Prosím o kontrolu (vir)

Zpráva

mari · #16 Příspěvek od **mari** » 05 kvě 2012 15:30

ComboFix mě vždy zamrzne (jsem otevřen jakékoliv radě netuším, proč to scanování zamrzne, ale po nainstalovaní Avira AV to našlo:
The file 'C:\Qoobox\Quarantine\MBR_HardDisk0.mbr'
contained a virus or unwanted program 'BOO/TDss.M' [virus]
Action(s) taken:
The file was deleted!

a

The file 'C:\System Volume Information\_restore{21CD7AE8-9110-4EC4-A06B-0F05D0F289AE}\RP334\A0055289.exe'
contained a virus or unwanted program 'TR/Trash.Gen' [trojan]
Action(s) taken:
The file was deleted!

New LOG CF:
ComboFix 12-05-05.05 - Administrator . 05. 2012 16:16:45.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1791.1197 [GMT 2:00]
Spuštěný z: c:\documents and settings\milanK\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-05 do 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 14:10 . 2012-05-05 14:10 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2012-05-05 13:16 . 2012-05-05 14:06 -------- d-----w- c:\windows\system32\NtmsData
2012-05-05 13:14 . 2012-05-05 13:14 -------- d-----w- c:\documents and settings\milanK\Data aplikací\Avira
2012-05-05 13:11 . 2012-01-31 06:57 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-05 13:11 . 2011-09-16 14:09 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-05 13:11 . 2012-01-31 06:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-05 13:11 . 2012-05-05 13:11 -------- d-----w- c:\program files\Avira
2012-05-05 13:11 . 2012-05-05 13:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2012-05-05 06:47 . 2012-05-05 06:47 -------- d-----w- c:\documents and settings\Administrator
2012-05-04 20:33 . 2012-05-04 20:34 -------- d-----w- c:\program files\trend micro
2012-05-04 20:33 . 2012-05-04 20:34 -------- d-----w- C:\rsit
2012-05-04 14:39 . 2012-05-04 14:39 -------- d-----w- c:\documents and settings\milanK\Data aplikací\Malwarebytes
2012-05-04 14:39 . 2012-05-04 14:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-05-04 14:39 . 2012-05-04 14:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-04 14:39 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 16:47 . 2012-04-14 16:47 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-11 18:55 . 2012-04-11 18:55 -------- d-----w- C:\55e66e41663b505bb095fe826b6e
2012-04-10 16:24 . 2012-04-20 19:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PhotoStitch
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 16:47 . 2012-04-04 18:23 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 16:47 . 2012-03-24 14:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-24 15:26 . 2012-03-24 15:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-24 15:26 . 2011-03-03 23:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 10:56 . 2011-01-25 08:12 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:56 . 2011-01-25 08:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:56 . 2011-01-25 08:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:08 . 2011-01-25 08:12 178176 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:08 . 2008-04-14 11:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30 . 2011-01-25 08:10 385024 ----a-w- c:\windows\system32\html.iec
2012-03-13 04:38 . 2011-05-15 16:40 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-01-25 . 8F41FD1CC693054347C6FB7B0E618B07 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-05-04_22.16.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-05 13:03 . 2012-05-05 13:03 16384 c:\windows\Temp\Perflib_Perfdata_73c.dat
+ 2011-02-19 21:03 . 2011-02-19 21:03 51024 c:\windows\system32\vcomp100.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 81744 c:\windows\system32\mfcm100u.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 81744 c:\windows\system32\mfcm100.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 60752 c:\windows\system32\mfc100rus.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 43344 c:\windows\system32\mfc100kor.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 62288 c:\windows\system32\mfc100ita.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 36176 c:\windows\system32\mfc100cht.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 36176 c:\windows\system32\mfc100chs.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 64336 c:\windows\system32\mfc100fra.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 63824 c:\windows\system32\mfc100esn.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 55120 c:\windows\system32\mfc100enu.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 64336 c:\windows\system32\mfc100deu.dll
+ 2012-05-05 13:11 . 2010-06-17 12:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2011-02-18 22:40 . 2011-02-18 22:40 773968 c:\windows\system32\msvcr100.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 421200 c:\windows\system32\msvcp100.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 138056 c:\windows\system32\atl100.dll
+ 2012-05-05 13:10 . 2012-05-05 13:10 160768 c:\windows\Installer\6ac63.msi
+ 2011-02-19 21:03 . 2011-02-19 21:03 4422992 c:\windows\system32\mfc100u.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 4397384 c:\windows\system32\mfc100.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KB976002-v5"="advpack.dll" [2011-01-25 128512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-09 8523776]
"nwiz"="nwiz.exe" [2008-01-09 1626112]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-09 81920]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-03-13 39264]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"KB976002-v5"="advpack.dll" [2011-01-25 128512]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-3-11 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2011-3-4 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2011-01-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\GAMES\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [5. 5. 2012 15:11 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3. 3. 2011 23:52 218688]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5. 5. 2012 15:11 86224]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [4. 3. 2011 0:48 8440]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11. 3. 2011 14:08 10384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4. 5. 2012 16:39 654408]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [4. 5. 2010 13:07 503080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4. 5. 2012 16:39 22344]
S0 fyekc;fyekc;c:\windows\system32\drivers\afdmd.sys --> c:\windows\system32\drivers\afdmd.sys [?]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [25. 1. 2011 10:15 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4. 3. 2011 11:45 130384]
S3 5eq6lrjw8.sys;5eq6lrjw8.sys;\??\c:\windows\system32\drivers\5eq6lrjw8.sys --> c:\windows\system32\drivers\5eq6lrjw8.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4. 4. 2012 20:23 253088]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25. 1. 2011 10:12 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [4. 3. 2011 11:46 753504]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - AVKMGR
*NewlyCreated* - NTMSSVC
*NewlyCreated* - SWPRV
*NewlyCreated* - VSS
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\milanK\Data aplikací\Mozilla\Firefox\Profiles\ybi1upaf.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-05 16:23
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3644)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-05-05 16:25:45
ComboFix-quarantined-files.txt 2012-05-05 14:25
ComboFix2.txt 2012-05-05 07:39
ComboFix3.txt 2012-05-04 22:20
.
Před spuštěním: Volných bajtů: 83 151 822 848
Po spuštění: Volných bajtů: 83 141 459 968
.
- - End Of File - - 1FA92F3098BE0A2C4D195040F705F262

#17 Příspěvek od **Rudy** » 05 kvě 2012 17:05

Stáhněte, rozbalte a spusťte TDSSKiller: http://support.kaspersky.com/downloads/ ... killer.zip . Nechte pracovat a po akci sem vložte log z něho.

mari · #18 Příspěvek od **mari** » 05 kvě 2012 17:31

18:24:01.0125 3068 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
18:24:01.0281 3068 ============================================================
18:24:01.0281 3068 Current date / time: 2012/05/05 18:24:01.0281
18:24:01.0281 3068 SystemInfo:
18:24:01.0281 3068
18:24:01.0281 3068 OS Version: 5.1.2600 ServicePack: 3.0
18:24:01.0281 3068 Product type: Workstation
18:24:01.0281 3068 ComputerName: PC
18:24:01.0281 3068 UserName: milanK
18:24:01.0281 3068 Windows directory: C:\WINDOWS
18:24:01.0281 3068 System windows directory: C:\WINDOWS
18:24:01.0281 3068 Processor architecture: Intel x86
18:24:01.0281 3068 Number of processors: 1
18:24:01.0281 3068 Page size: 0x1000
18:24:01.0281 3068 Boot type: Normal boot
18:24:01.0281 3068 ============================================================
18:24:03.0453 3068 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:24:03.0453 3068 ============================================================
18:24:03.0453 3068 \Device\Harddisk0\DR0:
18:24:03.0453 3068 MBR partitions:
18:24:03.0453 3068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
18:24:03.0453 3068 ============================================================
18:24:03.0484 3068 C: <-> \Device\Harddisk0\DR0\Partition0
18:24:03.0484 3068 ============================================================
18:24:03.0484 3068 Initialize success
18:24:03.0484 3068 ============================================================
18:24:10.0640 3864 ============================================================
18:24:10.0640 3864 Scan started
18:24:10.0640 3864 Mode: Manual;
18:24:10.0640 3864 ============================================================
18:24:10.0984 3864 5eq6lrjw8.sys - ok
18:24:11.0000 3864 Abiosdsk - ok
18:24:11.0015 3864 abp480n5 - ok
18:24:11.0062 3864 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:24:11.0078 3864 ACPI - ok
18:24:11.0109 3864 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:24:11.0125 3864 ACPIEC - ok
18:24:11.0171 3864 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
18:24:11.0171 3864 adfs - ok
18:24:11.0265 3864 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:24:11.0265 3864 AdobeFlashPlayerUpdateSvc - ok
18:24:11.0281 3864 adpu160m - ok
18:24:11.0328 3864 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:24:11.0343 3864 aec - ok
18:24:11.0390 3864 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
18:24:11.0390 3864 AFD - ok
18:24:11.0406 3864 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:24:11.0406 3864 agp440 - ok
18:24:11.0421 3864 Aha154x - ok
18:24:11.0437 3864 aic78u2 - ok
18:24:11.0453 3864 aic78xx - ok
18:24:11.0703 3864 ALCXWDM (f3e15607ba53249c765e36388b332c2f) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
18:24:11.0875 3864 ALCXWDM - ok
18:24:12.0000 3864 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
18:24:12.0015 3864 Alerter - ok
18:24:12.0046 3864 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
18:24:12.0046 3864 ALG - ok
18:24:12.0078 3864 AliIde - ok
18:24:12.0093 3864 amsint - ok
18:24:12.0343 3864 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:24:12.0343 3864 AntiVirSchedulerService - ok
18:24:12.0375 3864 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:24:12.0375 3864 AntiVirService - ok
18:24:12.0406 3864 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
18:24:12.0406 3864 AppMgmt - ok
18:24:12.0468 3864 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:24:12.0468 3864 Arp1394 - ok
18:24:12.0484 3864 asc - ok
18:24:12.0500 3864 asc3350p - ok
18:24:12.0515 3864 asc3550 - ok
18:24:12.0640 3864 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:24:12.0656 3864 aspnet_state - ok
18:24:12.0671 3864 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:24:12.0671 3864 AsyncMac - ok
18:24:12.0718 3864 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:24:12.0718 3864 atapi - ok
18:24:12.0734 3864 Atdisk - ok
18:24:12.0750 3864 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:24:12.0750 3864 Atmarpc - ok
18:24:12.0812 3864 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
18:24:12.0812 3864 AudioSrv - ok
18:24:12.0875 3864 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:24:12.0875 3864 audstub - ok
18:24:12.0921 3864 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:24:12.0921 3864 avgntflt - ok
18:24:12.0937 3864 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:24:12.0953 3864 avipbb - ok
18:24:12.0984 3864 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:24:12.0984 3864 avkmgr - ok
18:24:13.0031 3864 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:24:13.0031 3864 Beep - ok
18:24:13.0109 3864 BITS (3aede727580f0a7c3929dd6526145759) C:\WINDOWS\system32\qmgr.dll
18:24:13.0140 3864 BITS - ok
18:24:13.0187 3864 Browser (39ce94b2b33771a3d95c70f41847f3f9) C:\WINDOWS\System32\browser.dll
18:24:13.0187 3864 Browser - ok
18:24:13.0296 3864 catchme - ok
18:24:13.0328 3864 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:24:13.0328 3864 cbidf2k - ok
18:24:13.0500 3864 CCALib8 (8ef654045e518ac00e52e7a1e2d3ad70) C:\Program Files\Canon\CAL\CALMAIN.exe
18:24:13.0500 3864 CCALib8 - ok
18:24:13.0515 3864 cd20xrnt - ok
18:24:13.0546 3864 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:24:13.0562 3864 Cdaudio - ok
18:24:13.0609 3864 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:24:13.0609 3864 Cdfs - ok
18:24:13.0640 3864 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:24:13.0640 3864 Cdrom - ok
18:24:13.0656 3864 Changer - ok
18:24:13.0687 3864 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
18:24:13.0687 3864 CiSvc - ok
18:24:13.0703 3864 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
18:24:13.0718 3864 ClipSrv - ok
18:24:13.0843 3864 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:24:13.0875 3864 clr_optimization_v2.0.50727_32 - ok
18:24:13.0953 3864 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:24:13.0984 3864 clr_optimization_v4.0.30319_32 - ok
18:24:14.0000 3864 CmdIde - ok
18:24:14.0015 3864 COMSysApp - ok
18:24:14.0031 3864 Cpqarray - ok
18:24:14.0078 3864 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
18:24:14.0078 3864 CryptSvc - ok
18:24:14.0093 3864 dac2w2k - ok
18:24:14.0093 3864 dac960nt - ok
18:24:14.0156 3864 DcomLaunch (c0bd34a62508ba68f146e22ce45919f9) C:\WINDOWS\system32\rpcss.dll
18:24:14.0156 3864 DcomLaunch - ok
18:24:14.0171 3864 Dhcp (eb737f46d7d494c7760a932c9b6491a4) C:\WINDOWS\System32\dhcpcsvc.dll
18:24:14.0187 3864 Dhcp - ok
18:24:14.0218 3864 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
18:24:14.0218 3864 Disk - ok
18:24:14.0234 3864 dmadmin - ok
18:24:14.0281 3864 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
18:24:14.0312 3864 dmboot - ok
18:24:14.0328 3864 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\DRIVERS\dmio.sys
18:24:14.0328 3864 dmio - ok
18:24:14.0359 3864 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:24:14.0359 3864 dmload - ok
18:24:14.0390 3864 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
18:24:14.0406 3864 dmserver - ok
18:24:14.0453 3864 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:24:14.0453 3864 DMusic - ok
18:24:14.0484 3864 Dnscache (38aad7e982198cb4f642bb60e59511f1) C:\WINDOWS\System32\dnsrslvr.dll
18:24:14.0484 3864 Dnscache - ok
18:24:14.0531 3864 Dot3svc (aacfc38e9d085d58f9f933cfd6af1d2b) C:\WINDOWS\System32\dot3svc.dll
18:24:14.0546 3864 Dot3svc - ok
18:24:14.0562 3864 dpti2o - ok
18:24:14.0609 3864 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:24:14.0609 3864 drmkaud - ok
18:24:14.0671 3864 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
18:24:14.0671 3864 dtsoftbus01 - ok
18:24:14.0687 3864 DumpDrv (b327281012b48bd73f587799f9f29be2) C:\WINDOWS\system32\drivers\DumpDrv.sys
18:24:14.0687 3864 DumpDrv - ok
18:24:14.0718 3864 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
18:24:14.0718 3864 EapHost - ok
18:24:14.0750 3864 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
18:24:14.0750 3864 ERSvc - ok
18:24:14.0796 3864 Eventlog (4f40d16b2d5ed9e48a193ce468912fed) C:\WINDOWS\system32\services.exe
18:24:14.0812 3864 Eventlog - ok
18:24:14.0859 3864 EventSystem (be68ea4457e2e5717231cf91be5448e0) C:\WINDOWS\system32\es.dll
18:24:14.0859 3864 EventSystem - ok
18:24:14.0906 3864 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys
18:24:14.0906 3864 exFat - ok
18:24:14.0953 3864 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:24:14.0968 3864 Fastfat - ok
18:24:14.0984 3864 FastUserSwitchingCompatibility (54a6bf743e0517528a5064ceaeb40ea7) C:\WINDOWS\System32\shsvcs.dll
18:24:14.0984 3864 FastUserSwitchingCompatibility - ok
18:24:15.0015 3864 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:24:15.0015 3864 Fdc - ok
18:24:15.0031 3864 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
18:24:15.0031 3864 Fips - ok
18:24:15.0156 3864 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:24:15.0218 3864 FLEXnet Licensing Service - ok
18:24:15.0250 3864 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:24:15.0250 3864 Flpydisk - ok
18:24:15.0296 3864 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:24:15.0296 3864 FltMgr - ok
18:24:15.0437 3864 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:24:15.0437 3864 FontCache3.0.0.0 - ok
18:24:15.0484 3864 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:24:15.0484 3864 Fs_Rec - ok
18:24:15.0500 3864 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:24:15.0500 3864 Ftdisk - ok
18:24:15.0515 3864 fyekc - ok
18:24:15.0578 3864 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:24:15.0578 3864 Gpc - ok
18:24:15.0640 3864 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:24:15.0640 3864 helpsvc - ok
18:24:15.0703 3864 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
18:24:15.0703 3864 HidServ - ok
18:24:15.0765 3864 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:24:15.0765 3864 hidusb - ok
18:24:15.0781 3864 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
18:24:15.0796 3864 hkmsvc - ok
18:24:15.0796 3864 hpn - ok
18:24:15.0843 3864 HTTP (937031c085718c1c04a9c0864625ec6b) C:\WINDOWS\system32\Drivers\HTTP.sys
18:24:15.0859 3864 HTTP - ok
18:24:15.0906 3864 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
18:24:15.0921 3864 HTTPFilter - ok
18:24:15.0937 3864 i2omgmt - ok
18:24:15.0937 3864 i2omp - ok
18:24:15.0984 3864 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:24:15.0984 3864 i8042prt - ok
18:24:16.0109 3864 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:24:16.0203 3864 idsvc - ok
18:24:16.0250 3864 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:24:16.0250 3864 Imapi - ok
18:24:16.0296 3864 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
18:24:16.0312 3864 ImapiService - ok
18:24:16.0328 3864 ini910u - ok
18:24:16.0375 3864 IntelIde (57d928e548b38502abba7a77a6eb7312) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:24:16.0375 3864 IntelIde - ok
18:24:16.0406 3864 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:24:16.0406 3864 intelppm - ok
18:24:16.0437 3864 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:24:16.0437 3864 Ip6Fw - ok
18:24:16.0484 3864 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:24:16.0484 3864 IpFilterDriver - ok
18:24:16.0500 3864 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:24:16.0500 3864 IpInIp - ok
18:24:16.0546 3864 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:24:16.0546 3864 IpNat - ok
18:24:16.0562 3864 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:24:16.0578 3864 IPSec - ok
18:24:16.0625 3864 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:24:16.0625 3864 IRENUM - ok
18:24:16.0640 3864 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:24:16.0640 3864 isapnp - ok
18:24:16.0765 3864 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
18:24:16.0765 3864 JavaQuickStarterService - ok
18:24:16.0828 3864 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:24:16.0828 3864 Kbdclass - ok
18:24:16.0890 3864 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:24:16.0890 3864 kmixer - ok
18:24:16.0906 3864 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
18:24:16.0906 3864 KSecDD - ok
18:24:16.0921 3864 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
18:24:16.0921 3864 L8042Kbd - ok
18:24:16.0984 3864 lanmanserver (111a41b749f0e8cd7566b4ffd613cffe) C:\WINDOWS\System32\srvsvc.dll
18:24:16.0984 3864 lanmanserver - ok
18:24:17.0000 3864 lanmanworkstation (9a2e7ee3989aac0079e9d23555545d52) C:\WINDOWS\System32\wkssvc.dll
18:24:17.0015 3864 lanmanworkstation - ok
18:24:17.0031 3864 LANPkt (8bbfbf256493035ae6105b334fce99df) C:\WINDOWS\system32\DRIVERS\LANPkt.sys
18:24:17.0031 3864 LANPkt - ok
18:24:17.0093 3864 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
18:24:17.0093 3864 LBeepKE - ok
18:24:17.0109 3864 lbrtfdc - ok
18:24:17.0234 3864 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
18:24:17.0250 3864 LBTServ - ok
18:24:17.0281 3864 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
18:24:17.0281 3864 LHidFilt - ok
18:24:17.0296 3864 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
18:24:17.0312 3864 LmHosts - ok
18:24:17.0328 3864 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
18:24:17.0328 3864 LMouFilt - ok
18:24:17.0375 3864 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
18:24:17.0375 3864 MBAMProtector - ok
18:24:17.0453 3864 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:24:17.0484 3864 MBAMService - ok
18:24:17.0500 3864 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
18:24:17.0500 3864 Messenger - ok
18:24:17.0546 3864 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:24:17.0546 3864 mnmdd - ok
18:24:17.0578 3864 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
18:24:17.0578 3864 mnmsrvc - ok
18:24:17.0593 3864 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
18:24:17.0609 3864 Modem - ok
18:24:17.0640 3864 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:24:17.0640 3864 Mouclass - ok
18:24:17.0656 3864 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:24:17.0656 3864 mouhid - ok
18:24:17.0687 3864 MountMgr (1a1faa5102466f418494e94ff9b0b091) C:\WINDOWS\system32\drivers\MountMgr.sys
18:24:17.0687 3864 MountMgr - ok
18:24:17.0703 3864 mraid35x - ok
18:24:17.0718 3864 MRxDAV (4fefd389d71126ee581b9f9cb2918be4) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:24:17.0718 3864 MRxDAV - ok
18:24:17.0781 3864 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:24:17.0796 3864 MRxSmb - ok
18:24:17.0843 3864 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
18:24:17.0843 3864 MSDTC - ok
18:24:17.0890 3864 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:24:17.0890 3864 Msfs - ok
18:24:17.0906 3864 MSIServer - ok
18:24:17.0937 3864 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:24:17.0937 3864 MSKSSRV - ok
18:24:17.0953 3864 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:24:17.0968 3864 MSPCLOCK - ok
18:24:17.0984 3864 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:24:18.0000 3864 MSPQM - ok
18:24:18.0015 3864 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:24:18.0015 3864 mssmbios - ok
18:24:18.0046 3864 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINDOWS\system32\drivers\Mup.sys
18:24:18.0046 3864 Mup - ok
18:24:18.0093 3864 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
18:24:18.0109 3864 napagent - ok
18:24:18.0218 3864 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files\Nero\Update\NASvc.exe
18:24:18.0234 3864 NAUpdate - ok
18:24:18.0250 3864 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
18:24:18.0250 3864 NDIS - ok
18:24:18.0296 3864 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:24:18.0296 3864 NdisTapi - ok
18:24:18.0312 3864 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:24:18.0312 3864 Ndisuio - ok
18:24:18.0328 3864 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:24:18.0343 3864 NdisWan - ok
18:24:18.0359 3864 NDProxy (816460bd4b4acd27937d1d0813e2e9e9) C:\WINDOWS\system32\drivers\NDProxy.sys
18:24:18.0359 3864 NDProxy - ok
18:24:18.0375 3864 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:24:18.0375 3864 NetBIOS - ok
18:24:18.0421 3864 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:24:18.0421 3864 NetBT - ok
18:24:18.0437 3864 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
18:24:18.0453 3864 NetDDE - ok
18:24:18.0468 3864 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
18:24:18.0468 3864 NetDDEdsdm - ok
18:24:18.0484 3864 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
18:24:18.0484 3864 Netlogon - ok
18:24:18.0515 3864 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
18:24:18.0515 3864 Netman - ok
18:24:18.0656 3864 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:24:18.0687 3864 NetTcpPortSharing - ok
18:24:18.0718 3864 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:24:18.0718 3864 NIC1394 - ok
18:24:18.0750 3864 Nla (0d594d828829e1bc727b870899376b19) C:\WINDOWS\System32\mswsock.dll
18:24:18.0765 3864 Nla - ok
18:24:18.0796 3864 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:24:18.0796 3864 Npfs - ok
18:24:18.0859 3864 Ntfs (ae8cad8f28db13b515a68510a539b0b8) C:\WINDOWS\system32\drivers\Ntfs.sys
18:24:18.0890 3864 Ntfs - ok
18:24:18.0906 3864 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
18:24:18.0906 3864 NtLmSsp - ok
18:24:18.0953 3864 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
18:24:18.0984 3864 NtmsSvc - ok
18:24:19.0015 3864 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:24:19.0015 3864 Null - ok
18:24:19.0562 3864 nv (54281e0eeb10143ec4327bb5d123f125) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:24:19.0968 3864 nv - ok
18:24:20.0109 3864 NVSvc (a50af72fbca4b753fed148688e7d9abb) C:\WINDOWS\system32\nvsvc32.exe
18:24:20.0109 3864 NVSvc - ok
18:24:20.0171 3864 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:24:20.0171 3864 NwlnkFlt - ok
18:24:20.0203 3864 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:24:20.0218 3864 NwlnkFwd - ok
18:24:20.0250 3864 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:24:20.0265 3864 ohci1394 - ok
18:24:20.0328 3864 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
18:24:20.0328 3864 Parport - ok
18:24:20.0359 3864 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:24:20.0359 3864 PartMgr - ok
18:24:20.0390 3864 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
18:24:20.0390 3864 ParVdm - ok
18:24:20.0406 3864 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
18:24:20.0406 3864 PCI - ok
18:24:20.0406 3864 PCIDump - ok
18:24:20.0421 3864 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:24:20.0437 3864 PCIIde - ok
18:24:20.0453 3864 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:24:20.0468 3864 Pcmcia - ok
18:24:20.0484 3864 PDCOMP - ok
18:24:20.0500 3864 PDFRAME - ok
18:24:20.0515 3864 PDRELI - ok
18:24:20.0531 3864 PDRFRAME - ok
18:24:20.0531 3864 perc2 - ok
18:24:20.0546 3864 perc2hib - ok
18:24:20.0609 3864 PlugPlay (4f40d16b2d5ed9e48a193ce468912fed) C:\WINDOWS\system32\services.exe
18:24:20.0609 3864 PlugPlay - ok
18:24:20.0671 3864 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
18:24:20.0671 3864 PolicyAgent - ok
18:24:20.0687 3864 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:24:20.0703 3864 PptpMiniport - ok
18:24:20.0703 3864 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
18:24:20.0718 3864 ProtectedStorage - ok
18:24:20.0734 3864 PSched (d8e11d311785f89f1d70a28b0e879127) C:\WINDOWS\system32\DRIVERS\psched.sys
18:24:20.0734 3864 PSched - ok
18:24:20.0781 3864 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:24:20.0781 3864 Ptilink - ok
18:24:20.0796 3864 ql1080 - ok
18:24:20.0796 3864 Ql10wnt - ok
18:24:20.0812 3864 ql12160 - ok
18:24:20.0828 3864 ql1240 - ok
18:24:20.0843 3864 ql1280 - ok
18:24:20.0859 3864 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:24:20.0859 3864 RasAcd - ok
18:24:20.0859 3864 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
18:24:20.0890 3864 RasAuto - ok
18:24:20.0921 3864 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:24:20.0921 3864 Rasl2tp - ok
18:24:20.0953 3864 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
18:24:20.0953 3864 RasMan - ok
18:24:20.0968 3864 RasPppoe (2c9d4620a0fd35de1828370b392f6e2d) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:24:20.0968 3864 RasPppoe - ok
18:24:20.0984 3864 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:24:20.0984 3864 Raspti - ok
18:24:21.0015 3864 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:24:21.0015 3864 Rdbss - ok
18:24:21.0031 3864 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:24:21.0031 3864 RDPCDD - ok
18:24:21.0078 3864 rdpdr (47ea20320e3d6fdc7b7bb22b2b881ca6) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:24:21.0078 3864 rdpdr - ok
18:24:21.0125 3864 RDPWD (2d293b720c206473a05950ce007db12a) C:\WINDOWS\system32\drivers\RDPWD.sys
18:24:21.0125 3864 RDPWD - ok
18:24:21.0171 3864 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
18:24:21.0187 3864 RDSessMgr - ok
18:24:21.0218 3864 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:24:21.0218 3864 redbook - ok
18:24:21.0234 3864 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
18:24:21.0250 3864 RemoteAccess - ok
18:24:21.0281 3864 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
18:24:21.0296 3864 RemoteRegistry - ok
18:24:21.0312 3864 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
18:24:21.0328 3864 RpcLocator - ok
18:24:21.0375 3864 RpcSs (c0bd34a62508ba68f146e22ce45919f9) C:\WINDOWS\System32\rpcss.dll
18:24:21.0390 3864 RpcSs - ok
18:24:21.0437 3864 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
18:24:21.0437 3864 rspndr - ok
18:24:21.0468 3864 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
18:24:21.0468 3864 RSVP - ok
18:24:21.0515 3864 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
18:24:21.0515 3864 RTL8023xp - ok
18:24:21.0531 3864 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
18:24:21.0546 3864 SamSs - ok
18:24:21.0578 3864 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
18:24:21.0593 3864 SCardSvr - ok
18:24:21.0640 3864 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
18:24:21.0656 3864 Schedule - ok
18:24:21.0687 3864 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:24:21.0687 3864 Secdrv - ok
18:24:21.0703 3864 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
18:24:21.0703 3864 seclogon - ok
18:24:21.0734 3864 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
18:24:21.0734 3864 SENS - ok
18:24:21.0750 3864 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:24:21.0750 3864 serenum - ok
18:24:21.0765 3864 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
18:24:21.0765 3864 Serial - ok
18:24:21.0828 3864 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:24:21.0828 3864 Sfloppy - ok
18:24:21.0890 3864 SharedAccess (65eacfe3182afee8d222d0b17fe05eda) C:\WINDOWS\System32\ipnathlp.dll
18:24:21.0906 3864 SharedAccess - ok
18:24:21.0921 3864 ShellHWDetection (54a6bf743e0517528a5064ceaeb40ea7) C:\WINDOWS\System32\shsvcs.dll
18:24:21.0921 3864 ShellHWDetection - ok
18:24:21.0937 3864 Simbad - ok
18:24:21.0968 3864 Sparrow - ok
18:24:22.0031 3864 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:24:22.0031 3864 splitter - ok
18:24:22.0046 3864 Spooler (258dd5d4283fd9f9a7166be9ae45ce73) C:\WINDOWS\system32\spoolsv.exe
18:24:22.0046 3864 Spooler - ok
18:24:22.0109 3864 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
18:24:22.0109 3864 sr - ok
18:24:22.0171 3864 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
18:24:22.0187 3864 srservice - ok
18:24:22.0250 3864 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
18:24:22.0265 3864 Srv - ok
18:24:22.0296 3864 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
18:24:22.0296 3864 SSDPSRV - ok
18:24:22.0328 3864 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:24:22.0343 3864 ssmdrv - ok
18:24:22.0390 3864 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
18:24:22.0406 3864 stisvc - ok
18:24:22.0406 3864 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:24:22.0406 3864 swenum - ok
18:24:22.0453 3864 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:24:22.0468 3864 swmidi - ok
18:24:22.0468 3864 SwPrv - ok
18:24:22.0500 3864 symc810 - ok
18:24:22.0500 3864 symc8xx - ok
18:24:22.0515 3864 sym_hi - ok
18:24:22.0531 3864 sym_u3 - ok
18:24:22.0562 3864 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:24:22.0578 3864 sysaudio - ok
18:24:22.0609 3864 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
18:24:22.0625 3864 SysmonLog - ok
18:24:22.0656 3864 TapiSrv (af2a883cc63318a8bda168bdd7ac80d9) C:\WINDOWS\System32\tapisrv.dll
18:24:22.0671 3864 TapiSrv - ok
18:24:22.0703 3864 Tcpip (51e41f16acd80b8b39c0ae703a213f09) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:24:22.0718 3864 Tcpip - ok
18:24:22.0750 3864 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:24:22.0750 3864 TDPIPE - ok
18:24:22.0781 3864 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys
18:24:22.0781 3864 TDTCP - ok
18:24:22.0828 3864 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:24:22.0843 3864 TermDD - ok
18:24:22.0906 3864 TermService (0e43a7cf302d85273fc86f5fca9a1909) C:\WINDOWS\System32\termsrv.dll
18:24:22.0906 3864 TermService - ok
18:24:22.0937 3864 Themes (54a6bf743e0517528a5064ceaeb40ea7) C:\WINDOWS\System32\shsvcs.dll
18:24:22.0937 3864 Themes - ok
18:24:22.0953 3864 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\system32\tlntsvr.exe
18:24:22.0968 3864 TlntSvr - ok
18:24:22.0984 3864 TosIde - ok
18:24:23.0000 3864 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
18:24:23.0015 3864 TrkWks - ok
18:24:23.0046 3864 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:24:23.0062 3864 Udfs - ok
18:24:23.0078 3864 ultra - ok
18:24:23.0140 3864 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:24:23.0140 3864 Update - ok
18:24:23.0187 3864 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
18:24:23.0203 3864 upnphost - ok
18:24:23.0218 3864 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
18:24:23.0218 3864 UPS - ok
18:24:23.0265 3864 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:24:23.0265 3864 usbccgp - ok
18:24:23.0328 3864 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:24:23.0328 3864 usbehci - ok
18:24:23.0359 3864 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:24:23.0359 3864 usbhub - ok
18:24:23.0390 3864 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:24:23.0406 3864 usbscan - ok
18:24:23.0437 3864 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:24:23.0453 3864 USBSTOR - ok
18:24:23.0468 3864 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:24:23.0484 3864 usbuhci - ok
18:24:23.0500 3864 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:24:23.0500 3864 VgaSave - ok
18:24:23.0515 3864 ViaIde - ok
18:24:23.0531 3864 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
18:24:23.0531 3864 VolSnap - ok
18:24:23.0578 3864 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
18:24:23.0593 3864 VSS - ok
18:24:23.0640 3864 W32Time (df2e8ea96391126977da1b8ab6fc39fc) C:\WINDOWS\system32\w32time.dll
18:24:23.0640 3864 W32Time - ok
18:24:23.0656 3864 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:24:23.0656 3864 Wanarp - ok
18:24:23.0734 3864 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:24:23.0750 3864 Wdf01000 - ok
18:24:23.0750 3864 WDICA - ok
18:24:23.0781 3864 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:24:23.0781 3864 wdmaud - ok
18:24:23.0796 3864 WebClient (b6f28b94a7cac612a93a840299bd860b) C:\WINDOWS\System32\webclnt.dll
18:24:23.0812 3864 WebClient - ok
18:24:23.0906 3864 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:24:23.0906 3864 winmgmt - ok
18:24:24.0015 3864 WinRM (4d34cedd74bdbf2b6a935eae3bf80543) C:\WINDOWS\system32\WsmSvc.dll
18:24:24.0125 3864 WinRM - ok
18:24:24.0187 3864 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
18:24:24.0203 3864 WmdmPmSN - ok
18:24:24.0296 3864 Wmi (4e68a735673ce17152329428524ba1c3) C:\WINDOWS\System32\advapi32.dll
18:24:24.0312 3864 Wmi - ok
18:24:24.0359 3864 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:24:24.0375 3864 WmiApSrv - ok
18:24:24.0531 3864 WMPNetworkSvc (0dcc3a79329f0fde9b1b5283cacd3f50) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:24:24.0625 3864 WMPNetworkSvc - ok
18:24:24.0843 3864 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:24:24.0890 3864 WPFFontCache_v0400 - ok
18:24:25.0015 3864 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:24:25.0015 3864 WS2IFSL - ok
18:24:25.0078 3864 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
18:24:25.0078 3864 wscsvc - ok
18:24:25.0093 3864 WSearch - ok
18:24:25.0140 3864 wuauserv (fc1e3b06ae8d160b686c5d04b5e85371) C:\WINDOWS\system32\wuauserv.dll
18:24:25.0140 3864 wuauserv - ok
18:24:25.0203 3864 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:24:25.0203 3864 WudfPf - ok
18:24:25.0234 3864 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:24:25.0250 3864 WudfRd - ok
18:24:25.0265 3864 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:24:25.0281 3864 WudfSvc - ok
18:24:25.0343 3864 WZCSVC (f345ff726d92d58abe5b0aee08d29df1) C:\WINDOWS\System32\wzcsvc.dll
18:24:25.0375 3864 WZCSVC - ok
18:24:25.0421 3864 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
18:24:25.0437 3864 xmlprov - ok
18:24:25.0453 3864 xpsec - ok
18:24:25.0484 3864 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:24:25.0515 3864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
18:24:25.0515 3864 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
18:24:25.0515 3864 Boot (0x1200) (eb6776aefd151de4c067a41ba32a27ca) \Device\Harddisk0\DR0\Partition0
18:24:25.0531 3864 \Device\Harddisk0\DR0\Partition0 - ok
18:24:25.0531 3864 ============================================================
18:24:25.0531 3864 Scan finished
18:24:25.0531 3864 ============================================================
18:24:25.0562 3552 Detected object count: 1
18:24:25.0562 3552 Actual detected object count: 1
18:26:15.0500 3552 \Device\Harddisk0\DR0\# - copied to quarantine
18:26:15.0500 3552 \Device\Harddisk0\DR0 - copied to quarantine
18:26:15.0578 3552 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
18:26:15.0593 3552 \Device\Harddisk0\DR0 - ok
18:26:15.0593 3552 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
18:26:34.0968 3052 Deinitialize success

#19 Příspěvek od **Rudy** » 05 kvě 2012 18:56

TDL rootkit byl smazán. Ještě poprosím o nový log ComboFix na dočištění.

mari · #20 Příspěvek od **mari** » 05 kvě 2012 19:26

Díky moc,
doufám, že tu veškerou havěť odstraníme (přikládám CF log)
CF LOG:
ComboFix 12-05-05.06 - Administrator . 05. 2012 20:14:03.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1791.1293 [GMT 2:00]
Spuštěný z: c:\documents and settings\milanK\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-05 do 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 16:26 . 2012-05-05 16:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-05 14:10 . 2012-05-05 14:10 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2012-05-05 13:16 . 2012-05-05 14:06 -------- d-----w- c:\windows\system32\NtmsData
2012-05-05 13:14 . 2012-05-05 13:14 -------- d-----w- c:\documents and settings\milanK\Data aplikací\Avira
2012-05-05 13:11 . 2012-01-31 06:57 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-05 13:11 . 2011-09-16 14:09 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-05 13:11 . 2012-01-31 06:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-05 13:11 . 2012-05-05 13:11 -------- d-----w- c:\program files\Avira
2012-05-05 13:11 . 2012-05-05 13:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2012-05-05 06:47 . 2012-05-05 06:47 -------- d-----w- c:\documents and settings\Administrator
2012-05-04 20:33 . 2012-05-04 20:34 -------- d-----w- c:\program files\trend micro
2012-05-04 20:33 . 2012-05-04 20:34 -------- d-----w- C:\rsit
2012-05-04 14:39 . 2012-05-04 14:39 -------- d-----w- c:\documents and settings\milanK\Data aplikací\Malwarebytes
2012-05-04 14:39 . 2012-05-04 14:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-05-04 14:39 . 2012-05-04 14:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-04 14:39 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-11 18:55 . 2012-04-11 18:55 -------- d-----w- C:\55e66e41663b505bb095fe826b6e
2012-04-10 16:24 . 2012-04-20 19:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PhotoStitch
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 15:47 . 2012-04-04 18:23 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 15:47 . 2012-03-24 14:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-24 15:26 . 2012-03-24 15:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-24 15:26 . 2011-03-03 23:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 10:56 . 2011-01-25 08:12 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:56 . 2011-01-25 08:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:56 . 2011-01-25 08:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:08 . 2011-01-25 08:12 178176 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:08 . 2008-04-14 11:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30 . 2011-01-25 08:10 385024 ----a-w- c:\windows\system32\html.iec
2012-03-13 04:38 . 2011-05-15 16:40 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-01-25 . 8F41FD1CC693054347C6FB7B0E618B07 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-05-04_22.16.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-05 16:28 . 2012-05-05 16:28 16384 c:\windows\Temp\Perflib_Perfdata_5f4.dat
+ 2011-02-19 21:03 . 2011-02-19 21:03 51024 c:\windows\system32\vcomp100.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 81744 c:\windows\system32\mfcm100u.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 81744 c:\windows\system32\mfcm100.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 60752 c:\windows\system32\mfc100rus.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 43344 c:\windows\system32\mfc100kor.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 62288 c:\windows\system32\mfc100ita.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 36176 c:\windows\system32\mfc100cht.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 36176 c:\windows\system32\mfc100chs.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 64336 c:\windows\system32\mfc100fra.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 63824 c:\windows\system32\mfc100esn.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 55120 c:\windows\system32\mfc100enu.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 64336 c:\windows\system32\mfc100deu.dll
+ 2012-05-05 13:11 . 2010-06-17 12:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2011-02-18 22:40 . 2011-02-18 22:40 773968 c:\windows\system32\msvcr100.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 421200 c:\windows\system32\msvcp100.dll
+ 2012-05-05 15:47 . 2012-05-05 15:47 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-04-04 18:23 . 2012-05-05 15:47 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-02-19 21:03 . 2011-02-19 21:03 138056 c:\windows\system32\atl100.dll
+ 2012-05-05 13:10 . 2012-05-05 13:10 160768 c:\windows\Installer\6ac63.msi
+ 2011-02-19 21:03 . 2011-02-19 21:03 4422992 c:\windows\system32\mfc100u.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 4397384 c:\windows\system32\mfc100.dll
+ 2012-05-05 15:47 . 2012-05-05 15:47 8797856 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KB976002-v5"="advpack.dll" [2011-01-25 128512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-09 8523776]
"nwiz"="nwiz.exe" [2008-01-09 1626112]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-09 81920]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-03-13 39264]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"KB976002-v5"="advpack.dll" [2011-01-25 128512]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-3-11 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2011-3-4 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2011-01-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\GAMES\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [5. 5. 2012 15:11 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3. 3. 2011 23:52 218688]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5. 5. 2012 15:11 86224]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [4. 3. 2011 0:48 8440]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11. 3. 2011 14:08 10384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4. 5. 2012 16:39 654408]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [4. 5. 2010 13:07 503080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4. 5. 2012 16:39 22344]
S0 fyekc;fyekc;c:\windows\system32\drivers\afdmd.sys --> c:\windows\system32\drivers\afdmd.sys [?]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [25. 1. 2011 10:15 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4. 3. 2011 11:45 130384]
S3 5eq6lrjw8.sys;5eq6lrjw8.sys;\??\c:\windows\system32\drivers\5eq6lrjw8.sys --> c:\windows\system32\drivers\5eq6lrjw8.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4. 4. 2012 20:23 257696]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25. 1. 2011 10:12 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [4. 3. 2011 11:46 753504]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-05 20:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3552)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-05-05 20:23:27
ComboFix-quarantined-files.txt 2012-05-05 18:23
ComboFix2.txt 2012-05-05 14:25
ComboFix3.txt 2012-05-05 07:39
ComboFix4.txt 2012-05-04 22:20
.
Před spuštěním: Volných bajtů: 87 198 535 680
Po spuštění: Volných bajtů: 87 183 589 376
.
- - End Of File - - EABF60BC0F39486ADA58A7C2EEEF48D0

#21 Příspěvek od **Rudy** » 05 kvě 2012 20:15

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\system32\drivers\5eq6lrjw8.sys

Folder::
C:\TDSSKiller_Quarantine

Driver::
5eq6lrjw8.sys

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

mari · #22 Příspěvek od **mari** » 05 kvě 2012 20:46

Doufám, že v CF script udělal vše co měl. .-)

ComboFix 12-05-05.06 - Administrator . 05. 2012 21:35:22.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1791.1244 [GMT 2:00]
Spuštěný z: c:\documents and settings\milanK\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-05 do 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 16:26 . 2012-05-05 16:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-05 14:10 . 2012-05-05 14:10 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2012-05-05 13:16 . 2012-05-05 14:06 -------- d-----w- c:\windows\system32\NtmsData
2012-05-05 13:14 . 2012-05-05 13:14 -------- d-----w- c:\documents and settings\milanK\Data aplikací\Avira
2012-05-05 13:11 . 2012-01-31 06:57 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-05 13:11 . 2011-09-16 14:09 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-05 13:11 . 2012-01-31 06:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-05 13:11 . 2012-05-05 13:11 -------- d-----w- c:\program files\Avira
2012-05-05 13:11 . 2012-05-05 13:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2012-05-05 06:47 . 2012-05-05 06:47 -------- d-----w- c:\documents and settings\Administrator
2012-05-04 20:33 . 2012-05-04 20:34 -------- d-----w- c:\program files\trend micro
2012-05-04 20:33 . 2012-05-04 20:34 -------- d-----w- C:\rsit
2012-05-04 14:39 . 2012-05-04 14:39 -------- d-----w- c:\documents and settings\milanK\Data aplikací\Malwarebytes
2012-05-04 14:39 . 2012-05-04 14:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-05-04 14:39 . 2012-05-04 14:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-04 14:39 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-11 18:55 . 2012-04-11 18:55 -------- d-----w- C:\55e66e41663b505bb095fe826b6e
2012-04-10 16:24 . 2012-04-20 19:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PhotoStitch
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 15:47 . 2012-04-04 18:23 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 15:47 . 2012-03-24 14:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-24 15:26 . 2012-03-24 15:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-24 15:26 . 2011-03-03 23:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 10:56 . 2011-01-25 08:12 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:56 . 2011-01-25 08:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:56 . 2011-01-25 08:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:08 . 2011-01-25 08:12 178176 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:08 . 2008-04-14 11:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30 . 2011-01-25 08:10 385024 ----a-w- c:\windows\system32\html.iec
2012-03-13 04:38 . 2011-05-15 16:40 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-01-25 . 8F41FD1CC693054347C6FB7B0E618B07 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-05-04_22.16.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-05 19:28 . 2012-05-05 19:28 16384 c:\windows\Temp\Perflib_Perfdata_5c0.dat
+ 2011-02-19 21:03 . 2011-02-19 21:03 51024 c:\windows\system32\vcomp100.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 81744 c:\windows\system32\mfcm100u.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 81744 c:\windows\system32\mfcm100.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 60752 c:\windows\system32\mfc100rus.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 43344 c:\windows\system32\mfc100kor.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 62288 c:\windows\system32\mfc100ita.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 36176 c:\windows\system32\mfc100cht.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 36176 c:\windows\system32\mfc100chs.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 64336 c:\windows\system32\mfc100fra.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 63824 c:\windows\system32\mfc100esn.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 55120 c:\windows\system32\mfc100enu.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 64336 c:\windows\system32\mfc100deu.dll
+ 2012-05-05 13:11 . 2010-06-17 12:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2011-02-18 22:40 . 2011-02-18 22:40 773968 c:\windows\system32\msvcr100.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 421200 c:\windows\system32\msvcp100.dll
+ 2012-05-05 15:47 . 2012-05-05 15:47 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-04-04 18:23 . 2012-05-05 15:47 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-02-19 21:03 . 2011-02-19 21:03 138056 c:\windows\system32\atl100.dll
+ 2012-05-05 13:10 . 2012-05-05 13:10 160768 c:\windows\Installer\6ac63.msi
+ 2011-02-19 21:03 . 2011-02-19 21:03 4422992 c:\windows\system32\mfc100u.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 4397384 c:\windows\system32\mfc100.dll
+ 2012-05-05 15:47 . 2012-05-05 15:47 8797856 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KB976002-v5"="advpack.dll" [2011-01-25 128512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-09 8523776]
"nwiz"="nwiz.exe" [2008-01-09 1626112]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-09 81920]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-03-13 39264]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"KB976002-v5"="advpack.dll" [2011-01-25 128512]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-3-11 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2011-3-4 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2011-01-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\GAMES\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [5. 5. 2012 15:11 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3. 3. 2011 23:52 218688]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5. 5. 2012 15:11 86224]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [4. 3. 2011 0:48 8440]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11. 3. 2011 14:08 10384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4. 5. 2012 16:39 654408]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [4. 5. 2010 13:07 503080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4. 5. 2012 16:39 22344]
S0 fyekc;fyekc;c:\windows\system32\drivers\afdmd.sys --> c:\windows\system32\drivers\afdmd.sys [?]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [25. 1. 2011 10:15 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4. 3. 2011 11:45 130384]
S3 5eq6lrjw8.sys;5eq6lrjw8.sys;\??\c:\windows\system32\drivers\5eq6lrjw8.sys --> c:\windows\system32\drivers\5eq6lrjw8.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4. 4. 2012 20:23 257696]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25. 1. 2011 10:12 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [4. 3. 2011 11:46 753504]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\milanK\Data aplikací\Mozilla\Firefox\Profiles\ybi1upaf.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-05 21:42
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3140)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-05-05 21:45:03
ComboFix-quarantined-files.txt 2012-05-05 19:45
ComboFix2.txt 2012-05-05 18:23
ComboFix3.txt 2012-05-05 14:25
ComboFix4.txt 2012-05-05 07:39
ComboFix5.txt 2012-05-05 19:19
.
Před spuštěním: Volných bajtů: 87 184 035 840
Po spuštění: Volných bajtů: 87 169 875 968
.
- - End Of File - - 8AF73BC2A4841CE45BC5AE5567FBFF2B

#23 Příspěvek od **Rudy** » 05 kvě 2012 21:29

ComboFix nebyl spuštěn skriptem. Všechno tam zůstalo.

mari · #24 Příspěvek od **mari** » 05 kvě 2012 21:33

Byl, ale Script se prostě neprovede (netuším proč), dokonce vypínam i antivir. Pokaždé stejný výsledek. Při vehledávání (dle scriptu) obsahu se zasekne a neprovádí vůbec nic. Následuje hard restart

#25 Příspěvek od **Rudy** » 05 kvě 2012 21:37

Zkuste akci provést v nouz. režimu.

mari · #26 Příspěvek od **mari** » 05 kvě 2012 22:12

CF v NR nejspíš zafungoval.

ComboFix 12-05-05.06 - Administrator . 05. 2012 22:52:08.6.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1791.1541 [GMT 2:00]
Spuštěný z: c:\documents and settings\milanK\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\milanK\Plocha\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\TDSSKiller_Quarantine
c:\tdsskiller_quarantine\05.05.2012_18.24.01\mbr0000\mbr0000\object.ini
c:\tdsskiller_quarantine\05.05.2012_18.24.01\mbr0000\mbr0000\tsk0000.dta
c:\tdsskiller_quarantine\05.05.2012_18.24.01\mbr0000\mbr0000\tsk0000.ini
c:\tdsskiller_quarantine\05.05.2012_18.24.01\mbr0000\mbr0000\tsk0001.dta
c:\tdsskiller_quarantine\05.05.2012_18.24.01\mbr0000\mbr0000\tsk0001.ini
c:\tdsskiller_quarantine\05.05.2012_18.24.01\mbr0000\object.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_5EQ6LRJW8.SYS
-------\Service_5eq6lrjw8.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-05 do 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 19:58 . 2012-05-05 20:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CPA_VA
2012-05-05 19:56 . 2012-05-05 21:02 48416 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-05-05 19:53 . 2012-05-05 19:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo
2012-05-05 19:53 . 2012-05-05 19:53 -------- d-----w- c:\program files\Comodo
2012-05-05 19:53 . 2012-05-05 19:53 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-05-05 19:53 . 2012-05-05 19:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-05 19:53 . 2012-05-05 19:53 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-05-05 14:10 . 2012-05-05 14:10 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2012-05-05 13:16 . 2012-05-05 14:06 -------- d-----w- c:\windows\system32\NtmsData
2012-05-05 13:14 . 2012-05-05 13:14 -------- d-----w- c:\documents and settings\milanK\Data aplikací\Avira
2012-05-05 13:11 . 2012-01-31 06:57 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-05 13:11 . 2011-09-16 14:09 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-05 13:11 . 2012-01-31 06:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-05 13:11 . 2012-05-05 13:11 -------- d-----w- c:\program files\Avira
2012-05-05 13:11 . 2012-05-05 13:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2012-05-05 06:47 . 2012-05-05 06:47 -------- d-----w- c:\documents and settings\Administrator
2012-05-04 20:33 . 2012-05-04 20:34 -------- d-----w- c:\program files\trend micro
2012-05-04 20:33 . 2012-05-04 20:34 -------- d-----w- C:\rsit
2012-05-04 14:39 . 2012-05-04 14:39 -------- d-----w- c:\documents and settings\milanK\Data aplikací\Malwarebytes
2012-05-04 14:39 . 2012-05-04 14:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-05-04 14:39 . 2012-05-04 14:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-04 14:39 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-11 18:55 . 2012-04-11 18:55 -------- d-----w- C:\55e66e41663b505bb095fe826b6e
2012-04-10 16:24 . 2012-04-20 19:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PhotoStitch
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 15:47 . 2012-04-04 18:23 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 15:47 . 2012-03-24 14:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-24 15:26 . 2012-03-24 15:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-24 15:26 . 2011-03-03 23:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-11 19:13 . 2012-03-11 19:13 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-11 19:13 . 2012-03-11 19:13 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 19:13 . 2012-03-11 19:13 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 19:13 . 2012-03-11 19:13 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 19:13 . 2012-03-11 19:13 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 19:13 . 2012-03-11 19:13 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-01 10:56 . 2011-01-25 08:12 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:56 . 2011-01-25 08:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:56 . 2011-01-25 08:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:08 . 2011-01-25 08:12 178176 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:08 . 2008-04-14 11:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30 . 2011-01-25 08:10 385024 ----a-w- c:\windows\system32\html.iec
2012-03-13 04:38 . 2011-05-15 16:40 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-01-25 . 8F41FD1CC693054347C6FB7B0E618B07 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-05-04_22.16.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-05 21:03 . 2012-05-05 21:03 16384 c:\windows\temp\Perflib_Perfdata_1fc.dat
+ 2011-02-19 21:03 . 2011-02-19 21:03 51024 c:\windows\system32\vcomp100.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 81744 c:\windows\system32\mfcm100u.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 81744 c:\windows\system32\mfcm100.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 60752 c:\windows\system32\mfc100rus.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 43344 c:\windows\system32\mfc100kor.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 62288 c:\windows\system32\mfc100ita.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 36176 c:\windows\system32\mfc100cht.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 36176 c:\windows\system32\mfc100chs.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 64336 c:\windows\system32\mfc100fra.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 63824 c:\windows\system32\mfc100esn.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 55120 c:\windows\system32\mfc100enu.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 64336 c:\windows\system32\mfc100deu.dll
+ 2012-05-05 13:11 . 2010-06-17 12:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2011-03-03 20:56 . 2012-05-05 21:04 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-03 20:56 . 2011-03-04 10:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-03-03 20:56 . 2012-05-05 21:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-05-05 20:00 . 2012-05-05 20:00 16384 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2012-05-05 19:57 . 2012-05-05 19:58 21360 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
- 2011-03-03 20:56 . 2011-03-04 10:17 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-05-05 19:57 . 2012-05-05 21:04 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-02-18 22:40 . 2011-02-18 22:40 773968 c:\windows\system32\msvcr100.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 421200 c:\windows\system32\msvcp100.dll
+ 2012-05-05 15:47 . 2012-05-05 15:47 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-04-04 18:23 . 2012-05-05 15:47 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-02-19 21:03 . 2011-02-19 21:03 138056 c:\windows\system32\atl100.dll
+ 2012-05-05 13:10 . 2012-05-05 13:10 160768 c:\windows\Installer\6ac63.msi
+ 2011-02-19 21:03 . 2011-02-19 21:03 4422992 c:\windows\system32\mfc100u.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 4397384 c:\windows\system32\mfc100.dll
+ 2012-05-05 15:47 . 2012-05-05 15:47 8797856 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
+ 2012-05-05 19:54 . 2012-05-05 19:54 8717824 c:\windows\Installer\18052f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\progra~1\MICROS~4\wcescomm.exe" [2006-11-13 1289000]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-09 8523776]
"nwiz"="nwiz.exe" [2008-01-09 1626112]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-09 81920]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-03-13 39264]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"KB976002-v5"="advpack.dll" [2011-01-25 128512]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-3-11 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2011-3-4 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2011-01-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\GAMES\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [5.5.2012 15:11 36000]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [11.3.2012 21:13 18056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11.3.2012 21:13 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11.3.2012 21:13 31704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3.3.2011 23:52 218688]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5.5.2012 15:11 86224]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\Comodo\COMODO GeekBuddy\CLPSLS.exe [23.11.2011 12:27 1052472]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [4.3.2011 0:48 8440]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11.3.2011 14:08 10384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4.5.2012 16:39 654408]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [4.5.2010 13:07 503080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4.5.2012 16:39 22344]
S0 fyekc;fyekc;c:\windows\system32\drivers\afdmd.sys --> c:\windows\system32\drivers\afdmd.sys [?]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [25.1.2011 10:15 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4.3.2011 11:45 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4.4.2012 20:23 257696]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25.1.2011 10:12 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [4.3.2011 11:46 753504]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BEC7CC4B-ED64-42A3-BDE8-55858CD124E0}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\milanK\Data aplikací\Mozilla\Firefox\Profiles\ybi1upaf.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-05 23:05
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(956)
c:\windows\system32\guard32.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\MPR.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'csrss.exe'(744)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\COMODO\COMODO GeekBuddy\CLPS.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-05-05 23:11:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-05 21:11
ComboFix2.txt 2012-05-05 19:45
ComboFix3.txt 2012-05-05 18:23
ComboFix4.txt 2012-05-05 14:25
ComboFix5.txt 2012-05-05 20:49
.
Před spuštěním: Volných bajtů: 86 674 567 168
Po spuštění: Volných bajtů: 86 664 531 968
.
- - End Of File - - 1955516E5010D6D8847F875B4D586F5D

#27 Příspěvek od **Rudy** » 06 kvě 2012 10:14

Smazáno. Nastala nějaká změna?

mari · #28 Příspěvek od **mari** » 06 kvě 2012 10:26

No on počítač fungoval "korektně" jen to rozesílalo nějaký spam/viry díky čemuž provider blocknul spoustu portů. Tudíž musím zavolat, aby to odblokoval a doufat, že k odstranění došlo.

Díky moc za pomoc!

#29 Příspěvek od **Rudy** » 06 kvě 2012 10:42

Šmejdy, které jsem našel, byly odstraněny. Takže snad ano.

mari · #30 Příspěvek od **mari** » 06 kvě 2012 15:03

Provider me tvrdí, že mě porty povolil. Stejně mě například aplikace steam pořád nejde spustit

, ani nemůžu stahovat nic pomocí P2P.

Což bude asi problém i u steamu, protože se tak pravděpodobně updatuje.

EDIT: MR*AT UPC, 2x tam volám a oni mě řeknou, že je vše OK. Supr., jak BLÁZEN hledám chyby už v nesmyslech na své straně a po 50 kofejnovejch pilulkách a 30 zhrouceních a brutálních RAGE volám po 3tí a ten bourák řekne, že to maj sice v systému "zaškrtnutý", ale samostatná akce/script odblokování se neprovedl??? Jsem si v tu chvilku připadal, jak když volám s

nebo, že tam obsluhujou.

VIRY.CZ

Prosím o kontrolu (vir)

Re: Prosím o kontrolu (vir)

Re: Prosím o kontrolu (vir)

Re: Prosím o kontrolu (vir)

Re: Prosím o kontrolu (vir)

Re: Prosím o kontrolu (vir)

Re: Prosím o kontrolu (vir)

Re: Prosím o kontrolu (vir)

Re: Prosím o kontrolu (vir)

Re: Prosím o kontrolu (vir)

Re: Prosím o kontrolu (vir)

Re: Prosím o kontrolu (vir)

Re: Prosím o kontrolu (vir)

Re: Prosím o kontrolu (vir)

Re: Prosím o kontrolu (vir)

Re: Prosím o kontrolu (vir)