Zdravím,
od dnešního rána mám problémy s počítačem. Je zabržděný, zmizel mi AVG, Google Grome a nefunguje žádný jiný prohlížeč než Explorer.
Přikládám log z RSIT.
Děkuji za jakoukoliv pomoc
Logfile of random's system information tool 1.06 (written by random/random)
Run by Patrik at 2012-07-12 19:54:58
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 5 GB (7%) free of 80 GB
Total RAM: 2038 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:18, on 12.7.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMConfig.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trust\GXT14 Mouse\POINTERGHOST.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMProcess.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\DOCUME~1\Patrik\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trust\GXT14 Mouse\StartAutorun.exe
C:\Program Files\Trust\GXT14 Mouse\RapooV1Process.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Patrik\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\trend micro\Patrik.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll (file missing)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Media Sharing Plugin - {4C905A23-D8FE-4A25-B9DB-87DF3664178A} - C:\ProgramData\Windows\ntfs64.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINDOWS\Downloaded Program Files\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehabn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~1\GbPlugin\gbiehuni.dll
O2 - BHO: G-Buster Browser Defense Sicredi - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\WINDOWS\Downloaded Program Files\gbiehscd.dll
O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\PROGRA~1\GbPlugin\gbiehisg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [trustGTX14] "C:\Program Files\Trust\GXT14 Mouse\POINTERGHOST.exe" showhide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Patrik\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OTjzRu0mR3] C:\Documents and Settings\All Users\Ulmqqx20vFCAp\IwZxd31jMfvC2W7s\NUpJiGMsGc3vxe77\K5n4wD65t8UYSv\B9Am8G.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O4 - Global Startup: NewShortcut1.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Cooking Dash 3 - Thrills & Spills\Images\stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Cooking Dash 3 - Thrills & Spills\Images\armhelper.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\WINDOWS\Downloaded Program Files\gbiehCef.dll
O20 - Winlogon Notify: GbPluginIsg - C:\PROGRA~1\GbPlugin\gbiehIsg.dll
O20 - Winlogon Notify: GbPluginScd - C:\WINDOWS\Downloaded Program Files\gbiehScd.dll
O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~1\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Game Mouse Communication And Update Service V1 (KmGameMouseServiceV1) - UASSOFT.COM - C:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 17336 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-220523388-602162358-682003330-1003Core.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-220523388-602162358-682003330-1003UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4C905A23-D8FE-4A25-B9DB-87DF3664178A}]
Windows Media Sharing Plugin - C:\ProgramData\Windows\ntfs64.dll [2012-07-11 8409600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-09 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
Ask Search Assistant BHO - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-12 1003576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]
GbIehObj Class - C:\PROGRA~1\GbPlugin\gbieh.dll [2012-05-09 1313864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]
GbIehObj Class - C:\WINDOWS\Downloaded Program Files\gbiehcef.dll [2012-01-11 726360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]
GbIehObj Class - C:\PROGRA~1\GbPlugin\gbiehabn.dll [2012-02-15 607472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}]
GbIehObj Class - C:\PROGRA~1\GbPlugin\gbiehuni.dll [2012-02-01 601592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540011}]
GbIehObj Class - C:\WINDOWS\Downloaded Program Files\gbiehscd.dll [2012-02-15 695864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540015}]
GbIehObj Class - C:\PROGRA~1\GbPlugin\gbiehisg.dll [2011-10-21 694960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-09 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-04-09 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetPacks Browser Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-02-19 1337648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-07-17 691656]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Ask Toolbar - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL []
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll []
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetPacks Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-02-19 1337648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-04-21 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-04-21 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-04-21 138008]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-09-17 16132608]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2008-09-17 53248]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2008-09-17 102400]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"UpdatePDRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-01-04 222504]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"KMCONFIG"=C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe [2007-03-06 212992]
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2011-07-05 421888]
"trustGTX14"=C:\Program Files\Trust\GXT14 Mouse\POINTERGHOST.exe [2009-06-05 4833792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2012-02-16 114992]
"Sweetpacks Communicator"=C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [2012-02-26 295728]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-02-19 2012912]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-10 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Facebook Update"=C:\Documents and Settings\Patrik\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe /c /nocrashserver []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"OTjzRu0mR3"=C:\Documents and Settings\All Users\Ulmqqx20vFCAp\IwZxd31jMfvC2W7s\NUpJiGMsGc3vxe77\K5n4wD65t8UYSv\B9Am8G.exe [2012-07-11 29970080]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
NewShortcut1.lnk - C:\Program Files\USB_video_device\Utility\RemoteTool\BDARemote.exe
C:\Documents and Settings\Patrik\Nabídka Start\Programy\Po spuštění
Internet Explorer.lnk - C:\Program Files\Internet Explorer\IEXPLORE.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginAbn]
C:\PROGRA~1\GbPlugin\gbiehAbn.dll [2012-02-15 607472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]
C:\PROGRA~1\GbPlugin\gbieh.dll [2012-05-09 1313864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]
C:\WINDOWS\Downloaded Program Files\gbiehCef.dll [2012-01-11 726360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginIsg]
C:\PROGRA~1\GbPlugin\gbiehIsg.dll [2011-10-21 694960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginScd]
C:\WINDOWS\Downloaded Program Files\gbiehScd.dll [2012-02-15 695864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni]
C:\PROGRA~1\GbPlugin\gbiehUni.dll [2012-02-01 601592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-06 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-28 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-04-17 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=C:\PROGRA~1\GbPlugin\gbiehabn.dll [2012-02-15 607472]
"{E37CB5F0-51F5-4395-A808-5FA49E399015}"=C:\PROGRA~1\GbPlugin\gbiehisg.dll [2011-10-21 694960]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\WINDOWS\Downloaded Program Files\gbiehcef.dll [2012-01-11 726360]
"{E37CB5F0-51F5-4395-A808-5FA49E399011}"=C:\WINDOWS\Downloaded Program Files\gbiehscd.dll [2012-02-15 695864]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"=C:\PROGRA~1\GbPlugin\gbiehuni.dll [2012-02-01 601592]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\PROGRA~1\GbPlugin\gbieh.dll [2012-05-09 1313864]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"ConsentPromptBehaviorAdmin"=0
"EnableLUA"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"BackupNoCDBurning"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\CyberLink\PowerDirector\PDR.exe"="C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Documents and Settings\Patrik\Local Settings\Data aplikací\Facebook\Video\Skype\FacebookVideoCalling.exe"="C:\Documents and Settings\Patrik\Local Settings\Data aplikací\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup"
"C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe"="C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2012-07-12 19:54:59 ----D---- C:\Program Files\trend micro
2012-07-12 19:54:58 ----D---- C:\rsit
2012-07-12 18:50:44 ----D---- C:\WINDOWS\LastGood
2012-07-12 07:35:14 ----D---- C:\Program Files\GbPlugin
2012-07-11 20:03:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\GbPlugin
2012-07-11 20:03:44 ----A---- C:\WINDOWS\system32\libgcc_s_dw2-1.dll
2012-07-11 20:01:29 ----D---- C:\ProgramData
2012-07-03 13:01:57 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-07-02 18:02:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\PopCap Games
2012-06-27 08:14:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\PopCapY
2012-06-27 08:13:55 ----D---- C:\Program Files\PopCap Games
2012-06-17 18:34:57 ----D---- C:\Program Files\SweetIM
2012-06-17 18:34:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\SweetIM
2012-06-17 18:33:23 ----D---- C:\Program Files\GotClip
======List of files/folders modified in the last 1 months======
2012-07-12 19:55:15 ----D---- C:\WINDOWS\Prefetch
2012-07-12 19:54:59 ----RD---- C:\Program Files
2012-07-12 19:11:06 ----AD---- C:\WINDOWS\system32\drivers
2012-07-12 19:11:02 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-07-12 18:50:55 ----HD---- C:\WINDOWS\inf
2012-07-12 18:50:44 ----D---- C:\WINDOWS
2012-07-12 18:50:36 ----D---- C:\WINDOWS\system32\CatRoot2
2012-07-12 18:50:11 ----D---- C:\WINDOWS\temp
2012-07-12 18:49:48 ----AD---- C:\WINDOWS\system32
2012-07-12 08:09:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-07-12 07:59:21 ----SD---- C:\WINDOWS\Tasks
2012-07-12 07:27:50 ----D---- C:\Program Files\Mozilla Firefox
2012-07-11 20:03:34 ----D---- C:\Program Files\Google
2012-07-08 11:12:36 ----D---- C:\Program Files\McAfee Security Scan
2012-07-06 20:26:41 ----D---- C:\Program Files\Valve
2012-07-05 21:53:36 ----A---- C:\WINDOWS\NeroDigital.ini
2012-06-27 08:13:55 ----SHD---- C:\WINDOWS\Installer
2012-06-27 08:13:55 ----D---- C:\Config.Msi
2012-06-27 08:13:52 ----D---- C:\WINDOWS\WinSxS
2012-06-26 14:21:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-06-25 11:40:42 ----D---- C:\$AVG8.VAULT$
2012-06-22 23:05:29 ----D---- C:\Documents and Settings\Patrik\Data aplikací\Skype
2012-06-20 13:40:54 ----D---- C:\Documents and Settings\Patrik\Data aplikací\XnView
2012-06-19 12:30:15 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-06-15 00:46:07 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-28 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-28 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-08 108552]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 71088]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2008-09-17 12672]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-09-20 1123328]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-24 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-24 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-04-01 876384]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2008-09-17 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2008-09-17 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-17 5760096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-09-17 4424192]
R3 KMWDFilter;KMWDFilter; \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS []
R3 KMWDFilterV1;KMWDFilterV1; \??\C:\WINDOWS\System32\Drivers\RPGMOUSEV1.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NdisrdMP;NdisrdMP; C:\WINDOWS\system32\DRIVERS\gbpndisrd.sys [2012-07-12 28880]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-04 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-09-17 215904]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2008-09-17 290304]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2008-09-17 730112]
S3 ap8mohin;ap8mohin; C:\WINDOWS\system32\drivers\ap8mohin.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-24 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-04-01 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-24 67960]
S3 catchme;catchme; \??\C:\DOCUME~1\Patrik\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-06 21568]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 Ndisrd;GAS Tecnologia Service; C:\WINDOWS\system32\DRIVERS\gbpndisrd.sys [2012-07-12 28880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USB28xxBGA;USB 2863 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2008-05-14 535040]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2008-05-14 286208]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 GbpSv;Gbp Service; C:\PROGRA~1\GbPlugin\GbpSv.exe [2012-05-09 214088]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-04-09 153376]
R2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1; C:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe [2009-05-18 354816]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe [2007-06-09 208896]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-02-20 1222192]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-11 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-11-11 103736]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-12-31 247152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe []
S2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe /svc []
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-05-03 158856]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc []
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
zasekaný počítač
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: zasekaný počítač
Zdravim a pekny vecer preji 
Trvate na antiviru avg ? U nas neni moc obliben - vyssi zatez systemu, slabsi detekce. Ja bych byl pro zmenu, ale vy rozhodnete
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
Trvate na antiviru avg ? U nas neni moc obliben - vyssi zatez systemu, slabsi detekce. Ja bych byl pro zmenu, ale vy rozhodnete Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
- Ukoncete vsechny programy
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Pockejte na dokonceni PreScanu
- Zvolte moznost Prohledat (scan)
- Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: zasekaný počítač
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v: Normální režim
Uživatel: Patrik [Práva správce]
Mód: Kontrola -- Datum: 07/12/2012 20:51:29
¤¤¤ Škodlivé procesy: 0 ¤¤¤
¤¤¤ Záznamy Registrů: 4 ¤¤¤
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
SSDT[25] : NtClose @ 0x805BAEB4 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235F80)
SSDT[37] : NtCreateFile @ 0x80577E5E -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235552)
SSDT[41] : NtCreateKey @ 0x80622048 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8231882)
SSDT[47] : NtCreateProcess @ 0x805CFA1C -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8234A1A)
SSDT[48] : NtCreateProcessEx @ 0x805CF966 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8234910)
SSDT[53] : NtCreateThread @ 0x805CF804 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8234F2A)
SSDT[62] : NtDeleteFile @ 0x80575A46 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8236034)
SSDT[63] : NtDeleteKey @ 0x806224D8 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8231D54)
SSDT[65] : NtDeleteValueKey @ 0x806226A8 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8231E70)
SSDT[97] : NtLoadDriver @ 0x80582DFE -> HOOKED (\SystemRoot\system32\drivers\khips.sys @ 0xBA2DAF4C)
SSDT[108] : NtMapViewOfSection @ 0x805B09CE -> HOOKED (\SystemRoot\system32\drivers\khips.sys @ 0xBA2DB232)
SSDT[116] : NtOpenFile @ 0x80578F5C -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235906)
SSDT[119] : NtOpenKey @ 0x806233DE -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8231B78)
SSDT[206] : NtResumeThread @ 0x805D3148 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA82350DC)
SSDT[224] : NtSetInformationFile @ 0x80579DC4 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235CE0)
SSDT[247] : NtSetValueKey @ 0x80620708 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8232038)
SSDT[274] : NtWriteFile @ 0x8057BC82 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235BB2)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] sfsync02.sys @ 0xBA338D60)
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] 932c8f4f21f1bb188ef98d5ea21536ae
[BSP] 2352af27b9759365cda394222a00baa9 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 80003 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 163846935 | Size: 225231 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[1].txt >>
RKreport[1].txt
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v: Normální režim
Uživatel: Patrik [Práva správce]
Mód: Kontrola -- Datum: 07/12/2012 20:51:29
¤¤¤ Škodlivé procesy: 0 ¤¤¤
¤¤¤ Záznamy Registrů: 4 ¤¤¤
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
SSDT[25] : NtClose @ 0x805BAEB4 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235F80)
SSDT[37] : NtCreateFile @ 0x80577E5E -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235552)
SSDT[41] : NtCreateKey @ 0x80622048 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8231882)
SSDT[47] : NtCreateProcess @ 0x805CFA1C -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8234A1A)
SSDT[48] : NtCreateProcessEx @ 0x805CF966 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8234910)
SSDT[53] : NtCreateThread @ 0x805CF804 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8234F2A)
SSDT[62] : NtDeleteFile @ 0x80575A46 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8236034)
SSDT[63] : NtDeleteKey @ 0x806224D8 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8231D54)
SSDT[65] : NtDeleteValueKey @ 0x806226A8 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8231E70)
SSDT[97] : NtLoadDriver @ 0x80582DFE -> HOOKED (\SystemRoot\system32\drivers\khips.sys @ 0xBA2DAF4C)
SSDT[108] : NtMapViewOfSection @ 0x805B09CE -> HOOKED (\SystemRoot\system32\drivers\khips.sys @ 0xBA2DB232)
SSDT[116] : NtOpenFile @ 0x80578F5C -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235906)
SSDT[119] : NtOpenKey @ 0x806233DE -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8231B78)
SSDT[206] : NtResumeThread @ 0x805D3148 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA82350DC)
SSDT[224] : NtSetInformationFile @ 0x80579DC4 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235CE0)
SSDT[247] : NtSetValueKey @ 0x80620708 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8232038)
SSDT[274] : NtWriteFile @ 0x8057BC82 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235BB2)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] sfsync02.sys @ 0xBA338D60)
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] 932c8f4f21f1bb188ef98d5ea21536ae
[BSP] 2352af27b9759365cda394222a00baa9 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 80003 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 163846935 | Size: 225231 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[1].txt >>
RKreport[1].txt
Re: zasekaný počítač
Spustte znovu RogueKiller
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: zasekaný počítač
Tak zatím log z RogueKilleru:
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v: Normální režim
Uživatel: Patrik [Práva správce]
Mód: Kontrola -- Datum: 07/12/2012 21:02:29
¤¤¤ Škodlivé procesy: 0 ¤¤¤
¤¤¤ Záznamy Registrů: 4 ¤¤¤
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
SSDT[25] : NtClose @ 0x805BAEB4 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235F80)
SSDT[37] : NtCreateFile @ 0x80577E5E -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235552)
SSDT[41] : NtCreateKey @ 0x80622048 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8231882)
SSDT[47] : NtCreateProcess @ 0x805CFA1C -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8234A1A)
SSDT[48] : NtCreateProcessEx @ 0x805CF966 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8234910)
SSDT[53] : NtCreateThread @ 0x805CF804 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8234F2A)
SSDT[62] : NtDeleteFile @ 0x80575A46 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8236034)
SSDT[63] : NtDeleteKey @ 0x806224D8 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8231D54)
SSDT[65] : NtDeleteValueKey @ 0x806226A8 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8231E70)
SSDT[97] : NtLoadDriver @ 0x80582DFE -> HOOKED (\SystemRoot\system32\drivers\khips.sys @ 0xBA2DAF4C)
SSDT[108] : NtMapViewOfSection @ 0x805B09CE -> HOOKED (\SystemRoot\system32\drivers\khips.sys @ 0xBA2DB232)
SSDT[116] : NtOpenFile @ 0x80578F5C -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235906)
SSDT[119] : NtOpenKey @ 0x806233DE -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8231B78)
SSDT[206] : NtResumeThread @ 0x805D3148 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA82350DC)
SSDT[224] : NtSetInformationFile @ 0x80579DC4 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235CE0)
SSDT[247] : NtSetValueKey @ 0x80620708 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8232038)
SSDT[274] : NtWriteFile @ 0x8057BC82 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235BB2)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] sfsync02.sys @ 0xBA338D60)
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] 932c8f4f21f1bb188ef98d5ea21536ae
[BSP] 2352af27b9759365cda394222a00baa9 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 80003 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 163846935 | Size: 225231 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v: Normální režim
Uživatel: Patrik [Práva správce]
Mód: Kontrola -- Datum: 07/12/2012 21:02:29
¤¤¤ Škodlivé procesy: 0 ¤¤¤
¤¤¤ Záznamy Registrů: 4 ¤¤¤
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
SSDT[25] : NtClose @ 0x805BAEB4 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235F80)
SSDT[37] : NtCreateFile @ 0x80577E5E -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235552)
SSDT[41] : NtCreateKey @ 0x80622048 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8231882)
SSDT[47] : NtCreateProcess @ 0x805CFA1C -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8234A1A)
SSDT[48] : NtCreateProcessEx @ 0x805CF966 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8234910)
SSDT[53] : NtCreateThread @ 0x805CF804 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8234F2A)
SSDT[62] : NtDeleteFile @ 0x80575A46 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8236034)
SSDT[63] : NtDeleteKey @ 0x806224D8 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8231D54)
SSDT[65] : NtDeleteValueKey @ 0x806226A8 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8231E70)
SSDT[97] : NtLoadDriver @ 0x80582DFE -> HOOKED (\SystemRoot\system32\drivers\khips.sys @ 0xBA2DAF4C)
SSDT[108] : NtMapViewOfSection @ 0x805B09CE -> HOOKED (\SystemRoot\system32\drivers\khips.sys @ 0xBA2DB232)
SSDT[116] : NtOpenFile @ 0x80578F5C -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235906)
SSDT[119] : NtOpenKey @ 0x806233DE -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8231B78)
SSDT[206] : NtResumeThread @ 0x805D3148 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA82350DC)
SSDT[224] : NtSetInformationFile @ 0x80579DC4 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235CE0)
SSDT[247] : NtSetValueKey @ 0x80620708 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8232038)
SSDT[274] : NtWriteFile @ 0x8057BC82 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xA8235BB2)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] sfsync02.sys @ 0xBA338D60)
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] 932c8f4f21f1bb188ef98d5ea21536ae
[BSP] 2352af27b9759365cda394222a00baa9 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 80003 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 163846935 | Size: 225231 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Re: zasekaný počítač
ComboFix, mě upozorňuje na zapnutý AVG antivirus, ale zapnutý ho nemám, není ani v procesech a když se ho pokusím spustit, tak vyskočí chybová hláška o nenalezení zástupce. Mohu ComboFix dokončit i přes upozornění?
Re: zasekaný počítač
Ano, spusste jej i tak 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: zasekaný počítač
A tady log z ComboFix:
ComboFix 12-07-12.02 - Patrik 12.07.2012 21:53:38.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2038.1158 [GMT 2:00]
Spuštěný z: c:\documents and settings\Patrik\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sunbelt Kerio Personal Firewall *Enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
ADS - system32: deleted 12 bytes in 6 streams.
ADS - drivers: deleted 407 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\73x0MH0b.exe
c:\documents and settings\All Users\9ZYJuPE5N.cpl
c:\documents and settings\All Users\DH4hvH5G1.cpl
c:\documents and settings\All Users\NVaWVWXhQ.cpl
c:\documents and settings\All Users\xgZh0Mb77mj.cpl
c:\documents and settings\All Users\yVmTVGgRHCj.cpl
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-12 do 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 20:05 . 2012-07-12 20:05 0 ----a-w- c:\windows\system32\drivers\tcpv6srv.sys
2012-07-12 19:05 . 2012-07-12 19:05 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-07-12 18:59 . 2012-07-12 18:59 -------- d-----w- C:\RK_Quarantine
2012-07-12 17:54 . 2012-07-12 17:55 -------- d-----w- c:\program files\trend micro
2012-07-12 17:54 . 2012-07-12 17:55 -------- d-----w- C:\rsit
2012-07-12 16:50 . 2012-07-12 16:50 -------- d-----w- c:\windows\LastGood
2012-07-12 05:36 . 2011-10-21 13:35 43440 ----a-w- c:\windows\system32\drivers\GbpKm.sys
2012-07-12 05:35 . 2012-07-12 17:18 -------- d-----w- c:\program files\GbPlugin
2012-07-12 05:28 . 2012-07-12 18:48 28880 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2012-07-11 18:03 . 2012-07-12 16:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GbPlugin
2012-07-11 18:03 . 2012-03-31 12:24 117248 ----a-w- c:\windows\system32\libgcc_s_dw2-1.dll
2012-07-11 18:01 . 2012-07-11 18:03 -------- d-----w- C:\ProgramData
2012-07-11 17:57 . 2012-07-11 17:57 -------- d-sh--w- c:\documents and settings\All Users\Ulmqqx20vFCAp
2012-07-03 11:01 . 2012-07-03 11:01 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-02 16:02 . 2012-07-02 16:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PopCap Games
2012-06-27 06:14 . 2012-06-27 06:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PopCapY
2012-06-27 06:13 . 2012-06-27 06:13 -------- d-----w- c:\program files\PopCap Games
2012-06-19 10:30 . 2012-06-19 10:30 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-19 10:30 . 2012-06-19 10:30 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-17 16:34 . 2012-06-17 16:35 -------- d-----w- c:\program files\SweetIM
2012-06-17 16:34 . 2012-06-17 16:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SweetIM
2012-06-17 16:33 . 2012-06-17 16:35 -------- d-----w- c:\program files\GotClip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 11:20 . 2011-07-19 07:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-19 10:30 . 2012-06-08 19:41 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-21_18.20.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-12 16:50 . 2012-07-12 16:50 16384 c:\windows\temp\Perflib_Perfdata_488.dat
+ 2001-10-25 14:00 . 2012-04-01 10:04 63522 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2012-04-01 10:04 74804 c:\windows\system32\perfc005.dat
+ 2004-07-17 09:36 . 2011-09-22 16:34 12464 c:\windows\system32\drivers\secdrv.sys
+ 2011-11-11 19:58 . 2009-06-10 17:00 18432 c:\windows\system32\drivers\RPGMOUSEV1.sys
- 2008-09-17 18:04 . 2008-09-17 18:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-17 18:04 . 2012-03-17 18:25 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-17 18:04 . 2012-03-17 18:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-17 18:04 . 2008-09-17 18:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-17 18:04 . 2008-09-17 18:04 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-08-21 12:09 . 2012-03-17 18:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-07-25 09:05 . 2011-07-25 09:05 38400 c:\windows\Installer\d099d0.msi
+ 2012-03-24 06:25 . 2012-03-24 06:25 22016 c:\windows\Installer\194f25.msi
- 2010-01-16 14:43 . 2010-03-15 18:06 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-07-25 09:05 . 2011-07-25 09:05 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-10-14 19:04 . 2011-10-14 19:04 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2012-06-17 16:35 . 2012-06-17 16:35 10134 c:\windows\Installer\{5B58EF61-85F2-4977-97A5-84C19F926579}\ARPPRODUCTICON.exe
+ 2012-06-17 16:34 . 2012-06-17 16:34 10134 c:\windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}\ARPPRODUCTICON.exe
+ 2012-07-12 16:56 . 2012-02-15 08:06 42808 c:\windows\Downloaded Program Files\gbpkm.sys
- 2009-03-02 17:48 . 2010-03-15 11:10 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-07-11 23:12 . 2009-07-11 23:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-11 23:09 . 2009-07-11 23:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-11 23:08 . 2009-07-11 23:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2011-11-11 19:58 . 2011-11-11 19:58 451072 c:\windows\Trust GXT14 Mouse\uninstall.exe
+ 2001-10-25 14:00 . 2012-04-01 10:04 404302 c:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2012-04-01 10:04 402238 c:\windows\system32\perfh005.dat
+ 2012-07-03 11:01 . 2012-07-03 11:01 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe
+ 2011-07-19 07:09 . 2012-07-03 11:20 243360 c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe
- 2011-07-19 07:09 . 2011-07-19 07:09 243360 c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe
- 2011-07-19 07:09 . 2011-07-19 07:09 328864 c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.dll
+ 2011-07-19 07:09 . 2012-07-03 11:20 328864 c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.dll
+ 2012-07-03 11:01 . 2012-07-03 11:01 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-09 17:47 . 2012-04-09 17:47 157472 c:\windows\system32\javaws.exe
+ 2012-04-09 17:47 . 2012-04-09 17:47 149280 c:\windows\system32\javaw.exe
+ 2012-04-09 17:47 . 2012-04-09 17:47 149280 c:\windows\system32\java.exe
+ 2008-09-17 19:46 . 2012-06-27 05:35 298048 c:\windows\system32\FNTCACHE.DAT
- 2008-09-17 19:46 . 2010-03-16 14:21 298048 c:\windows\system32\FNTCACHE.DAT
+ 2012-04-09 17:47 . 2012-04-09 17:47 472808 c:\windows\system32\deployJava1.dll
+ 2011-11-14 19:12 . 2011-11-14 19:12 115200 c:\windows\Installer\bfa215.msi
+ 2012-04-09 17:47 . 2012-04-09 17:47 203776 c:\windows\Installer\2dd32b.msi
+ 2012-04-09 17:47 . 2012-04-09 17:47 902656 c:\windows\Installer\2dd325.msi
+ 2012-05-26 10:29 . 2012-05-26 10:29 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-06-26 12:19 . 2012-06-26 12:19 217864 c:\windows\Installer\{90120000-006E-0405-0000-0000000FF1CE}\misc.exe
- 2010-03-15 18:05 . 2010-03-15 18:05 217864 c:\windows\Installer\{90120000-006E-0405-0000-0000000FF1CE}\misc.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2012-07-12 05:34 . 2012-02-15 08:06 211512 c:\windows\Downloaded Program Files\gbpdist.dll
+ 2012-07-11 18:03 . 2012-02-15 08:06 695864 c:\windows\Downloaded Program Files\gbiehscd.dll
+ 2012-07-11 18:03 . 2012-01-11 12:01 726360 c:\windows\Downloaded Program Files\gbiehcef.dll
+ 2012-07-03 11:01 . 2012-07-03 11:01 9459912 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
+ 2012-05-26 10:29 . 2012-05-26 10:29 1616896 c:\windows\Installer\cbb575.msi
+ 2011-10-14 19:05 . 2011-10-14 19:05 9474048 c:\windows\Installer\cb9b11.msi
+ 2011-10-14 19:04 . 2011-10-14 19:04 1485312 c:\windows\Installer\cb9872.msi
+ 2011-10-14 19:04 . 2011-10-14 19:04 1769984 c:\windows\Installer\cb986c.msi
+ 2012-06-17 16:35 . 2012-06-17 16:35 1417728 c:\windows\Installer\223a19b.msi
+ 2012-06-17 16:35 . 2012-06-17 16:35 1846784 c:\windows\Installer\223a195.msi
+ 2012-06-17 16:34 . 2012-06-17 16:34 1947136 c:\windows\Installer\223a18f.msi
- 2010-01-16 14:43 . 2010-03-15 18:06 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-07-25 09:05 . 2011-07-25 09:05 20333056 c:\windows\Installer\d099d7.msp
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2012-02-19 130864]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C905A23-D8FE-4A25-B9DB-87DF3664178A}]
2012-07-11 18:01 8409600 ----a-w- c:\programdata\Windows\ntfs64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-02-19 12:46 1337648 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-02-19 1337648]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-02-19 1337648]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-19 2012912]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-10 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"OTjzRu0mR3"="c:\documents and settings\All Users\Ulmqqx20vFCAp\IwZxd31jMfvC2W7s\NUpJiGMsGc3vxe77\K5n4wD65t8UYSv\B9Am8G.exe" [2012-07-11 29970080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-21 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-21 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-21 138008]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-17 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2008-09-17 53248]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-09-17 102400]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"KMCONFIG"="c:\program files\Trust\Trust R-Series Mouse\StartAutorun.exe" [2007-03-06 212992]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"trustGTX14"="c:\program files\Trust\GXT14 Mouse\POINTERGHOST.exe" [2009-06-05 4833792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\Patrik\Nabídka Start\Programy\Po spuštění\
Internet Explorer.lnk - c:\program files\Internet Explorer\IEXPLORE.EXE [2008-9-17 93184]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
NewShortcut1.lnk - c:\program files\USB_video_device\Utility\RemoteTool\BDARemote.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{E37CB5F0-51F5-4395-A808-5FA49E399015}"= "c:\progra~1\GbPlugin\gbiehisg.dll" [2011-10-21 694960]
"{E37CB5F0-51F5-4395-A808-5FA49E399011}"= "c:\windows\Downloaded Program Files\gbiehscd.dll" [2012-02-15 695864]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\progra~1\GbPlugin\gbiehuni.dll" [2012-02-01 601592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
2012-02-15 06:40 607472 ----a-w- c:\progra~1\GbPlugin\gbiehabn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2012-05-09 07:01 1313864 ----a-w- c:\progra~1\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-01-11 12:01 726360 ----a-w- c:\windows\Downloaded Program Files\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginIsg]
2011-10-21 13:34 694960 ----a-w- c:\progra~1\GbPlugin\gbiehisg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginScd]
2012-02-15 08:06 695864 ----a-w- c:\windows\Downloaded Program Files\gbiehscd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2012-02-01 08:41 601592 ----a-w- c:\progra~1\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 07:32 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 09:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Patrik\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
.
R0 bhound6;bhound6;c:\windows\system32\drivers\bhound6.sys [21.1.2007 8:14 61032]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [12.7.2012 7:36 43440]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.11.2008 17:31 717296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17.9.2008 15:34 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17.9.2008 15:34 108552]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 13:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 13:34 71088]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28.5.2008 10:33 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 10:33 66632]
R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [12.7.2012 7:34 214088]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [26.9.2008 18:58 222968]
R2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\program files\Trust\GXT14 Mouse\GameMouseServiceApp.exe [4.5.2009 12:22 354816]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-Series Mouse\KMWDSrv.exe [9.6.2007 0:23 208896]
R3 KMWDFilterV1;KMWDFilterV1;c:\windows\system32\drivers\RPGMOUSEV1.sys [11.11.2011 21:58 18432]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [12.7.2012 7:28 28880]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.5.2008 10:33 12872]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 gupdate;Služba Google Update (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.5.2012 8:31 158856]
S3 gupdatem;Služba Google Update (gupdatem);"c:\program files\Google\Update\GoogleUpdate.exe" /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [17.6.2011 19:33 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [8.6.2012 21:41 113120]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [12.7.2012 7:28 28880]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - GBPKM
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://search.qip.ru
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Patrik\Data aplikací\Mozilla\Firefox\Profiles\eu4b2oax.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
URLSearchHooks-*{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
HKCU-Run-Facebook Update - c:\documents and settings\Patrik\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
AddRemove-AVG8Uninstall - c:\program files\AVG\AVG8\setup.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-12 22:18
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1488)
c:\progra~1\GbPlugin\gbieh.dll
c:\windows\Downloaded Program Files\gbiehscd.dll
c:\windows\Downloaded Program Files\gbiehcef.dll
c:\progra~1\GbPlugin\gbiehabn.dll
c:\progra~1\GbPlugin\gbiehuni.dll
c:\progra~1\GbPlugin\gbiehisg.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Celkový čas: 2012-07-12 22:23:41
ComboFix-quarantined-files.txt 2012-07-12 20:23
ComboFix2.txt 2011-07-21 20:30
ComboFix3.txt 2011-07-21 19:29
ComboFix4.txt 2011-07-21 18:30
.
Před spuštěním: 5 955 358 720
Po spuštění: 6 996 414 464
.
- - End Of File - - 28AD9A7AC5720E57ED48C161983F9552
ComboFix 12-07-12.02 - Patrik 12.07.2012 21:53:38.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2038.1158 [GMT 2:00]
Spuštěný z: c:\documents and settings\Patrik\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sunbelt Kerio Personal Firewall *Enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
ADS - system32: deleted 12 bytes in 6 streams.
ADS - drivers: deleted 407 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\73x0MH0b.exe
c:\documents and settings\All Users\9ZYJuPE5N.cpl
c:\documents and settings\All Users\DH4hvH5G1.cpl
c:\documents and settings\All Users\NVaWVWXhQ.cpl
c:\documents and settings\All Users\xgZh0Mb77mj.cpl
c:\documents and settings\All Users\yVmTVGgRHCj.cpl
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-12 do 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 20:05 . 2012-07-12 20:05 0 ----a-w- c:\windows\system32\drivers\tcpv6srv.sys
2012-07-12 19:05 . 2012-07-12 19:05 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-07-12 18:59 . 2012-07-12 18:59 -------- d-----w- C:\RK_Quarantine
2012-07-12 17:54 . 2012-07-12 17:55 -------- d-----w- c:\program files\trend micro
2012-07-12 17:54 . 2012-07-12 17:55 -------- d-----w- C:\rsit
2012-07-12 16:50 . 2012-07-12 16:50 -------- d-----w- c:\windows\LastGood
2012-07-12 05:36 . 2011-10-21 13:35 43440 ----a-w- c:\windows\system32\drivers\GbpKm.sys
2012-07-12 05:35 . 2012-07-12 17:18 -------- d-----w- c:\program files\GbPlugin
2012-07-12 05:28 . 2012-07-12 18:48 28880 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2012-07-11 18:03 . 2012-07-12 16:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GbPlugin
2012-07-11 18:03 . 2012-03-31 12:24 117248 ----a-w- c:\windows\system32\libgcc_s_dw2-1.dll
2012-07-11 18:01 . 2012-07-11 18:03 -------- d-----w- C:\ProgramData
2012-07-11 17:57 . 2012-07-11 17:57 -------- d-sh--w- c:\documents and settings\All Users\Ulmqqx20vFCAp
2012-07-03 11:01 . 2012-07-03 11:01 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-02 16:02 . 2012-07-02 16:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PopCap Games
2012-06-27 06:14 . 2012-06-27 06:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PopCapY
2012-06-27 06:13 . 2012-06-27 06:13 -------- d-----w- c:\program files\PopCap Games
2012-06-19 10:30 . 2012-06-19 10:30 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-19 10:30 . 2012-06-19 10:30 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-17 16:34 . 2012-06-17 16:35 -------- d-----w- c:\program files\SweetIM
2012-06-17 16:34 . 2012-06-17 16:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SweetIM
2012-06-17 16:33 . 2012-06-17 16:35 -------- d-----w- c:\program files\GotClip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 11:20 . 2011-07-19 07:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-19 10:30 . 2012-06-08 19:41 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-21_18.20.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-12 16:50 . 2012-07-12 16:50 16384 c:\windows\temp\Perflib_Perfdata_488.dat
+ 2001-10-25 14:00 . 2012-04-01 10:04 63522 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2012-04-01 10:04 74804 c:\windows\system32\perfc005.dat
+ 2004-07-17 09:36 . 2011-09-22 16:34 12464 c:\windows\system32\drivers\secdrv.sys
+ 2011-11-11 19:58 . 2009-06-10 17:00 18432 c:\windows\system32\drivers\RPGMOUSEV1.sys
- 2008-09-17 18:04 . 2008-09-17 18:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-17 18:04 . 2012-03-17 18:25 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-17 18:04 . 2012-03-17 18:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-17 18:04 . 2008-09-17 18:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-17 18:04 . 2008-09-17 18:04 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-08-21 12:09 . 2012-03-17 18:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-07-25 09:05 . 2011-07-25 09:05 38400 c:\windows\Installer\d099d0.msi
+ 2012-03-24 06:25 . 2012-03-24 06:25 22016 c:\windows\Installer\194f25.msi
- 2010-01-16 14:43 . 2010-03-15 18:06 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-07-25 09:05 . 2011-07-25 09:05 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-10-14 19:04 . 2011-10-14 19:04 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2012-06-17 16:35 . 2012-06-17 16:35 10134 c:\windows\Installer\{5B58EF61-85F2-4977-97A5-84C19F926579}\ARPPRODUCTICON.exe
+ 2012-06-17 16:34 . 2012-06-17 16:34 10134 c:\windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}\ARPPRODUCTICON.exe
+ 2012-07-12 16:56 . 2012-02-15 08:06 42808 c:\windows\Downloaded Program Files\gbpkm.sys
- 2009-03-02 17:48 . 2010-03-15 11:10 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-07-11 23:12 . 2009-07-11 23:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-11 23:09 . 2009-07-11 23:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-11 23:08 . 2009-07-11 23:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2011-11-11 19:58 . 2011-11-11 19:58 451072 c:\windows\Trust GXT14 Mouse\uninstall.exe
+ 2001-10-25 14:00 . 2012-04-01 10:04 404302 c:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2012-04-01 10:04 402238 c:\windows\system32\perfh005.dat
+ 2012-07-03 11:01 . 2012-07-03 11:01 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe
+ 2011-07-19 07:09 . 2012-07-03 11:20 243360 c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe
- 2011-07-19 07:09 . 2011-07-19 07:09 243360 c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe
- 2011-07-19 07:09 . 2011-07-19 07:09 328864 c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.dll
+ 2011-07-19 07:09 . 2012-07-03 11:20 328864 c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.dll
+ 2012-07-03 11:01 . 2012-07-03 11:01 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-09 17:47 . 2012-04-09 17:47 157472 c:\windows\system32\javaws.exe
+ 2012-04-09 17:47 . 2012-04-09 17:47 149280 c:\windows\system32\javaw.exe
+ 2012-04-09 17:47 . 2012-04-09 17:47 149280 c:\windows\system32\java.exe
+ 2008-09-17 19:46 . 2012-06-27 05:35 298048 c:\windows\system32\FNTCACHE.DAT
- 2008-09-17 19:46 . 2010-03-16 14:21 298048 c:\windows\system32\FNTCACHE.DAT
+ 2012-04-09 17:47 . 2012-04-09 17:47 472808 c:\windows\system32\deployJava1.dll
+ 2011-11-14 19:12 . 2011-11-14 19:12 115200 c:\windows\Installer\bfa215.msi
+ 2012-04-09 17:47 . 2012-04-09 17:47 203776 c:\windows\Installer\2dd32b.msi
+ 2012-04-09 17:47 . 2012-04-09 17:47 902656 c:\windows\Installer\2dd325.msi
+ 2012-05-26 10:29 . 2012-05-26 10:29 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-06-26 12:19 . 2012-06-26 12:19 217864 c:\windows\Installer\{90120000-006E-0405-0000-0000000FF1CE}\misc.exe
- 2010-03-15 18:05 . 2010-03-15 18:05 217864 c:\windows\Installer\{90120000-006E-0405-0000-0000000FF1CE}\misc.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-03-02 17:48 . 2010-03-15 11:10 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-03-02 17:48 . 2012-04-15 08:14 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2012-07-12 05:34 . 2012-02-15 08:06 211512 c:\windows\Downloaded Program Files\gbpdist.dll
+ 2012-07-11 18:03 . 2012-02-15 08:06 695864 c:\windows\Downloaded Program Files\gbiehscd.dll
+ 2012-07-11 18:03 . 2012-01-11 12:01 726360 c:\windows\Downloaded Program Files\gbiehcef.dll
+ 2012-07-03 11:01 . 2012-07-03 11:01 9459912 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
+ 2012-05-26 10:29 . 2012-05-26 10:29 1616896 c:\windows\Installer\cbb575.msi
+ 2011-10-14 19:05 . 2011-10-14 19:05 9474048 c:\windows\Installer\cb9b11.msi
+ 2011-10-14 19:04 . 2011-10-14 19:04 1485312 c:\windows\Installer\cb9872.msi
+ 2011-10-14 19:04 . 2011-10-14 19:04 1769984 c:\windows\Installer\cb986c.msi
+ 2012-06-17 16:35 . 2012-06-17 16:35 1417728 c:\windows\Installer\223a19b.msi
+ 2012-06-17 16:35 . 2012-06-17 16:35 1846784 c:\windows\Installer\223a195.msi
+ 2012-06-17 16:34 . 2012-06-17 16:34 1947136 c:\windows\Installer\223a18f.msi
- 2010-01-16 14:43 . 2010-03-15 18:06 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-01-16 14:43 . 2010-03-15 18:06 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-01-16 14:43 . 2012-06-26 12:21 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-07-25 09:05 . 2011-07-25 09:05 20333056 c:\windows\Installer\d099d7.msp
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2012-02-19 130864]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C905A23-D8FE-4A25-B9DB-87DF3664178A}]
2012-07-11 18:01 8409600 ----a-w- c:\programdata\Windows\ntfs64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-02-19 12:46 1337648 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-02-19 1337648]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-02-19 1337648]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-19 2012912]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-10 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"OTjzRu0mR3"="c:\documents and settings\All Users\Ulmqqx20vFCAp\IwZxd31jMfvC2W7s\NUpJiGMsGc3vxe77\K5n4wD65t8UYSv\B9Am8G.exe" [2012-07-11 29970080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-21 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-21 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-21 138008]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-17 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2008-09-17 53248]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-09-17 102400]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"KMCONFIG"="c:\program files\Trust\Trust R-Series Mouse\StartAutorun.exe" [2007-03-06 212992]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"trustGTX14"="c:\program files\Trust\GXT14 Mouse\POINTERGHOST.exe" [2009-06-05 4833792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\Patrik\Nabídka Start\Programy\Po spuštění\
Internet Explorer.lnk - c:\program files\Internet Explorer\IEXPLORE.EXE [2008-9-17 93184]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
NewShortcut1.lnk - c:\program files\USB_video_device\Utility\RemoteTool\BDARemote.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{E37CB5F0-51F5-4395-A808-5FA49E399015}"= "c:\progra~1\GbPlugin\gbiehisg.dll" [2011-10-21 694960]
"{E37CB5F0-51F5-4395-A808-5FA49E399011}"= "c:\windows\Downloaded Program Files\gbiehscd.dll" [2012-02-15 695864]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\progra~1\GbPlugin\gbiehuni.dll" [2012-02-01 601592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
2012-02-15 06:40 607472 ----a-w- c:\progra~1\GbPlugin\gbiehabn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2012-05-09 07:01 1313864 ----a-w- c:\progra~1\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-01-11 12:01 726360 ----a-w- c:\windows\Downloaded Program Files\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginIsg]
2011-10-21 13:34 694960 ----a-w- c:\progra~1\GbPlugin\gbiehisg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginScd]
2012-02-15 08:06 695864 ----a-w- c:\windows\Downloaded Program Files\gbiehscd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2012-02-01 08:41 601592 ----a-w- c:\progra~1\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 07:32 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 09:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Patrik\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
.
R0 bhound6;bhound6;c:\windows\system32\drivers\bhound6.sys [21.1.2007 8:14 61032]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [12.7.2012 7:36 43440]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.11.2008 17:31 717296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17.9.2008 15:34 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17.9.2008 15:34 108552]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 13:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 13:34 71088]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28.5.2008 10:33 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 10:33 66632]
R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [12.7.2012 7:34 214088]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [26.9.2008 18:58 222968]
R2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\program files\Trust\GXT14 Mouse\GameMouseServiceApp.exe [4.5.2009 12:22 354816]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-Series Mouse\KMWDSrv.exe [9.6.2007 0:23 208896]
R3 KMWDFilterV1;KMWDFilterV1;c:\windows\system32\drivers\RPGMOUSEV1.sys [11.11.2011 21:58 18432]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [12.7.2012 7:28 28880]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.5.2008 10:33 12872]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 gupdate;Služba Google Update (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.5.2012 8:31 158856]
S3 gupdatem;Služba Google Update (gupdatem);"c:\program files\Google\Update\GoogleUpdate.exe" /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [17.6.2011 19:33 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [8.6.2012 21:41 113120]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [12.7.2012 7:28 28880]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - GBPKM
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://search.qip.ru
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Patrik\Data aplikací\Mozilla\Firefox\Profiles\eu4b2oax.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
URLSearchHooks-*{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
HKCU-Run-Facebook Update - c:\documents and settings\Patrik\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
AddRemove-AVG8Uninstall - c:\program files\AVG\AVG8\setup.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-12 22:18
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1488)
c:\progra~1\GbPlugin\gbieh.dll
c:\windows\Downloaded Program Files\gbiehscd.dll
c:\windows\Downloaded Program Files\gbiehcef.dll
c:\progra~1\GbPlugin\gbiehabn.dll
c:\progra~1\GbPlugin\gbiehuni.dll
c:\progra~1\GbPlugin\gbiehisg.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Celkový čas: 2012-07-12 22:23:41
ComboFix-quarantined-files.txt 2012-07-12 20:23
ComboFix2.txt 2011-07-21 20:30
ComboFix3.txt 2011-07-21 19:29
ComboFix4.txt 2011-07-21 18:30
.
Před spuštěním: 5 955 358 720
Po spuštění: 6 996 414 464
.
- - End Of File - - 28AD9A7AC5720E57ED48C161983F9552
Re: zasekaný počítač
Poprosim o log z DDS
- Stahnete DDS odsud http://download.bleepingcomputer.com/sUBs/Beta/dds.exe a ulozte na plochu
- Spustte a kliknete na Start
- Po chvili vyskoci log, ten rad uvidim
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: zasekaný počítač
DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_31
Run by Patrik at 20:06:02 on 2012-07-13
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2038.892 [GMT 2:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sunbelt Kerio Personal Firewall *Enabled*
.
============== Running Processes ================
.
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMConfig.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trust\GXT14 Mouse\POINTERGHOST.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMProcess.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\Patrik\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Trust\GXT14 Mouse\StartAutorun.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trust\GXT14 Mouse\RapooV1Process.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.seznam.cz/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://home.sweetim.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: *{855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Windows Media Sharing Plugin: {4C905A23-D8FE-4A25-B9DB-87DF3664178A} - c:\programdata\windows\ntfs64.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Ask Search Assistant BHO: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} -
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - c:\program files\gbplugin\gbieh.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - c:\program files\gbplugin\gbiehcef.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - c:\program files\gbplugin\gbiehabn.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - c:\program files\gbplugin\gbiehuni.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540011} - c:\program files\gbplugin\gbiehscd.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540015} - c:\program files\gbplugin\gbiehisg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: Ask Toolbar BHO: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Ask Toolbar: {FE063DB9-4EC0-403E-8DD8-394C54984B2C} -
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: Ask Toolbar: {FE063DB9-4EC0-403e-8DD8-394C54984B2C} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [OTjzRu0mR3] c:\documents and settings\all users\ulmqqx20vfcap\iwzxd31jmfvc2w7s\nupjigmsgc3vxe77\k5n4wd65t8uysv\B9Am8G.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [KMCONFIG] c:\program files\trust\trust r-series mouse\StartAutorun.exe KMConfig.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [trustGTX14] "c:\program files\trust\gxt14 mouse\POINTERGHOST.exe" showhide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Sweetpacks Communicator] c:\program files\sweetim\communicator\SweetPacksUpdateManager.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\patrik\nabdka~1\programy\posput~1\intern~1.lnk - c:\program files\internet explorer\IEXPLORE.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\newsho~1.lnk - c:\program files\usb_video_device\utility\remotetool\BDARemote.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoCDBurning = dword:1
mPolicies-Explorer: BackupNoCDBurning = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\cooking dash 3 - thrills & spills\images\stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\cooking dash 3 - thrills & spills\images\armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{0ED5DC78-6399-4900-9C69-63029B2610DF} : DHCPNameServer = 10.0.0.138
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GbPluginAbn - c:\progra~1\gbplugin\gbiehAbn.dll
Notify: GbPluginBb - c:\progra~1\gbplugin\gbieh.dll
Notify: GbPluginCef - c:\progra~1\gbplugin\gbiehCef.dll
Notify: GbPluginIsg - c:\progra~1\gbplugin\gbiehIsg.dll
Notify: GbPluginScd - c:\progra~1\gbplugin\gbiehScd.dll
Notify: GbPluginUni - c:\progra~1\gbplugin\gbiehUni.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - c:\program files\gbplugin\gbiehabn.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399015} - c:\program files\gbplugin\gbiehisg.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\program files\gbplugin\gbiehcef.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399011} - c:\program files\gbplugin\gbiehscd.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - c:\program files\gbplugin\gbiehuni.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - c:\program files\gbplugin\gbieh.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\patrik\data aplikací\mozilla\firefox\profiles\eu4b2oax.default\
.
============= SERVICES / DRIVERS ===============
.
R0 bhound6;bhound6;c:\windows\system32\drivers\bhound6.sys [2007-1-21 61032]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2012-7-12 42808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-17 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-17 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-17 108552]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-2-20 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-2-20 71088]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 66632]
R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2012-7-12 214088]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2008-9-26 222968]
R2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\program files\trust\gxt14 mouse\GameMouseServiceApp.exe [2009-5-4 354816]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\trust\trust r-series mouse\KMWDSrv.exe [2007-6-9 208896]
R3 KMWDFilterV1;KMWDFilterV1;c:\windows\system32\drivers\RPGMOUSEV1.sys [2011-11-11 18432]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [2012-7-12 28880]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 12872]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S2 gupdate;Služba Google Update (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
S3 gupdatem;Služba Google Update (gupdatem);"c:\program files\google\update\googleupdate.exe" /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-8 113120]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [2012-7-12 28880]
.
=============== Created Last 30 ================
.
2012-07-13 18:04:34 29493718 ----a-w- c:\documents and settings\all users\6P7YjCZhhA.cpl
2012-07-12 20:05:19 0 ----a-w- c:\windows\system32\drivers\tcpv6srv.sys
2012-07-12 19:39:19 -------- d-----w- C:\ComboFix
2012-07-12 19:05:29 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-07-12 18:59:01 -------- d-----w- C:\RK_Quarantine
2012-07-12 17:54:59 -------- d-----w- c:\program files\trend micro
2012-07-12 05:36:14 42808 ----a-w- c:\windows\system32\drivers\GbpKm.sys
2012-07-12 05:35:14 -------- d-----w- c:\program files\GbPlugin
2012-07-12 05:28:19 28880 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2012-07-11 18:03:44 117248 ----a-w- c:\windows\system32\libgcc_s_dw2-1.dll
2012-07-11 18:01:29 -------- d-----w- C:\ProgramData
2012-07-11 17:57:47 -------- d-sh--w- c:\documents and settings\all users\Ulmqqx20vFCAp
2012-07-03 11:01:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-27 06:13:55 -------- d-----w- c:\program files\PopCap Games
2012-06-19 10:30:11 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-19 10:30:11 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-17 16:34:57 -------- d-----w- c:\program files\SweetIM
2012-06-17 16:33:23 -------- d-----w- c:\program files\GotClip
.
==================== Find3M ====================
.
2012-07-13 18:05:38 2621440 ----a-w- c:\windows\inf\qdvd.dll
2012-07-03 11:20:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8A92D1F8]<<
c:\windows\system32\drivers\sfsync02.sys Protection Technology StarForce Protection System
_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x8a92d008; MOV EAX, 0xb9eba4a0; CALL EAX; }
1 ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\Harddisk0\DR0[0x8A83E3B8]
3 CLASSPNP[0xBA10905B] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\00000094[0x8A83DF18]
5 ACPI[0xB9E67620] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\Ide\IdeDeviceP2T0L0-e[0x8A7FBD98]
\Driver\atapi[0x8A83C718] -> IRP_MJ_CREATE -> 0x8A92D1F8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 20:07:06,31 ===============
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_31
Run by Patrik at 20:06:02 on 2012-07-13
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2038.892 [GMT 2:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sunbelt Kerio Personal Firewall *Enabled*
.
============== Running Processes ================
.
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMConfig.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trust\GXT14 Mouse\POINTERGHOST.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMProcess.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\Patrik\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Trust\GXT14 Mouse\StartAutorun.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trust\GXT14 Mouse\RapooV1Process.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.seznam.cz/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://home.sweetim.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: *{855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Windows Media Sharing Plugin: {4C905A23-D8FE-4A25-B9DB-87DF3664178A} - c:\programdata\windows\ntfs64.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Ask Search Assistant BHO: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} -
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - c:\program files\gbplugin\gbieh.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - c:\program files\gbplugin\gbiehcef.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - c:\program files\gbplugin\gbiehabn.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - c:\program files\gbplugin\gbiehuni.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540011} - c:\program files\gbplugin\gbiehscd.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540015} - c:\program files\gbplugin\gbiehisg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: Ask Toolbar BHO: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Ask Toolbar: {FE063DB9-4EC0-403E-8DD8-394C54984B2C} -
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: Ask Toolbar: {FE063DB9-4EC0-403e-8DD8-394C54984B2C} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [OTjzRu0mR3] c:\documents and settings\all users\ulmqqx20vfcap\iwzxd31jmfvc2w7s\nupjigmsgc3vxe77\k5n4wd65t8uysv\B9Am8G.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [KMCONFIG] c:\program files\trust\trust r-series mouse\StartAutorun.exe KMConfig.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [trustGTX14] "c:\program files\trust\gxt14 mouse\POINTERGHOST.exe" showhide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Sweetpacks Communicator] c:\program files\sweetim\communicator\SweetPacksUpdateManager.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\patrik\nabdka~1\programy\posput~1\intern~1.lnk - c:\program files\internet explorer\IEXPLORE.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\newsho~1.lnk - c:\program files\usb_video_device\utility\remotetool\BDARemote.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoCDBurning = dword:1
mPolicies-Explorer: BackupNoCDBurning = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\cooking dash 3 - thrills & spills\images\stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\cooking dash 3 - thrills & spills\images\armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{0ED5DC78-6399-4900-9C69-63029B2610DF} : DHCPNameServer = 10.0.0.138
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GbPluginAbn - c:\progra~1\gbplugin\gbiehAbn.dll
Notify: GbPluginBb - c:\progra~1\gbplugin\gbieh.dll
Notify: GbPluginCef - c:\progra~1\gbplugin\gbiehCef.dll
Notify: GbPluginIsg - c:\progra~1\gbplugin\gbiehIsg.dll
Notify: GbPluginScd - c:\progra~1\gbplugin\gbiehScd.dll
Notify: GbPluginUni - c:\progra~1\gbplugin\gbiehUni.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - c:\program files\gbplugin\gbiehabn.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399015} - c:\program files\gbplugin\gbiehisg.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\program files\gbplugin\gbiehcef.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399011} - c:\program files\gbplugin\gbiehscd.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - c:\program files\gbplugin\gbiehuni.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - c:\program files\gbplugin\gbieh.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\patrik\data aplikací\mozilla\firefox\profiles\eu4b2oax.default\
.
============= SERVICES / DRIVERS ===============
.
R0 bhound6;bhound6;c:\windows\system32\drivers\bhound6.sys [2007-1-21 61032]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2012-7-12 42808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-17 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-17 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-17 108552]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-2-20 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-2-20 71088]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 66632]
R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2012-7-12 214088]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2008-9-26 222968]
R2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\program files\trust\gxt14 mouse\GameMouseServiceApp.exe [2009-5-4 354816]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\trust\trust r-series mouse\KMWDSrv.exe [2007-6-9 208896]
R3 KMWDFilterV1;KMWDFilterV1;c:\windows\system32\drivers\RPGMOUSEV1.sys [2011-11-11 18432]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [2012-7-12 28880]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 12872]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S2 gupdate;Služba Google Update (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
S3 gupdatem;Služba Google Update (gupdatem);"c:\program files\google\update\googleupdate.exe" /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-8 113120]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [2012-7-12 28880]
.
=============== Created Last 30 ================
.
2012-07-13 18:04:34 29493718 ----a-w- c:\documents and settings\all users\6P7YjCZhhA.cpl
2012-07-12 20:05:19 0 ----a-w- c:\windows\system32\drivers\tcpv6srv.sys
2012-07-12 19:39:19 -------- d-----w- C:\ComboFix
2012-07-12 19:05:29 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-07-12 18:59:01 -------- d-----w- C:\RK_Quarantine
2012-07-12 17:54:59 -------- d-----w- c:\program files\trend micro
2012-07-12 05:36:14 42808 ----a-w- c:\windows\system32\drivers\GbpKm.sys
2012-07-12 05:35:14 -------- d-----w- c:\program files\GbPlugin
2012-07-12 05:28:19 28880 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2012-07-11 18:03:44 117248 ----a-w- c:\windows\system32\libgcc_s_dw2-1.dll
2012-07-11 18:01:29 -------- d-----w- C:\ProgramData
2012-07-11 17:57:47 -------- d-sh--w- c:\documents and settings\all users\Ulmqqx20vFCAp
2012-07-03 11:01:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-27 06:13:55 -------- d-----w- c:\program files\PopCap Games
2012-06-19 10:30:11 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-19 10:30:11 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-17 16:34:57 -------- d-----w- c:\program files\SweetIM
2012-06-17 16:33:23 -------- d-----w- c:\program files\GotClip
.
==================== Find3M ====================
.
2012-07-13 18:05:38 2621440 ----a-w- c:\windows\inf\qdvd.dll
2012-07-03 11:20:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8A92D1F8]<<
c:\windows\system32\drivers\sfsync02.sys Protection Technology StarForce Protection System
_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x8a92d008; MOV EAX, 0xb9eba4a0; CALL EAX; }
1 ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\Harddisk0\DR0[0x8A83E3B8]
3 CLASSPNP[0xBA10905B] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\00000094[0x8A83DF18]
5 ACPI[0xB9E67620] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\Ide\IdeDeviceP2T0L0-e[0x8A7FBD98]
\Driver\atapi[0x8A83C718] -> IRP_MJ_CREATE -> 0x8A92D1F8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 20:07:06,31 ===============
Re: zasekaný počítač
Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
- Kliknete na volbu Change parametrs
- V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
- Kliknete na OK
- Utilite prikazte, at skenuje - klik na Start Scan
- Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
- Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
- Pokud mate vsude Skip, kliknete na Continue
- Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: zasekaný počítač
09:07:00.0640 3592 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
09:07:00.0750 3592 ============================================================
09:07:00.0750 3592 Current date / time: 2012/07/15 09:07:00.0750
09:07:00.0750 3592 SystemInfo:
09:07:00.0750 3592
09:07:00.0750 3592 OS Version: 5.1.2600 ServicePack: 2.0
09:07:00.0750 3592 Product type: Workstation
09:07:00.0750 3592 ComputerName: PATRIK-B795BA8C
09:07:00.0765 3592 UserName: Patrik
09:07:00.0765 3592 Windows directory: C:\WINDOWS
09:07:00.0765 3592 System windows directory: C:\WINDOWS
09:07:00.0765 3592 Processor architecture: Intel x86
09:07:00.0765 3592 Number of processors: 2
09:07:00.0765 3592 Page size: 0x1000
09:07:00.0765 3592 Boot type: Normal boot
09:07:00.0765 3592 ============================================================
09:07:20.0343 3592 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:07:20.0343 3592 ============================================================
09:07:20.0343 3592 \Device\Harddisk0\DR0:
09:07:20.0343 3592 MBR partitions:
09:07:20.0343 3592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
09:07:20.0359 3592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x1B7E7CAA
09:07:20.0359 3592 ============================================================
09:07:20.0390 3592 C: <-> \Device\Harddisk0\DR0\Partition0
09:07:20.0468 3592 D: <-> \Device\Harddisk0\DR0\Partition1
09:07:20.0468 3592 ============================================================
09:07:20.0468 3592 Initialize success
09:07:20.0468 3592 ============================================================
09:08:07.0453 2836 ============================================================
09:08:07.0453 2836 Scan started
09:08:07.0453 2836 Mode: Manual; SigCheck; TDLFS;
09:08:07.0453 2836 ============================================================
09:08:07.0890 2836 Abiosdsk - ok
09:08:07.0890 2836 abp480n5 - ok
09:08:07.0937 2836 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:08:08.0281 2836 ACPI - ok
09:08:08.0296 2836 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:08:08.0406 2836 ACPIEC - ok
09:08:08.0406 2836 adpu160m - ok
09:08:08.0437 2836 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
09:08:08.0546 2836 aec - ok
09:08:08.0578 2836 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
09:08:08.0671 2836 AFD - ok
09:08:08.0687 2836 Aha154x - ok
09:08:08.0687 2836 aic78u2 - ok
09:08:08.0703 2836 aic78xx - ok
09:08:08.0734 2836 Alerter (026ddaa7e6f8d49df82c7a98bae5d0d1) C:\WINDOWS\system32\alrsvc.dll
09:08:08.0875 2836 Alerter - ok
09:08:08.0890 2836 ALG (b3f690bf43f93a012a52f28f234faa1b) C:\WINDOWS\System32\alg.exe
09:08:08.0953 2836 ALG - ok
09:08:08.0953 2836 AliIde - ok
09:08:08.0968 2836 amsint - ok
09:08:09.0000 2836 AppMgmt (421184f91eae5c6e78e653c6b32aae84) C:\WINDOWS\System32\appmgmts.dll
09:08:09.0078 2836 AppMgmt - ok
09:08:09.0093 2836 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:08:09.0203 2836 Arp1394 - ok
09:08:09.0203 2836 asc - ok
09:08:09.0203 2836 asc3350p - ok
09:08:09.0218 2836 asc3550 - ok
09:08:09.0328 2836 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:08:09.0375 2836 aspnet_state - ok
09:08:09.0375 2836 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:08:09.0484 2836 AsyncMac - ok
09:08:09.0546 2836 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:08:09.0640 2836 atapi - ok
09:08:09.0640 2836 Atdisk - ok
09:08:09.0671 2836 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:08:09.0781 2836 Atmarpc - ok
09:08:09.0812 2836 AudioSrv (40d78f514c8588ef12ec718d2af0fc4e) C:\WINDOWS\System32\audiosrv.dll
09:08:09.0937 2836 AudioSrv - ok
09:08:09.0953 2836 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:08:10.0062 2836 audstub - ok
09:08:10.0109 2836 avg8emc - ok
09:08:10.0125 2836 avg8wd - ok
09:08:10.0187 2836 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
09:08:10.0250 2836 AvgLdx86 - ok
09:08:10.0265 2836 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
09:08:10.0265 2836 AvgMfx86 - ok
09:08:10.0312 2836 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
09:08:10.0312 2836 AvgTdiX - ok
09:08:10.0343 2836 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:08:10.0390 2836 b57w2k - ok
09:08:10.0500 2836 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
09:08:10.0593 2836 BCM43XX - ok
09:08:10.0625 2836 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:08:10.0750 2836 Beep - ok
09:08:10.0781 2836 bhound6 (401a873517ccdefe0bf79d143f15d473) C:\WINDOWS\system32\DRIVERS\bhound6.sys
09:08:10.0781 2836 bhound6 - ok
09:08:10.0828 2836 BITS (e774a26610ec92674273486612c11cfc) C:\WINDOWS\system32\qmgr.dll
09:08:10.0984 2836 BITS - ok
09:08:11.0031 2836 Browser (f219e27e88107a50544153898dd8178e) C:\WINDOWS\System32\browser.dll
09:08:11.0140 2836 Browser - ok
09:08:11.0187 2836 btaudio (ecdc40cc54603c711e1a7a1c9255184a) C:\WINDOWS\system32\drivers\btaudio.sys
09:08:11.0203 2836 btaudio - ok
09:08:11.0250 2836 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
09:08:11.0250 2836 BTDriver - ok
09:08:11.0343 2836 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:08:11.0390 2836 BTKRNL - ok
09:08:11.0484 2836 btwdins (49e9ed37faec5e8c03e81fd73d3884d6) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
09:08:11.0500 2836 btwdins - ok
09:08:11.0531 2836 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
09:08:11.0578 2836 BTWDNDIS - ok
09:08:11.0593 2836 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys
09:08:11.0609 2836 btwhid - ok
09:08:11.0625 2836 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
09:08:11.0671 2836 BTWUSB - ok
09:08:11.0796 2836 catchme - ok
09:08:11.0843 2836 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:08:11.0937 2836 cbidf2k - ok
09:08:11.0953 2836 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:08:12.0062 2836 CCDECODE - ok
09:08:12.0062 2836 cd20xrnt - ok
09:08:12.0093 2836 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:08:12.0203 2836 Cdaudio - ok
09:08:12.0250 2836 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
09:08:12.0359 2836 Cdfs - ok
09:08:12.0375 2836 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:08:12.0484 2836 Cdrom - ok
09:08:12.0484 2836 Changer - ok
09:08:12.0531 2836 CiSvc (9e21229e04e1d301bb40222fe4641cb2) C:\WINDOWS\system32\cisvc.exe
09:08:12.0656 2836 CiSvc - ok
09:08:12.0656 2836 ClipSrv (d3dc45553c8025338e08a60e95b1b91d) C:\WINDOWS\system32\clipsrv.exe
09:08:12.0781 2836 ClipSrv - ok
09:08:12.0875 2836 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:08:12.0937 2836 clr_optimization_v2.0.50727_32 - ok
09:08:12.0968 2836 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:08:13.0062 2836 CmBatt - ok
09:08:13.0062 2836 CmdIde - ok
09:08:13.0078 2836 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:08:13.0203 2836 Compbatt - ok
09:08:13.0203 2836 COMSysApp - ok
09:08:13.0218 2836 Cpqarray - ok
09:08:13.0250 2836 CryptSvc (70d2a1756f4b2067658a186c963fcabd) C:\WINDOWS\System32\cryptsvc.dll
09:08:13.0375 2836 CryptSvc - ok
09:08:13.0375 2836 dac2w2k - ok
09:08:13.0390 2836 dac960nt - ok
09:08:13.0453 2836 DcomLaunch (c72c15ee57e248c66e57c76cab086cf2) C:\WINDOWS\system32\rpcss.dll
09:08:13.0578 2836 DcomLaunch - ok
09:08:13.0593 2836 Dhcp (562830efb7cf367fb773fea5256e67c8) C:\WINDOWS\System32\dhcpcsvc.dll
09:08:13.0718 2836 Dhcp - ok
09:08:13.0750 2836 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
09:08:13.0875 2836 Disk - ok
09:08:13.0875 2836 dmadmin - ok
09:08:13.0984 2836 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOWS\system32\drivers\dmboot.sys
09:08:14.0234 2836 dmboot - ok
09:08:14.0250 2836 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOWS\system32\drivers\dmio.sys
09:08:14.0359 2836 dmio - ok
09:08:14.0375 2836 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:08:14.0515 2836 dmload - ok
09:08:14.0546 2836 dmserver (7b3ca72885923eb947221f17f3e3ac59) C:\WINDOWS\System32\dmserver.dll
09:08:14.0656 2836 dmserver - ok
09:08:14.0687 2836 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
09:08:14.0796 2836 DMusic - ok
09:08:14.0828 2836 Dnscache (f605b3f5674d67587c4b6c9e92a3e025) C:\WINDOWS\System32\dnsrslvr.dll
09:08:14.0937 2836 Dnscache - ok
09:08:14.0937 2836 dpti2o - ok
09:08:14.0968 2836 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
09:08:15.0078 2836 drmkaud - ok
09:08:15.0093 2836 ERSvc (d6f7428b201e33bc80066b47144cb568) C:\WINDOWS\System32\ersvc.dll
09:08:15.0218 2836 ERSvc - ok
09:08:15.0250 2836 Eventlog (6e401e61f952fbbf708afbecefafae81) C:\WINDOWS\system32\services.exe
09:08:15.0359 2836 Eventlog - ok
09:08:15.0390 2836 EventSystem (972378b907070f64932a87c90a035487) C:\WINDOWS\system32\es.dll
09:08:15.0546 2836 EventSystem - ok
09:08:15.0578 2836 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
09:08:15.0718 2836 Fastfat - ok
09:08:15.0750 2836 FastUserSwitchingCompatibility (8ba76bd2a943f642f267a296a15776d2) C:\WINDOWS\System32\shsvcs.dll
09:08:15.0906 2836 FastUserSwitchingCompatibility - ok
09:08:15.0937 2836 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
09:08:16.0062 2836 Fdc - ok
09:08:16.0093 2836 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOWS\system32\drivers\Fips.sys
09:08:16.0218 2836 Fips - ok
09:08:16.0218 2836 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:08:16.0343 2836 Flpydisk - ok
09:08:16.0375 2836 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:08:16.0515 2836 FltMgr - ok
09:08:16.0546 2836 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:08:16.0687 2836 Fs_Rec - ok
09:08:16.0703 2836 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:08:16.0828 2836 Ftdisk - ok
09:08:16.0890 2836 fwdrv (4700b7992432d9cae2a4766f36aff2c5) C:\WINDOWS\system32\drivers\fwdrv.sys
09:08:16.0906 2836 fwdrv - ok
09:08:16.0937 2836 GbpKm (738a994af1a7cbd40327986fa3254450) C:\WINDOWS\system32\drivers\gbpkm.sys
09:08:16.0937 2836 GbpKm - ok
09:08:17.0015 2836 GbpSv (831dcb0d2e1e1e7a7e1d9a22f2cde330) C:\PROGRA~1\GbPlugin\GbpSv.exe
09:08:17.0031 2836 GbpSv - ok
09:08:17.0062 2836 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:08:17.0171 2836 Gpc - ok
09:08:17.0375 2836 gupdate - ok
09:08:17.0421 2836 gupdatem - ok
09:08:17.0421 2836 gusvc - ok
09:08:17.0468 2836 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:08:17.0531 2836 HDAudBus - ok
09:08:17.0562 2836 helpsvc (f59152272782fed8a8197fa788287f68) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:08:17.0656 2836 helpsvc - ok
09:08:17.0703 2836 HidServ (d2dcf769e5a70027058ad5be1f9b55bf) C:\WINDOWS\System32\hidserv.dll
09:08:17.0812 2836 HidServ - ok
09:08:18.0031 2836 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:08:18.0140 2836 HidUsb - ok
09:08:18.0140 2836 hpn - ok
09:08:18.0234 2836 hpqcxs08 (38d6b51f04def7fb248fa56e4c47407e) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:08:18.0250 2836 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
09:08:18.0250 2836 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
09:08:18.0265 2836 hpqddsvc (3ee4a63539ec04ee2d4bd293985087ab) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
09:08:18.0265 2836 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
09:08:18.0265 2836 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
09:08:18.0296 2836 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:08:18.0421 2836 HPZid412 - ok
09:08:18.0453 2836 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:08:18.0500 2836 HPZipr12 - ok
09:08:18.0546 2836 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:08:18.0562 2836 HPZius12 - ok
09:08:18.0609 2836 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
09:08:18.0671 2836 HSFHWAZL - ok
09:08:18.0750 2836 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
09:08:18.0812 2836 HSF_DPV - ok
09:08:18.0859 2836 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
09:08:18.0953 2836 HTTP - ok
09:08:19.0015 2836 HTTPFilter (da826826c5c9116f47e0cd0ca8cc7c11) C:\WINDOWS\System32\w3ssl.dll
09:08:19.0156 2836 HTTPFilter - ok
09:08:19.0156 2836 i2omgmt - ok
09:08:19.0171 2836 i2omp - ok
09:08:19.0203 2836 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:08:19.0328 2836 i8042prt - ok
09:08:19.0734 2836 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:08:19.0953 2836 ialm - ok
09:08:20.0062 2836 ICQ Service (f88e5dc5ca4c3f1aeb32169ab20d0b5a) C:\Program Files\ICQ6Toolbar\ICQ Service.exe
09:08:20.0062 2836 ICQ Service - ok
09:08:20.0203 2836 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:08:20.0250 2836 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:08:20.0250 2836 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:08:20.0359 2836 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:08:20.0468 2836 Imapi - ok
09:08:20.0515 2836 ImapiService (cf9d286b34cb4912f3b28b4972d5cb33) C:\WINDOWS\system32\imapi.exe
09:08:20.0671 2836 ImapiService - ok
09:08:20.0687 2836 ini910u - ok
09:08:20.0984 2836 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:08:21.0187 2836 IntcAzAudAddService - ok
09:08:21.0281 2836 IntelIde - ok
09:08:21.0296 2836 intelppm (10a3ac0f0df720ad3c3fd13861d50eb9) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:08:21.0421 2836 intelppm - ok
09:08:21.0437 2836 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:08:21.0562 2836 Ip6Fw - ok
09:08:21.0609 2836 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:08:21.0734 2836 IpFilterDriver - ok
09:08:21.0734 2836 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:08:21.0859 2836 IpInIp - ok
09:08:21.0875 2836 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:08:21.0984 2836 IpNat - ok
09:08:22.0031 2836 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:08:22.0125 2836 IPSec - ok
09:08:22.0187 2836 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
09:08:22.0234 2836 irda - ok
09:08:22.0281 2836 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:08:22.0328 2836 IRENUM - ok
09:08:22.0343 2836 Irmon (e16ac23f81cfe1223ab470f9982de89d) C:\WINDOWS\System32\irmon.dll
09:08:22.0390 2836 Irmon - ok
09:08:22.0437 2836 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:08:22.0531 2836 isapnp - ok
09:08:22.0687 2836 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
09:08:22.0703 2836 JavaQuickStarterService - ok
09:08:22.0734 2836 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:08:22.0843 2836 Kbdclass - ok
09:08:22.0875 2836 kbdhid (065b5a83aa78c0c7047bf22e0ab5c821) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:08:22.0984 2836 kbdhid - ok
09:08:23.0015 2836 khips (f27a6d0bbca2893aad1a0018bac61eb3) C:\WINDOWS\system32\drivers\khips.sys
09:08:23.0031 2836 khips - ok
09:08:23.0109 2836 KmGameMouseServiceV1 (54c3b8e2c5d5c28fcf2c968d577c3561) C:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe
09:08:23.0109 2836 KmGameMouseServiceV1 ( UnsignedFile.Multi.Generic ) - warning
09:08:23.0109 2836 KmGameMouseServiceV1 - detected UnsignedFile.Multi.Generic (1)
09:08:23.0171 2836 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
09:08:23.0250 2836 kmixer - ok
09:08:23.0296 2836 KMWDFilter (73186a580e287152b1be5087c0e92339) C:\WINDOWS\System32\Drivers\KMWDFilter.SYS
09:08:23.0312 2836 KMWDFilter ( UnsignedFile.Multi.Generic ) - warning
09:08:23.0312 2836 KMWDFilter - detected UnsignedFile.Multi.Generic (1)
09:08:23.0343 2836 KMWDFilterV1 (769e2846280aead581227f6ab861fbc6) C:\WINDOWS\System32\Drivers\RPGMOUSEV1.sys
09:08:23.0359 2836 KMWDFilterV1 ( UnsignedFile.Multi.Generic ) - warning
09:08:23.0359 2836 KMWDFilterV1 - detected UnsignedFile.Multi.Generic (1)
09:08:23.0421 2836 KMWDSERVICE (a4a9adb8e7005785d2c1f4ff8c7b70bb) C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
09:08:23.0437 2836 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - warning
09:08:23.0437 2836 KMWDSERVICE - detected UnsignedFile.Multi.Generic (1)
09:08:23.0562 2836 KPF4 (0e65d9b20331abd50f85e1fc52cb2d64) C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
09:08:23.0609 2836 KPF4 - ok
09:08:23.0656 2836 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
09:08:23.0765 2836 KSecDD - ok
09:08:23.0796 2836 lanmanserver (6d6bdd68b775986577c48a8df961a05c) C:\WINDOWS\System32\srvsvc.dll
09:08:23.0906 2836 lanmanserver - ok
09:08:23.0937 2836 lanmanworkstation (69b0569aae33f0d5057ca0e8577aaf07) C:\WINDOWS\System32\wkssvc.dll
09:08:24.0046 2836 lanmanworkstation - ok
09:08:24.0046 2836 lbrtfdc - ok
09:08:24.0078 2836 LmHosts (f9ee6d2aab0690b34ae35ba9921a1414) C:\WINDOWS\System32\lmhsvc.dll
09:08:24.0187 2836 LmHosts - ok
09:08:24.0281 2836 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
09:08:24.0343 2836 McComponentHostService - ok
09:08:24.0375 2836 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:08:24.0375 2836 mdmxsdk - ok
09:08:24.0406 2836 Messenger (8b2fcbd881879b55be40b41f12ffc431) C:\WINDOWS\System32\msgsvc.dll
09:08:24.0515 2836 Messenger - ok
09:08:24.0625 2836 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:08:24.0656 2836 Microsoft Office Groove Audit Service - ok
09:08:24.0687 2836 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:08:24.0781 2836 mnmdd - ok
09:08:24.0812 2836 mnmsrvc (7d137132d6a9b41ef800e59a771ed48c) C:\WINDOWS\system32\mnmsrvc.exe
09:08:24.0921 2836 mnmsrvc - ok
09:08:24.0953 2836 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOWS\system32\drivers\Modem.sys
09:08:25.0046 2836 Modem - ok
09:08:25.0093 2836 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:08:25.0187 2836 Mouclass - ok
09:08:25.0218 2836 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:08:25.0296 2836 mouhid - ok
09:08:25.0343 2836 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
09:08:25.0437 2836 MountMgr - ok
09:08:25.0468 2836 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:08:25.0500 2836 MozillaMaintenance - ok
09:08:25.0531 2836 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
09:08:25.0640 2836 MPE - ok
09:08:25.0640 2836 mraid35x - ok
09:08:25.0656 2836 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:08:25.0750 2836 MRxDAV - ok
09:08:25.0796 2836 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:08:25.0921 2836 MRxSmb - ok
09:08:25.0953 2836 MSDTC (944a24032aed84c59455b981f6ca1c1a) C:\WINDOWS\system32\msdtc.exe
09:08:26.0078 2836 MSDTC - ok
09:08:26.0093 2836 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
09:08:26.0187 2836 Msfs - ok
09:08:26.0250 2836 MSIRCOMM (ee55f5c64417cc369866d7eafe9b07ab) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
09:08:26.0296 2836 MSIRCOMM - ok
09:08:26.0296 2836 MSIServer - ok
09:08:26.0328 2836 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:08:26.0421 2836 MSKSSRV - ok
09:08:26.0421 2836 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:08:26.0515 2836 MSPCLOCK - ok
09:08:26.0546 2836 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
09:08:26.0640 2836 MSPQM - ok
09:08:26.0671 2836 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:08:26.0765 2836 mssmbios - ok
09:08:26.0781 2836 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
09:08:26.0875 2836 MSTEE - ok
09:08:26.0875 2836 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
09:08:26.0968 2836 Mup - ok
09:08:27.0015 2836 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:08:27.0125 2836 NABTSFEC - ok
09:08:27.0250 2836 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
09:08:27.0312 2836 NBService - ok
09:08:27.0359 2836 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
09:08:27.0468 2836 NDIS - ok
09:08:27.0468 2836 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:08:27.0562 2836 NdisIP - ok
09:08:27.0593 2836 Ndisrd (8cbea95911b5d5e0ee4eb39d369c3c73) C:\WINDOWS\system32\DRIVERS\gbpndisrd.sys
09:08:27.0609 2836 Ndisrd - ok
09:08:27.0609 2836 NdisrdMP (8cbea95911b5d5e0ee4eb39d369c3c73) C:\WINDOWS\system32\DRIVERS\gbpndisrd.sys
09:08:27.0625 2836 NdisrdMP - ok
09:08:27.0640 2836 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:08:27.0750 2836 NdisTapi - ok
09:08:27.0781 2836 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:08:27.0875 2836 Ndisuio - ok
09:08:27.0906 2836 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:08:28.0000 2836 NdisWan - ok
09:08:28.0015 2836 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
09:08:28.0125 2836 NDProxy - ok
09:08:28.0156 2836 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
09:08:28.0171 2836 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:08:28.0171 2836 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:08:28.0187 2836 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:08:28.0281 2836 NetBIOS - ok
09:08:28.0312 2836 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:08:28.0406 2836 NetBT - ok
09:08:28.0437 2836 NetDDE (818053225bf4aac5f0f718001e492f70) C:\WINDOWS\system32\netdde.exe
09:08:28.0546 2836 NetDDE - ok
09:08:28.0546 2836 NetDDEdsdm (818053225bf4aac5f0f718001e492f70) C:\WINDOWS\system32\netdde.exe
09:08:28.0640 2836 NetDDEdsdm - ok
09:08:28.0687 2836 Netlogon (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
09:08:28.0781 2836 Netlogon - ok
09:08:28.0828 2836 Netman (af342d2781225a8769686e0d47e3123e) C:\WINDOWS\System32\netman.dll
09:08:28.0906 2836 Netman - ok
09:08:28.0921 2836 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:08:29.0031 2836 NIC1394 - ok
09:08:29.0062 2836 Nla (64c078bd4efd441c3f159edc5ea4420a) C:\WINDOWS\System32\mswsock.dll
09:08:29.0156 2836 Nla - ok
09:08:29.0265 2836 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
09:08:29.0281 2836 NMIndexingService - ok
09:08:29.0296 2836 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
09:08:29.0390 2836 Npfs - ok
09:08:29.0406 2836 NSCIRDA (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys
09:08:29.0453 2836 NSCIRDA - ok
09:08:29.0484 2836 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
09:08:29.0625 2836 Ntfs - ok
09:08:29.0640 2836 NtLmSsp (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
09:08:29.0734 2836 NtLmSsp - ok
09:08:29.0781 2836 NtmsSvc (d8d2b13ba93ae830b1a637df571d1195) C:\WINDOWS\system32\ntmssvc.dll
09:08:29.0906 2836 NtmsSvc - ok
09:08:29.0937 2836 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:08:30.0046 2836 Null - ok
09:08:30.0078 2836 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:08:30.0156 2836 NwlnkFlt - ok
09:08:30.0171 2836 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:08:30.0265 2836 NwlnkFwd - ok
09:08:30.0359 2836 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:08:30.0406 2836 odserv - ok
09:08:30.0453 2836 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:08:30.0546 2836 ohci1394 - ok
09:08:30.0593 2836 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:08:30.0640 2836 ose - ok
09:08:30.0687 2836 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOWS\system32\drivers\Parport.sys
09:08:30.0781 2836 Parport - ok
09:08:30.0812 2836 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
09:08:30.0906 2836 PartMgr - ok
09:08:30.0937 2836 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
09:08:31.0031 2836 ParVdm - ok
09:08:31.0078 2836 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOWS\system32\DRIVERS\pci.sys
09:08:31.0171 2836 PCI - ok
09:08:31.0171 2836 PCIDump - ok
09:08:31.0171 2836 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:08:31.0265 2836 PCIIde - ok
09:08:31.0296 2836 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:08:31.0390 2836 Pcmcia - ok
09:08:31.0406 2836 PDCOMP - ok
09:08:31.0406 2836 PDFRAME - ok
09:08:31.0421 2836 PDRELI - ok
09:08:31.0421 2836 PDRFRAME - ok
09:08:31.0437 2836 perc2 - ok
09:08:31.0437 2836 perc2hib - ok
09:08:31.0500 2836 PlugPlay (6e401e61f952fbbf708afbecefafae81) C:\WINDOWS\system32\services.exe
09:08:31.0593 2836 PlugPlay - ok
09:08:31.0625 2836 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
09:08:31.0640 2836 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:08:31.0640 2836 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:08:31.0656 2836 PnkBstrA (0e01d7eebada0b324db0ca1ee73440ba) C:\WINDOWS\system32\PnkBstrA.exe
09:08:31.0656 2836 PnkBstrA - ok
09:08:31.0687 2836 PnkBstrB (1428e6cc1458a36cbfc1f2e304c7c42d) C:\WINDOWS\system32\PnkBstrB.exe
09:08:31.0687 2836 PnkBstrB - ok
09:08:31.0703 2836 PolicyAgent (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
09:08:31.0812 2836 PolicyAgent - ok
09:08:31.0843 2836 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:08:31.0937 2836 PptpMiniport - ok
09:08:31.0937 2836 ProtectedStorage (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
09:08:32.0046 2836 ProtectedStorage - ok
09:08:32.0046 2836 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
09:08:32.0140 2836 PSched - ok
09:08:32.0156 2836 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:08:32.0265 2836 Ptilink - ok
09:08:32.0296 2836 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:08:32.0312 2836 PxHelp20 - ok
09:08:32.0312 2836 ql1080 - ok
09:08:32.0312 2836 Ql10wnt - ok
09:08:32.0328 2836 ql12160 - ok
09:08:32.0328 2836 ql1240 - ok
09:08:32.0343 2836 ql1280 - ok
09:08:32.0375 2836 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:08:32.0468 2836 RasAcd - ok
09:08:32.0515 2836 RasAuto (e68b6f9a726a444059705ab43b5656d1) C:\WINDOWS\System32\rasauto.dll
09:08:32.0625 2836 RasAuto - ok
09:08:32.0656 2836 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
09:08:32.0703 2836 Rasirda - ok
09:08:32.0718 2836 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:08:32.0812 2836 Rasl2tp - ok
09:08:32.0828 2836 RasMan (6e519d777c91e90592403c9f981fdf03) C:\WINDOWS\System32\rasmans.dll
09:08:32.0921 2836 RasMan - ok
09:08:32.0937 2836 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:08:33.0015 2836 RasPppoe - ok
09:08:33.0031 2836 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:08:33.0125 2836 Raspti - ok
09:08:33.0171 2836 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:08:33.0281 2836 Rdbss - ok
09:08:33.0281 2836 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:08:33.0375 2836 RDPCDD - ok
09:08:33.0421 2836 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:08:33.0515 2836 rdpdr - ok
09:08:33.0578 2836 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
09:08:33.0687 2836 RDPWD - ok
09:08:33.0718 2836 RDSessMgr (125acf258da9633f748131a0e0185af3) C:\WINDOWS\system32\sessmgr.exe
09:08:33.0859 2836 RDSessMgr - ok
09:08:33.0890 2836 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:08:33.0984 2836 redbook - ok
09:08:34.0015 2836 RemoteAccess (eb5e1a601e5a1908a87e4d5a41803d98) C:\WINDOWS\System32\mprdim.dll
09:08:34.0140 2836 RemoteAccess - ok
09:08:34.0171 2836 RemoteRegistry (5b21208fcf8970bb61fe98e19d828714) C:\WINDOWS\system32\regsvc.dll
09:08:34.0265 2836 RemoteRegistry - ok
09:08:34.0406 2836 RichVideo (999aa77152f16a40a5727fc657ef66c3) C:\Program Files\CyberLink\Shared files\RichVideo.exe
09:08:34.0406 2836 RichVideo - ok
09:08:34.0453 2836 RpcLocator (c8a3b668985d61249f2dc71716c58de8) C:\WINDOWS\system32\locator.exe
09:08:34.0546 2836 RpcLocator - ok
09:08:34.0609 2836 RpcSs (c72c15ee57e248c66e57c76cab086cf2) C:\WINDOWS\System32\rpcss.dll
09:08:34.0718 2836 RpcSs - ok
09:08:34.0750 2836 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
09:08:34.0875 2836 RSVP - ok
09:08:34.0906 2836 SamSs (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
09:08:35.0000 2836 SamSs - ok
09:08:35.0046 2836 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:08:35.0062 2836 SASDIFSV - ok
09:08:35.0078 2836 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
09:08:35.0078 2836 SASENUM - ok
09:08:35.0093 2836 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
09:08:35.0093 2836 SASKUTIL - ok
09:08:35.0125 2836 SCardSvr (c177354e995cc1aa1f767bcd9980434a) C:\WINDOWS\System32\SCardSvr.exe
09:08:35.0234 2836 SCardSvr - ok
09:08:35.0281 2836 Schedule (29ac93307c6182dbe336bca314947f28) C:\WINDOWS\system32\schedsvc.dll
09:08:35.0375 2836 Schedule - ok
09:08:35.0406 2836 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:08:35.0500 2836 sdbus - ok
09:08:35.0531 2836 Secdrv (890cada2ab7acf53a5f9cce7515522a2) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:08:35.0546 2836 Secdrv ( UnsignedFile.Multi.Generic ) - warning
09:08:35.0546 2836 Secdrv - detected UnsignedFile.Multi.Generic (1)
09:08:35.0562 2836 seclogon (c76cb8a133374fac6805f83ff7b7da03) C:\WINDOWS\System32\seclogon.dll
09:08:35.0656 2836 seclogon - ok
09:08:35.0671 2836 SENS (220ad85ba9c5b3011296354011b901cc) C:\WINDOWS\system32\sens.dll
09:08:35.0781 2836 SENS - ok
09:08:35.0796 2836 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOWS\system32\drivers\Serial.sys
09:08:35.0890 2836 Serial - ok
09:08:35.0921 2836 sfdrv01 (00de597b81b381053cb5b21a7f20e365) C:\WINDOWS\system32\drivers\sfdrv01.sys
09:08:35.0937 2836 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
09:08:35.0937 2836 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
09:08:35.0937 2836 sfhlp02 (64b9ab76f1b16eb059cb6cdd906c067a) C:\WINDOWS\system32\drivers\sfhlp02.sys
09:08:35.0937 2836 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
09:08:35.0937 2836 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
09:08:35.0953 2836 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:08:36.0078 2836 Sfloppy - ok
09:08:36.0093 2836 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
09:08:36.0109 2836 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
09:08:36.0109 2836 sfsync02 - detected UnsignedFile.Multi.Generic (1)
09:08:36.0156 2836 SharedAccess (6a93501bcdebf159109429b022c0ff83) C:\WINDOWS\System32\ipnathlp.dll
09:08:36.0250 2836 SharedAccess - ok
09:08:36.0281 2836 ShellHWDetection (8ba76bd2a943f642f267a296a15776d2) C:\WINDOWS\System32\shsvcs.dll
09:08:36.0375 2836 ShellHWDetection - ok
09:08:36.0375 2836 Simbad - ok
09:08:36.0437 2836 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files\Skype\Updater\Updater.exe
09:08:36.0453 2836 SkypeUpdate - ok
09:08:36.0484 2836 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:08:36.0578 2836 SLIP - ok
09:08:36.0578 2836 Sparrow - ok
09:08:36.0625 2836 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
09:08:36.0703 2836 splitter - ok
09:08:36.0718 2836 Spooler (21b6faa88044a41640e03ebb68be93e8) C:\WINDOWS\system32\spoolsv.exe
09:08:36.0812 2836 Spooler - ok
09:08:36.0890 2836 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
09:08:36.0890 2836 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
09:08:36.0890 2836 sptd ( LockedFile.Multi.Generic ) - warning
09:08:36.0890 2836 sptd - detected LockedFile.Multi.Generic (1)
09:08:36.0906 2836 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOWS\system32\DRIVERS\sr.sys
09:08:36.0968 2836 sr - ok
09:08:37.0000 2836 srservice (3cd57f31a64d32fdb28918b16d1e6aac) C:\WINDOWS\system32\srsvc.dll
09:08:37.0062 2836 srservice - ok
09:08:37.0093 2836 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
09:08:37.0187 2836 Srv - ok
09:08:37.0218 2836 SSDPSRV (88c28f53f53438dafcd95e99c837c61e) C:\WINDOWS\System32\ssdpsrv.dll
09:08:37.0265 2836 SSDPSRV - ok
09:08:37.0328 2836 stisvc (0645ccdddd27f96eea3534c1def736d9) C:\WINDOWS\system32\wiaservc.dll
09:08:37.0421 2836 stisvc - ok
09:08:37.0453 2836 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:08:37.0531 2836 streamip - ok
09:08:37.0562 2836 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:08:37.0656 2836 swenum - ok
09:08:37.0687 2836 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
09:08:37.0781 2836 swmidi - ok
09:08:37.0781 2836 SwPrv - ok
09:08:37.0781 2836 symc810 - ok
09:08:37.0796 2836 symc8xx - ok
09:08:37.0796 2836 sym_hi - ok
09:08:37.0812 2836 sym_u3 - ok
09:08:37.0843 2836 SynTP (cc5da243cfdac58fc0408f7ce24084c5) C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:08:37.0906 2836 SynTP - ok
09:08:37.0937 2836 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
09:08:38.0031 2836 sysaudio - ok
09:08:38.0062 2836 SysmonLog (d9c9ecff4904e6151525c533aeedf8f4) C:\WINDOWS\system32\smlogsvc.exe
09:08:38.0171 2836 SysmonLog - ok
09:08:38.0203 2836 TapiSrv (37162d29cd61519e6f5ea0de99786ff6) C:\WINDOWS\System32\tapisrv.dll
09:08:38.0328 2836 TapiSrv - ok
09:08:38.0375 2836 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:08:38.0500 2836 Tcpip - ok
09:08:38.0531 2836 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:08:38.0640 2836 TDPIPE - ok
09:08:38.0656 2836 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
09:08:38.0750 2836 TDTCP - ok
09:08:38.0781 2836 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:08:38.0875 2836 TermDD - ok
09:08:38.0906 2836 TermService (2f5919f2f6ee7a845893d9c3aa2bc56a) C:\WINDOWS\System32\termsrv.dll
09:08:39.0000 2836 TermService - ok
09:08:39.0031 2836 Themes (8ba76bd2a943f642f267a296a15776d2) C:\WINDOWS\System32\shsvcs.dll
09:08:39.0125 2836 Themes - ok
09:08:39.0171 2836 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\WINDOWS\system32\drivers\tifm21.sys
09:08:39.0203 2836 tifm21 - ok
09:08:39.0250 2836 TlntSvr (535c2fb97336bafa509f4783dd1e5746) C:\WINDOWS\system32\tlntsvr.exe
09:08:39.0328 2836 TlntSvr - ok
09:08:39.0328 2836 TosIde - ok
09:08:39.0359 2836 TrkWks (4dce17221b1a87fb47e36842f3e38753) C:\WINDOWS\system32\trkwks.dll
09:08:39.0453 2836 TrkWks - ok
09:08:39.0484 2836 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
09:08:39.0593 2836 Udfs - ok
09:08:39.0593 2836 UIUSys - ok
09:08:39.0609 2836 ultra - ok
09:08:39.0640 2836 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
09:08:39.0671 2836 UMWdf - ok
09:08:39.0703 2836 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
09:08:39.0796 2836 Update - ok
09:08:39.0828 2836 upnphost (984fc1518b0d5b31d76f0e63608e0500) C:\WINDOWS\System32\upnphost.dll
09:08:39.0921 2836 upnphost - ok
09:08:39.0921 2836 UPS (6148a3ba4d9cc628357fc92014fea30e) C:\WINDOWS\System32\ups.exe
09:08:40.0031 2836 UPS - ok
09:08:40.0093 2836 USB28xxBGA (4c3180982abbc7cfa14dd21c0cbb1c22) C:\WINDOWS\system32\DRIVERS\emBDA.sys
09:08:40.0140 2836 USB28xxBGA - ok
09:08:40.0171 2836 USB28xxOEM (49b03351781de98981df0814a15dc992) C:\WINDOWS\system32\DRIVERS\emOEM.sys
09:08:40.0187 2836 USB28xxOEM - ok
09:08:40.0234 2836 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:08:40.0328 2836 usbccgp - ok
09:08:40.0359 2836 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:08:40.0453 2836 usbehci - ok
09:08:40.0484 2836 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:08:40.0562 2836 usbhub - ok
09:08:40.0593 2836 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:08:40.0687 2836 usbprint - ok
09:08:40.0718 2836 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:08:40.0812 2836 usbscan - ok
09:08:40.0828 2836 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:08:40.0921 2836 USBSTOR - ok
09:08:40.0937 2836 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:08:41.0031 2836 usbuhci - ok
09:08:41.0062 2836 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:08:41.0156 2836 usbvideo - ok
09:08:41.0171 2836 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
09:08:41.0265 2836 VgaSave - ok
09:08:41.0265 2836 ViaIde - ok
09:08:41.0312 2836 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOWS\system32\drivers\VolSnap.sys
09:08:41.0406 2836 VolSnap - ok
09:08:41.0453 2836 VSS (043539881667bb37b07524032d6ffc3e) C:\WINDOWS\System32\vssvc.exe
09:08:41.0531 2836 VSS - ok
09:08:41.0562 2836 w200bus (34923e278eac7ddcea717ae1fcf592f6) C:\WINDOWS\system32\DRIVERS\w200bus.sys
09:08:41.0578 2836 w200bus ( UnsignedFile.Multi.Generic ) - warning
09:08:41.0578 2836 w200bus - detected UnsignedFile.Multi.Generic (1)
09:08:41.0593 2836 w200mdfl (eff90a983cd3deab05922242e8072dc6) C:\WINDOWS\system32\DRIVERS\w200mdfl.sys
09:08:41.0593 2836 w200mdfl ( UnsignedFile.Multi.Generic ) - warning
09:08:41.0593 2836 w200mdfl - detected UnsignedFile.Multi.Generic (1)
09:08:41.0609 2836 w200mdm (f03da4fbb2708a0b5409ea63e88c0f50) C:\WINDOWS\system32\DRIVERS\w200mdm.sys
09:08:41.0625 2836 w200mdm ( UnsignedFile.Multi.Generic ) - warning
09:08:41.0625 2836 w200mdm - detected UnsignedFile.Multi.Generic (1)
09:08:41.0640 2836 w200mgmt (1522d6387e6bb54aef9824b1733832db) C:\WINDOWS\system32\DRIVERS\w200mgmt.sys
09:08:41.0640 2836 w200mgmt ( UnsignedFile.Multi.Generic ) - warning
09:08:41.0640 2836 w200mgmt - detected UnsignedFile.Multi.Generic (1)
09:08:41.0656 2836 w200obex (8405be0bba1ccf26d0fbdd26be03c816) C:\WINDOWS\system32\DRIVERS\w200obex.sys
09:08:41.0656 2836 w200obex ( UnsignedFile.Multi.Generic ) - warning
09:08:41.0656 2836 w200obex - detected UnsignedFile.Multi.Generic (1)
09:08:41.0687 2836 W32Time (2ceebb402187ae56b585701f3d191fb3) C:\WINDOWS\system32\w32time.dll
09:08:41.0796 2836 W32Time - ok
09:08:41.0812 2836 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:08:41.0906 2836 Wanarp - ok
09:08:41.0921 2836 WDICA - ok
09:08:41.0968 2836 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
09:08:42.0046 2836 wdmaud - ok
09:08:42.0078 2836 WebClient (3791adf1d3466ac6b4b662d3f79cbfec) C:\WINDOWS\System32\webclnt.dll
09:08:42.0156 2836 WebClient - ok
09:08:42.0250 2836 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:08:42.0281 2836 winachsf - ok
09:08:42.0343 2836 winmgmt (e12084ea622bdf2262c637bef15dd85c) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:08:42.0437 2836 winmgmt - ok
09:08:42.0500 2836 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
09:08:42.0531 2836 WmdmPmSN - ok
09:08:42.0609 2836 Wmi (0cdc4a0c6b820fad99fb4ca74cd0c476) C:\WINDOWS\System32\advapi32.dll
09:08:42.0703 2836 Wmi - ok
09:08:42.0765 2836 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:08:42.0859 2836 WmiAcpi - ok
09:08:42.0906 2836 WmiApSrv (bcd21b989f0fd4ace78287fc01b4693d) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:08:43.0000 2836 WmiApSrv - ok
09:08:43.0015 2836 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:08:43.0109 2836 WS2IFSL - ok
09:08:43.0140 2836 wscsvc (4aded1adef25041d9827f9a79c0fda13) C:\WINDOWS\system32\wscsvc.dll
09:08:43.0234 2836 wscsvc - ok
09:08:43.0265 2836 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:08:43.0343 2836 WSTCODEC - ok
09:08:43.0375 2836 wuauserv (21f5169ca14e0b25c757644456f637df) C:\WINDOWS\system32\wuauserv.dll
09:08:43.0500 2836 wuauserv - ok
09:08:43.0531 2836 WZCSVC (325cedef696ef4b649ddcd3968d085c9) C:\WINDOWS\System32\wzcsvc.dll
09:08:43.0656 2836 WZCSVC - ok
09:08:43.0687 2836 xmlprov (9b835d4c64860b155a1701d5092ec9e4) C:\WINDOWS\System32\xmlprov.dll
09:08:43.0812 2836 xmlprov - ok
09:08:43.0921 2836 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
09:08:44.0437 2836 \Device\Harddisk0\DR0 - ok
09:08:44.0437 2836 Boot (0x1200) (2f69f9e74d4332c30297c18eab9ea501) \Device\Harddisk0\DR0\Partition0
09:08:44.0437 2836 \Device\Harddisk0\DR0\Partition0 - ok
09:08:44.0437 2836 Boot (0x1200) (9091f6ada2468a662dd10728ef2fee93) \Device\Harddisk0\DR0\Partition1
09:08:44.0453 2836 \Device\Harddisk0\DR0\Partition1 - ok
09:08:44.0453 2836 ============================================================
09:08:44.0453 2836 Scan finished
09:08:44.0453 2836 ============================================================
09:08:44.0562 2456 Detected object count: 19
09:08:44.0562 2456 Actual detected object count: 19
09:09:01.0828 2456 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0828 2456 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0828 2456 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0828 2456 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0843 2456 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0843 2456 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0843 2456 KmGameMouseServiceV1 ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0843 2456 KmGameMouseServiceV1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0843 2456 KMWDFilter ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0843 2456 KMWDFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0843 2456 KMWDFilterV1 ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0843 2456 KMWDFilterV1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0843 2456 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0843 2456 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0843 2456 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0843 2456 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0843 2456 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0843 2456 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0859 2456 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0859 2456 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0859 2456 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0859 2456 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0859 2456 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0859 2456 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0859 2456 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0859 2456 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0859 2456 sptd ( LockedFile.Multi.Generic ) - skipped by user
09:09:01.0859 2456 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
09:09:01.0859 2456 w200bus ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0859 2456 w200bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0875 2456 w200mdfl ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0875 2456 w200mdfl ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0875 2456 w200mdm ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0875 2456 w200mdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0875 2456 w200mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0875 2456 w200mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0875 2456 w200obex ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0875 2456 w200obex ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:07:00.0750 3592 ============================================================
09:07:00.0750 3592 Current date / time: 2012/07/15 09:07:00.0750
09:07:00.0750 3592 SystemInfo:
09:07:00.0750 3592
09:07:00.0750 3592 OS Version: 5.1.2600 ServicePack: 2.0
09:07:00.0750 3592 Product type: Workstation
09:07:00.0750 3592 ComputerName: PATRIK-B795BA8C
09:07:00.0765 3592 UserName: Patrik
09:07:00.0765 3592 Windows directory: C:\WINDOWS
09:07:00.0765 3592 System windows directory: C:\WINDOWS
09:07:00.0765 3592 Processor architecture: Intel x86
09:07:00.0765 3592 Number of processors: 2
09:07:00.0765 3592 Page size: 0x1000
09:07:00.0765 3592 Boot type: Normal boot
09:07:00.0765 3592 ============================================================
09:07:20.0343 3592 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:07:20.0343 3592 ============================================================
09:07:20.0343 3592 \Device\Harddisk0\DR0:
09:07:20.0343 3592 MBR partitions:
09:07:20.0343 3592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
09:07:20.0359 3592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x1B7E7CAA
09:07:20.0359 3592 ============================================================
09:07:20.0390 3592 C: <-> \Device\Harddisk0\DR0\Partition0
09:07:20.0468 3592 D: <-> \Device\Harddisk0\DR0\Partition1
09:07:20.0468 3592 ============================================================
09:07:20.0468 3592 Initialize success
09:07:20.0468 3592 ============================================================
09:08:07.0453 2836 ============================================================
09:08:07.0453 2836 Scan started
09:08:07.0453 2836 Mode: Manual; SigCheck; TDLFS;
09:08:07.0453 2836 ============================================================
09:08:07.0890 2836 Abiosdsk - ok
09:08:07.0890 2836 abp480n5 - ok
09:08:07.0937 2836 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:08:08.0281 2836 ACPI - ok
09:08:08.0296 2836 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:08:08.0406 2836 ACPIEC - ok
09:08:08.0406 2836 adpu160m - ok
09:08:08.0437 2836 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
09:08:08.0546 2836 aec - ok
09:08:08.0578 2836 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
09:08:08.0671 2836 AFD - ok
09:08:08.0687 2836 Aha154x - ok
09:08:08.0687 2836 aic78u2 - ok
09:08:08.0703 2836 aic78xx - ok
09:08:08.0734 2836 Alerter (026ddaa7e6f8d49df82c7a98bae5d0d1) C:\WINDOWS\system32\alrsvc.dll
09:08:08.0875 2836 Alerter - ok
09:08:08.0890 2836 ALG (b3f690bf43f93a012a52f28f234faa1b) C:\WINDOWS\System32\alg.exe
09:08:08.0953 2836 ALG - ok
09:08:08.0953 2836 AliIde - ok
09:08:08.0968 2836 amsint - ok
09:08:09.0000 2836 AppMgmt (421184f91eae5c6e78e653c6b32aae84) C:\WINDOWS\System32\appmgmts.dll
09:08:09.0078 2836 AppMgmt - ok
09:08:09.0093 2836 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:08:09.0203 2836 Arp1394 - ok
09:08:09.0203 2836 asc - ok
09:08:09.0203 2836 asc3350p - ok
09:08:09.0218 2836 asc3550 - ok
09:08:09.0328 2836 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:08:09.0375 2836 aspnet_state - ok
09:08:09.0375 2836 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:08:09.0484 2836 AsyncMac - ok
09:08:09.0546 2836 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:08:09.0640 2836 atapi - ok
09:08:09.0640 2836 Atdisk - ok
09:08:09.0671 2836 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:08:09.0781 2836 Atmarpc - ok
09:08:09.0812 2836 AudioSrv (40d78f514c8588ef12ec718d2af0fc4e) C:\WINDOWS\System32\audiosrv.dll
09:08:09.0937 2836 AudioSrv - ok
09:08:09.0953 2836 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:08:10.0062 2836 audstub - ok
09:08:10.0109 2836 avg8emc - ok
09:08:10.0125 2836 avg8wd - ok
09:08:10.0187 2836 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
09:08:10.0250 2836 AvgLdx86 - ok
09:08:10.0265 2836 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
09:08:10.0265 2836 AvgMfx86 - ok
09:08:10.0312 2836 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
09:08:10.0312 2836 AvgTdiX - ok
09:08:10.0343 2836 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:08:10.0390 2836 b57w2k - ok
09:08:10.0500 2836 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
09:08:10.0593 2836 BCM43XX - ok
09:08:10.0625 2836 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:08:10.0750 2836 Beep - ok
09:08:10.0781 2836 bhound6 (401a873517ccdefe0bf79d143f15d473) C:\WINDOWS\system32\DRIVERS\bhound6.sys
09:08:10.0781 2836 bhound6 - ok
09:08:10.0828 2836 BITS (e774a26610ec92674273486612c11cfc) C:\WINDOWS\system32\qmgr.dll
09:08:10.0984 2836 BITS - ok
09:08:11.0031 2836 Browser (f219e27e88107a50544153898dd8178e) C:\WINDOWS\System32\browser.dll
09:08:11.0140 2836 Browser - ok
09:08:11.0187 2836 btaudio (ecdc40cc54603c711e1a7a1c9255184a) C:\WINDOWS\system32\drivers\btaudio.sys
09:08:11.0203 2836 btaudio - ok
09:08:11.0250 2836 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
09:08:11.0250 2836 BTDriver - ok
09:08:11.0343 2836 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:08:11.0390 2836 BTKRNL - ok
09:08:11.0484 2836 btwdins (49e9ed37faec5e8c03e81fd73d3884d6) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
09:08:11.0500 2836 btwdins - ok
09:08:11.0531 2836 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
09:08:11.0578 2836 BTWDNDIS - ok
09:08:11.0593 2836 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys
09:08:11.0609 2836 btwhid - ok
09:08:11.0625 2836 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
09:08:11.0671 2836 BTWUSB - ok
09:08:11.0796 2836 catchme - ok
09:08:11.0843 2836 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:08:11.0937 2836 cbidf2k - ok
09:08:11.0953 2836 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:08:12.0062 2836 CCDECODE - ok
09:08:12.0062 2836 cd20xrnt - ok
09:08:12.0093 2836 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:08:12.0203 2836 Cdaudio - ok
09:08:12.0250 2836 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
09:08:12.0359 2836 Cdfs - ok
09:08:12.0375 2836 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:08:12.0484 2836 Cdrom - ok
09:08:12.0484 2836 Changer - ok
09:08:12.0531 2836 CiSvc (9e21229e04e1d301bb40222fe4641cb2) C:\WINDOWS\system32\cisvc.exe
09:08:12.0656 2836 CiSvc - ok
09:08:12.0656 2836 ClipSrv (d3dc45553c8025338e08a60e95b1b91d) C:\WINDOWS\system32\clipsrv.exe
09:08:12.0781 2836 ClipSrv - ok
09:08:12.0875 2836 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:08:12.0937 2836 clr_optimization_v2.0.50727_32 - ok
09:08:12.0968 2836 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:08:13.0062 2836 CmBatt - ok
09:08:13.0062 2836 CmdIde - ok
09:08:13.0078 2836 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:08:13.0203 2836 Compbatt - ok
09:08:13.0203 2836 COMSysApp - ok
09:08:13.0218 2836 Cpqarray - ok
09:08:13.0250 2836 CryptSvc (70d2a1756f4b2067658a186c963fcabd) C:\WINDOWS\System32\cryptsvc.dll
09:08:13.0375 2836 CryptSvc - ok
09:08:13.0375 2836 dac2w2k - ok
09:08:13.0390 2836 dac960nt - ok
09:08:13.0453 2836 DcomLaunch (c72c15ee57e248c66e57c76cab086cf2) C:\WINDOWS\system32\rpcss.dll
09:08:13.0578 2836 DcomLaunch - ok
09:08:13.0593 2836 Dhcp (562830efb7cf367fb773fea5256e67c8) C:\WINDOWS\System32\dhcpcsvc.dll
09:08:13.0718 2836 Dhcp - ok
09:08:13.0750 2836 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
09:08:13.0875 2836 Disk - ok
09:08:13.0875 2836 dmadmin - ok
09:08:13.0984 2836 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOWS\system32\drivers\dmboot.sys
09:08:14.0234 2836 dmboot - ok
09:08:14.0250 2836 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOWS\system32\drivers\dmio.sys
09:08:14.0359 2836 dmio - ok
09:08:14.0375 2836 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:08:14.0515 2836 dmload - ok
09:08:14.0546 2836 dmserver (7b3ca72885923eb947221f17f3e3ac59) C:\WINDOWS\System32\dmserver.dll
09:08:14.0656 2836 dmserver - ok
09:08:14.0687 2836 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
09:08:14.0796 2836 DMusic - ok
09:08:14.0828 2836 Dnscache (f605b3f5674d67587c4b6c9e92a3e025) C:\WINDOWS\System32\dnsrslvr.dll
09:08:14.0937 2836 Dnscache - ok
09:08:14.0937 2836 dpti2o - ok
09:08:14.0968 2836 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
09:08:15.0078 2836 drmkaud - ok
09:08:15.0093 2836 ERSvc (d6f7428b201e33bc80066b47144cb568) C:\WINDOWS\System32\ersvc.dll
09:08:15.0218 2836 ERSvc - ok
09:08:15.0250 2836 Eventlog (6e401e61f952fbbf708afbecefafae81) C:\WINDOWS\system32\services.exe
09:08:15.0359 2836 Eventlog - ok
09:08:15.0390 2836 EventSystem (972378b907070f64932a87c90a035487) C:\WINDOWS\system32\es.dll
09:08:15.0546 2836 EventSystem - ok
09:08:15.0578 2836 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
09:08:15.0718 2836 Fastfat - ok
09:08:15.0750 2836 FastUserSwitchingCompatibility (8ba76bd2a943f642f267a296a15776d2) C:\WINDOWS\System32\shsvcs.dll
09:08:15.0906 2836 FastUserSwitchingCompatibility - ok
09:08:15.0937 2836 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
09:08:16.0062 2836 Fdc - ok
09:08:16.0093 2836 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOWS\system32\drivers\Fips.sys
09:08:16.0218 2836 Fips - ok
09:08:16.0218 2836 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:08:16.0343 2836 Flpydisk - ok
09:08:16.0375 2836 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:08:16.0515 2836 FltMgr - ok
09:08:16.0546 2836 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:08:16.0687 2836 Fs_Rec - ok
09:08:16.0703 2836 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:08:16.0828 2836 Ftdisk - ok
09:08:16.0890 2836 fwdrv (4700b7992432d9cae2a4766f36aff2c5) C:\WINDOWS\system32\drivers\fwdrv.sys
09:08:16.0906 2836 fwdrv - ok
09:08:16.0937 2836 GbpKm (738a994af1a7cbd40327986fa3254450) C:\WINDOWS\system32\drivers\gbpkm.sys
09:08:16.0937 2836 GbpKm - ok
09:08:17.0015 2836 GbpSv (831dcb0d2e1e1e7a7e1d9a22f2cde330) C:\PROGRA~1\GbPlugin\GbpSv.exe
09:08:17.0031 2836 GbpSv - ok
09:08:17.0062 2836 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:08:17.0171 2836 Gpc - ok
09:08:17.0375 2836 gupdate - ok
09:08:17.0421 2836 gupdatem - ok
09:08:17.0421 2836 gusvc - ok
09:08:17.0468 2836 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:08:17.0531 2836 HDAudBus - ok
09:08:17.0562 2836 helpsvc (f59152272782fed8a8197fa788287f68) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:08:17.0656 2836 helpsvc - ok
09:08:17.0703 2836 HidServ (d2dcf769e5a70027058ad5be1f9b55bf) C:\WINDOWS\System32\hidserv.dll
09:08:17.0812 2836 HidServ - ok
09:08:18.0031 2836 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:08:18.0140 2836 HidUsb - ok
09:08:18.0140 2836 hpn - ok
09:08:18.0234 2836 hpqcxs08 (38d6b51f04def7fb248fa56e4c47407e) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:08:18.0250 2836 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
09:08:18.0250 2836 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
09:08:18.0265 2836 hpqddsvc (3ee4a63539ec04ee2d4bd293985087ab) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
09:08:18.0265 2836 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
09:08:18.0265 2836 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
09:08:18.0296 2836 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:08:18.0421 2836 HPZid412 - ok
09:08:18.0453 2836 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:08:18.0500 2836 HPZipr12 - ok
09:08:18.0546 2836 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:08:18.0562 2836 HPZius12 - ok
09:08:18.0609 2836 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
09:08:18.0671 2836 HSFHWAZL - ok
09:08:18.0750 2836 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
09:08:18.0812 2836 HSF_DPV - ok
09:08:18.0859 2836 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
09:08:18.0953 2836 HTTP - ok
09:08:19.0015 2836 HTTPFilter (da826826c5c9116f47e0cd0ca8cc7c11) C:\WINDOWS\System32\w3ssl.dll
09:08:19.0156 2836 HTTPFilter - ok
09:08:19.0156 2836 i2omgmt - ok
09:08:19.0171 2836 i2omp - ok
09:08:19.0203 2836 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:08:19.0328 2836 i8042prt - ok
09:08:19.0734 2836 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:08:19.0953 2836 ialm - ok
09:08:20.0062 2836 ICQ Service (f88e5dc5ca4c3f1aeb32169ab20d0b5a) C:\Program Files\ICQ6Toolbar\ICQ Service.exe
09:08:20.0062 2836 ICQ Service - ok
09:08:20.0203 2836 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:08:20.0250 2836 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:08:20.0250 2836 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:08:20.0359 2836 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:08:20.0468 2836 Imapi - ok
09:08:20.0515 2836 ImapiService (cf9d286b34cb4912f3b28b4972d5cb33) C:\WINDOWS\system32\imapi.exe
09:08:20.0671 2836 ImapiService - ok
09:08:20.0687 2836 ini910u - ok
09:08:20.0984 2836 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:08:21.0187 2836 IntcAzAudAddService - ok
09:08:21.0281 2836 IntelIde - ok
09:08:21.0296 2836 intelppm (10a3ac0f0df720ad3c3fd13861d50eb9) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:08:21.0421 2836 intelppm - ok
09:08:21.0437 2836 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:08:21.0562 2836 Ip6Fw - ok
09:08:21.0609 2836 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:08:21.0734 2836 IpFilterDriver - ok
09:08:21.0734 2836 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:08:21.0859 2836 IpInIp - ok
09:08:21.0875 2836 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:08:21.0984 2836 IpNat - ok
09:08:22.0031 2836 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:08:22.0125 2836 IPSec - ok
09:08:22.0187 2836 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
09:08:22.0234 2836 irda - ok
09:08:22.0281 2836 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:08:22.0328 2836 IRENUM - ok
09:08:22.0343 2836 Irmon (e16ac23f81cfe1223ab470f9982de89d) C:\WINDOWS\System32\irmon.dll
09:08:22.0390 2836 Irmon - ok
09:08:22.0437 2836 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:08:22.0531 2836 isapnp - ok
09:08:22.0687 2836 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
09:08:22.0703 2836 JavaQuickStarterService - ok
09:08:22.0734 2836 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:08:22.0843 2836 Kbdclass - ok
09:08:22.0875 2836 kbdhid (065b5a83aa78c0c7047bf22e0ab5c821) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:08:22.0984 2836 kbdhid - ok
09:08:23.0015 2836 khips (f27a6d0bbca2893aad1a0018bac61eb3) C:\WINDOWS\system32\drivers\khips.sys
09:08:23.0031 2836 khips - ok
09:08:23.0109 2836 KmGameMouseServiceV1 (54c3b8e2c5d5c28fcf2c968d577c3561) C:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe
09:08:23.0109 2836 KmGameMouseServiceV1 ( UnsignedFile.Multi.Generic ) - warning
09:08:23.0109 2836 KmGameMouseServiceV1 - detected UnsignedFile.Multi.Generic (1)
09:08:23.0171 2836 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
09:08:23.0250 2836 kmixer - ok
09:08:23.0296 2836 KMWDFilter (73186a580e287152b1be5087c0e92339) C:\WINDOWS\System32\Drivers\KMWDFilter.SYS
09:08:23.0312 2836 KMWDFilter ( UnsignedFile.Multi.Generic ) - warning
09:08:23.0312 2836 KMWDFilter - detected UnsignedFile.Multi.Generic (1)
09:08:23.0343 2836 KMWDFilterV1 (769e2846280aead581227f6ab861fbc6) C:\WINDOWS\System32\Drivers\RPGMOUSEV1.sys
09:08:23.0359 2836 KMWDFilterV1 ( UnsignedFile.Multi.Generic ) - warning
09:08:23.0359 2836 KMWDFilterV1 - detected UnsignedFile.Multi.Generic (1)
09:08:23.0421 2836 KMWDSERVICE (a4a9adb8e7005785d2c1f4ff8c7b70bb) C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
09:08:23.0437 2836 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - warning
09:08:23.0437 2836 KMWDSERVICE - detected UnsignedFile.Multi.Generic (1)
09:08:23.0562 2836 KPF4 (0e65d9b20331abd50f85e1fc52cb2d64) C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
09:08:23.0609 2836 KPF4 - ok
09:08:23.0656 2836 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
09:08:23.0765 2836 KSecDD - ok
09:08:23.0796 2836 lanmanserver (6d6bdd68b775986577c48a8df961a05c) C:\WINDOWS\System32\srvsvc.dll
09:08:23.0906 2836 lanmanserver - ok
09:08:23.0937 2836 lanmanworkstation (69b0569aae33f0d5057ca0e8577aaf07) C:\WINDOWS\System32\wkssvc.dll
09:08:24.0046 2836 lanmanworkstation - ok
09:08:24.0046 2836 lbrtfdc - ok
09:08:24.0078 2836 LmHosts (f9ee6d2aab0690b34ae35ba9921a1414) C:\WINDOWS\System32\lmhsvc.dll
09:08:24.0187 2836 LmHosts - ok
09:08:24.0281 2836 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
09:08:24.0343 2836 McComponentHostService - ok
09:08:24.0375 2836 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:08:24.0375 2836 mdmxsdk - ok
09:08:24.0406 2836 Messenger (8b2fcbd881879b55be40b41f12ffc431) C:\WINDOWS\System32\msgsvc.dll
09:08:24.0515 2836 Messenger - ok
09:08:24.0625 2836 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:08:24.0656 2836 Microsoft Office Groove Audit Service - ok
09:08:24.0687 2836 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:08:24.0781 2836 mnmdd - ok
09:08:24.0812 2836 mnmsrvc (7d137132d6a9b41ef800e59a771ed48c) C:\WINDOWS\system32\mnmsrvc.exe
09:08:24.0921 2836 mnmsrvc - ok
09:08:24.0953 2836 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOWS\system32\drivers\Modem.sys
09:08:25.0046 2836 Modem - ok
09:08:25.0093 2836 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:08:25.0187 2836 Mouclass - ok
09:08:25.0218 2836 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:08:25.0296 2836 mouhid - ok
09:08:25.0343 2836 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
09:08:25.0437 2836 MountMgr - ok
09:08:25.0468 2836 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:08:25.0500 2836 MozillaMaintenance - ok
09:08:25.0531 2836 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
09:08:25.0640 2836 MPE - ok
09:08:25.0640 2836 mraid35x - ok
09:08:25.0656 2836 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:08:25.0750 2836 MRxDAV - ok
09:08:25.0796 2836 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:08:25.0921 2836 MRxSmb - ok
09:08:25.0953 2836 MSDTC (944a24032aed84c59455b981f6ca1c1a) C:\WINDOWS\system32\msdtc.exe
09:08:26.0078 2836 MSDTC - ok
09:08:26.0093 2836 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
09:08:26.0187 2836 Msfs - ok
09:08:26.0250 2836 MSIRCOMM (ee55f5c64417cc369866d7eafe9b07ab) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
09:08:26.0296 2836 MSIRCOMM - ok
09:08:26.0296 2836 MSIServer - ok
09:08:26.0328 2836 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:08:26.0421 2836 MSKSSRV - ok
09:08:26.0421 2836 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:08:26.0515 2836 MSPCLOCK - ok
09:08:26.0546 2836 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
09:08:26.0640 2836 MSPQM - ok
09:08:26.0671 2836 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:08:26.0765 2836 mssmbios - ok
09:08:26.0781 2836 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
09:08:26.0875 2836 MSTEE - ok
09:08:26.0875 2836 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
09:08:26.0968 2836 Mup - ok
09:08:27.0015 2836 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:08:27.0125 2836 NABTSFEC - ok
09:08:27.0250 2836 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
09:08:27.0312 2836 NBService - ok
09:08:27.0359 2836 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
09:08:27.0468 2836 NDIS - ok
09:08:27.0468 2836 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:08:27.0562 2836 NdisIP - ok
09:08:27.0593 2836 Ndisrd (8cbea95911b5d5e0ee4eb39d369c3c73) C:\WINDOWS\system32\DRIVERS\gbpndisrd.sys
09:08:27.0609 2836 Ndisrd - ok
09:08:27.0609 2836 NdisrdMP (8cbea95911b5d5e0ee4eb39d369c3c73) C:\WINDOWS\system32\DRIVERS\gbpndisrd.sys
09:08:27.0625 2836 NdisrdMP - ok
09:08:27.0640 2836 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:08:27.0750 2836 NdisTapi - ok
09:08:27.0781 2836 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:08:27.0875 2836 Ndisuio - ok
09:08:27.0906 2836 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:08:28.0000 2836 NdisWan - ok
09:08:28.0015 2836 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
09:08:28.0125 2836 NDProxy - ok
09:08:28.0156 2836 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
09:08:28.0171 2836 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:08:28.0171 2836 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:08:28.0187 2836 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:08:28.0281 2836 NetBIOS - ok
09:08:28.0312 2836 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:08:28.0406 2836 NetBT - ok
09:08:28.0437 2836 NetDDE (818053225bf4aac5f0f718001e492f70) C:\WINDOWS\system32\netdde.exe
09:08:28.0546 2836 NetDDE - ok
09:08:28.0546 2836 NetDDEdsdm (818053225bf4aac5f0f718001e492f70) C:\WINDOWS\system32\netdde.exe
09:08:28.0640 2836 NetDDEdsdm - ok
09:08:28.0687 2836 Netlogon (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
09:08:28.0781 2836 Netlogon - ok
09:08:28.0828 2836 Netman (af342d2781225a8769686e0d47e3123e) C:\WINDOWS\System32\netman.dll
09:08:28.0906 2836 Netman - ok
09:08:28.0921 2836 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:08:29.0031 2836 NIC1394 - ok
09:08:29.0062 2836 Nla (64c078bd4efd441c3f159edc5ea4420a) C:\WINDOWS\System32\mswsock.dll
09:08:29.0156 2836 Nla - ok
09:08:29.0265 2836 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
09:08:29.0281 2836 NMIndexingService - ok
09:08:29.0296 2836 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
09:08:29.0390 2836 Npfs - ok
09:08:29.0406 2836 NSCIRDA (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys
09:08:29.0453 2836 NSCIRDA - ok
09:08:29.0484 2836 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
09:08:29.0625 2836 Ntfs - ok
09:08:29.0640 2836 NtLmSsp (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
09:08:29.0734 2836 NtLmSsp - ok
09:08:29.0781 2836 NtmsSvc (d8d2b13ba93ae830b1a637df571d1195) C:\WINDOWS\system32\ntmssvc.dll
09:08:29.0906 2836 NtmsSvc - ok
09:08:29.0937 2836 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:08:30.0046 2836 Null - ok
09:08:30.0078 2836 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:08:30.0156 2836 NwlnkFlt - ok
09:08:30.0171 2836 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:08:30.0265 2836 NwlnkFwd - ok
09:08:30.0359 2836 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:08:30.0406 2836 odserv - ok
09:08:30.0453 2836 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:08:30.0546 2836 ohci1394 - ok
09:08:30.0593 2836 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:08:30.0640 2836 ose - ok
09:08:30.0687 2836 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOWS\system32\drivers\Parport.sys
09:08:30.0781 2836 Parport - ok
09:08:30.0812 2836 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
09:08:30.0906 2836 PartMgr - ok
09:08:30.0937 2836 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
09:08:31.0031 2836 ParVdm - ok
09:08:31.0078 2836 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOWS\system32\DRIVERS\pci.sys
09:08:31.0171 2836 PCI - ok
09:08:31.0171 2836 PCIDump - ok
09:08:31.0171 2836 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:08:31.0265 2836 PCIIde - ok
09:08:31.0296 2836 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:08:31.0390 2836 Pcmcia - ok
09:08:31.0406 2836 PDCOMP - ok
09:08:31.0406 2836 PDFRAME - ok
09:08:31.0421 2836 PDRELI - ok
09:08:31.0421 2836 PDRFRAME - ok
09:08:31.0437 2836 perc2 - ok
09:08:31.0437 2836 perc2hib - ok
09:08:31.0500 2836 PlugPlay (6e401e61f952fbbf708afbecefafae81) C:\WINDOWS\system32\services.exe
09:08:31.0593 2836 PlugPlay - ok
09:08:31.0625 2836 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
09:08:31.0640 2836 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:08:31.0640 2836 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:08:31.0656 2836 PnkBstrA (0e01d7eebada0b324db0ca1ee73440ba) C:\WINDOWS\system32\PnkBstrA.exe
09:08:31.0656 2836 PnkBstrA - ok
09:08:31.0687 2836 PnkBstrB (1428e6cc1458a36cbfc1f2e304c7c42d) C:\WINDOWS\system32\PnkBstrB.exe
09:08:31.0687 2836 PnkBstrB - ok
09:08:31.0703 2836 PolicyAgent (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
09:08:31.0812 2836 PolicyAgent - ok
09:08:31.0843 2836 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:08:31.0937 2836 PptpMiniport - ok
09:08:31.0937 2836 ProtectedStorage (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
09:08:32.0046 2836 ProtectedStorage - ok
09:08:32.0046 2836 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
09:08:32.0140 2836 PSched - ok
09:08:32.0156 2836 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:08:32.0265 2836 Ptilink - ok
09:08:32.0296 2836 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:08:32.0312 2836 PxHelp20 - ok
09:08:32.0312 2836 ql1080 - ok
09:08:32.0312 2836 Ql10wnt - ok
09:08:32.0328 2836 ql12160 - ok
09:08:32.0328 2836 ql1240 - ok
09:08:32.0343 2836 ql1280 - ok
09:08:32.0375 2836 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:08:32.0468 2836 RasAcd - ok
09:08:32.0515 2836 RasAuto (e68b6f9a726a444059705ab43b5656d1) C:\WINDOWS\System32\rasauto.dll
09:08:32.0625 2836 RasAuto - ok
09:08:32.0656 2836 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
09:08:32.0703 2836 Rasirda - ok
09:08:32.0718 2836 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:08:32.0812 2836 Rasl2tp - ok
09:08:32.0828 2836 RasMan (6e519d777c91e90592403c9f981fdf03) C:\WINDOWS\System32\rasmans.dll
09:08:32.0921 2836 RasMan - ok
09:08:32.0937 2836 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:08:33.0015 2836 RasPppoe - ok
09:08:33.0031 2836 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:08:33.0125 2836 Raspti - ok
09:08:33.0171 2836 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:08:33.0281 2836 Rdbss - ok
09:08:33.0281 2836 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:08:33.0375 2836 RDPCDD - ok
09:08:33.0421 2836 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:08:33.0515 2836 rdpdr - ok
09:08:33.0578 2836 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
09:08:33.0687 2836 RDPWD - ok
09:08:33.0718 2836 RDSessMgr (125acf258da9633f748131a0e0185af3) C:\WINDOWS\system32\sessmgr.exe
09:08:33.0859 2836 RDSessMgr - ok
09:08:33.0890 2836 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:08:33.0984 2836 redbook - ok
09:08:34.0015 2836 RemoteAccess (eb5e1a601e5a1908a87e4d5a41803d98) C:\WINDOWS\System32\mprdim.dll
09:08:34.0140 2836 RemoteAccess - ok
09:08:34.0171 2836 RemoteRegistry (5b21208fcf8970bb61fe98e19d828714) C:\WINDOWS\system32\regsvc.dll
09:08:34.0265 2836 RemoteRegistry - ok
09:08:34.0406 2836 RichVideo (999aa77152f16a40a5727fc657ef66c3) C:\Program Files\CyberLink\Shared files\RichVideo.exe
09:08:34.0406 2836 RichVideo - ok
09:08:34.0453 2836 RpcLocator (c8a3b668985d61249f2dc71716c58de8) C:\WINDOWS\system32\locator.exe
09:08:34.0546 2836 RpcLocator - ok
09:08:34.0609 2836 RpcSs (c72c15ee57e248c66e57c76cab086cf2) C:\WINDOWS\System32\rpcss.dll
09:08:34.0718 2836 RpcSs - ok
09:08:34.0750 2836 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
09:08:34.0875 2836 RSVP - ok
09:08:34.0906 2836 SamSs (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
09:08:35.0000 2836 SamSs - ok
09:08:35.0046 2836 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:08:35.0062 2836 SASDIFSV - ok
09:08:35.0078 2836 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
09:08:35.0078 2836 SASENUM - ok
09:08:35.0093 2836 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
09:08:35.0093 2836 SASKUTIL - ok
09:08:35.0125 2836 SCardSvr (c177354e995cc1aa1f767bcd9980434a) C:\WINDOWS\System32\SCardSvr.exe
09:08:35.0234 2836 SCardSvr - ok
09:08:35.0281 2836 Schedule (29ac93307c6182dbe336bca314947f28) C:\WINDOWS\system32\schedsvc.dll
09:08:35.0375 2836 Schedule - ok
09:08:35.0406 2836 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:08:35.0500 2836 sdbus - ok
09:08:35.0531 2836 Secdrv (890cada2ab7acf53a5f9cce7515522a2) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:08:35.0546 2836 Secdrv ( UnsignedFile.Multi.Generic ) - warning
09:08:35.0546 2836 Secdrv - detected UnsignedFile.Multi.Generic (1)
09:08:35.0562 2836 seclogon (c76cb8a133374fac6805f83ff7b7da03) C:\WINDOWS\System32\seclogon.dll
09:08:35.0656 2836 seclogon - ok
09:08:35.0671 2836 SENS (220ad85ba9c5b3011296354011b901cc) C:\WINDOWS\system32\sens.dll
09:08:35.0781 2836 SENS - ok
09:08:35.0796 2836 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOWS\system32\drivers\Serial.sys
09:08:35.0890 2836 Serial - ok
09:08:35.0921 2836 sfdrv01 (00de597b81b381053cb5b21a7f20e365) C:\WINDOWS\system32\drivers\sfdrv01.sys
09:08:35.0937 2836 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
09:08:35.0937 2836 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
09:08:35.0937 2836 sfhlp02 (64b9ab76f1b16eb059cb6cdd906c067a) C:\WINDOWS\system32\drivers\sfhlp02.sys
09:08:35.0937 2836 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
09:08:35.0937 2836 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
09:08:35.0953 2836 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:08:36.0078 2836 Sfloppy - ok
09:08:36.0093 2836 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
09:08:36.0109 2836 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
09:08:36.0109 2836 sfsync02 - detected UnsignedFile.Multi.Generic (1)
09:08:36.0156 2836 SharedAccess (6a93501bcdebf159109429b022c0ff83) C:\WINDOWS\System32\ipnathlp.dll
09:08:36.0250 2836 SharedAccess - ok
09:08:36.0281 2836 ShellHWDetection (8ba76bd2a943f642f267a296a15776d2) C:\WINDOWS\System32\shsvcs.dll
09:08:36.0375 2836 ShellHWDetection - ok
09:08:36.0375 2836 Simbad - ok
09:08:36.0437 2836 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files\Skype\Updater\Updater.exe
09:08:36.0453 2836 SkypeUpdate - ok
09:08:36.0484 2836 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:08:36.0578 2836 SLIP - ok
09:08:36.0578 2836 Sparrow - ok
09:08:36.0625 2836 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
09:08:36.0703 2836 splitter - ok
09:08:36.0718 2836 Spooler (21b6faa88044a41640e03ebb68be93e8) C:\WINDOWS\system32\spoolsv.exe
09:08:36.0812 2836 Spooler - ok
09:08:36.0890 2836 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
09:08:36.0890 2836 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
09:08:36.0890 2836 sptd ( LockedFile.Multi.Generic ) - warning
09:08:36.0890 2836 sptd - detected LockedFile.Multi.Generic (1)
09:08:36.0906 2836 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOWS\system32\DRIVERS\sr.sys
09:08:36.0968 2836 sr - ok
09:08:37.0000 2836 srservice (3cd57f31a64d32fdb28918b16d1e6aac) C:\WINDOWS\system32\srsvc.dll
09:08:37.0062 2836 srservice - ok
09:08:37.0093 2836 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
09:08:37.0187 2836 Srv - ok
09:08:37.0218 2836 SSDPSRV (88c28f53f53438dafcd95e99c837c61e) C:\WINDOWS\System32\ssdpsrv.dll
09:08:37.0265 2836 SSDPSRV - ok
09:08:37.0328 2836 stisvc (0645ccdddd27f96eea3534c1def736d9) C:\WINDOWS\system32\wiaservc.dll
09:08:37.0421 2836 stisvc - ok
09:08:37.0453 2836 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:08:37.0531 2836 streamip - ok
09:08:37.0562 2836 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:08:37.0656 2836 swenum - ok
09:08:37.0687 2836 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
09:08:37.0781 2836 swmidi - ok
09:08:37.0781 2836 SwPrv - ok
09:08:37.0781 2836 symc810 - ok
09:08:37.0796 2836 symc8xx - ok
09:08:37.0796 2836 sym_hi - ok
09:08:37.0812 2836 sym_u3 - ok
09:08:37.0843 2836 SynTP (cc5da243cfdac58fc0408f7ce24084c5) C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:08:37.0906 2836 SynTP - ok
09:08:37.0937 2836 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
09:08:38.0031 2836 sysaudio - ok
09:08:38.0062 2836 SysmonLog (d9c9ecff4904e6151525c533aeedf8f4) C:\WINDOWS\system32\smlogsvc.exe
09:08:38.0171 2836 SysmonLog - ok
09:08:38.0203 2836 TapiSrv (37162d29cd61519e6f5ea0de99786ff6) C:\WINDOWS\System32\tapisrv.dll
09:08:38.0328 2836 TapiSrv - ok
09:08:38.0375 2836 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:08:38.0500 2836 Tcpip - ok
09:08:38.0531 2836 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:08:38.0640 2836 TDPIPE - ok
09:08:38.0656 2836 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
09:08:38.0750 2836 TDTCP - ok
09:08:38.0781 2836 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:08:38.0875 2836 TermDD - ok
09:08:38.0906 2836 TermService (2f5919f2f6ee7a845893d9c3aa2bc56a) C:\WINDOWS\System32\termsrv.dll
09:08:39.0000 2836 TermService - ok
09:08:39.0031 2836 Themes (8ba76bd2a943f642f267a296a15776d2) C:\WINDOWS\System32\shsvcs.dll
09:08:39.0125 2836 Themes - ok
09:08:39.0171 2836 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\WINDOWS\system32\drivers\tifm21.sys
09:08:39.0203 2836 tifm21 - ok
09:08:39.0250 2836 TlntSvr (535c2fb97336bafa509f4783dd1e5746) C:\WINDOWS\system32\tlntsvr.exe
09:08:39.0328 2836 TlntSvr - ok
09:08:39.0328 2836 TosIde - ok
09:08:39.0359 2836 TrkWks (4dce17221b1a87fb47e36842f3e38753) C:\WINDOWS\system32\trkwks.dll
09:08:39.0453 2836 TrkWks - ok
09:08:39.0484 2836 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
09:08:39.0593 2836 Udfs - ok
09:08:39.0593 2836 UIUSys - ok
09:08:39.0609 2836 ultra - ok
09:08:39.0640 2836 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
09:08:39.0671 2836 UMWdf - ok
09:08:39.0703 2836 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
09:08:39.0796 2836 Update - ok
09:08:39.0828 2836 upnphost (984fc1518b0d5b31d76f0e63608e0500) C:\WINDOWS\System32\upnphost.dll
09:08:39.0921 2836 upnphost - ok
09:08:39.0921 2836 UPS (6148a3ba4d9cc628357fc92014fea30e) C:\WINDOWS\System32\ups.exe
09:08:40.0031 2836 UPS - ok
09:08:40.0093 2836 USB28xxBGA (4c3180982abbc7cfa14dd21c0cbb1c22) C:\WINDOWS\system32\DRIVERS\emBDA.sys
09:08:40.0140 2836 USB28xxBGA - ok
09:08:40.0171 2836 USB28xxOEM (49b03351781de98981df0814a15dc992) C:\WINDOWS\system32\DRIVERS\emOEM.sys
09:08:40.0187 2836 USB28xxOEM - ok
09:08:40.0234 2836 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:08:40.0328 2836 usbccgp - ok
09:08:40.0359 2836 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:08:40.0453 2836 usbehci - ok
09:08:40.0484 2836 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:08:40.0562 2836 usbhub - ok
09:08:40.0593 2836 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:08:40.0687 2836 usbprint - ok
09:08:40.0718 2836 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:08:40.0812 2836 usbscan - ok
09:08:40.0828 2836 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:08:40.0921 2836 USBSTOR - ok
09:08:40.0937 2836 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:08:41.0031 2836 usbuhci - ok
09:08:41.0062 2836 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:08:41.0156 2836 usbvideo - ok
09:08:41.0171 2836 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
09:08:41.0265 2836 VgaSave - ok
09:08:41.0265 2836 ViaIde - ok
09:08:41.0312 2836 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOWS\system32\drivers\VolSnap.sys
09:08:41.0406 2836 VolSnap - ok
09:08:41.0453 2836 VSS (043539881667bb37b07524032d6ffc3e) C:\WINDOWS\System32\vssvc.exe
09:08:41.0531 2836 VSS - ok
09:08:41.0562 2836 w200bus (34923e278eac7ddcea717ae1fcf592f6) C:\WINDOWS\system32\DRIVERS\w200bus.sys
09:08:41.0578 2836 w200bus ( UnsignedFile.Multi.Generic ) - warning
09:08:41.0578 2836 w200bus - detected UnsignedFile.Multi.Generic (1)
09:08:41.0593 2836 w200mdfl (eff90a983cd3deab05922242e8072dc6) C:\WINDOWS\system32\DRIVERS\w200mdfl.sys
09:08:41.0593 2836 w200mdfl ( UnsignedFile.Multi.Generic ) - warning
09:08:41.0593 2836 w200mdfl - detected UnsignedFile.Multi.Generic (1)
09:08:41.0609 2836 w200mdm (f03da4fbb2708a0b5409ea63e88c0f50) C:\WINDOWS\system32\DRIVERS\w200mdm.sys
09:08:41.0625 2836 w200mdm ( UnsignedFile.Multi.Generic ) - warning
09:08:41.0625 2836 w200mdm - detected UnsignedFile.Multi.Generic (1)
09:08:41.0640 2836 w200mgmt (1522d6387e6bb54aef9824b1733832db) C:\WINDOWS\system32\DRIVERS\w200mgmt.sys
09:08:41.0640 2836 w200mgmt ( UnsignedFile.Multi.Generic ) - warning
09:08:41.0640 2836 w200mgmt - detected UnsignedFile.Multi.Generic (1)
09:08:41.0656 2836 w200obex (8405be0bba1ccf26d0fbdd26be03c816) C:\WINDOWS\system32\DRIVERS\w200obex.sys
09:08:41.0656 2836 w200obex ( UnsignedFile.Multi.Generic ) - warning
09:08:41.0656 2836 w200obex - detected UnsignedFile.Multi.Generic (1)
09:08:41.0687 2836 W32Time (2ceebb402187ae56b585701f3d191fb3) C:\WINDOWS\system32\w32time.dll
09:08:41.0796 2836 W32Time - ok
09:08:41.0812 2836 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:08:41.0906 2836 Wanarp - ok
09:08:41.0921 2836 WDICA - ok
09:08:41.0968 2836 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
09:08:42.0046 2836 wdmaud - ok
09:08:42.0078 2836 WebClient (3791adf1d3466ac6b4b662d3f79cbfec) C:\WINDOWS\System32\webclnt.dll
09:08:42.0156 2836 WebClient - ok
09:08:42.0250 2836 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:08:42.0281 2836 winachsf - ok
09:08:42.0343 2836 winmgmt (e12084ea622bdf2262c637bef15dd85c) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:08:42.0437 2836 winmgmt - ok
09:08:42.0500 2836 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
09:08:42.0531 2836 WmdmPmSN - ok
09:08:42.0609 2836 Wmi (0cdc4a0c6b820fad99fb4ca74cd0c476) C:\WINDOWS\System32\advapi32.dll
09:08:42.0703 2836 Wmi - ok
09:08:42.0765 2836 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:08:42.0859 2836 WmiAcpi - ok
09:08:42.0906 2836 WmiApSrv (bcd21b989f0fd4ace78287fc01b4693d) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:08:43.0000 2836 WmiApSrv - ok
09:08:43.0015 2836 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:08:43.0109 2836 WS2IFSL - ok
09:08:43.0140 2836 wscsvc (4aded1adef25041d9827f9a79c0fda13) C:\WINDOWS\system32\wscsvc.dll
09:08:43.0234 2836 wscsvc - ok
09:08:43.0265 2836 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:08:43.0343 2836 WSTCODEC - ok
09:08:43.0375 2836 wuauserv (21f5169ca14e0b25c757644456f637df) C:\WINDOWS\system32\wuauserv.dll
09:08:43.0500 2836 wuauserv - ok
09:08:43.0531 2836 WZCSVC (325cedef696ef4b649ddcd3968d085c9) C:\WINDOWS\System32\wzcsvc.dll
09:08:43.0656 2836 WZCSVC - ok
09:08:43.0687 2836 xmlprov (9b835d4c64860b155a1701d5092ec9e4) C:\WINDOWS\System32\xmlprov.dll
09:08:43.0812 2836 xmlprov - ok
09:08:43.0921 2836 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
09:08:44.0437 2836 \Device\Harddisk0\DR0 - ok
09:08:44.0437 2836 Boot (0x1200) (2f69f9e74d4332c30297c18eab9ea501) \Device\Harddisk0\DR0\Partition0
09:08:44.0437 2836 \Device\Harddisk0\DR0\Partition0 - ok
09:08:44.0437 2836 Boot (0x1200) (9091f6ada2468a662dd10728ef2fee93) \Device\Harddisk0\DR0\Partition1
09:08:44.0453 2836 \Device\Harddisk0\DR0\Partition1 - ok
09:08:44.0453 2836 ============================================================
09:08:44.0453 2836 Scan finished
09:08:44.0453 2836 ============================================================
09:08:44.0562 2456 Detected object count: 19
09:08:44.0562 2456 Actual detected object count: 19
09:09:01.0828 2456 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0828 2456 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0828 2456 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0828 2456 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0843 2456 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0843 2456 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0843 2456 KmGameMouseServiceV1 ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0843 2456 KmGameMouseServiceV1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0843 2456 KMWDFilter ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0843 2456 KMWDFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0843 2456 KMWDFilterV1 ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0843 2456 KMWDFilterV1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0843 2456 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0843 2456 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0843 2456 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0843 2456 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0843 2456 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0843 2456 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0859 2456 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0859 2456 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0859 2456 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0859 2456 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0859 2456 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0859 2456 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0859 2456 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0859 2456 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0859 2456 sptd ( LockedFile.Multi.Generic ) - skipped by user
09:09:01.0859 2456 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
09:09:01.0859 2456 w200bus ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0859 2456 w200bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0875 2456 w200mdfl ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0875 2456 w200mdfl ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0875 2456 w200mdm ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0875 2456 w200mdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0875 2456 w200mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0875 2456 w200mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:09:01.0875 2456 w200obex ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:01.0875 2456 w200obex ( UnsignedFile.Multi.Generic ) - User select action: Skip
Re: zasekaný počítač
Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.
- Utilitu spustte a prikazte ji, at skenuje - klik na Scan
- Kliknutim na Save log ulozte log aswMBR na plochu
- Obsah logu aswMBR mi sem vlozte
Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe
- Ulozte nejlepe na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
- Kliknete na Report
- Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: zasekaný počítač
prvni:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-15 10:25:05
-----------------------------
10:25:05.125 OS Version: Windows 5.1.2600 Service Pack 2
10:25:05.125 Number of processors: 2 586 0xF0D
10:25:05.125 ComputerName: PATRIK-B795BA8C UserName: Patrik
10:25:14.546 Initialize success
10:26:05.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
10:26:05.546 Disk 0 Vendor: Size: 0MB BusType: 0
10:26:05.546 Disk 0 MBR read successfully
10:26:05.562 Disk 0 MBR scan
10:26:05.562 Disk 0 Windows XP default MBR code
10:26:05.562 Disk 0 MBR hidden
10:26:05.562 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 80003 MB offset 63
10:26:05.562 Disk 0 Partition - 00 0F Extended LBA 225231 MB offset 163846935
10:26:05.578 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225231 MB offset 163846998
10:26:05.609 Disk 0 scanning C:\WINDOWS\system32\drivers
10:26:12.609 Service scanning
10:26:14.828 Service GbpKm C:\WINDOWS\system32\drivers\gbpkm.sys **LOCKED** 32
10:26:21.156 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
10:26:23.328 Modules scanning
10:26:48.937 Disk 0 trace - called modules:
10:26:48.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8a92d1f8]<<
10:26:48.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7beab8]
10:26:48.968 3 CLASSPNP.SYS[ba10905b] -> nt!IofCallDriver -> \Device\00000094[0x8a83d9e8]
10:26:48.968 5 ACPI.sys[b9e67620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a7c2d98]
10:26:48.968 \Driver\atapi[0x8a7fa900] -> IRP_MJ_CREATE -> 0x8a92d1f8
10:26:48.984 Scan finished successfully
10:27:15.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Patrik\Plocha\MBR.dat"
10:27:15.515 The log file has been saved successfully to "C:\Documents and Settings\Patrik\Plocha\aswMBR.txt"
Druhý:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-15 10:25:05
-----------------------------
10:25:05.125 OS Version: Windows 5.1.2600 Service Pack 2
10:25:05.125 Number of processors: 2 586 0xF0D
10:25:05.125 ComputerName: PATRIK-B795BA8C UserName: Patrik
10:25:14.546 Initialize success
10:26:05.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
10:26:05.546 Disk 0 Vendor: Size: 0MB BusType: 0
10:26:05.546 Disk 0 MBR read successfully
10:26:05.562 Disk 0 MBR scan
10:26:05.562 Disk 0 Windows XP default MBR code
10:26:05.562 Disk 0 MBR hidden
10:26:05.562 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 80003 MB offset 63
10:26:05.562 Disk 0 Partition - 00 0F Extended LBA 225231 MB offset 163846935
10:26:05.578 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225231 MB offset 163846998
10:26:05.609 Disk 0 scanning C:\WINDOWS\system32\drivers
10:26:12.609 Service scanning
10:26:14.828 Service GbpKm C:\WINDOWS\system32\drivers\gbpkm.sys **LOCKED** 32
10:26:21.156 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
10:26:23.328 Modules scanning
10:26:48.937 Disk 0 trace - called modules:
10:26:48.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8a92d1f8]<<
10:26:48.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7beab8]
10:26:48.968 3 CLASSPNP.SYS[ba10905b] -> nt!IofCallDriver -> \Device\00000094[0x8a83d9e8]
10:26:48.968 5 ACPI.sys[b9e67620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a7c2d98]
10:26:48.968 \Driver\atapi[0x8a7fa900] -> IRP_MJ_CREATE -> 0x8a92d1f8
10:26:48.984 Scan finished successfully
10:27:15.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Patrik\Plocha\MBR.dat"
10:27:15.515 The log file has been saved successfully to "C:\Documents and Settings\Patrik\Plocha\aswMBR.txt"
Druhý:
Kód: Vybrat vše
MBRScan v1.1.1
OS : Windows XP Home Service Pack 2 (32 bit)
PROCESSOR : x86 Family 6 Model 15 Stepping 13, GenuineIntel
BOOT : Normal Boot
DATE : 2012/07/15 (ISO 8601) at 10:28:57
________________________________________________________________________________
Device\Harddisk0\DR0 298.1 Go [Fixed] ==> XP MBR Code ==> PARTITION TABLE FAKED !!
MBR_MD5 : 932C8F4F21F1BB188EF98D5EA21536AE
MBR_SHA1 : 1EB07B7B3AF9D3E7D1DDC51E713FF71C091CDFBE
Device\Harddisk0\Partition1 78.13 Go 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 220.0 Go 0x07 NTFS / HPFS
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xA7D8E000
SIZE : 96.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xBA666000
SIZE : 8.0 Ko
DRIVER : C:\DOCUME~1\Patrik\LOCALS~1\Temp\aswMBR.sys => Invisible on the disk
ADDRESS : 0xA6921000
SIZE : 48.0 Ko
SystemStartOptions : NOEXECUTE=OPTIN FASTDETECT
________________________________________________________________________________
_______MBR \Device\Harddisk0\DR0
0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.м.|ûP.P.ü¾.|
0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW¹å.ó¤Ë½¾.±.
0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ
0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´..
0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò.
0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t.
0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..¶.uÒ.F...
0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..¶.ë
0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ¼.>þ}Uªt..~..tÈ.
0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©.ü.W.õË¿...V
0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü
0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|
0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä.
0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ
0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a`
0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j
0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot.
0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C 2ä.V.Í.ëÖaùÃNepl
0x00000130 61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64 atn. tabulka odd
0x00000140 A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61 ¡l..Chyba pýi na
0x00000150 9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68 .¡t.n¡ opera.n¡h
0x00000160 6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F o syst.mu.Opera.
0x00000170 6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65 n¡ syst.m nenale
0x00000180 7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 zen.............
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 2C 44 6A A7 13 A8 13 00 00 80 01 .....,Dj§.¨.....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 D8 1A C4 09 00 00 ...þ..?...Ø.Ä...
0x000001D0 C1 FF 0F FE FF FF 17 1B C4 09 E9 7C 7E 1B 00 00 Á..þ....Ä.é|~...
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
Re: zasekaný počítač
Uploadnete mi na LP http://www.leteckaposta.cz/ tyto soubory
- z aswMBR soubor C:\Documents and Settings\Patrik\Plocha\MBR.dat
- V miste spusteni MBRScanu by mely byt soubor ve tvaru Dump_Hdd0_DR0.mbr
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?