Kontrola logu - nenacita se Google

[dulen.dulen]

MBRScan:

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 6 Model 23 Stepping 7, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/07/31 (ISO 8601) at 21:53:44
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST31000340AS (SD1A)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR1 __WDC WD1002FAEX-00Y9A0 (05.01D05)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk2\DR2 __WDC WD1002FAEX-00Y9A0 (05.01D05)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	931.5 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : FFB0BF78EEF2CFBD37B17D1C9E57F4CE
MBR_SHA1  : 94AA9F910CDACFD1257F1982E770F0DC9D07FBD4

Device\Harddisk0\Partition1	931.5 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

Device\Harddisk1\DR1	931.5 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : D8C2D759727303CC708C91314E42CB2D
MBR_SHA1  : 659A74B206F7008D645EC762B43025377F092F97

Device\Harddisk1\Partition1	931.5 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

Device\Harddisk2\DR2	931.5 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : 7A92368C5DD699CC7EF97D65DD71A5B3
MBR_SHA1  : 9775AC32E801628BDDC04A275902CC812DA7D30F

Device\Harddisk2\Partition1	931.5 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xF09CD000
SIZE    : 96.0 Ko

DRIVER  : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xF6BE0000
SIZE    : 8.0 Ko

SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT SWITCH:  3GB

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.м.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖaùÃInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 E3 84 A4 2F 00 00 00 01   .....,Dcã.¤/....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 82 59 70 74 00 00   ...þ..?....Ypt..
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

_______MBR   \Device\Harddisk1\DR1  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.м.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C   2ä.V.Í.ëÖaùÃNepl
0x00000130   61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64   atn. tabulka odd
0x00000140   A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61   ¡l..Chyba pýi na
0x00000150   9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68   .¡t.n¡ opera.n¡h
0x00000160   6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F   o syst.mu.Opera.
0x00000170   6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65   n¡ syst.m nenale
0x00000180   7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00   zen.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A 70 0F 70 0F 00 00 80 01   .....,Djp.p.....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 C1 1A 70 74 00 00   ...þ..?...Á.pt..
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

_______MBR   \Device\Harddisk2\DR2  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.м.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C   2ä.V.Í.ëÖaùÃNepl
0x00000130   61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64   atn. tabulka odd
0x00000140   A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61   ¡l..Chyba pýi na
0x00000150   9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68   .¡t.n¡ opera.n¡h
0x00000160   6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F   o syst.mu.Opera.
0x00000170   6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65   n¡ syst.m nenale
0x00000180   7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00   zen.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A 2A C3 D2 2B 00 00 80 01   .....,Dj*ÃÒ+....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 82 59 70 74 00 00   ...þ..?....Ypt..
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

[vyosek]

Spustte znovu TDSSKiller, nechte udelat sken a u polozky ACPI ( Virus.Win32.Rloader.a ) nechte predvolenou akci (cure).

Zrejme bude vyzadovan restart, povolte a log pak sem

[dulen.dulen]

23:14:59.0625 4564 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:14:59.0890 4564 ============================================================
23:14:59.0890 4564 Current date / time: 2012/07/31 23:14:59.0890
23:14:59.0890 4564 SystemInfo:
23:14:59.0890 4564
23:14:59.0890 4564 OS Version: 5.1.2600 ServicePack: 3.0
23:14:59.0890 4564 Product type: Workstation
23:14:59.0890 4564 ComputerName: QUAD
23:14:59.0890 4564 UserName: Dalin
23:14:59.0890 4564 Windows directory: C:\WINDOWS
23:14:59.0890 4564 System windows directory: C:\WINDOWS
23:14:59.0890 4564 Processor architecture: Intel x86
23:14:59.0890 4564 Number of processors: 4
23:14:59.0890 4564 Page size: 0x1000
23:14:59.0890 4564 Boot type: Normal boot
23:14:59.0890 4564 ============================================================
23:15:01.0937 4564 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:15:01.0953 4564 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:15:01.0968 4564 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:15:01.0984 4564 ============================================================
23:15:01.0984 4564 \Device\Harddisk2\DR2:
23:15:01.0984 4564 MBR partitions:
23:15:01.0984 4564 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
23:15:01.0984 4564 \Device\Harddisk0\DR0:
23:15:01.0984 4564 MBR partitions:
23:15:01.0984 4564 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
23:15:01.0984 4564 \Device\Harddisk1\DR1:
23:15:01.0984 4564 MBR partitions:
23:15:01.0984 4564 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
23:15:01.0984 4564 ============================================================
23:15:02.0015 4564 C: <-> \Device\Harddisk2\DR2\Partition0
23:15:02.0015 4564 E: <-> \Device\Harddisk1\DR1\Partition0
23:15:02.0078 4564 D: <-> \Device\Harddisk0\DR0\Partition0
23:15:02.0078 4564 ============================================================
23:15:02.0078 4564 Initialize success
23:15:02.0078 4564 ============================================================
23:15:19.0453 7900 ============================================================
23:15:19.0453 7900 Scan started
23:15:19.0453 7900 Mode: Manual; SigCheck; TDLFS;
23:15:19.0453 7900 ============================================================
23:15:19.0906 7900 5641 - ok
23:15:19.0968 7900 Abiosdsk - ok
23:15:19.0968 7900 abp480n5 - ok
23:15:19.0984 7900 ACPI (c6e149975376bedf572f81edae8ff0e4) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:15:20.0000 7900 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: c6e149975376bedf572f81edae8ff0e4, Fake md5: 4fe34f1f3126b61fcc6b2043aa8112c9
23:15:20.0000 7900 ACPI ( Virus.Win32.Rloader.a ) - infected
23:15:20.0000 7900 ACPI - detected Virus.Win32.Rloader.a (0)
23:15:20.0015 7900 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:15:20.0453 7900 ACPIEC - ok
23:15:20.0468 7900 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
23:15:20.0484 7900 adfs - ok
23:15:20.0531 7900 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:15:20.0546 7900 AdobeFlashPlayerUpdateSvc - ok
23:15:20.0546 7900 adpu160m - ok
23:15:20.0562 7900 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:15:20.0640 7900 aec - ok
23:15:20.0671 7900 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:15:20.0718 7900 AFD - ok
23:15:20.0734 7900 Aha154x - ok
23:15:20.0734 7900 aic78u2 - ok
23:15:20.0734 7900 aic78xx - ok
23:15:20.0750 7900 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
23:15:20.0828 7900 Alerter - ok
23:15:20.0843 7900 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
23:15:20.0875 7900 ALG - ok
23:15:20.0875 7900 AliIde - ok
23:15:20.0875 7900 amsint - ok
23:15:20.0890 7900 Andbus (3e59df4984fbd6800d6621480b38a34e) C:\WINDOWS\system32\DRIVERS\lgandbus.sys
23:15:20.0937 7900 Andbus - ok
23:15:20.0937 7900 AndDiag (8e0bf6f3b2c9c292bc7ce0de727cdd56) C:\WINDOWS\system32\DRIVERS\lganddiag.sys
23:15:20.0953 7900 AndDiag - ok
23:15:20.0953 7900 AndGps (1d2c90e25483363d54b652898bbc8f2a) C:\WINDOWS\system32\DRIVERS\lgandgps.sys
23:15:20.0968 7900 AndGps - ok
23:15:20.0968 7900 ANDModem (b1b06a95da2cac7fa19832c60c348c85) C:\WINDOWS\system32\DRIVERS\lgandmodem.sys
23:15:20.0984 7900 ANDModem - ok
23:15:21.0000 7900 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
23:15:21.0046 7900 AppMgmt - ok
23:15:21.0046 7900 asc - ok
23:15:21.0046 7900 asc3350p - ok
23:15:21.0046 7900 asc3550 - ok
23:15:21.0125 7900 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:15:21.0187 7900 aspnet_state - ok
23:15:21.0187 7900 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:15:21.0250 7900 AsyncMac - ok
23:15:21.0265 7900 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:15:21.0343 7900 atapi - ok
23:15:21.0343 7900 Atdisk - ok
23:15:21.0343 7900 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:15:21.0421 7900 Atmarpc - ok
23:15:21.0453 7900 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
23:15:21.0515 7900 AudioSrv - ok
23:15:21.0546 7900 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:15:21.0625 7900 audstub - ok
23:15:21.0703 7900 Autodesk Licensing Service (ea2d28bbe98256654397cd1f6eaebdd8) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
23:15:21.0718 7900 Autodesk Licensing Service - ok
23:15:21.0734 7900 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:15:21.0812 7900 Beep - ok
23:15:21.0859 7900 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
23:15:21.0937 7900 BITS - ok
23:15:21.0984 7900 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files\Bonjour\mDNSResponder.exe
23:15:21.0984 7900 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
23:15:21.0984 7900 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
23:15:22.0000 7900 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
23:15:22.0062 7900 Browser - ok
23:15:22.0078 7900 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:15:22.0140 7900 cbidf2k - ok
23:15:22.0140 7900 cd20xrnt - ok
23:15:22.0156 7900 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:15:22.0218 7900 Cdaudio - ok
23:15:22.0218 7900 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:15:22.0296 7900 Cdfs - ok
23:15:22.0312 7900 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:15:22.0375 7900 Cdrom - ok
23:15:22.0390 7900 Changer - ok
23:15:22.0390 7900 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
23:15:22.0453 7900 CiSvc - ok
23:15:22.0468 7900 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
23:15:22.0531 7900 ClipSrv - ok
23:15:22.0546 7900 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:15:22.0593 7900 clr_optimization_v2.0.50727_32 - ok
23:15:22.0609 7900 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:15:22.0656 7900 clr_optimization_v4.0.30319_32 - ok
23:15:22.0656 7900 CmdIde - ok
23:15:22.0656 7900 COMSysApp - ok
23:15:22.0671 7900 Cpqarray - ok
23:15:22.0671 7900 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
23:15:22.0734 7900 CryptSvc - ok
23:15:22.0750 7900 dac2w2k - ok
23:15:22.0750 7900 dac960nt - ok
23:15:22.0781 7900 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
23:15:22.0812 7900 DcomLaunch - ok
23:15:22.0812 7900 DgiVecp - ok
23:15:22.0828 7900 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
23:15:22.0890 7900 Dhcp - ok
23:15:22.0890 7900 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:15:22.0953 7900 Disk - ok
23:15:22.0968 7900 dmadmin - ok
23:15:23.0000 7900 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
23:15:23.0093 7900 dmboot - ok
23:15:23.0109 7900 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
23:15:23.0187 7900 dmio - ok
23:15:23.0187 7900 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:15:23.0281 7900 dmload - ok
23:15:23.0296 7900 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
23:15:23.0359 7900 dmserver - ok
23:15:23.0375 7900 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:15:23.0437 7900 DMusic - ok
23:15:23.0468 7900 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
23:15:23.0515 7900 Dnscache - ok
23:15:23.0546 7900 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
23:15:23.0625 7900 Dot3svc - ok
23:15:23.0625 7900 dpti2o - ok
23:15:23.0640 7900 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:15:23.0703 7900 drmkaud - ok
23:15:23.0718 7900 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
23:15:23.0750 7900 dtsoftbus01 - ok
23:15:23.0765 7900 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
23:15:23.0781 7900 eamon - ok
23:15:23.0796 7900 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
23:15:23.0859 7900 EapHost - ok
23:15:23.0875 7900 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
23:15:23.0890 7900 ehdrv - ok
23:15:23.0968 7900 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
23:15:24.0000 7900 ekrn - ok
23:15:24.0000 7900 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
23:15:24.0015 7900 epfwtdir - ok
23:15:24.0015 7900 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
23:15:24.0078 7900 ERSvc - ok
23:15:24.0093 7900 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
23:15:24.0109 7900 Eventlog - ok
23:15:24.0156 7900 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
23:15:24.0171 7900 EventSystem - ok
23:15:24.0187 7900 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:15:24.0265 7900 Fastfat - ok
23:15:24.0312 7900 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
23:15:24.0359 7900 FastUserSwitchingCompatibility - ok
23:15:24.0375 7900 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:15:24.0437 7900 Fdc - ok
23:15:24.0437 7900 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
23:15:24.0500 7900 Fips - ok
23:15:24.0562 7900 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:15:24.0593 7900 FLEXnet Licensing Service - ok
23:15:24.0609 7900 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:15:24.0671 7900 Flpydisk - ok
23:15:24.0687 7900 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:15:24.0750 7900 FltMgr - ok
23:15:24.0828 7900 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:15:24.0843 7900 FontCache3.0.0.0 - ok
23:15:24.0875 7900 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:15:24.0937 7900 Fs_Rec - ok
23:15:24.0953 7900 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:15:25.0015 7900 Ftdisk - ok
23:15:25.0031 7900 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
23:15:25.0343 7900 gdrv - ok
23:15:25.0343 7900 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:15:25.0406 7900 Gpc - ok
23:15:25.0484 7900 Guard.Mail.ru (e859ca020ed61899f3c74a8d0032d05c) C:\Program Files\Guard-ICQ\GuardICQ.exe
23:15:25.0562 7900 Guard.Mail.ru - ok
23:15:25.0625 7900 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:15:25.0625 7900 gupdate - ok
23:15:25.0625 7900 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:15:25.0640 7900 gupdatem - ok
23:15:25.0890 7900 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:15:25.0984 7900 HDAudBus - ok
23:15:26.0031 7900 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:15:26.0140 7900 helpsvc - ok
23:15:26.0156 7900 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
23:15:26.0234 7900 HidServ - ok
23:15:26.0250 7900 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:15:26.0343 7900 hidusb - ok
23:15:26.0375 7900 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
23:15:26.0453 7900 hkmsvc - ok
23:15:26.0453 7900 hpn - ok
23:15:26.0718 7900 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:15:26.0765 7900 HTTP - ok
23:15:26.0796 7900 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
23:15:26.0890 7900 HTTPFilter - ok
23:15:26.0890 7900 i2omgmt - ok
23:15:26.0906 7900 i2omp - ok
23:15:26.0937 7900 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:15:27.0000 7900 i8042prt - ok
23:15:27.0500 7900 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:15:27.0593 7900 idsvc - ok
23:15:27.0625 7900 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:15:27.0687 7900 Imapi - ok
23:15:27.0765 7900 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
23:15:27.0859 7900 ImapiService - ok
23:15:27.0859 7900 ini910u - ok
23:15:27.0984 7900 IntcAzAudAddService (08baf30f6de95814f58af9ce7bbc5614) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:15:28.0171 7900 IntcAzAudAddService - ok
23:15:28.0234 7900 IntelIde - ok
23:15:28.0250 7900 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:15:28.0312 7900 intelppm - ok
23:15:28.0328 7900 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:15:28.0406 7900 Ip6Fw - ok
23:15:28.0437 7900 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:15:28.0515 7900 IpFilterDriver - ok
23:15:28.0515 7900 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:15:28.0578 7900 IpInIp - ok
23:15:28.0593 7900 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:15:28.0656 7900 IpNat - ok
23:15:28.0671 7900 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:15:28.0734 7900 IPSec - ok
23:15:28.0750 7900 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:15:28.0796 7900 IRENUM - ok
23:15:28.0828 7900 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:15:28.0890 7900 isapnp - ok
23:15:28.0937 7900 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
23:15:28.0937 7900 JavaQuickStarterService - ok
23:15:28.0953 7900 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:15:29.0015 7900 Kbdclass - ok
23:15:29.0031 7900 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:15:29.0109 7900 kbdhid - ok
23:15:29.0125 7900 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:15:29.0203 7900 kmixer - ok
23:15:29.0218 7900 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:15:29.0281 7900 KSecDD - ok
23:15:29.0296 7900 LanmanServer (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
23:15:29.0328 7900 LanmanServer - ok
23:15:29.0359 7900 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
23:15:29.0406 7900 lanmanworkstation - ok
23:15:29.0406 7900 lbrtfdc - ok
23:15:29.0421 7900 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\WINDOWS\system32\DRIVERS\lgbtport.sys
23:15:29.0468 7900 LgBttPort - ok
23:15:29.0468 7900 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\WINDOWS\system32\DRIVERS\lgbtbus.sys
23:15:29.0484 7900 lgbusenum - ok
23:15:29.0484 7900 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\WINDOWS\system32\DRIVERS\lgvmodem.sys
23:15:29.0484 7900 LGVMODEM - ok
23:15:29.0500 7900 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
23:15:29.0578 7900 LmHosts - ok
23:15:29.0609 7900 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
23:15:29.0671 7900 Messenger - ok
23:15:29.0734 7900 mi-raysat_3dsmax2010_32 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
23:15:29.0734 7900 mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - warning
23:15:29.0734 7900 mi-raysat_3dsmax2010_32 - detected UnsignedFile.Multi.Generic (1)
23:15:29.0781 7900 mi-raysat_3dsmax2012_32 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
23:15:29.0796 7900 mi-raysat_3dsmax2012_32 ( UnsignedFile.Multi.Generic ) - warning
23:15:29.0796 7900 mi-raysat_3dsmax2012_32 - detected UnsignedFile.Multi.Generic (1)
23:15:29.0843 7900 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:15:29.0843 7900 Microsoft Office Groove Audit Service - ok
23:15:29.0875 7900 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:15:29.0937 7900 mnmdd - ok
23:15:29.0937 7900 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
23:15:30.0015 7900 mnmsrvc - ok
23:15:30.0015 7900 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
23:15:30.0078 7900 Modem - ok
23:15:30.0093 7900 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:15:30.0156 7900 Mouclass - ok
23:15:30.0171 7900 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:15:30.0234 7900 mouhid - ok
23:15:30.0234 7900 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:15:30.0296 7900 MountMgr - ok
23:15:30.0328 7900 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:15:30.0343 7900 MozillaMaintenance - ok
23:15:30.0343 7900 mraid35x - ok
23:15:30.0343 7900 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:15:30.0421 7900 MRxDAV - ok
23:15:30.0453 7900 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:15:30.0500 7900 MRxSmb - ok
23:15:30.0515 7900 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
23:15:30.0593 7900 MSDTC - ok
23:15:30.0593 7900 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:15:30.0656 7900 Msfs - ok
23:15:30.0656 7900 MSIServer - ok
23:15:30.0671 7900 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:15:30.0734 7900 MSKSSRV - ok
23:15:30.0765 7900 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:15:30.0828 7900 MSPCLOCK - ok
23:15:30.0843 7900 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:15:30.0906 7900 MSPQM - ok
23:15:30.0921 7900 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:15:30.0984 7900 mssmbios - ok
23:15:31.0000 7900 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:15:31.0015 7900 Mup - ok
23:15:31.0046 7900 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
23:15:31.0125 7900 napagent - ok
23:15:31.0140 7900 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:15:31.0203 7900 NDIS - ok
23:15:31.0218 7900 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:15:31.0234 7900 NdisTapi - ok
23:15:31.0250 7900 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:15:31.0312 7900 Ndisuio - ok
23:15:31.0312 7900 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:15:31.0375 7900 NdisWan - ok
23:15:31.0406 7900 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:15:31.0437 7900 NDProxy - ok
23:15:31.0437 7900 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:15:31.0500 7900 NetBIOS - ok
23:15:31.0515 7900 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:15:31.0578 7900 NetBT - ok
23:15:31.0593 7900 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
23:15:31.0671 7900 NetDDE - ok
23:15:31.0687 7900 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
23:15:31.0750 7900 NetDDEdsdm - ok
23:15:31.0750 7900 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
23:15:31.0812 7900 Netlogon - ok
23:15:31.0828 7900 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
23:15:31.0906 7900 Netman - ok
23:15:31.0968 7900 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:15:31.0984 7900 NetTcpPortSharing - ok
23:15:32.0015 7900 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
23:15:32.0031 7900 Nla - ok
23:15:32.0031 7900 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:15:32.0109 7900 Npfs - ok
23:15:32.0156 7900 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:15:32.0218 7900 Ntfs - ok
23:15:32.0218 7900 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
23:15:32.0281 7900 NtLmSsp - ok
23:15:32.0312 7900 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
23:15:32.0390 7900 NtmsSvc - ok
23:15:32.0406 7900 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:15:32.0468 7900 Null - ok
23:15:32.0781 7900 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:15:33.0125 7900 nv - ok
23:15:33.0187 7900 NVSvc (0573c75a2895d973ea6ef2495620ba49) C:\WINDOWS\system32\nvsvc32.exe
23:15:33.0203 7900 NVSvc - ok
23:15:33.0343 7900 nvUpdatusService (9c84945feee40ea42d3bca5c22250d47) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
23:15:33.0406 7900 nvUpdatusService - ok
23:15:33.0453 7900 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:15:33.0515 7900 NwlnkFlt - ok
23:15:33.0515 7900 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:15:33.0593 7900 NwlnkFwd - ok
23:15:33.0671 7900 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:15:33.0687 7900 odserv - ok
23:15:33.0703 7900 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:15:33.0718 7900 ose - ok
23:15:33.0750 7900 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
23:15:33.0812 7900 Parport - ok
23:15:33.0828 7900 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:15:33.0890 7900 PartMgr - ok
23:15:33.0890 7900 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
23:15:33.0953 7900 ParVdm - ok
23:15:33.0968 7900 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
23:15:34.0046 7900 PCI - ok
23:15:34.0046 7900 PCIDump - ok
23:15:34.0046 7900 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:15:34.0109 7900 PCIIde - ok
23:15:34.0140 7900 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:15:34.0203 7900 Pcmcia - ok
23:15:34.0203 7900 PDCOMP - ok
23:15:34.0218 7900 PDFRAME - ok
23:15:34.0218 7900 PDRELI - ok
23:15:34.0218 7900 PDRFRAME - ok
23:15:34.0218 7900 perc2 - ok
23:15:34.0218 7900 perc2hib - ok
23:15:34.0250 7900 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
23:15:34.0265 7900 PlugPlay - ok
23:15:34.0281 7900 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
23:15:34.0343 7900 PolicyAgent - ok
23:15:34.0343 7900 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:15:34.0406 7900 PptpMiniport - ok
23:15:34.0406 7900 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
23:15:34.0484 7900 ProtectedStorage - ok
23:15:34.0484 7900 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:15:34.0546 7900 PSched - ok
23:15:34.0578 7900 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
23:15:34.0578 7900 PSI_SVC_2 - ok
23:15:34.0609 7900 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:15:34.0671 7900 Ptilink - ok
23:15:34.0671 7900 ql1080 - ok
23:15:34.0671 7900 Ql10wnt - ok
23:15:34.0671 7900 ql12160 - ok
23:15:34.0671 7900 ql1240 - ok
23:15:34.0671 7900 ql1280 - ok
23:15:34.0671 7900 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:15:34.0734 7900 RasAcd - ok
23:15:34.0765 7900 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
23:15:34.0828 7900 RasAuto - ok
23:15:34.0828 7900 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:15:34.0890 7900 Rasl2tp - ok
23:15:34.0906 7900 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
23:15:34.0968 7900 RasMan - ok
23:15:34.0968 7900 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:15:35.0031 7900 RasPppoe - ok
23:15:35.0031 7900 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:15:35.0093 7900 Raspti - ok
23:15:35.0109 7900 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:15:35.0171 7900 Rdbss - ok
23:15:35.0171 7900 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:15:35.0234 7900 RDPCDD - ok
23:15:35.0250 7900 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:15:35.0328 7900 rdpdr - ok
23:15:35.0343 7900 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
23:15:35.0390 7900 RDPWD - ok
23:15:35.0421 7900 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
23:15:35.0484 7900 RDSessMgr - ok
23:15:35.0500 7900 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:15:35.0562 7900 redbook - ok
23:15:35.0578 7900 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
23:15:35.0671 7900 RemoteAccess - ok
23:15:35.0765 7900 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
23:15:35.0828 7900 RemoteRegistry - ok
23:15:35.0843 7900 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
23:15:35.0859 7900 Revoflt - ok
23:15:35.0875 7900 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
23:15:35.0937 7900 RpcLocator - ok
23:15:35.0968 7900 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
23:15:35.0984 7900 RpcSs - ok
23:15:36.0000 7900 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
23:15:36.0062 7900 RSVP - ok
23:15:36.0109 7900 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
23:15:36.0156 7900 RTL8023xp - ok
23:15:36.0156 7900 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:15:36.0218 7900 rtl8139 - ok
23:15:36.0234 7900 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23:15:36.0250 7900 RTLE8023xp - ok
23:15:36.0265 7900 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
23:15:36.0328 7900 SamSs - ok
23:15:36.0343 7900 Samsung UPD Service2 (2a54eff79b03a8c2389f2bb0f2264f1e) C:\WINDOWS\system32\SUPDSvc2.exe
23:15:36.0359 7900 Samsung UPD Service2 - ok
23:15:36.0375 7900 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
23:15:36.0437 7900 SCardSvr - ok
23:15:36.0453 7900 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
23:15:36.0515 7900 Schedule - ok
23:15:36.0531 7900 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:15:36.0562 7900 Secdrv - ok
23:15:36.0578 7900 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
23:15:36.0640 7900 seclogon - ok
23:15:36.0640 7900 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
23:15:36.0703 7900 SENS - ok
23:15:36.0718 7900 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:15:36.0765 7900 serenum - ok
23:15:36.0781 7900 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
23:15:36.0843 7900 Serial - ok
23:15:36.0843 7900 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:15:36.0906 7900 Sfloppy - ok
23:15:36.0921 7900 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
23:15:37.0000 7900 SharedAccess - ok
23:15:37.0031 7900 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
23:15:37.0031 7900 ShellHWDetection - ok
23:15:37.0046 7900 Simbad - ok
23:15:37.0203 7900 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:15:37.0296 7900 Skype C2C Service - ok
23:15:37.0390 7900 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files\Skype\Updater\Updater.exe
23:15:37.0390 7900 SkypeUpdate - ok
23:15:37.0437 7900 Sparrow - ok
23:15:37.0453 7900 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:15:37.0515 7900 splitter - ok
23:15:37.0546 7900 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:15:37.0562 7900 Spooler - ok
23:15:37.0578 7900 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
23:15:37.0609 7900 sr - ok
23:15:37.0625 7900 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
23:15:37.0656 7900 srservice - ok
23:15:37.0687 7900 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:15:37.0718 7900 Srv - ok
23:15:37.0718 7900 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
23:15:37.0765 7900 SSDPSRV - ok
23:15:37.0765 7900 SSPORT - ok
23:15:37.0781 7900 StillCam (06cda2a5a549bc455d004461e6bc5b33) C:\WINDOWS\system32\DRIVERS\serscan.sys
23:15:37.0843 7900 StillCam - ok
23:15:37.0859 7900 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
23:15:37.0937 7900 stisvc - ok
23:15:37.0937 7900 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:15:38.0000 7900 swenum - ok
23:15:38.0062 7900 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:15:38.0093 7900 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
23:15:38.0093 7900 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
23:15:38.0109 7900 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:15:38.0171 7900 swmidi - ok
23:15:38.0171 7900 SwPrv - ok
23:15:38.0171 7900 symc810 - ok
23:15:38.0171 7900 symc8xx - ok
23:15:38.0171 7900 sym_hi - ok
23:15:38.0187 7900 sym_u3 - ok
23:15:38.0203 7900 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:15:38.0265 7900 sysaudio - ok
23:15:38.0281 7900 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
23:15:38.0343 7900 SysmonLog - ok
23:15:38.0437 7900 TabletServiceWacom (7d81434924c4947dc29c00848e2a0029) C:\WINDOWS\system32\Wacom_Tablet.exe
23:15:38.0531 7900 TabletServiceWacom - ok
23:15:38.0562 7900 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
23:15:38.0625 7900 TapiSrv - ok
23:15:38.0671 7900 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:15:38.0703 7900 Tcpip - ok
23:15:38.0718 7900 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:15:38.0796 7900 TDPIPE - ok
23:15:38.0812 7900 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:15:38.0875 7900 TDTCP - ok
23:15:38.0984 7900 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
23:15:39.0062 7900 TeamViewer7 - ok
23:15:39.0109 7900 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:15:39.0187 7900 TermDD - ok
23:15:39.0203 7900 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
23:15:39.0281 7900 TermService - ok
23:15:39.0296 7900 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
23:15:39.0312 7900 Themes - ok
23:15:39.0312 7900 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\system32\tlntsvr.exe
23:15:39.0343 7900 TlntSvr - ok
23:15:39.0359 7900 TosIde - ok
23:15:39.0375 7900 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
23:15:39.0437 7900 TrkWks - ok
23:15:39.0453 7900 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:15:39.0515 7900 Udfs - ok
23:15:39.0515 7900 ultra - ok
23:15:39.0546 7900 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:15:39.0609 7900 Update - ok
23:15:39.0625 7900 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
23:15:39.0656 7900 upnphost - ok
23:15:39.0656 7900 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
23:15:39.0718 7900 UPS - ok
23:15:39.0750 7900 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:15:39.0812 7900 usbaudio - ok
23:15:39.0828 7900 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:15:39.0890 7900 usbccgp - ok
23:15:39.0921 7900 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:15:40.0000 7900 usbehci - ok
23:15:40.0015 7900 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:15:40.0078 7900 usbhub - ok
23:15:40.0125 7900 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:15:40.0171 7900 usbprint - ok
23:15:40.0218 7900 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:15:40.0281 7900 usbscan - ok
23:15:40.0296 7900 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:15:40.0359 7900 usbstor - ok
23:15:40.0375 7900 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:15:40.0437 7900 usbuhci - ok
23:15:40.0453 7900 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:15:40.0515 7900 VgaSave - ok
23:15:40.0515 7900 ViaIde - ok
23:15:40.0531 7900 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
23:15:40.0593 7900 VolSnap - ok
23:15:40.0625 7900 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
23:15:40.0656 7900 VSS - ok
23:15:40.0671 7900 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
23:15:40.0750 7900 W32Time - ok
23:15:40.0765 7900 wacmoumonitor (9a03558c37e919b9d6a50864aea0a168) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
23:15:40.0765 7900 wacmoumonitor - ok
23:15:40.0781 7900 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
23:15:40.0781 7900 wacommousefilter - ok
23:15:40.0781 7900 wacomvhid (6843fd7db708b14ea4d8092abb464244) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
23:15:40.0796 7900 wacomvhid - ok
23:15:40.0812 7900 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
23:15:40.0812 7900 WacomVKHid - ok
23:15:40.0828 7900 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:15:40.0890 7900 Wanarp - ok
23:15:40.0890 7900 WDICA - ok
23:15:40.0906 7900 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:15:40.0968 7900 wdmaud - ok
23:15:40.0984 7900 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
23:15:41.0046 7900 WebClient - ok
23:15:41.0062 7900 WIBUKEY (4d7602b0b5ca33720cbe08cbc4a9d8e3) C:\WINDOWS\system32\DRIVERS\WibuKey.sys
23:15:41.0078 7900 WIBUKEY - ok
23:15:41.0125 7900 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:15:41.0187 7900 winmgmt - ok
23:15:41.0218 7900 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:15:41.0265 7900 WmdmPmSN - ok
23:15:41.0312 7900 Wmi (0171cff34bba8c5977f18c48d8aef8c6) C:\WINDOWS\System32\advapi32.dll
23:15:41.0343 7900 Wmi - ok
23:15:41.0359 7900 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:15:41.0437 7900 WmiApSrv - ok
23:15:41.0531 7900 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:15:41.0562 7900 WMPNetworkSvc - ok
23:15:41.0687 7900 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:15:41.0734 7900 WPFFontCache_v0400 - ok
23:15:41.0796 7900 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:15:41.0859 7900 WS2IFSL - ok
23:15:41.0875 7900 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
23:15:41.0937 7900 wscsvc - ok
23:15:41.0937 7900 WSearch - ok
23:15:41.0953 7900 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
23:15:42.0015 7900 wuauserv - ok
23:15:42.0031 7900 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:15:42.0046 7900 WudfPf - ok
23:15:42.0062 7900 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:15:42.0062 7900 WudfRd - ok
23:15:42.0062 7900 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:15:42.0109 7900 WudfSvc - ok
23:15:42.0125 7900 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
23:15:42.0203 7900 WZCSVC - ok
23:15:42.0296 7900 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
23:15:42.0375 7900 xmlprov - ok
23:15:42.0390 7900 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk2\DR2
23:15:42.0687 7900 \Device\Harddisk2\DR2 - ok
23:15:42.0687 7900 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:15:42.0750 7900 \Device\Harddisk0\DR0 - ok
23:15:42.0750 7900 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk1\DR1
23:15:43.0031 7900 \Device\Harddisk1\DR1 - ok
23:15:43.0046 7900 Boot (0x1200) (72e6531369a28e25f9f201cdb1ed1502) \Device\Harddisk2\DR2\Partition0
23:15:43.0046 7900 \Device\Harddisk2\DR2\Partition0 - ok
23:15:43.0046 7900 Boot (0x1200) (bfd123a5efed82036d9b167ac2fe577f) \Device\Harddisk0\DR0\Partition0
23:15:43.0046 7900 \Device\Harddisk0\DR0\Partition0 - ok
23:15:43.0046 7900 Boot (0x1200) (0997db7166c24ec19958d08516ebc87d) \Device\Harddisk1\DR1\Partition0
23:15:43.0046 7900 \Device\Harddisk1\DR1\Partition0 - ok
23:15:43.0046 7900 ============================================================
23:15:43.0046 7900 Scan finished
23:15:43.0046 7900 ============================================================
23:15:43.0156 8084 Detected object count: 5
23:15:43.0156 8084 Actual detected object count: 5
23:16:06.0000 8084 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
23:16:14.0453 8084 Backup copy found, using it..
23:16:14.0562 8084 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
23:16:14.0562 8084 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
23:16:14.0562 8084 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:16:14.0562 8084 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:16:14.0562 8084 mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - skipped by user
23:16:14.0562 8084 mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:16:14.0562 8084 mi-raysat_3dsmax2012_32 ( UnsignedFile.Multi.Generic ) - skipped by user
23:16:14.0562 8084 mi-raysat_3dsmax2012_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:16:14.0562 8084 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
23:16:14.0562 8084 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:18:56.0359 6596 Deinitialize success

[vyosek]

Fajn, jdeme dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[dulen.dulen]

ComboFix 12-07-30.03 - Dalin 01.08.2012 0:38.4.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.723 [GMT 2:00]
Spuštěný z: c:\documents and settings\Dalin\Plocha\DOWNLOAD\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-28 do 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-31 21:16 . 2012-07-31 21:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-31 08:02 . 2012-07-31 08:02 -------- d-----w- c:\documents and settings\Dalin\Local Settings\Data aplikací\PCHealth
2012-07-31 04:37 . 2012-06-02 13:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-07-31 04:37 . 2012-06-02 13:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-07-30 11:38 . 2012-07-30 20:46 -------- d-----w- C:\rsit
2012-07-30 11:24 . 2012-07-30 11:24 -------- d-----w- C:\RK_Quarantine
2012-07-27 14:37 . 2012-07-29 20:57 -------- d-----w- c:\documents and settings\Dalin\Data aplikací\vlc
2012-07-26 22:19 . 2012-07-31 06:35 -------- d-----w- c:\program files\Microsoft Works
2012-07-26 22:17 . 2012-07-26 22:17 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-07-26 22:17 . 2012-07-26 22:19 -------- d-----w- c:\windows\SHELLNEW
2012-07-26 22:16 . 2012-07-26 22:16 -------- d-----r- C:\MSOCache
2012-07-26 07:36 . 2011-03-17 10:08 -------- d-----w- C:\SigerTools
2012-07-25 09:03 . 2012-07-25 09:03 -------- d-----w- C:\Downloads
2012-07-25 09:02 . 2012-07-31 22:47 -------- d-----w- c:\documents and settings\Dalin\Data aplikací\BitComet
2012-07-25 09:02 . 2012-07-25 09:02 -------- d-----w- c:\program files\BitComet
2012-07-19 17:29 . 2012-07-19 17:29 -------- d-----w- c:\program files\CrystalDiskInfo
2012-07-17 23:56 . 2012-07-27 10:56 90112 ----a-w- c:\windows\DUMP4892.tmp
2012-07-16 11:17 . 2012-07-30 20:45 -------- d-----w- c:\program files\trend micro
2012-07-05 16:45 . 2012-07-05 16:45 5030088 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 21:20 . 2008-04-14 12:00 188288 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-07-31 06:38 . 2012-02-16 03:42 416 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-07-27 09:53 . 2012-04-02 07:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 09:53 . 2012-02-16 11:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-13 13:55 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-08-06 17:24 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2012-02-16 01:24 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2012-02-16 01:24 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2012-02-16 01:24 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2012-02-16 01:24 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2012-02-16 01:24 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 17:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2012-02-16 01:24 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2012-02-16 01:24 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-14 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-09 21:24 . 2012-05-09 21:24 45056 ----a-r- c:\documents and settings\Dalin\Data aplikací\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe
2012-05-09 21:23 . 2012-05-09 21:23 45056 ----a-r- c:\documents and settings\Dalin\Data aplikací\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2012-05-05 03:14 . 2008-04-14 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-04-14 08:06 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-16 22:47 . 2012-02-16 22:47 933888 ----a-w- c:\program files\HairVrPrims2011.dll
2012-02-16 22:47 . 2012-02-16 22:47 7961088 ----a-w- c:\program files\vray2011.dll
2012-02-16 22:47 . 2012-02-16 22:47 753664 ----a-w- c:\program files\dte_wrapper.dll
2012-02-16 22:47 . 2012-02-16 22:47 622080 ----a-w- c:\program files\glslang.dll
2012-02-16 22:47 . 2012-02-16 22:47 412160 ----a-w- c:\program files\cgauth.dll
2012-02-16 22:47 . 2012-02-16 22:47 3741184 ----a-w- c:\program files\vray.dll
2012-02-16 22:47 . 2012-02-16 22:47 3291320 ----a-w- c:\program files\libmmd.dll
2012-02-16 22:47 . 2012-02-16 22:47 138752 ----a-w- c:\program files\glvm.dll
2012-07-18 21:18 . 2012-02-16 03:06 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Dalin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Dalin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Dalin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Dalin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Total CMA Pack"="c:\program files\Total CMA Pack\Total CMA Pack.exe" [2009-09-01 43255]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2011-06-28 11499824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"3200 Scan2PC"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2010-05-18 1989120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Guard.Mail.ru.gui"="c:\program files\Guard-ICQ\GuardICQ.exe" [2012-06-16 1564368]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Dalin\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - c:\documents and settings\Dalin\Data aplikací\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
AutoScreenShot.lnk - c:\program files\AutoScreenShot\AutoScreenShot.exe [2004-9-15 224327]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2011-3-21 7067464]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Total CMA Pack\\TOTALCMD.EXE"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Documents and Settings\\Dalin\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS4\\Photoshop.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc2.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX3200\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX3200\\Sscan2io.exe"=
"c:\\Program Files\\Scan Assistant\\USDAgent.exe"=
"c:\\Rebus\\Rebus Manager\\RebusManager.exe"=
"c:\\Documents and Settings\\Dalin\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2012\\mentalimages\\satellite\\raysat_3dsmax2012_32.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2012\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2012\\mentalimages\\satellite\\raysat_3dsmax2012_32server.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Samsung\\Samsung Universal Scan Driver\\USDAgent.exe"=
"c:\\Program Files\\Samsung\\Samsung Universal Scan Driver\\ICCUpdater.exe"=
"c:\\Program Files\\YourFileDownloader\\Downloader.exe"=
"c:\\Program Files\\YourFileDownloader\\YourFile.exe"=
"c:\\Program Files\\ICQ7M\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"12557:TCP"= 12557:TCP:BitComet 12557 TCP
"12557:UDP"= 12557:UDP:BitComet 12557 UDP
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [16.2.2012 14:52 242240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 10:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 10:20 103112]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 13:03 974944]
R2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\Guard-ICQ\GuardICQ.exe [16.6.2012 13:08 1564368]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [16.2.2012 4:02 2253120]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [9.4.2012 17:23 2789672]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [26.4.2012 19:13 2666880]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [23.12.2010 18:35 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [23.12.2010 18:35 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [23.12.2010 18:35 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [23.12.2010 18:35 25088]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 9:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 9:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 9:11 12928]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [9.4.2012 17:24 15656]
S2 5641;5641;\??\c:\docume~1\Dalin\LOCALS~1\Temp\5641.sys --> c:\docume~1\Dalin\LOCALS~1\Temp\5641.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2012 5:55 136176]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12.3.2009 18:36 86016]
S2 mi-raysat_3dsmax2012_32;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 32-bit - English 32-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [23.2.2011 7:59 86016]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [5.7.2012 18:41 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.7.2012 13:19 160944]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2.4.2012 9:28 250056]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2012 5:55 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2.5.2012 14:17 113120]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [16.2.2012 14:46 27064]
S3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\system32\SUPDSvc2.exe [23.2.2012 18:25 136784]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 07343104
*Deregistered* - 07343104
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 09:53]
.
2012-07-31 c:\windows\Tasks\AdobeAAMUpdater-1.0-QUAD-Dalin.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 13:04]
.
2012-07-31 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2012-06-05 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=GRfox000&ptb=ECB1EBFC-2D24-4642-A6F3-7AD2C5218F38&si=ą;~ą;~Äď
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Dalin\Data aplikací\Mozilla\Firefox\Profiles\3i1grfts.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-07343104.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-01 00:48
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1002FAEX-00Y9A0 rev.05.01D05 -> Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-12
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(5880)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\program files\NVIDIA Corporation\nview\nview.dll
c:\program files\NVIDIA Corporation\nview\NVWRSCS.DLL
c:\documents and settings\Dalin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\program files\Autodesk\3ds Max 2012\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-08-01 00:50:21
ComboFix-quarantined-files.txt 2012-07-31 22:50
.
Před spuštěním: Volných bajtů: 808 957 444 096
Po spuštění: Volných bajtů: 814 527 807 488
.
- - End Of File - - 84E512579386E19779DDE8AFAEF9D51A

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Driver::
  5641
  gupdate
  gupdatem
  Guard.Mail.ru
  
  Collect::
  c:\docume~1\Dalin\LOCALS~1\Temp\5641.sys
  
  DDS::
  uStart Page = hxxp://home.mywebsearch.com/index.jhtml ... 218F38&si=ą;~ą;~Äď
  uInternet Settings,ProxyOverride = <local>;*.local
  Trusted Zone: samsungsetup.com\www
  
  File::
  c:\windows\Tasks\AdobeAAMUpdater-1.0-QUAD-Dalin.job
  c:\windows\Tasks\Adobe Flash Player Updater.job
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  "Skype"=-
  "BitComet"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "GEST"=-
  "AdobeCS4ServiceManager"=-
  "Adobe ARM"=-
  "Adobe Acrobat Speed Launcher"=-
  "Acrobat Assistant 8.0"=-
  "AdobeAAMUpdater-1.0"=-
  "AdobeCS5ServiceManager"=-
  "SwitchBoard"=-
  "SunJavaUpdateSched"=-
  "Guard.Mail.ru.gui"=-
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[dulen.dulen]

dobry den

ComboFix 12-07-30.03 - Dalin 02.08.2012 10:26:38.5.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1219 [GMT 2:00]
Spuštěný z: c:\documents and settings\Dalin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Dalin\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\AdobeAAMUpdater-1.0-QUAD-Dalin.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\AdobeAAMUpdater-1.0-QUAD-Dalin.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_5641
-------\Legacy_GUARD.MAIL.RU
-------\Legacy_GUPDATE
-------\Service_5641
-------\Service_Guard.Mail.ru
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-02 do 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-01 01:35 . 2012-08-01 01:35 -------- d-----w- c:\program files\LooksBuilder
2012-07-31 21:16 . 2012-07-31 21:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-31 08:02 . 2012-07-31 08:02 -------- d-----w- c:\documents and settings\Dalin\Local Settings\Data aplikací\PCHealth
2012-07-31 04:37 . 2012-06-02 13:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-07-31 04:37 . 2012-06-02 13:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-07-30 11:38 . 2012-07-30 20:46 -------- d-----w- C:\rsit
2012-07-30 11:24 . 2012-07-30 11:24 -------- d-----w- C:\RK_Quarantine
2012-07-27 14:37 . 2012-07-29 20:57 -------- d-----w- c:\documents and settings\Dalin\Data aplikací\vlc
2012-07-26 22:19 . 2012-07-31 06:35 -------- d-----w- c:\program files\Microsoft Works
2012-07-26 22:17 . 2012-07-26 22:17 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-07-26 22:17 . 2012-07-26 22:19 -------- d-----w- c:\windows\SHELLNEW
2012-07-26 22:16 . 2012-07-26 22:16 -------- d-----r- C:\MSOCache
2012-07-26 07:36 . 2011-03-17 10:08 -------- d-----w- C:\SigerTools
2012-07-25 09:03 . 2012-07-25 09:03 -------- d-----w- C:\Downloads
2012-07-25 09:02 . 2012-08-02 08:26 -------- d-----w- c:\documents and settings\Dalin\Data aplikací\BitComet
2012-07-25 09:02 . 2012-07-25 09:02 -------- d-----w- c:\program files\BitComet
2012-07-19 17:29 . 2012-07-19 17:29 -------- d-----w- c:\program files\CrystalDiskInfo
2012-07-17 23:56 . 2012-07-27 10:56 90112 ----a-w- c:\windows\DUMP4892.tmp
2012-07-16 11:17 . 2012-07-30 20:45 -------- d-----w- c:\program files\trend micro
2012-07-05 16:45 . 2012-07-05 16:45 5030088 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 08:03 . 2012-02-16 03:42 416 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-07-31 21:20 . 2008-04-14 12:00 188288 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-07-27 09:53 . 2012-04-02 07:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 09:53 . 2012-02-16 11:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-13 13:55 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-08-06 17:24 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2012-02-16 01:24 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2012-02-16 01:24 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2012-02-16 01:24 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2012-02-16 01:24 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2012-02-16 01:24 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 17:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2012-02-16 01:24 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2012-02-16 01:24 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-14 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-09 21:24 . 2012-05-09 21:24 45056 ----a-r- c:\documents and settings\Dalin\Data aplikací\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe
2012-05-09 21:23 . 2012-05-09 21:23 45056 ----a-r- c:\documents and settings\Dalin\Data aplikací\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2012-05-05 03:14 . 2008-04-14 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-04-14 08:06 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-16 22:47 . 2012-02-16 22:47 933888 ----a-w- c:\program files\HairVrPrims2011.dll
2012-02-16 22:47 . 2012-02-16 22:47 7961088 ----a-w- c:\program files\vray2011.dll
2012-02-16 22:47 . 2012-02-16 22:47 753664 ----a-w- c:\program files\dte_wrapper.dll
2012-02-16 22:47 . 2012-02-16 22:47 622080 ----a-w- c:\program files\glslang.dll
2012-02-16 22:47 . 2012-02-16 22:47 412160 ----a-w- c:\program files\cgauth.dll
2012-02-16 22:47 . 2012-02-16 22:47 3741184 ----a-w- c:\program files\vray.dll
2012-02-16 22:47 . 2012-02-16 22:47 3291320 ----a-w- c:\program files\libmmd.dll
2012-02-16 22:47 . 2012-02-16 22:47 138752 ----a-w- c:\program files\glvm.dll
2012-07-18 21:18 . 2012-02-16 03:06 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-31_22.48.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-02 08:38 . 2012-08-02 08:38 16384 c:\windows\temp\Perflib_Perfdata_1cc.dat
- 2012-07-26 22:20 . 2012-07-31 06:37 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2012-07-26 22:20 . 2012-08-01 01:15 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2012-07-26 22:20 . 2012-08-01 01:15 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2012-07-26 22:20 . 2012-07-31 06:37 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2012-07-26 22:20 . 2012-07-31 06:37 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-07-26 22:20 . 2012-08-01 01:15 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2012-02-22 16:21 . 2012-02-22 16:21 53248 c:\windows\Installer\{7A76CAF3-D7D8-45C0-9CCB-8AC1DDF38516}\ARPPRODUCTICON.exe
+ 2012-08-01 01:35 . 2012-08-01 01:35 53248 c:\windows\Installer\{7A76CAF3-D7D8-45C0-9CCB-8AC1DDF38516}\ARPPRODUCTICON.exe
+ 2011-07-20 04:28 . 2011-07-20 04:28 54104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\SCANOST.EXE
+ 2011-07-20 04:28 . 2011-07-20 04:28 75624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\RM.DLL
+ 2011-07-20 04:28 . 2011-07-20 04:28 38248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\RECALL.DLL
+ 2011-07-20 03:32 . 2011-07-20 03:32 47496 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\PUBTRAP.DLL
+ 2011-05-26 18:18 . 2011-05-26 18:18 52088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLVBA.DLL
+ 2011-07-20 04:28 . 2011-07-20 04:28 34208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\DUMPSTER.DLL
+ 2011-07-20 04:28 . 2011-07-20 04:28 87408 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\DLGSETP.DLL
- 2012-07-26 22:20 . 2012-07-31 06:37 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2012-07-26 22:20 . 2012-08-01 01:15 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2012-07-26 22:20 . 2012-08-01 01:15 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2012-07-26 22:20 . 2012-07-31 06:37 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2012-07-26 22:20 . 2012-07-31 06:37 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2012-07-26 22:20 . 2012-08-01 01:15 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2012-07-26 22:20 . 2012-07-31 06:37 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-07-26 22:20 . 2012-08-01 01:15 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2012-07-26 22:20 . 2012-07-31 06:37 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2012-07-26 22:20 . 2012-08-01 01:15 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2012-07-26 22:20 . 2012-08-01 01:15 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2012-07-26 22:20 . 2012-07-31 06:37 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2012-07-26 22:20 . 2012-07-31 06:37 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-07-26 22:20 . 2012-08-01 01:15 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-09-15 18:41 . 2011-09-15 18:41 408936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\WINWORD.EXE
+ 2011-07-20 04:28 . 2011-07-20 04:28 282032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\SCNPST64.DLL
+ 2011-07-20 04:28 . 2011-07-20 04:28 273832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\SCNPST32.DLL
+ 2011-07-27 02:55 . 2011-07-27 02:55 410992 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\RTFHTML.DLL
+ 2011-07-20 05:06 . 2011-07-20 05:06 770480 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\REGFORM.EXE
+ 2011-07-20 03:32 . 2011-07-20 03:32 593288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\PUBCONV.DLL
+ 2011-07-27 02:42 . 2011-07-27 02:42 625040 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\PTXT9.DLL
+ 2011-07-20 04:28 . 2011-07-20 04:28 421736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\PSTPRX32.DLL
+ 2011-07-20 03:32 . 2011-07-20 03:32 135056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\PRTF9.DLL
+ 2011-05-31 13:58 . 2011-05-31 13:58 521080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\POWERPNT.EXE
+ 2011-05-31 14:15 . 2011-05-31 14:15 177040 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLPH.DLL
+ 2011-07-27 02:55 . 2011-07-27 02:55 596888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLMIME.DLL
+ 2011-05-26 18:18 . 2011-05-26 18:18 136536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLCTL.DLL
+ 2011-07-27 04:03 . 2011-07-27 04:03 194448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OMSXP32.DLL
+ 2011-07-27 04:03 . 2011-07-27 04:03 661888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OMSMAIN.DLL
+ 2011-07-20 04:28 . 2011-07-20 04:28 253824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OLKFSTUB.DLL
+ 2011-07-27 02:42 . 2011-07-27 02:42 497056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MORPH9.DLL
+ 2011-07-20 04:28 . 2011-07-20 04:28 340320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MIMEDIR.DLL
+ 2012-07-31 06:35 . 2012-07-31 06:35 117160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPOMINT.DLL
+ 2011-07-20 05:06 . 2011-07-20 05:06 176024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPOLK.DLL
+ 2011-07-20 04:28 . 2011-07-20 04:28 138088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IMPMAIL.DLL
+ 2009-02-26 10:09 . 2009-02-26 10:09 154000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\ENVELOPE.DLL
+ 2011-05-26 18:18 . 2011-05-26 18:18 115584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\EMABLT32.DLL
+ 2011-07-27 02:55 . 2011-07-27 02:55 128376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\CONTAB32.DLL
+ 2012-08-01 01:04 . 2012-08-01 01:04 117160 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
- 2012-07-31 06:35 . 2012-07-31 06:35 117160 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2010-12-07 11:50 . 2010-12-07 11:50 4061184 c:\windows\system32\PhotoLooksRenderer.dll
- 2010-12-07 12:50 . 2010-12-07 12:50 4061184 c:\windows\system32\PhotoLooksRenderer.dll
- 2012-02-16 01:49 . 2012-07-31 21:20 2618400 c:\windows\system32\FNTCACHE.DAT
+ 2012-02-16 01:49 . 2012-08-02 08:38 2618400 c:\windows\system32\FNTCACHE.DAT
+ 2012-08-01 01:35 . 2012-08-01 01:35 3578368 c:\windows\Installer\929f8b.msi
+ 2012-04-04 20:38 . 2012-04-04 20:38 2831360 c:\windows\Installer\743951.msp
+ 2012-04-28 19:44 . 2012-04-28 19:44 9101824 c:\windows\Installer\743930.msp
+ 2011-11-01 11:34 . 2011-11-01 11:34 4250112 c:\windows\Installer\743918.msp
+ 2012-05-30 05:18 . 2012-05-30 05:18 1748480 c:\windows\Installer\7438cf.msp
+ 2012-06-19 10:54 . 2012-06-19 10:54 2239488 c:\windows\Installer\7438c4.msp
+ 2012-03-23 12:59 . 2012-03-23 12:59 7899648 c:\windows\Installer\7438ac.msp
+ 2012-04-28 19:44 . 2012-04-28 19:44 9586176 c:\windows\Installer\743894.msp
+ 2012-04-04 20:38 . 2012-04-04 20:38 3620864 c:\windows\Installer\74387b.msp
+ 2011-11-01 11:34 . 2011-11-01 11:34 2247168 c:\windows\Installer\743863.msp
+ 2011-11-01 11:34 . 2011-11-01 11:34 1169920 c:\windows\Installer\74384b.msp
+ 2011-11-01 11:34 . 2011-11-01 11:34 4225536 c:\windows\Installer\743833.msp
+ 2012-03-15 00:24 . 2012-03-15 00:24 1795584 c:\windows\Installer\743816.msp
+ 2011-11-01 11:34 . 2011-11-01 11:34 2531840 c:\windows\Installer\7437fe.msp
+ 2012-04-04 20:37 . 2012-04-04 20:37 2540544 c:\windows\Installer\7437e6.msp
+ 2012-04-28 19:43 . 2012-04-28 19:43 8459264 c:\windows\Installer\7437ce.msp
+ 2012-02-17 06:45 . 2012-02-17 06:45 2299392 c:\windows\Installer\7437b6.msp
+ 2012-04-04 20:37 . 2012-04-04 20:37 3149824 c:\windows\Installer\74379f.msp
+ 2012-07-26 22:20 . 2012-08-01 01:15 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2012-07-26 22:20 . 2012-07-31 06:37 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2012-07-26 22:20 . 2012-08-01 01:15 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2012-07-26 22:20 . 2012-07-31 06:37 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-08-17 07:49 . 2011-08-17 07:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2009-10-09 21:10 . 2009-10-09 21:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2011-05-31 15:24 . 2011-05-31 15:24 2014592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\PPTVIEW.EXE
+ 2011-07-27 02:44 . 2011-07-27 02:44 8494968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\PPCORE.DLL
+ 2011-07-27 02:55 . 2011-07-27 02:55 3004800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OLMAPI32.DLL
+ 2011-07-07 00:58 . 2011-07-07 00:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-07-27 02:42 . 2011-07-27 02:42 9596784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSPUB.EXE
+ 2011-07-27 03:09 . 2011-07-27 03:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPEDITOR.DLL
+ 2011-07-27 03:09 . 2011-07-27 03:09 5484416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPDESIGN.DLL
+ 2011-07-27 03:09 . 2011-07-27 03:09 1460088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\INFOPATH.EXE
+ 2011-07-27 03:47 . 2011-07-27 03:47 2532736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\GRAPH.EXE
+ 2012-05-30 05:18 . 2012-05-30 05:18 11885056 c:\windows\Installer\743900.msp
+ 2011-08-30 06:40 . 2011-08-30 06:40 15145832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\XL12CNV.EXE
+ 2011-09-15 18:42 . 2011-09-15 18:42 18115432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\WWLIB.DLL
+ 2011-08-03 16:18 . 2011-08-03 16:18 12997488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLOOK.EXE
+ 2011-08-30 18:25 . 2011-08-30 18:25 18367336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\EXCEL.EXE
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Dalin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Dalin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Dalin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Dalin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Total CMA Pack"="c:\program files\Total CMA Pack\Total CMA Pack.exe" [2009-09-01 43255]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"3200 Scan2PC"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2010-05-18 1989120]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Dalin\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - c:\documents and settings\Dalin\Data aplikací\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
AutoScreenShot.lnk - c:\program files\AutoScreenShot\AutoScreenShot.exe [2004-9-15 224327]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2011-3-21 7067464]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Total CMA Pack\\TOTALCMD.EXE"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Documents and Settings\\Dalin\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS4\\Photoshop.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc2.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX3200\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX3200\\Sscan2io.exe"=
"c:\\Program Files\\Scan Assistant\\USDAgent.exe"=
"c:\\Rebus\\Rebus Manager\\RebusManager.exe"=
"c:\\Documents and Settings\\Dalin\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2012\\mentalimages\\satellite\\raysat_3dsmax2012_32.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2012\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2012\\mentalimages\\satellite\\raysat_3dsmax2012_32server.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Samsung\\Samsung Universal Scan Driver\\USDAgent.exe"=
"c:\\Program Files\\Samsung\\Samsung Universal Scan Driver\\ICCUpdater.exe"=
"c:\\Program Files\\YourFileDownloader\\Downloader.exe"=
"c:\\Program Files\\YourFileDownloader\\YourFile.exe"=
"c:\\Program Files\\ICQ7M\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"12557:TCP"= 12557:TCP:BitComet 12557 TCP
"12557:UDP"= 12557:UDP:BitComet 12557 UDP
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [16.2.2012 14:52 242240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 10:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 10:20 103112]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 13:03 974944]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12.3.2009 18:36 86016]
R2 mi-raysat_3dsmax2012_32;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 32-bit - English 32-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [23.2.2011 7:59 86016]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [16.2.2012 4:02 2253120]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [5.7.2012 18:41 3048136]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [9.4.2012 17:23 2789672]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [26.4.2012 19:13 2666880]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [23.12.2010 18:35 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [23.12.2010 18:35 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [23.12.2010 18:35 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [23.12.2010 18:35 25088]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 9:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 9:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 9:11 12928]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [9.4.2012 17:24 15656]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.7.2012 13:19 160944]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2.4.2012 9:28 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2.5.2012 14:17 113120]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [16.2.2012 14:46 27064]
S3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\system32\SUPDSvc2.exe [23.2.2012 18:25 136784]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2012-06-05 20:18]
.
.
------- Doplňkový sken -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Dalin\Data aplikací\Mozilla\Firefox\Profiles\3i1grfts.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-02 10:39
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1002FAEX-00Y9A0 rev.05.01D05 -> Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-12
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(688)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(2176)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\program files\NVIDIA Corporation\nview\nview.dll
c:\program files\NVIDIA Corporation\nview\NVWRSCS.DLL
c:\documents and settings\Dalin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\program files\Autodesk\3ds Max 2012\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\windows\system32\rundll32.exe
c:\program files\Total CMA Pack\TOTALCMD.EXE
c:\program files\TechSmith\Snagit 10\TSCHelp.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\TechSmith\Snagit 10\SnagPriv.exe
c:\windows\system32\SearchFilterHost.exe
c:\program files\TechSmith\Snagit 10\snagiteditor.exe
.
**************************************************************************
.
Celkový čas: 2012-08-02 10:43:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-02 08:43
ComboFix2.txt 2012-07-31 22:50
.
Před spuštěním: Volných bajtů: 813 842 587 648
Po spuštění: Volných bajtů: 813 804 597 248
.
- - End Of File - - 1DB48A2B0D9AF624DAD6A80B8CCF9583

[vyosek]

Dobry den,

jak se chova nas pacient

[dulen.dulen]

Jo chova se slusne, ale ten google po case prestane nabihat s hlaskou error 404 nginx
Ale podeziram s toho router, vzdy po jeho restartu to pak nejakou dobu jde - pujde z domu, stejne sem ho nikdy nemel rad.
Dekuji za spolupraci - hezky den

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Zkuste si na zkousku pujcit jiny router

Napiste ci se neco zmenilo

[dulen.dulen]

Z novym routrem to jede,
jeste jednou srdecne diky

S pozdravem
D. Z.

[vyosek]

Nemate zac, rado se stalo