0109 2572 MpKsl4ebe2678 - ok
22:41:53.0125 2572 MpKsl4f3a2b56 - ok
22:41:53.0125 2572 MpKsl50729e58 - ok
22:41:53.0140 2572 MpKsl6d243d40 - ok
22:41:53.0156 2572 MpKsl6da53cd2 - ok
22:41:53.0156 2572 MpKsl788c0a60 - ok
22:41:53.0187 2572 MpKsl7a8c3fbd - ok
22:41:53.0203 2572 MpKsl805c9a21 - ok
22:41:53.0218 2572 MpKsl9595b0f9 - ok
22:41:53.0234 2572 MpKsl97cb5649 - ok
22:41:53.0265 2572 MpKsl9bbe3881 - ok
22:41:53.0296 2572 MpKslbf9c73f3 - ok
22:41:53.0312 2572 MpKsle85ea9d9 - ok
22:41:53.0328 2572 MpKslff5f15b2 - ok
22:41:53.0390 2572 mraid35x - ok
22:41:53.0453 2572 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:41:53.0468 2572 MRxDAV - ok
22:41:53.0531 2572 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:41:53.0546 2572 MRxSmb - ok
22:41:53.0609 2572 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:41:53.0609 2572 Msfs - ok
22:41:53.0703 2572 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:41:53.0703 2572 MSKSSRV - ok
22:41:53.0734 2572 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:41:53.0734 2572 MSPCLOCK - ok
22:41:53.0750 2572 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:41:53.0750 2572 MSPQM - ok
22:41:53.0828 2572 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:41:53.0828 2572 mssmbios - ok
22:41:53.0890 2572 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:41:53.0890 2572 Mup - ok
22:41:53.0953 2572 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:41:53.0968 2572 NDIS - ok
22:41:54.0062 2572 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:41:54.0062 2572 NdisTapi - ok
22:41:54.0125 2572 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:41:54.0125 2572 Ndisuio - ok
22:41:54.0140 2572 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:41:54.0156 2572 NdisWan - ok
22:41:54.0203 2572 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:41:54.0203 2572 NDProxy - ok
22:41:54.0234 2572 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:41:54.0234 2572 NetBIOS - ok
22:41:54.0296 2572 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:41:54.0312 2572 NetBT - ok
22:41:54.0406 2572 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:41:54.0406 2572 Npfs - ok
22:41:54.0500 2572 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:41:54.0531 2572 Ntfs - ok
22:41:54.0578 2572 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:41:54.0578 2572 Null - ok
22:41:54.0656 2572 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:41:54.0656 2572 NwlnkFlt - ok
22:41:54.0703 2572 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:41:54.0703 2572 NwlnkFwd - ok
22:41:54.0765 2572 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
22:41:54.0765 2572 Parport - ok
22:41:54.0875 2572 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:41:54.0890 2572 PartMgr - ok
22:41:54.0937 2572 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
22:41:54.0953 2572 ParVdm - ok
22:41:55.0031 2572 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
22:41:55.0031 2572 PCI - ok
22:41:55.0062 2572 PCIDump - ok
22:41:55.0093 2572 PCIIde - ok
22:41:55.0140 2572 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:41:55.0140 2572 Pcmcia - ok
22:41:55.0187 2572 PDCOMP - ok
22:41:55.0234 2572 PDFRAME - ok
22:41:55.0281 2572 PDRELI - ok
22:41:55.0312 2572 PDRFRAME - ok
22:41:55.0343 2572 perc2 - ok
22:41:55.0359 2572 perc2hib - ok
22:41:55.0437 2572 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:41:55.0453 2572 PptpMiniport - ok
22:41:55.0484 2572 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
22:41:55.0484 2572 Processor - ok
22:41:55.0515 2572 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:41:55.0515 2572 PSched - ok
22:41:55.0531 2572 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:41:55.0546 2572 Ptilink - ok
22:41:55.0593 2572 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:41:55.0593 2572 PxHelp20 - ok
22:41:55.0625 2572 ql1080 - ok
22:41:55.0656 2572 Ql10wnt - ok
22:41:55.0687 2572 ql12160 - ok
22:41:55.0718 2572 ql1240 - ok
22:41:55.0734 2572 ql1280 - ok
22:41:55.0796 2572 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:41:55.0796 2572 RasAcd - ok
22:41:55.0859 2572 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:41:55.0859 2572 Rasl2tp - ok
22:41:55.0906 2572 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:41:55.0906 2572 RasPppoe - ok
22:41:55.0953 2572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:41:55.0953 2572 Raspti - ok
22:41:56.0078 2572 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:41:56.0078 2572 Rdbss - ok
22:41:56.0281 2572 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:41:56.0281 2572 RDPCDD - ok
22:41:56.0468 2572 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:41:56.0500 2572 rdpdr - ok
22:41:56.0578 2572 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:41:56.0593 2572 RDPWD - ok
22:41:56.0671 2572 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:41:56.0671 2572 redbook - ok
22:41:56.0796 2572 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:41:56.0796 2572 Secdrv - ok
22:41:56.0859 2572 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
22:41:56.0859 2572 seehcri - ok
22:41:56.0937 2572 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:41:56.0937 2572 serenum - ok
22:41:57.0000 2572 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
22:41:57.0000 2572 Serial - ok
22:41:57.0078 2572 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:41:57.0078 2572 Sfloppy - ok
22:41:57.0109 2572 Simbad - ok
22:41:57.0187 2572 smwdm (f1b8248d5d7e151b8934cdef4424fb6e) C:\WINDOWS\system32\drivers\smwdm.sys
22:41:57.0203 2572 smwdm - ok
22:41:57.0265 2572 Sparrow - ok
22:41:57.0328 2572 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:41:57.0328 2572 splitter - ok
22:41:57.0406 2572 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
22:41:57.0406 2572 sr - ok
22:41:57.0468 2572 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:41:57.0500 2572 Srv - ok
22:41:57.0625 2572 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:41:57.0625 2572 swenum - ok
22:41:57.0687 2572 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:41:57.0687 2572 swmidi - ok
22:41:57.0781 2572 symc810 - ok
22:41:57.0812 2572 symc8xx - ok
22:41:57.0828 2572 sym_hi - ok
22:41:57.0859 2572 sym_u3 - ok
22:41:57.0890 2572 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:41:57.0890 2572 sysaudio - ok
22:41:57.0984 2572 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:41:58.0000 2572 Tcpip - ok
22:41:58.0109 2572 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:41:58.0109 2572 TDPIPE - ok
22:41:58.0140 2572 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:41:58.0140 2572 TDTCP - ok
22:41:58.0203 2572 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:41:58.0203 2572 TermDD - ok
22:41:58.0281 2572 TosIde - ok
22:41:58.0375 2572 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:41:58.0375 2572 Udfs - ok
22:41:58.0484 2572 ULI5261 (564f1f82fb5c0249be0cfee4c826be95) C:\WINDOWS\system32\DRIVERS\ULILAN.SYS
22:41:58.0484 2572 ULI5261 - ok
22:41:58.0500 2572 uliagpkx (4acecaa41d5f1a4cd3c78afc4de0a8c3) C:\WINDOWS\system32\DRIVERS\agpkx.sys
22:41:58.0500 2572 uliagpkx - ok
22:41:58.0531 2572 ultra - ok
22:41:58.0593 2572 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:41:58.0609 2572 Update - ok
22:41:58.0656 2572 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:41:58.0656 2572 usbccgp - ok
22:41:58.0718 2572 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:41:58.0718 2572 usbehci - ok
22:41:58.0812 2572 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:41:58.0812 2572 usbhub - ok
22:41:58.0890 2572 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:41:58.0906 2572 usbohci - ok
22:41:59.0000 2572 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:41:59.0000 2572 usbprint - ok
22:41:59.0109 2572 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:41:59.0109 2572 usbscan - ok
22:41:59.0171 2572 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
22:41:59.0187 2572 usbser - ok
22:41:59.0250 2572 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:41:59.0250 2572 USBSTOR - ok
22:41:59.0312 2572 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:41:59.0312 2572 VgaSave - ok
22:41:59.0343 2572 ViaIde - ok
22:41:59.0390 2572 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
22:41:59.0390 2572 VolSnap - ok
22:41:59.0437 2572 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:41:59.0437 2572 Wanarp - ok
22:41:59.0500 2572 WDICA - ok
22:41:59.0562 2572 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:41:59.0578 2572 wdmaud - ok
22:41:59.0750 2572 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:41:59.0750 2572 WpdUsb - ok
22:41:59.0875 2572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:41:59.0875 2572 WudfPf - ok
22:41:59.0968 2572 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:41:59.0968 2572 WudfRd - ok
22:42:00.0015 2572 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
22:42:00.0156 2572 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
22:42:00.0156 2572 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
22:42:00.0171 2572 Boot (0x1200) (9be5d266fcadabcb49b4955ca74310d9) \Device\Harddisk0\DR0\Partition0
22:42:00.0171 2572 \Device\Harddisk0\DR0\Partition0 - ok
22:42:00.0187 2572 ============================================================
22:42:00.0187 2572 Scan finished
22:42:00.0187 2572 ============================================================
22:42:00.0203 2564 Detected object count: 1
22:42:00.0203 2564 Actual detected object count: 1
22:43:25.0406 2564 \Device\Harddisk0\DR0 - copied to quarantine
22:43:25.0406 2564 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Quarantine
22:44:18.0265 2688 ============================================================
22:44:18.0265 2688 Scan started
22:44:18.0265 2688 Mode: Manual; SigCheck; TDLFS;
22:44:18.0265 2688 ============================================================
22:44:18.0484 2688 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:44:18.0718 2688 Aavmker4 - ok
22:44:18.0796 2688 Abiosdsk - ok
22:44:18.0843 2688 abp480n5 - ok
22:44:18.0921 2688 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:44:20.0109 2688 ACPI - ok
22:44:20.0218 2688 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:44:20.0375 2688 ACPIEC - ok
22:44:20.0421 2688 adpu160m - ok
22:44:20.0546 2688 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
22:44:20.0609 2688 aeaudio - ok
22:44:20.0750 2688 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:44:20.0890 2688 aec - ok
22:44:20.0968 2688 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:44:20.0984 2688 AFD - ok
22:44:21.0062 2688 Aha154x - ok
22:44:21.0109 2688 aic78u2 - ok
22:44:21.0140 2688 aic78xx - ok
22:44:21.0187 2688 ALIEHCD (f7c86bad81e4f54de7466b31e44afd41) C:\WINDOWS\system32\Drivers\ALIEHCI.sys
22:44:21.0187 2688 ALIEHCD ( UnsignedFile.Multi.Generic ) - warning
22:44:21.0187 2688 ALIEHCD - detected UnsignedFile.Multi.Generic (1)
22:44:21.0234 2688 aligp (47bd065b228fac65e45730e8cba43d4a) C:\WINDOWS\system32\DRIVERS\AliGP.sys
22:44:21.0250 2688 aligp ( UnsignedFile.Multi.Generic ) - warning
22:44:21.0250 2688 aligp - detected UnsignedFile.Multi.Generic (1)
22:44:21.0296 2688 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:44:21.0437 2688 AliIde - ok
22:44:21.0515 2688 aliroothub (771ccbf4fefafa3094342e90114c4efc) C:\WINDOWS\system32\DRIVERS\AliRtHub.sys
22:44:21.0578 2688 aliroothub ( UnsignedFile.Multi.Generic ) - warning
22:44:21.0578 2688 aliroothub - detected UnsignedFile.Multi.Generic (1)
22:44:21.0640 2688 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
22:44:21.0703 2688 AmdPPM - ok
22:44:21.0734 2688 amsint - ok
22:44:21.0781 2688 asc - ok
22:44:21.0812 2688 asc3350p - ok
22:44:21.0843 2688 asc3550 - ok
22:44:21.0921 2688 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:44:21.0921 2688 aswFsBlk - ok
22:44:22.0015 2688 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
22:44:22.0031 2688 aswMon2 - ok
22:44:22.0093 2688 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
22:44:22.0109 2688 aswRdr - ok
22:44:22.0171 2688 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
22:44:22.0187 2688 aswSnx - ok
22:44:22.0250 2688 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
22:44:22.0265 2688 aswSP - ok
22:44:22.0343 2688 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
22:44:22.0359 2688 aswTdi - ok
22:44:22.0437 2688 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:44:22.0578 2688 AsyncMac - ok
22:44:22.0656 2688 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:44:22.0796 2688 atapi - ok
22:44:22.0843 2688 Atdisk - ok
22:44:22.0921 2688 ati2mtag (49c75e63b8b23b0e534447ba25ce2e76) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:44:23.0031 2688 ati2mtag - ok
22:44:23.0125 2688 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:44:23.0281 2688 Atmarpc - ok
22:44:23.0343 2688 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:44:23.0500 2688 audstub - ok
22:44:23.0609 2688 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:44:23.0765 2688 Beep - ok
22:44:23.0781 2688 catchme - ok
22:44:23.0828 2688 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:44:23.0984 2688 cbidf2k - ok
22:44:24.0062 2688 cd20xrnt - ok
22:44:24.0109 2688 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:44:24.0281 2688 Cdaudio - ok
22:44:24.0343 2688 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:44:24.0515 2688 Cdfs - ok
22:44:24.0625 2688 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:44:24.0781 2688 Cdrom - ok
22:44:24.0812 2688 Changer - ok
22:44:24.0906 2688 CmdIde - ok
22:44:24.0953 2688 Cpqarray - ok
22:44:25.0000 2688 dac2w2k - ok
22:44:25.0015 2688 dac960nt - ok
22:44:25.0078 2688 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:44:25.0234 2688 Disk - ok
22:44:25.0343 2688 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
22:44:25.0546 2688 dmboot - ok
22:44:25.0671 2688 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
22:44:25.0843 2688 dmio - ok
22:44:25.0890 2688 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:44:26.0046 2688 dmload - ok
22:44:26.0156 2688 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:44:26.0312 2688 DMusic - ok
22:44:26.0359 2688 dpti2o - ok
22:44:26.0375 2688 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:44:26.0531 2688 drmkaud - ok
22:44:26.0640 2688 EIO (e41f6ac72e597e5f87b4a9ab0d8ab8bc) C:\WINDOWS\system32\drivers\EIO.sys
22:44:26.0640 2688 EIO ( UnsignedFile.Multi.Generic ) - warning
22:44:26.0640 2688 EIO - detected UnsignedFile.Multi.Generic (1)
22:44:26.0734 2688 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:44:26.0890 2688 Fastfat - ok
22:44:26.0984 2688 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:44:27.0187 2688 Fdc - ok
22:44:27.0265 2688 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
22:44:27.0421 2688 Fips - ok
22:44:27.0515 2688 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:44:27.0718 2688 Flpydisk - ok
22:44:27.0843 2688 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:44:28.0000 2688 FltMgr - ok
22:44:28.0031 2688 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:44:28.0203 2688 Fs_Rec - ok
22:44:28.0296 2688 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:44:28.0453 2688 Ftdisk - ok
22:44:28.0515 2688 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:44:28.0531 2688 GEARAspiWDM - ok
22:44:28.0625 2688 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:44:28.0781 2688 Gpc - ok
22:44:28.0875 2688 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:44:29.0031 2688 hidusb - ok
22:44:29.0093 2688 hpn - ok
22:44:29.0171 2688 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:44:29.0234 2688 HTTP - ok
22:44:29.0265 2688 i2omgmt - ok
22:44:29.0281 2688 i2omp - ok
22:44:29.0343 2688 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\drivers\i8042prt.sys
22:44:29.0500 2688 i8042prt - ok
22:44:29.0656 2688 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:44:29.0796 2688 Imapi - ok
22:44:29.0843 2688 ini910u - ok
22:44:29.0890 2688 IntelIde - ok
22:44:29.0953 2688 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:44:30.0109 2688 Ip6Fw - ok
22:44:30.0203 2688 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:44:30.0359 2688 IpFilterDriver - ok
22:44:30.0406 2688 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:44:30.0562 2688 IpInIp - ok
22:44:30.0640 2688 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:44:30.0812 2688 IpNat - ok
22:44:30.0875 2688 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:44:31.0031 2688 IPSec - ok
22:44:31.0125 2688 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:44:31.0187 2688 IRENUM - ok
22:44:31.0265 2688 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:44:31.0421 2688 isapnp - ok
22:44:31.0500 2688 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:44:31.0671 2688 Kbdclass - ok
22:44:31.0750 2688 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:44:31.0921 2688 kbdhid - ok
22:44:32.0046 2688 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:44:32.0218 2688 kmixer - ok
22:44:32.0312 2688 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:44:32.0359 2688 KSecDD - ok
22:44:32.0437 2688 lbrtfdc - ok
22:44:32.0500 2688 m5289 (2424b13987360840b4bf4e5fb5a66d3f) C:\WINDOWS\system32\DRIVERS\m5289.sys
22:44:32.0656 2688 m5289 - ok
22:44:32.0750 2688 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:44:32.0906 2688 mnmdd - ok
22:44:33.0000 2688 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
22:44:33.0156 2688 Modem - ok
22:44:33.0234 2688 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:44:33.0406 2688 Mouclass - ok
22:44:33.0531 2688 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:44:33.0718 2688 mouhid - ok
22:44:33.0750 2688 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:44:33.0921 2688 MountMgr - ok
22:44:33.0953 2688 MpKsl0291cfe2 - ok
22:44:33.0968 2688 MpKsl09216346 - ok
22:44:33.0968 2688 MpKsl170033f7 - ok
22:44:33.0984 2688 MpKsl198c1960 - ok
22:44:34.0000 2688 MpKsl1d649da7 - ok
22:44:34.0015 2688 MpKsl39a2102d - ok
22:44:34.0046 2688 MpKsl4a5c88d6 - ok
22:44:34.0062 2688 MpKsl4ab8ec4e - ok
22:44:34.0078 2688 MpKsl4ebe2678 - ok
22:44:34.0093 2688 MpKsl4f3a2b56 - ok
22:44:34.0109 2688 MpKsl50729e58 - ok
22:44:34.0125 2688 MpKsl6d243d40 - ok
22:44:34.0140 2688 MpKsl6da53cd2 - ok
22:44:34.0156 2688 MpKsl788c0a60 - ok
22:44:34.0171 2688 MpKsl7a8c3fbd - ok
22:44:34.0187 2688 MpKsl805c9a21 - ok
22:44:34.0203 2688 MpKsl9595b0f9 - ok
22:44:34.0218 2688 MpKsl97cb5649 - ok
22:44:34.0234 2688 MpKsl9bbe3881 - ok
22:44:34.0250 2688 MpKslbf9c73f3 - ok
22:44:34.0265 2688 MpKsle85ea9d9 - ok
22:44:34.0296 2688 MpKslff5f15b2 - ok
22:44:34.0359 2688 mraid35x - ok
22:44:34.0437 2688 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:44:34.0593 2688 MRxDAV - ok
22:44:34.0703 2688 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:44:34.0796 2688 MRxSmb - ok
22:44:34.0843 2688 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:44:35.0031 2688 Msfs - ok
22:44:35.0125 2688 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:44:35.0265 2688 MSKSSRV - ok
22:44:35.0296 2688 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:44:35.0468 2688 MSPCLOCK - ok
22:44:35.0578 2688 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:44:35.0734 2688 MSPQM - ok
22:44:35.0812 2688 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:44:35.0968 2688 mssmbios - ok
22:44:36.0093 2688 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:44:36.0125 2688 Mup - ok
22:44:36.0203 2688 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:44:36.0390 2688 NDIS - ok
22:44:36.0484 2688 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:44:36.0515 2688 NdisTapi - ok
22:44:36.0640 2688 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:44:36.0796 2688 Ndisuio - ok
22:44:36.0906 2688 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:44:37.0078 2688 NdisWan - ok
22:44:37.0156 2688 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:44:37.0203 2688 NDProxy - ok
22:44:37.0296 2688 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:44:37.0453 2688 NetBIOS - ok
22:44:37.0484 2688 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:44:37.0640 2688 NetBT - ok
22:44:37.0718 2688 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:44:37.0875 2688 Npfs - ok
22:44:38.0000 2688 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:44:38.0187 2688 Ntfs - ok
22:44:38.0234 2688 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:44:38.0390 2688 Null - ok
22:44:38.0468 2688 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:44:38.0640 2688 NwlnkFlt - ok
22:44:38.0687 2688 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:44:38.0828 2688 NwlnkFwd - ok
22:44:38.0906 2688 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
22:44:39.0062 2688 Parport - ok
22:44:39.0171 2688 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:44:39.0312 2688 PartMgr - ok
22:44:39.0328 2688 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
22:44:39.0484 2688 ParVdm - ok
22:44:39.0609 2688 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
22:44:39.0781 2688 PCI - ok
22:44:39.0859 2688 PCIDump - ok
22:44:39.0890 2688 PCIIde - ok
22:44:39.0953 2688 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:44:40.0125 2688 Pcmcia - ok
22:44:40.0187 2688 PDCOMP - ok
22:44:40.0234 2688 PDFRAME - ok
22:44:40.0265 2688 PDRELI - ok
22:44:40.0281 2688 PDRFRAME - ok
22:44:40.0312 2688 perc2 - ok
22:44:40.0328 2688 perc2hib - ok
22:44:40.0421 2688 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:44:40.0578 2688 PptpMiniport - ok
22:44:40.0656 2688 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
22:44:40.0812 2688 Processor - ok
22:44:40.0890 2688 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:44:41.0046 2688 PSched - ok
22:44:41.0125 2688 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:44:41.0265 2688 Ptilink - ok
22:44:41.0343 2688 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:44:41.0359 2688 PxHelp20 - ok
22:44:41.0390 2688 ql1080 - ok
22:44:41.0421 2688 Ql10wnt - ok
22:44:41.0437 2688 ql12160 - ok
22:44:41.0468 2688 ql1240 - ok
22:44:41.0500 2688 ql1280 - ok
22:44:41.0546 2688 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:44:41.0718 2688 RasAcd - ok
22:44:41.0843 2688 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:44:41.0984 2688 Rasl2tp - ok
22:44:42.0093 2688 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:44:42.0265 2688 RasPppoe - ok
22:44:42.0312 2688 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:44:42.0453 2688 Raspti - ok
22:44:42.0640 2688 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:44:42.0843 2688 Rdbss - ok
22:44:42.0906 2688 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:44:43.0062 2688 RDPCDD - ok
22:44:43.0156 2688 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:44:43.0312 2688 rdpdr - ok
22:44:43.0437 2688 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:44:43.0484 2688 RDPWD - ok
22:44:43.0578 2688 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:44:43.0718 2688 redbook - ok
22:44:43.0812 2688 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:44:43.0875 2688 Secdrv - ok
22:44:43.0968 2688 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
22:44:44.0031 2688 seehcri - ok
22:44:44.0093 2688 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:44:44.0250 2688 serenum - ok
22:44:44.0328 2688 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
22:44:44.0484 2688 Serial - ok
22:44:44.0687 2688 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:44:44.0812 2688 Sfloppy - ok
22:44:44.0875 2688 Simbad - ok
22:44:45.0000 2688 smwdm (f1b8248d5d7e151b8934cdef4424fb6e) C:\WINDOWS\system32\drivers\smwdm.sys
22:44:45.0078 2688 smwdm - ok
22:44:45.0125 2688 Sparrow - ok
22:44:45.0171 2688 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:44:45.0312 2688 splitter - ok
22:44:45.0406 2688 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
22:44:45.0468 2688 sr - ok
22:44:45.0546 2688 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:44:45.0625 2688 Srv - ok
22:44:45.0718 2688 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:44:45.0859 2688 swenum - ok
22:44:45.0937 2688 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:44:46.0093 2688 swmidi - ok
22:44:46.0187 2688 symc810 - ok
22:44:46.0218 2688 symc8xx - ok
22:44:46.0250 2688 sym_hi - ok
22:44:46.0296 2688 sym_u3 - ok
22:44:46.0328 2688 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:44:46.0484 2688 sysaudio - ok
22:44:46.0625 2688 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:44:46.0750 2688 Tcpip - ok
22:44:46.0859 2688 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:44:47.0000 2688 TDPIPE - ok
22:44:47.0046 2688 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:44:47.0203 2688 TDTCP - ok
22:44:47.0312 2688 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:44:47.0453 2688 TermDD - ok
22:44:47.0500 2688 TosIde - ok
22:44:47.0609 2688 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:44:47.0765 2688 Udfs - ok
22:44:47.0890 2688 ULI5261 (564f1f82fb5c0249be0cfee4c826be95) C:\WINDOWS\system32\DRIVERS\ULILAN.SYS
22:44:47.0953 2688 ULI5261 - ok
22:44:47.0984 2688 uliagpkx (4acecaa41d5f1a4cd3c78afc4de0a8c3) C:\WINDOWS\system32\DRIVERS\agpkx.sys
22:44:48.0000 2688 uliagpkx - ok
22:44:48.0031 2688 ultra - ok
22:44:48.0125 2688 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:44:48.0281 2688 Update - ok
22:44:48.0375 2688 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:44:48.0546 2688 usbccgp - ok
22:44:48.0656 2688 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:44:48.0812 2688 usbehci - ok
22:44:48.0921 2688 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:44:49.0093 2688 usbhub - ok
22:44:49.0250 2688 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:44:49.0390 2688 usbohci - ok
22:44:49.0468 2688 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:44:49.0640 2688 usbprint - ok
22:44:49.0718 2688 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:44:49.0875 2688 usbscan - ok
22:44:49.0937 2688 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
22:44:50.0093 2688 usbser - ok
22:44:50.0203 2688 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:44:50.0359 2688 USBSTOR - ok
22:44:50.0453 2688 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:44:50.0593 2688 VgaSave - ok
22:44:50.0625 2688 ViaIde - ok
22:44:50.0703 2688 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
22:44:50.0843 2688 VolSnap - ok
22:44:50.0937 2688 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:44:51.0093 2688 Wanarp - ok
22:44:51.0125 2688 WDICA - ok
22:44:51.0187 2688 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:44:51.0328 2688 wdmaud - ok
22:44:51.0468 2688 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:44:51.0515 2688 WpdUsb - ok
22:44:51.0640 2688 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:44:51.0656 2688 WudfPf - ok
22:44:51.0687 2688 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:44:51.0703 2688 WudfRd - ok
22:44:51.0750 2688 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
22:44:51.0875 2688 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
22:44:51.0875 2688 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
22:44:51.0937 2688 Boot (0x1200) (9be5d266fcadabcb49b4955ca74310d9) \Device\Harddisk0\DR0\Partition0
22:44:51.0937 2688 \Device\Harddisk0\DR0\Partition0 - ok
22:44:51.0937 2688 ============================================================
22:44:51.0937 2688 Scan finished
22:44:51.0937 2688 ============================================================
22:44:52.0046 2680 Detected object count: 5
22:44:52.0046 2680 Actual detected object count: 5
22:45:22.0062 2680 HKLM\SYSTEM\ControlSet001\services\ALIEHCD - will be deleted on reboot
22:45:22.0062 2680 HKLM\SYSTEM\ControlSet002\services\ALIEHCD - will be deleted on reboot
22:45:22.0062 2680 C:\WINDOWS\system32\Drivers\ALIEHCI.sys - will be deleted on reboot
22:45:22.0062 2680 ALIEHCD ( UnsignedFile.Multi.Generic ) - User select action: Delete
22:45:22.0062 2680 HKLM\SYSTEM\ControlSet001\services\aligp - will be deleted on reboot
22:45:22.0062 2680 HKLM\SYSTEM\ControlSet002\services\aligp - will be deleted on reboot
22:45:22.0062 2680 C:\WINDOWS\system32\DRIVERS\AliGP.sys - will be deleted on reboot
22:45:22.0062 2680 aligp ( UnsignedFile.Multi.Generic ) - User select action: Delete
22:45:22.0078 2680 HKLM\SYSTEM\ControlSet001\services\aliroothub - will be deleted on reboot
22:45:22.0078 2680 HKLM\SYSTEM\ControlSet002\services\aliroothub - will be deleted on reboot
22:45:22.0078 2680 C:\WINDOWS\system32\DRIVERS\AliRtHub.sys - will be deleted on reboot
22:45:22.0078 2680 aliroothub ( UnsignedFile.Multi.Generic ) - User select action: Delete
22:45:22.0078 2680 HKLM\SYSTEM\ControlSet001\services\EIO - will be deleted on reboot
22:45:22.0078 2680 HKLM\SYSTEM\ControlSet002\services\EIO - will be deleted on reboot
22:45:22.0078 2680 C:\WINDOWS\system32\drivers\EIO.sys - will be deleted on reboot
22:45:22.0078 2680 EIO ( UnsignedFile.Multi.Generic ) - User select action: Delete
22:45:22.0109 2680 \Device\Harddisk0\DR0 - copied to quarantine
22:45:22.0109 2680 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Quarantine

Stačí toto? lebo úprimne, veľmi sa do takýchto vecí nerozumiem :(
Nahoru
Uživatelský avatar
chodnik74
Přítel fóra
Přítel fóra
Příspěvky: 4975
Registrován: 13 zář 2010 21:30
Bydliště: Napajedla
Kontaktovat uživatele:
Kontaktovat uživatele chodnik74

Re: Trojsky kon v operačnej pamäti + log na kontrolu pls pom

#6 Příspěvek od chodnik74 »

Rootkit.Win32.BackBoot.gen byl smazán, takže už nemáte v OP nic, ale chce si to číst návody, smazala jste i co jste neměla, ale něco vymyslíme ;-)


Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!
  • :arrow: Stáhneme si Combofix Obrázek
  • Program uložíme nejlépe na Plochu
  • Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
  • Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
  • Spustíme Combofix.exe s administrátorským oprávněním
    U Windows XP se přihlásíme pod účtem správce
    Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,)
  • Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
  • Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
  • Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
  • Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
  • Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
  • (Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )
Napiš mi: chodnik74@gmail.com nebo Obrázek

>RSIT<>MBAM<>VirusTotal

Doporučuji:Obrázek | Obrázek

:!: Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. ;-) Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! :!:

:!: Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!

:idea: Jste s naší pomocí spokojeni :???: Neváhejte a podpořte forum ZDE.

Pravidla fora: č.1 a č.2
Nahoru
addulka
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 01 led 2012 19:37

Re: Trojsky kon v operačnej pamäti + log na kontrolu pls pom

#7 Příspěvek od addulka »

Takže ten log:

ComboFix 12-01-01.06 - Andrej . 01. 2012 23:27:24.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.220 [GMT 1:00]
Running from: c:\documents and settings\Andrej\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\system32\drivers\Install.exe
c:\windows\system32\install.exe
c:\windows\system32\msssc.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2012-01-01 21:43 . 2012-01-01 21:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-01 21:31 . 2012-01-01 21:31 -------- d-----w- C:\WINSSLog
2012-01-01 21:27 . 2012-01-01 21:35 13198 ----a-w- C:\FixitRegBackup.reg
2012-01-01 20:54 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-01 20:54 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-01 20:54 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-01 20:54 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-01 20:54 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-01 20:54 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-01-01 20:54 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-01-01 20:54 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-01-01 20:54 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-01 20:54 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-01 17:32 . 2012-01-01 17:32 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKslc221fe41.sys
2011-12-31 19:41 . 2011-12-31 19:41 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsla0d30769.sys
2011-12-30 14:59 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-12-30 14:38 . 2011-11-21 01:47 6823496 ------w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\mpengine.dll
2011-12-30 14:19 . 2011-12-30 14:19 -------- d-----w- c:\documents and settings\Andrej\Data aplikací\Simply Super Software
2011-12-30 14:19 . 2011-12-30 14:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Simply Super Software
2011-12-30 11:01 . 2011-12-30 14:00 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-12-30 09:57 . 2009-08-24 21:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2011-12-30 09:56 . 2011-12-30 09:56 -------- d-----w- c:\program files\Ashampoo
2011-12-29 16:23 . 2012-01-01 20:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-12-29 16:23 . 2011-12-29 16:23 -------- d-----w- c:\program files\AVAST Software
2011-12-29 13:00 . 2011-12-29 13:00 -------- d-----w- c:\program files\Microsoft Silverlight
2011-12-29 11:43 . 2011-12-29 11:43 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-12-29 11:40 . 2011-12-29 11:40 -------- d-----w- c:\program files\Common Files\Windows Live
2011-12-29 11:36 . 2011-12-29 11:36 -------- d-----w- c:\windows\system32\winrm
2011-12-29 11:35 . 2011-12-29 11:36 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-12-29 10:37 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2011-12-29 10:21 . 2011-12-29 10:21 -------- d-----w- c:\program files\TeamViewer
2011-12-29 10:14 . 2011-12-29 13:31 -------- d-----w- c:\documents and settings\Andrej\Data aplikací\TeamViewer
2011-12-19 10:10 . 2011-12-19 10:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-12-19 10:09 . 2011-12-19 10:09 -------- d-----w- c:\documents and settings\Andrej\Local Settings\Data aplikací\ESET
2011-12-19 09:14 . 2011-12-19 09:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-19 09:13 . 2011-12-19 09:51 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-06 19:37 . 2011-12-19 09:14 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 01:47 . 2011-01-31 08:54 6823496 ------w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-04 19:13 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-14 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2008-04-14 12:00 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2008-04-14 08:06 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-01-26 18:43 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-01_18.21.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 12:00 . 2011-12-29 12:51 86528 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2012-01-01 22:11 86528 c:\windows\system32\perfc009.dat
+ 2012-01-01 22:12 . 2012-01-01 22:12 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-12-29 12:53 . 2011-12-29 12:53 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-01 22:12 . 2012-01-01 22:12 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-12-29 12:53 . 2011-12-29 12:53 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-01-01 22:12 . 2012-01-01 22:12 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-12-29 12:53 . 2011-12-29 12:53 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-01-01 22:12 . 2012-01-01 22:12 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-12-29 12:53 . 2011-12-29 12:53 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-12-29 12:53 . 2011-12-29 12:53 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-01-01 22:12 . 2012-01-01 22:12 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-12-29 12:53 . 2011-12-29 12:53 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-01-01 22:12 . 2012-01-01 22:12 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-12-29 12:51 . 2011-12-29 12:51 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-12-29 12:51 . 2011-12-29 12:51 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-12-29 12:51 . 2011-12-29 12:51 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-12-29 12:51 . 2011-12-29 12:51 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-12-29 12:51 . 2011-12-29 12:51 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-12-29 12:51 . 2011-12-29 12:51 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2011-12-29 12:51 . 2011-12-29 12:51 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2008-04-14 12:00 . 2012-01-01 22:11 499384 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2011-12-29 12:51 499384 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2012-01-01 22:11 514792 c:\windows\system32\perfh005.dat
- 2008-04-14 12:00 . 2011-12-29 12:51 514792 c:\windows\system32\perfh005.dat
+ 2008-04-14 12:00 . 2012-01-01 22:10 108732 c:\windows\system32\perfc005.dat
- 2008-04-14 12:00 . 2011-12-29 12:51 108732 c:\windows\system32\perfc005.dat
+ 2011-12-26 03:39 . 2011-12-26 03:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2012-01-01 22:12 . 2012-01-01 22:12 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-12-29 12:53 . 2011-12-29 12:53 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-12-29 12:53 . 2011-12-29 12:53 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-01-01 22:12 . 2012-01-01 22:12 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-01 22:12 . 2012-01-01 22:12 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-12-29 12:51 . 2011-12-29 12:51 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-12-29 12:51 . 2011-12-29 12:51 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-12-29 12:51 . 2011-12-29 12:51 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-12-29 12:51 . 2011-12-29 12:51 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-12-29 12:53 . 2011-12-29 12:53 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-01-01 22:12 . 2012-01-01 22:12 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-12-29 12:53 . 2011-12-29 12:53 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-01-01 22:12 . 2012-01-01 22:12 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-01-01 22:12 . 2012-01-01 22:12 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-01-01 22:12 . 2012-01-01 22:12 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-01-01 22:12 . 2012-01-01 22:12 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-01-01 22:12 . 2012-01-01 22:12 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-12-29 12:51 . 2011-12-29 12:51 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-12-29 12:51 . 2011-12-29 12:51 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-12-29 12:51 . 2011-12-29 12:51 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-01 22:12 . 2012-01-01 22:12 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-12-29 12:51 . 2011-12-29 12:51 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-12-29 12:51 . 2011-12-29 12:51 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-12-25 04:40 . 2011-12-25 04:40 819200 c:\windows\Installer\e9a94.msp
+ 2012-01-01 22:12 . 2012-01-01 22:12 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-12-29 12:53 . 2011-12-29 12:53 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-01-01 22:12 . 2012-01-01 22:12 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-12-29 12:51 . 2011-12-29 12:51 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-01 22:12 . 2012-01-01 22:12 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-12-29 12:51 . 2011-12-29 12:51 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-01 22:11 . 2012-01-01 22:11 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-12-29 12:52 . 2011-12-29 12:52 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-12-26 08:59 . 2011-12-26 08:59 4368896 c:\windows\Installer\e9a9b.msp
+ 2011-12-26 04:06 . 2011-12-26 04:06 5115392 c:\windows\Installer\e9a8e.msp
+ 2012-01-01 22:14 . 2012-01-01 22:14 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-01-29 19:27 . 2011-01-29 19:27 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-07-12 14:50 . 2011-07-12 14:50 17555968 c:\windows\Installer\e9a86.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALi5289"="c:\program files\ULI5289\ALi5289.exe" [2005-03-10 405504]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 08:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 16:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-12-09 10:45 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [26. 1. 2011 20:14 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [26. 1. 2011 20:14 44928]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1. 1. 2012 21:54 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1. 1. 2012 21:54 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1. 1. 2012 21:54 20568]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
R2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 8\DfSdkS.exe [30. 12. 2011 10:57 406016]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [29. 12. 2011 11:21 2984832]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [31. 7. 2011 12:59 27632]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [26. 1. 2011 20:14 28160]
S1 MpKsl0291cfe2;MpKsl0291cfe2;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6D0CF53E-1F76-4B6E-B77C-DF326FA67E8A}\MpKsl0291cfe2.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6D0CF53E-1F76-4B6E-B77C-DF326FA67E8A}\MpKsl0291cfe2.sys [?]
S1 MpKsl09216346;MpKsl09216346;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DD470124-A171-419F-AE37-4B6EF09A058F}\MpKsl09216346.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DD470124-A171-419F-AE37-4B6EF09A058F}\MpKsl09216346.sys [?]
S1 MpKsl170033f7;MpKsl170033f7;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4A2CB5F8-2CC7-421C-B551-781796EF498A}\MpKsl170033f7.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4A2CB5F8-2CC7-421C-B551-781796EF498A}\MpKsl170033f7.sys [?]
S1 MpKsl198c1960;MpKsl198c1960;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DD470124-A171-419F-AE37-4B6EF09A058F}\MpKsl198c1960.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DD470124-A171-419F-AE37-4B6EF09A058F}\MpKsl198c1960.sys [?]
S1 MpKsl1d649da7;MpKsl1d649da7;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl1d649da7.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl1d649da7.sys [?]
S1 MpKsl39a2102d;MpKsl39a2102d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C0EE2217-583F-497D-948F-9D66450859B2}\MpKsl39a2102d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C0EE2217-583F-497D-948F-9D66450859B2}\MpKsl39a2102d.sys [?]
S1 MpKsl4a5c88d6;MpKsl4a5c88d6;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl4a5c88d6.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl4a5c88d6.sys [?]
S1 MpKsl4ab8ec4e;MpKsl4ab8ec4e;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF0701-2968-4948-97E7-B8931527B410}\MpKsl4ab8ec4e.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF0701-2968-4948-97E7-B8931527B410}\MpKsl4ab8ec4e.sys [?]
S1 MpKsl4ebe2678;MpKsl4ebe2678;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{16971267-EAA7-477B-99A5-0DBF6649D69C}\MpKsl4ebe2678.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{16971267-EAA7-477B-99A5-0DBF6649D69C}\MpKsl4ebe2678.sys [?]
S1 MpKsl4f3a2b56;MpKsl4f3a2b56;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl4f3a2b56.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl4f3a2b56.sys [?]
S1 MpKsl50729e58;MpKsl50729e58;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{64403C45-BCED-43D3-96F0-206FD34ECF07}\MpKsl50729e58.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{64403C45-BCED-43D3-96F0-206FD34ECF07}\MpKsl50729e58.sys [?]
S1 MpKsl6d243d40;MpKsl6d243d40;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0A43367D-418B-43FE-AC29-FFCC4176BA81}\MpKsl6d243d40.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0A43367D-418B-43FE-AC29-FFCC4176BA81}\MpKsl6d243d40.sys [?]
S1 MpKsl6da53cd2;MpKsl6da53cd2;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0FFB68F0-09DB-4CE0-8B3D-63EE59AB2BF3}\MpKsl6da53cd2.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0FFB68F0-09DB-4CE0-8B3D-63EE59AB2BF3}\MpKsl6da53cd2.sys [?]
S1 MpKsl788c0a60;MpKsl788c0a60;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0FFB68F0-09DB-4CE0-8B3D-63EE59AB2BF3}\MpKsl788c0a60.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0FFB68F0-09DB-4CE0-8B3D-63EE59AB2BF3}\MpKsl788c0a60.sys [?]
S1 MpKsl7a8c3fbd;MpKsl7a8c3fbd;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl7a8c3fbd.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl7a8c3fbd.sys [?]
S1 MpKsl805c9a21;MpKsl805c9a21;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl805c9a21.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl805c9a21.sys [?]
S1 MpKsl9595b0f9;MpKsl9595b0f9;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A6ED3860-72AB-4BA7-BDC4-EBF38ED88229}\MpKsl9595b0f9.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A6ED3860-72AB-4BA7-BDC4-EBF38ED88229}\MpKsl9595b0f9.sys [?]
S1 MpKsl97cb5649;MpKsl97cb5649;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CC07DEDF-D087-4C01-B58B-2AEAF651B6A1}\MpKsl97cb5649.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CC07DEDF-D087-4C01-B58B-2AEAF651B6A1}\MpKsl97cb5649.sys [?]
S1 MpKsl9bbe3881;MpKsl9bbe3881;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl9bbe3881.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl9bbe3881.sys [?]
S1 MpKslbf9c73f3;MpKslbf9c73f3;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{75555445-74B2-4212-8270-D7B3258FC677}\MpKslbf9c73f3.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{75555445-74B2-4212-8270-D7B3258FC677}\MpKslbf9c73f3.sys [?]
S1 MpKsle85ea9d9;MpKsle85ea9d9;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DF8A9E5C-8181-467C-AB3E-52E89B46799F}\MpKsle85ea9d9.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DF8A9E5C-8181-467C-AB3E-52E89B46799F}\MpKsle85ea9d9.sys [?]
S1 MpKslff5f15b2;MpKslff5f15b2;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{75555445-74B2-4212-8270-D7B3258FC677}\MpKslff5f15b2.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{75555445-74B2-4212-8270-D7B3258FC677}\MpKslff5f15b2.sys [?]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [31. 1. 2011 18:00 247096]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [31. 7. 2011 12:58 90112]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14. 4. 2008 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 62679435
*NewlyCreated* - WUAUSERV
*Deregistered* - 62679435
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.119.113.244 217.119.113.245
FF - ProfilePath - c:\documents and settings\Andrej\Data aplikací\Mozilla\Firefox\Profiles\mrqnrq5s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-62679435.sys
SafeBoot-MsMpSvc
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-01 23:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-01-01 23:40:02
ComboFix-quarantined-files.txt 2012-01-01 22:39
ComboFix2.txt 2012-01-01 18:28
.
Pre-Run: Volných bajtů: 58 486 513 664
Post-Run: Volných bajtů: 58 489 024 512
.
- - End Of File - - 573ECAE41B9B26F2EADE76364444DD6F
Nahoru
Uživatelský avatar
chodnik74
Přítel fóra
Přítel fóra
Příspěvky: 4975
Registrován: 13 zář 2010 21:30
Bydliště: Napajedla
Kontaktovat uživatele:
Kontaktovat uživatele chodnik74

Re: Trojsky kon v operačnej pamäti + log na kontrolu pls pom

#8 Příspěvek od chodnik74 »

:arrow: MSE zkuste nainstalovat z netu znovu a poté klasicky odinstalovat :)


:arrow: Otevřeme si Poznámkový blok Obrázek
  • (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
  • Vložíme do něj následující script:

    Kód: Vybrat vše

    
KillAll::

Firefox::
FF - ProfilePath - c:\documents and settings\Andrej\Data aplikací\Mozilla\Firefox\Profiles\mrqnrq5s.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =937811&p=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

DirLook::
C:\TDSSKiller_Quarantine

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

Driver::
ICQ Service

Folder::
c:\program files\ICQ6Toolbar\

Reboot::
  • Soubor uložíme na Plochu jako CFScript.txt
  • Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme

    Obrázek
  • Poté Combofix provede všechny operace a udělá nový log,který sem vložte
:!: Může se stát,že po aplikaci scriptu nenaběhne Windows běžným způsobem.V tomto případě restartujte počítač a při startu mačkejte F8 a zvolte možnost Poslední známá funkční konfigurace
Napiš mi: chodnik74@gmail.com nebo Obrázek

>RSIT<>MBAM<>VirusTotal

Doporučuji:Obrázek | Obrázek

:!: Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. ;-) Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! :!:

:!: Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!

:idea: Jste s naší pomocí spokojeni :???: Neváhejte a podpořte forum ZDE.

Pravidla fora: č.1 a č.2
Nahoru
addulka
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 01 led 2012 19:37

Re: Trojsky kon v operačnej pamäti + log na kontrolu pls pom

#9 Příspěvek od addulka »

MSE mi ištaláciu síce začne, ale nedokončí, vyhodí že ostraňujú sa už nainštalované časti ale neodstránia sa iba vybehne chybové hlásenie že MSE nie je možné nainštalovať kvôli chybe....

A ten log:

ComboFix 12-01-01.06 - Andrej . 01. 2012 0:25.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.244 [GMT 1:00]
Running from: c:\documents and settings\Andrej\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Andrej\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ICQ_SERVICE
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2012-01-01 21:43 . 2012-01-01 21:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-01 21:31 . 2012-01-01 21:31 -------- d-----w- C:\WINSSLog
2012-01-01 21:27 . 2012-01-01 21:35 13198 ----a-w- C:\FixitRegBackup.reg
2012-01-01 20:54 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-01 20:54 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-01 20:54 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-01 20:54 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-01 20:54 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-01 20:54 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-01-01 20:54 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-01-01 20:54 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-01-01 20:54 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-01 20:54 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-30 14:59 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-12-30 14:19 . 2011-12-30 14:19 -------- d-----w- c:\documents and settings\Andrej\Data aplikací\Simply Super Software
2011-12-30 14:19 . 2011-12-30 14:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Simply Super Software
2011-12-30 11:01 . 2011-12-30 14:00 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-12-30 09:57 . 2009-08-24 21:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2011-12-30 09:56 . 2011-12-30 09:56 -------- d-----w- c:\program files\Ashampoo
2011-12-29 16:23 . 2012-01-01 20:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-12-29 16:23 . 2011-12-29 16:23 -------- d-----w- c:\program files\AVAST Software
2011-12-29 13:00 . 2011-12-29 13:00 -------- d-----w- c:\program files\Microsoft Silverlight
2011-12-29 11:43 . 2011-12-29 11:43 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-12-29 11:40 . 2011-12-29 11:40 -------- d-----w- c:\program files\Common Files\Windows Live
2011-12-29 11:36 . 2011-12-29 11:36 -------- d-----w- c:\windows\system32\winrm
2011-12-29 11:35 . 2011-12-29 11:36 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-12-29 10:37 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2011-12-29 10:21 . 2011-12-29 10:21 -------- d-----w- c:\program files\TeamViewer
2011-12-29 10:14 . 2011-12-29 13:31 -------- d-----w- c:\documents and settings\Andrej\Data aplikací\TeamViewer
2011-12-19 10:10 . 2011-12-19 10:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-12-19 10:09 . 2011-12-19 10:09 -------- d-----w- c:\documents and settings\Andrej\Local Settings\Data aplikací\ESET
2011-12-19 09:14 . 2011-12-19 09:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-06 19:37 . 2011-12-19 09:14 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-14 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2008-04-14 12:00 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2008-04-14 08:06 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-01-26 18:43 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\TDSSKiller_Quarantine ----
.
2012-01-01 21:45 . 2012-01-01 21:45 118 ----a-w- c:\tdsskiller_quarantine\01.01.2012_22.41.40\mbr0001\mbr0000\object.ini
2012-01-01 21:45 . 2012-01-01 21:45 32768 ----a-w- c:\tdsskiller_quarantine\01.01.2012_22.41.40\mbr0001\mbr0000\tsk0000.dta
2012-01-01 21:45 . 2012-01-01 21:45 68 ----a-w- c:\tdsskiller_quarantine\01.01.2012_22.41.40\mbr0001\mbr0000\tsk0000.ini
2012-01-01 21:45 . 2012-01-01 21:45 112 ----a-w- c:\tdsskiller_quarantine\01.01.2012_22.41.40\mbr0001\object.ini
2012-01-01 21:43 . 2012-01-01 21:43 118 ----a-w- c:\tdsskiller_quarantine\01.01.2012_22.41.40\mbr0000\mbr0000\object.ini
2012-01-01 21:43 . 2012-01-01 21:43 32768 ----a-w- c:\tdsskiller_quarantine\01.01.2012_22.41.40\mbr0000\mbr0000\tsk0000.dta
2012-01-01 21:43 . 2012-01-01 21:43 68 ----a-w- c:\tdsskiller_quarantine\01.01.2012_22.41.40\mbr0000\mbr0000\tsk0000.ini
2012-01-01 21:43 . 2012-01-01 21:43 112 ----a-w- c:\tdsskiller_quarantine\01.01.2012_22.41.40\mbr0000\object.ini
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-01_22.37.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-01 22:49 . 2012-01-01 22:49 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\238152ba3443c153453266b26bb68050\System.Web.Extensions.Design.ni.dll
+ 2012-01-01 22:49 . 2012-01-01 22:49 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\6a5b65fe17063bf114ac501bfbfaad8e\System.Web.Entity.ni.dll
+ 2012-01-01 22:49 . 2012-01-01 22:49 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\6c6b00620dd3d5424a90771c3570e5b7\System.Web.Entity.Design.ni.dll
+ 2012-01-01 22:49 . 2012-01-01 22:49 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a569077f6816f28c36d50379e0eeff00\System.Web.DynamicData.ni.dll
+ 2012-01-01 22:49 . 2012-01-01 22:49 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\9c68a548d4afd3cd4538b50f6d0054b2\System.Web.Extensions.ni.dll
+ 2012-01-01 22:48 . 2012-01-01 22:48 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\080c3ab92016cd6bf26f81b8f5ff3a36\System.ServiceModel.Web.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALi5289"="c:\program files\ULI5289\ALi5289.exe" [2005-03-10 405504]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [26. 1. 2011 20:14 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [26. 1. 2011 20:14 44928]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1. 1. 2012 21:54 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1. 1. 2012 21:54 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1. 1. 2012 21:54 20568]
R2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 8\DfSdkS.exe [30. 12. 2011 10:57 406016]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [31. 7. 2011 12:58 90112]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [29. 12. 2011 11:21 2984832]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [31. 7. 2011 12:59 27632]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [26. 1. 2011 20:14 28160]
S1 MpKsl0291cfe2;MpKsl0291cfe2;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6D0CF53E-1F76-4B6E-B77C-DF326FA67E8A}\MpKsl0291cfe2.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6D0CF53E-1F76-4B6E-B77C-DF326FA67E8A}\MpKsl0291cfe2.sys [?]
S1 MpKsl09216346;MpKsl09216346;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DD470124-A171-419F-AE37-4B6EF09A058F}\MpKsl09216346.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DD470124-A171-419F-AE37-4B6EF09A058F}\MpKsl09216346.sys [?]
S1 MpKsl170033f7;MpKsl170033f7;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4A2CB5F8-2CC7-421C-B551-781796EF498A}\MpKsl170033f7.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4A2CB5F8-2CC7-421C-B551-781796EF498A}\MpKsl170033f7.sys [?]
S1 MpKsl198c1960;MpKsl198c1960;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DD470124-A171-419F-AE37-4B6EF09A058F}\MpKsl198c1960.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DD470124-A171-419F-AE37-4B6EF09A058F}\MpKsl198c1960.sys [?]
S1 MpKsl1d649da7;MpKsl1d649da7;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl1d649da7.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl1d649da7.sys [?]
S1 MpKsl39a2102d;MpKsl39a2102d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C0EE2217-583F-497D-948F-9D66450859B2}\MpKsl39a2102d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C0EE2217-583F-497D-948F-9D66450859B2}\MpKsl39a2102d.sys [?]
S1 MpKsl4a5c88d6;MpKsl4a5c88d6;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl4a5c88d6.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl4a5c88d6.sys [?]
S1 MpKsl4ab8ec4e;MpKsl4ab8ec4e;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF0701-2968-4948-97E7-B8931527B410}\MpKsl4ab8ec4e.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF0701-2968-4948-97E7-B8931527B410}\MpKsl4ab8ec4e.sys [?]
S1 MpKsl4ebe2678;MpKsl4ebe2678;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{16971267-EAA7-477B-99A5-0DBF6649D69C}\MpKsl4ebe2678.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{16971267-EAA7-477B-99A5-0DBF6649D69C}\MpKsl4ebe2678.sys [?]
S1 MpKsl4f3a2b56;MpKsl4f3a2b56;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl4f3a2b56.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl4f3a2b56.sys [?]
S1 MpKsl50729e58;MpKsl50729e58;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{64403C45-BCED-43D3-96F0-206FD34ECF07}\MpKsl50729e58.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{64403C45-BCED-43D3-96F0-206FD34ECF07}\MpKsl50729e58.sys [?]
S1 MpKsl6d243d40;MpKsl6d243d40;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0A43367D-418B-43FE-AC29-FFCC4176BA81}\MpKsl6d243d40.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0A43367D-418B-43FE-AC29-FFCC4176BA81}\MpKsl6d243d40.sys [?]
S1 MpKsl6da53cd2;MpKsl6da53cd2;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0FFB68F0-09DB-4CE0-8B3D-63EE59AB2BF3}\MpKsl6da53cd2.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0FFB68F0-09DB-4CE0-8B3D-63EE59AB2BF3}\MpKsl6da53cd2.sys [?]
S1 MpKsl788c0a60;MpKsl788c0a60;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0FFB68F0-09DB-4CE0-8B3D-63EE59AB2BF3}\MpKsl788c0a60.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0FFB68F0-09DB-4CE0-8B3D-63EE59AB2BF3}\MpKsl788c0a60.sys [?]
S1 MpKsl7a8c3fbd;MpKsl7a8c3fbd;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl7a8c3fbd.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl7a8c3fbd.sys [?]
S1 MpKsl805c9a21;MpKsl805c9a21;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl805c9a21.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl805c9a21.sys [?]
S1 MpKsl9595b0f9;MpKsl9595b0f9;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A6ED3860-72AB-4BA7-BDC4-EBF38ED88229}\MpKsl9595b0f9.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A6ED3860-72AB-4BA7-BDC4-EBF38ED88229}\MpKsl9595b0f9.sys [?]
S1 MpKsl97cb5649;MpKsl97cb5649;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CC07DEDF-D087-4C01-B58B-2AEAF651B6A1}\MpKsl97cb5649.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CC07DEDF-D087-4C01-B58B-2AEAF651B6A1}\MpKsl97cb5649.sys [?]
S1 MpKsl9bbe3881;MpKsl9bbe3881;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl9bbe3881.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl9bbe3881.sys [?]
S1 MpKslbf9c73f3;MpKslbf9c73f3;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{75555445-74B2-4212-8270-D7B3258FC677}\MpKslbf9c73f3.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{75555445-74B2-4212-8270-D7B3258FC677}\MpKslbf9c73f3.sys [?]
S1 MpKsle85ea9d9;MpKsle85ea9d9;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DF8A9E5C-8181-467C-AB3E-52E89B46799F}\MpKsle85ea9d9.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DF8A9E5C-8181-467C-AB3E-52E89B46799F}\MpKsle85ea9d9.sys [?]
S1 MpKslff5f15b2;MpKslff5f15b2;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{75555445-74B2-4212-8270-D7B3258FC677}\MpKslff5f15b2.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{75555445-74B2-4212-8270-D7B3258FC677}\MpKslff5f15b2.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14. 4. 2008 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.119.113.244 217.119.113.245
FF - ProfilePath - c:\documents and settings\Andrej\Data aplikací\Mozilla\Firefox\Profiles\mrqnrq5s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DWQueuedReporting - c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-02 00:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1108)
c:\windows\system32\msi.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\windows\system32\wscntfy.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2012-01-02 00:40:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-01 23:40
ComboFix2.txt 2012-01-01 22:40
ComboFix3.txt 2012-01-01 18:28
.
Pre-Run: Volných bajtů: 58 727 591 936
Post-Run: Volných bajtů: 58 711 625 728
.
- - End Of File - - 03C1CA83674D422F554EE64E22CD368D
Nahoru
Uživatelský avatar
chodnik74
Přítel fóra
Přítel fóra
Příspěvky: 4975
Registrován: 13 zář 2010 21:30
Bydliště: Napajedla
Kontaktovat uživatele:
Kontaktovat uživatele chodnik74

Re: Trojsky kon v operačnej pamäti + log na kontrolu pls pom

#10 Příspěvek od chodnik74 »

MSE je skoro pryč, tak zkusíme dočistit zbytky..


:arrow: Otevřeme si Poznámkový blok Obrázek
  • (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
  • Vložíme do něj následující script:

    Kód: Vybrat vše

    KillAll::

Driver::
MpKsl0291cfe2
MpKsl09216346
MpKsl170033f7
MpKsl198c1960
MpKsl1d649da7
MpKsl39a2102d
MpKsl4a5c88d6
MpKsl4ab8ec4e
MpKsl4ebe2678
MpKsl4f3a2b56
MpKsl50729e58
MpKsl6d243d40
MpKsl6da53cd2
MpKsl788c0a60
MpKsl7a8c3fbd
MpKsl805c9a21
MpKsl9595b0f9
MpKsl97cb5649
MpKsl9bbe3881
MpKslbf9c73f3
MpKsle85ea9d9
MpKslff5f15b2

File::
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6D0CF53E-1F76-4B6E-B77C-DF326FA67E8A}\MpKsl0291cfe2.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DD470124-A171-419F-AE37-4B6EF09A058F}\MpKsl09216346.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4A2CB5F8-2CC7-421C-B551-781796EF498A}\MpKsl170033f7.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DD470124-A171-419F-AE37-4B6EF09A058F}\MpKsl198c1960.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl1d649da7.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C0EE2217-583F-497D-948F-9D66450859B2}\MpKsl39a2102d.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl4a5c88d6.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF0701-2968-4948-97E7-B8931527B410}\MpKsl4ab8ec4e.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{16971267-EAA7-477B-99A5-0DBF6649D69C}\MpKsl4ebe2678.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl4f3a2b56.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{64403C45-BCED-43D3-96F0-206FD34ECF07}\MpKsl50729e58.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0A43367D-418B-43FE-AC29-FFCC4176BA81}\MpKsl6d243d40.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0FFB68F0-09DB-4CE0-8B3D-63EE59AB2BF3}\MpKsl6da53cd2.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0FFB68F0-09DB-4CE0-8B3D-63EE59AB2BF3}\MpKsl788c0a60.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl7a8c3fbd.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl805c9a21.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A6ED3860-72AB-4BA7-BDC4-EBF38ED88229}\MpKsl9595b0f9.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CC07DEDF-D087-4C01-B58B-2AEAF651B6A1}\MpKsl97cb5649.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl9bbe3881.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{75555445-74B2-4212-8270-D7B3258FC677}\MpKslbf9c73f3.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DF8A9E5C-8181-467C-AB3E-52E89B46799F}\MpKsle85ea9d9.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{75555445-74B2-4212-8270-D7B3258FC677}\MpKslff5f15b2.sys

Folder::
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\
c:\program files\Microsoft Security Client\

Firefox::
FF - ProfilePath - c:\documents and settings\Andrej\Data aplikací\Mozilla\Firefox\Profiles\mrqnrq5s.default\
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

DirLook::
C:\Qoobox\

Reboot::
  • Soubor uložíme na Plochu jako CFScript.txt
  • Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme

    Obrázek
  • Poté Combofix provede všechny operace a udělá nový log,který sem vložte
:!: Může se stát,že po aplikaci scriptu nenaběhne Windows běžným způsobem.V tomto případě restartujte počítač a při startu mačkejte F8 a zvolte možnost Poslední známá funkční konfigurace
Napiš mi: chodnik74@gmail.com nebo Obrázek

>RSIT<>MBAM<>VirusTotal

Doporučuji:Obrázek | Obrázek

:!: Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. ;-) Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! :!:

:!: Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!

:idea: Jste s naší pomocí spokojeni :???: Neváhejte a podpořte forum ZDE.

Pravidla fora: č.1 a č.2
Nahoru
addulka
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 01 led 2012 19:37

Re: Trojsky kon v operačnej pamäti + log na kontrolu pls pom

#11 Příspěvek od addulka »

ComboFix 12-01-02.01 - Andrej . 01. 2012 14:34:44.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.260 [GMT 1:00]
Running from: c:\documents and settings\Andrej\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Andrej\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0A43367D-418B-43FE-AC29-FFCC4176BA81}\MpKsl6d243d40.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0FFB68F0-09DB-4CE0-8B3D-63EE59AB2BF3}\MpKsl6da53cd2.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0FFB68F0-09DB-4CE0-8B3D-63EE59AB2BF3}\MpKsl788c0a60.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{16971267-EAA7-477B-99A5-0DBF6649D69C}\MpKsl4ebe2678.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4A2CB5F8-2CC7-421C-B551-781796EF498A}\MpKsl170033f7.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{64403C45-BCED-43D3-96F0-206FD34ECF07}\MpKsl50729e58.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6D0CF53E-1F76-4B6E-B77C-DF326FA67E8A}\MpKsl0291cfe2.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{75555445-74B2-4212-8270-D7B3258FC677}\MpKslbf9c73f3.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{75555445-74B2-4212-8270-D7B3258FC677}\MpKslff5f15b2.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl4a5c88d6.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl4f3a2b56.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7CDA0556-32FA-4604-9190-F5F3557DDB16}\MpKsl805c9a21.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A6ED3860-72AB-4BA7-BDC4-EBF38ED88229}\MpKsl9595b0f9.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl1d649da7.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl7a8c3fbd.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB447E2D-62AA-4114-B6F0-9CBDBCD55A9D}\MpKsl9bbe3881.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF0701-2968-4948-97E7-B8931527B410}\MpKsl4ab8ec4e.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C0EE2217-583F-497D-948F-9D66450859B2}\MpKsl39a2102d.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CC07DEDF-D087-4C01-B58B-2AEAF651B6A1}\MpKsl97cb5649.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DD470124-A171-419F-AE37-4B6EF09A058F}\MpKsl09216346.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DD470124-A171-419F-AE37-4B6EF09A058F}\MpKsl198c1960.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DF8A9E5C-8181-467C-AB3E-52E89B46799F}\MpKsle85ea9d9.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL09216346
-------\Legacy_MPKSL170033F7
-------\Legacy_MPKSL198C1960
-------\Legacy_MPKSL1D649DA7
-------\Legacy_MPKSL4AB8EC4E
-------\Legacy_MPKSL4EBE2678
-------\Legacy_MPKSL50729E58
-------\Legacy_MPKSL6D243D40
-------\Legacy_MPKSL6DA53CD2
-------\Legacy_MPKSL788C0A60
-------\Legacy_MPKSL7A8C3FBD
-------\Legacy_MPKSL9595B0F9
-------\Legacy_MPKSL97CB5649
-------\Legacy_MPKSL9BBE3881
-------\Legacy_MPKSLBF9C73F3
-------\Legacy_MPKSLE85EA9D9
-------\Legacy_MPKSLFF5F15B2
-------\Service_MpKsl0291cfe2
-------\Service_MpKsl09216346
-------\Service_MpKsl170033f7
-------\Service_MpKsl198c1960
-------\Service_MpKsl1d649da7
-------\Service_MpKsl39a2102d
-------\Service_MpKsl4a5c88d6
-------\Service_MpKsl4ab8ec4e
-------\Service_MpKsl4ebe2678
-------\Service_MpKsl4f3a2b56
-------\Service_MpKsl50729e58
-------\Service_MpKsl6d243d40
-------\Service_MpKsl6da53cd2
-------\Service_MpKsl788c0a60
-------\Service_MpKsl7a8c3fbd
-------\Service_MpKsl805c9a21
-------\Service_MpKsl9595b0f9
-------\Service_MpKsl97cb5649
-------\Service_MpKsl9bbe3881
-------\Service_MpKslbf9c73f3
-------\Service_MpKsle85ea9d9
-------\Service_MpKslff5f15b2
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2012-01-02 13:18 . 2012-01-02 13:18 -------- d-----w- c:\documents and settings\Andrej\Local Settings\Data aplikací\PCHealth
2012-01-01 21:43 . 2012-01-01 21:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-01 21:31 . 2012-01-01 21:31 -------- d-----w- C:\WINSSLog
2012-01-01 21:27 . 2012-01-01 21:35 13198 ----a-w- C:\FixitRegBackup.reg
2012-01-01 20:54 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-01 20:54 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-01 20:54 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-01 20:54 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-01 20:54 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-01 20:54 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-01-01 20:54 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-01-01 20:54 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-01-01 20:54 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-01 20:54 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-30 14:59 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-12-30 14:19 . 2011-12-30 14:19 -------- d-----w- c:\documents and settings\Andrej\Data aplikací\Simply Super Software
2011-12-30 14:19 . 2011-12-30 14:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Simply Super Software
2011-12-30 11:01 . 2011-12-30 14:00 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-12-30 09:57 . 2009-08-24 21:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2011-12-30 09:56 . 2011-12-30 09:56 -------- d-----w- c:\program files\Ashampoo
2011-12-29 16:23 . 2012-01-01 20:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-12-29 16:23 . 2011-12-29 16:23 -------- d-----w- c:\program files\AVAST Software
2011-12-29 13:00 . 2011-12-29 13:00 -------- d-----w- c:\program files\Microsoft Silverlight
2011-12-29 11:43 . 2011-12-29 11:43 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-12-29 11:40 . 2011-12-29 11:40 -------- d-----w- c:\program files\Common Files\Windows Live
2011-12-29 11:36 . 2011-12-29 11:36 -------- d-----w- c:\windows\system32\winrm
2011-12-29 11:35 . 2011-12-29 11:36 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-12-29 10:37 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2011-12-29 10:21 . 2011-12-29 10:21 -------- d-----w- c:\program files\TeamViewer
2011-12-29 10:14 . 2011-12-29 13:31 -------- d-----w- c:\documents and settings\Andrej\Data aplikací\TeamViewer
2011-12-19 10:10 . 2011-12-19 10:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-12-19 10:09 . 2011-12-19 10:09 -------- d-----w- c:\documents and settings\Andrej\Local Settings\Data aplikací\ESET
2011-12-19 09:14 . 2011-12-19 09:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-06 19:37 . 2011-12-19 09:14 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-14 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2008-04-14 12:00 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2008-04-14 08:06 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-01-26 18:43 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Qoobox ----
.
2012-01-02 13:43 . 2012-01-02 13:43 0 ----a-w- c:\qoobox\LastRun\CregC.old
2012-01-02 13:43 . 2012-01-02 13:40 1343 ----a-w- c:\qoobox\LastRun\SvcTarget.dat
2012-01-02 13:43 . 2012-01-02 13:43 30266 ----a-w- c:\qoobox\LastRun\zhsvc.old
2012-01-02 13:43 . 2012-01-02 13:40 0 ----a-w- c:\qoobox\LastRun\RenVDel.dat
2012-01-02 13:40 . 2012-01-02 13:40 4458 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKslff5f15b2.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 4458 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsle85ea9d9.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 4458 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKslbf9c73f3.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 4458 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl9bbe3881.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 4458 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl97cb5649.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 4458 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl9595b0f9.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 3750 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl805c9a21.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 4458 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl7a8c3fbd.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 4458 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl788c0a60.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 4458 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl6da53cd2.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 4458 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl6d243d40.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 4458 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl50729e58.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 3750 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl4f3a2b56.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 4458 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl4ebe2678.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 4458 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl4ab8ec4e.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 3750 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl4a5c88d6.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 3750 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl39a2102d.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 4458 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl1d649da7.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 4458 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl198c1960.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 4458 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl170033f7.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 4458 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl09216346.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 3750 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_MpKsl0291cfe2.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 1280 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_MPKSLFF5F15B2.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 1280 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_MPKSLE85EA9D9.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 1280 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_MPKSLBF9C73F3.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 1280 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_MPKSL9BBE3881.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 1280 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_MPKSL97CB5649.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 1280 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_MPKSL9595B0F9.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 1280 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_MPKSL7A8C3FBD.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 1280 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_MPKSL788C0A60.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 1280 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_MPKSL6DA53CD2.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 1280 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_MPKSL6D243D40.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 1280 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_MPKSL50729E58.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 1280 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_MPKSL4EBE2678.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 1280 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_MPKSL4AB8EC4E.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 1280 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_MPKSL1D649DA7.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 1280 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_MPKSL198C1960.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 1280 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_MPKSL170033F7.reg.dat
2012-01-02 13:40 . 2012-01-02 13:40 1280 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_MPKSL09216346.reg.dat
2012-01-02 13:34 . 2012-01-02 13:34 0 ----a-w- c:\qoobox\LastRun\SrPeek.cfscript
2012-01-02 13:34 . 2012-01-02 13:34 13 ----a-w- c:\qoobox\LastRun\DirLook.cfscript
2012-01-02 13:34 . 2012-01-02 13:30 4285 ----a-w- c:\qoobox\CFScript_used_2012-01-02_14.34.21.txt
2012-01-02 13:32 . 2012-01-02 13:32 13 ----a-w- c:\qoobox\LastRun\Gateway
2012-01-01 23:39 . 2012-01-01 23:39 161 ----a-w- c:\qoobox\Quarantine\Registry_backups\HKLM-Run-DWQueuedReporting.reg.dat
2012-01-01 23:31 . 2012-01-01 23:31 2884 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_ICQ Service.reg.dat
2012-01-01 23:31 . 2012-01-01 23:31 830 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_ICQ_SERVICE.reg.dat
2012-01-01 23:25 . 2012-01-02 13:34 0 ----a-w- c:\qoobox\Quarantine\catchme.txt
2012-01-01 23:25 . 2012-01-01 23:20 1459 ----a-w- c:\qoobox\CFScript_used_2012-01-02_00.25.30.txt
2012-01-01 22:39 . 2012-01-01 22:39 580 ----a-w- c:\qoobox\Quarantine\Registry_backups\AddRemove-Cool's_Codec_pack_4.12.reg.dat
2012-01-01 22:39 . 2012-01-01 22:39 542 ----a-w- c:\qoobox\Quarantine\Registry_backups\SafeBoot-MsMpSvc.reg.dat
2012-01-01 22:39 . 2012-01-01 22:39 558 ----a-w- c:\qoobox\Quarantine\Registry_backups\SafeBoot-62679435.sys.reg.dat
2012-01-01 22:38 . 2012-01-01 22:38 1079080 ----a-w- c:\qoobox\SnapShot_2012-01-01_22.37.18.dat
2012-01-01 18:28 . 2012-01-01 23:40 23497 ----a-w- c:\qoobox\ComboFix2.txt
2012-01-01 18:28 . 2012-01-01 22:40 57413 ----a-w- c:\qoobox\ComboFix3.txt
2012-01-01 18:28 . 2012-01-01 18:28 26092 ----a-w- c:\qoobox\ComboFix4.txt
2012-01-01 18:28 . 2012-01-01 23:40 3416 ----a-w- c:\qoobox\ComboFix-quarantined-files.txt
2012-01-01 18:27 . 2012-01-01 23:39 14439 ----a-w- c:\qoobox\Add-Remove Programs.txt
2012-01-01 18:27 . 2012-01-01 18:27 954 ----a-w- c:\qoobox\Quarantine\Registry_backups\AddRemove-HP OrderReminder.reg.dat
2012-01-01 18:26 . 2012-01-01 18:26 1080974 ----a-w- c:\qoobox\SnapShot@2012-01-01_18.21.04.dat
2012-01-01 18:13 . 2012-01-01 18:13 3676 ----a-w- c:\qoobox\Quarantine\Registry_backups\Service_wuauserv.reg.dat
2012-01-01 18:13 . 2012-01-01 18:13 1068 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_WUAUSERV.reg.dat
2012-01-01 18:13 . 2012-01-01 18:13 1128 ----a-w- c:\qoobox\Quarantine\Registry_backups\Legacy_RKHIT.reg.dat
2012-01-01 18:13 . 2012-01-02 13:40 4929 ----a-w- c:\qoobox\Quarantine\Registry_backups\tcpip.reg
2012-01-01 18:02 . 2012-01-01 18:02 2190 ----a-w- c:\qoobox\BackEnv\VikPev00
2012-01-01 18:02 . 2012-01-01 18:02 7178 ----a-w- c:\qoobox\BackEnv\SetPath.bat
2012-01-01 18:02 . 2012-01-01 18:01 2150 ----a-w- c:\qoobox\BackEnv\SysPath.dat
2012-01-01 18:02 . 2012-01-01 18:02 616 ----a-w- c:\qoobox\BackEnv\StartUp.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 368 ----a-w- c:\qoobox\BackEnv\Templates.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 216 ----a-w- c:\qoobox\BackEnv\StartMenu.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 485 ----a-w- c:\qoobox\BackEnv\Profiles.Folder.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 520 ----a-w- c:\qoobox\BackEnv\Programs.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 193 ----a-w- c:\qoobox\BackEnv\Recent.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 193 ----a-w- c:\qoobox\BackEnv\SendTo.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 200 ----a-w- c:\qoobox\BackEnv\Personal.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 111 ----a-w- c:\qoobox\BackEnv\Pictures.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 409 ----a-w- c:\qoobox\BackEnv\PrintHood.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 276 ----a-w- c:\qoobox\BackEnv\Profiles.Folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 322 ----a-w- c:\qoobox\BackEnv\History.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 644 ----a-w- c:\qoobox\BackEnv\LocalAppData.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 341 ----a-w- c:\qoobox\BackEnv\LocalSettings.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 107 ----a-w- c:\qoobox\BackEnv\Music.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 342 ----a-w- c:\qoobox\BackEnv\NetHood.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 188 ----a-w- c:\qoobox\BackEnv\Desktop.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 228 ----a-w- c:\qoobox\BackEnv\Favorites.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 562 ----a-w- c:\qoobox\BackEnv\AppData.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 489 ----a-w- c:\qoobox\BackEnv\Cache.folder.dat
2012-01-01 18:02 . 2012-01-01 18:02 247 ----a-w- c:\qoobox\BackEnv\Cookies.folder.dat
2011-12-22 11:53 . 2012-01-02 13:31 510 ----a-w- c:\qoobox\Quarantine\catchme.log
2011-01-31 17:00 . 2010-09-06 17:53 19238 ----a-w- c:\qoobox\Quarantine\C\Program Files\ICQ6Toolbar\voucher.bmp.vir
2011-01-31 17:00 . 2010-09-06 17:53 19238 ----a-w- c:\qoobox\Quarantine\C\Program Files\ICQ6Toolbar\voucher2.bmp.vir
2011-01-31 17:00 . 2010-09-06 17:53 1209 ----a-w- c:\qoobox\Quarantine\C\Program Files\ICQ6Toolbar\logo_small.gif.vir
2011-01-31 17:00 . 2010-09-06 17:56 145720 ----a-w- c:\qoobox\Quarantine\C\Program Files\ICQ6Toolbar\ServiceStarter.exe.vir
2011-01-31 17:00 . 2010-09-06 17:53 2307 ----a-w- c:\qoobox\Quarantine\C\Program Files\ICQ6Toolbar\short.wav.vir
2011-01-31 17:00 . 2010-09-06 17:53 7 ----a-w- c:\qoobox\Quarantine\C\Program Files\ICQ6Toolbar\Version.txt.vir
2011-01-31 17:00 . 2010-09-06 17:56 1048888 ----a-w- c:\qoobox\Quarantine\C\Program Files\ICQ6Toolbar\ICQToolBar.dll.vir
2011-01-31 17:00 . 2010-09-06 17:56 247096 ----a-w- c:\qoobox\Quarantine\C\Program Files\ICQ6Toolbar\ICQ Service.exe.vir
2011-01-29 13:30 . 2011-01-29 13:30 44 ----a-w- c:\qoobox\Quarantine\C\WINDOWS\system32\msssc.dll.vir
2011-01-27 11:51 . 2011-01-29 13:09 737280 ----a-w- c:\qoobox\Quarantine\C\WINDOWS\iun6002.exe.vir
2011-01-26 20:18 . 2011-12-15 05:47 14094 ----a-w- c:\qoobox\Quarantine\C\WINDOWS\system32\TZLog.log.vir
2011-01-26 19:14 . 2001-11-13 20:24 34307 ----a-w- c:\qoobox\Quarantine\C\WINDOWS\system32\install.exe.vir
2011-01-26 19:14 . 2001-11-13 20:24 34307 ----a-w- c:\qoobox\Quarantine\C\WINDOWS\system32\drivers\Install.exe.vir
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-01_22.37.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-02 00:16 . 2012-01-02 00:16 301056 c:\windows\Installer\254681.msi
+ 2012-01-01 22:49 . 2012-01-01 22:49 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\238152ba3443c153453266b26bb68050\System.Web.Extensions.Design.ni.dll
+ 2012-01-01 22:49 . 2012-01-01 22:49 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\6a5b65fe17063bf114ac501bfbfaad8e\System.Web.Entity.ni.dll
+ 2012-01-01 22:49 . 2012-01-01 22:49 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\6c6b00620dd3d5424a90771c3570e5b7\System.Web.Entity.Design.ni.dll
+ 2012-01-01 22:49 . 2012-01-01 22:49 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a569077f6816f28c36d50379e0eeff00\System.Web.DynamicData.ni.dll
+ 2012-01-01 22:49 . 2012-01-01 22:49 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\9c68a548d4afd3cd4538b50f6d0054b2\System.Web.Extensions.ni.dll
+ 2012-01-01 22:48 . 2012-01-01 22:48 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\080c3ab92016cd6bf26f81b8f5ff3a36\System.ServiceModel.Web.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALi5289"="c:\program files\ULI5289\ALi5289.exe" [2005-03-10 405504]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [26. 1. 2011 20:14 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [26. 1. 2011 20:14 44928]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1. 1. 2012 21:54 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1. 1. 2012 21:54 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1. 1. 2012 21:54 20568]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
R2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 8\DfSdkS.exe [30. 12. 2011 10:57 406016]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [31. 7. 2011 12:58 90112]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [29. 12. 2011 11:21 2984832]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [31. 7. 2011 12:59 27632]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [26. 1. 2011 20:14 28160]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14. 4. 2008 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.119.113.244 217.119.113.245
FF - ProfilePath - c:\documents and settings\Andrej\Data aplikací\Mozilla\Firefox\Profiles\mrqnrq5s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-02 14:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3840)
c:\windows\system32\msi.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\windows\system32\wscntfy.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2012-01-02 14:49:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-02 13:49
ComboFix2.txt 2012-01-01 23:40
ComboFix3.txt 2012-01-01 22:40
ComboFix4.txt 2012-01-01 18:28
.
Pre-Run: Volných bajtů: 58 527 121 408
Post-Run: Volných bajtů: 58 583 355 392
.
- - End Of File - - E325D6639F7F37CC57B1389924840FC4
Nahoru
Uživatelský avatar
chodnik74
Přítel fóra
Přítel fóra
Příspěvky: 4975
Registrován: 13 zář 2010 21:30
Bydliště: Napajedla
Kontaktovat uživatele:
Kontaktovat uživatele chodnik74

Re: Trojsky kon v operačnej pamäti + log na kontrolu pls pom

#12 Příspěvek od chodnik74 »

Zeptal bych se, jak se chová počítač?
Napiš mi: chodnik74@gmail.com nebo Obrázek

>RSIT<>MBAM<>VirusTotal

Doporučuji:Obrázek | Obrázek

:!: Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. ;-) Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! :!:

:!: Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!

:idea: Jste s naší pomocí spokojeni :???: Neváhejte a podpořte forum ZDE.

Pravidla fora: č.1 a č.2
Nahoru
addulka
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 01 led 2012 19:37

Re: Trojsky kon v operačnej pamäti + log na kontrolu pls pom

#13 Příspěvek od addulka »

Chová sa už dobre. Zapne sa rýchlo, predtým mu to strašne dlho trvalo a hrozne vrčal, už pri štarte ani nenaskočí tá chyba MSE, a ani už nie je medzi programami, povedala by som že ide tak ako má.
Je už všetko v poriadku?
Nahoru
Uživatelský avatar
chodnik74
Přítel fóra
Přítel fóra
Příspěvky: 4975
Registrován: 13 zář 2010 21:30
Bydliště: Napajedla
Kontaktovat uživatele:
Kontaktovat uživatele chodnik74

Re: Trojsky kon v operačnej pamäti + log na kontrolu pls pom

#14 Příspěvek od chodnik74 »

Předběžně je čislo, ale to nevylučuje další havěť v pc.. Mrkneme na havěť, poté proskenujeme podrobněji pc a uvidíme, zda nám jedou aktualizace atd... Pokud bude vše fajn, tak vyčistíme od používaných ulitil a uděláme údržbu a pc pojede jak hodinky, souhlasíte? jdeme na to..

:arrow: Malwarebytes' Anti-Malware Obrázek
  • Stáhneme,nainstalujeme a spustíme(pokud si nevíte rady jak,klikněte ZDE)
  • Vybereme Úplná kontrola a klikneme na tlačítko ProhledatObrázek
  • Program provede kontrolu počítače a na konci se vám objeví hláska,že bylo skenování dokončeno,tak potvrdíme tlačítkem OK
  • Objeví se vám log,který mi sem vložte
  • NIC NEMAZAT!!Program mívá občas falešné detekce,takže mazat budeme až po konzultaci :twisted:
Napiš mi: chodnik74@gmail.com nebo Obrázek

>RSIT<>MBAM<>VirusTotal

Doporučuji:Obrázek | Obrázek

:!: Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. ;-) Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! :!:

:!: Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!

:idea: Jste s naší pomocí spokojeni :???: Neváhejte a podpořte forum ZDE.

Pravidla fora: č.1 a č.2
Nahoru
addulka
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 01 led 2012 19:37

Re: Trojsky kon v operačnej pamäti + log na kontrolu pls pom

#15 Příspěvek od addulka »

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.60.0.1800
www.malwarebytes.org

Verze databáze: v2012.01.02.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Andrej :: ANDREJ-PC [administrátor]

Ochrana: Povolena

2. 1. 2012 15:16:07
mbam-log-2012-01-02 (15-16-07).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 222613
Uplynulý čas: 46 minut, 33 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“