Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Samovolně se měnící čas v biosu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
tompo
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 13 říj 2012 19:05

Re: Samovolně se měnící čas v biosu

#16 Příspěvek od tompo »

jo jo cas se meni stale.....
takze zkusit prehrat BIOS?
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119516
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Samovolně se měnící čas v biosu

#17 Příspěvek od Rudy »

Reflash zkuste.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
tompo
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 13 říj 2012 19:05

Re: Samovolně se měnící čas v biosu

#18 Příspěvek od tompo »

BIOS preflashovan, vysledek stale stejny.......muze byt problem i v hardweru?
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119516
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Samovolně se měnící čas v biosu

#19 Příspěvek od Rudy »

Neměl by být. Ještě můžeme zkusit nějaké testy, ovšem za předpokladu, že nebudete svévolně dělat něco, na čem jsme se nedohodli.

Udělejte sken GMER: http://forum.viry.cz/viewtopic.php?f=29&t=62878 a dejte oba logy.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
tompo
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 13 říj 2012 19:05

Re: Samovolně se měnící čas v biosu

#20 Příspěvek od tompo »

log 1

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2001-01-01 08:43:48
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200BEVT-60A23T0 rev.02.01A02
Running: gmer.exe; Driver: C:\DOCUME~1\TOM~1\LOCALS~1\Temp\pxtdrpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB76EA932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB76EA79D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB7793966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119516
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Samovolně se měnící čas v biosu

#21 Příspěvek od Rudy »

Toto je OK. Ještě bych prosil ten druhý log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
tompo
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 13 říj 2012 19:05

Re: Samovolně se měnící čas v biosu

#22 Příspěvek od tompo »

log 2

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2001-01-01 08:43:48
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200BEVT-60A23T0 rev.02.01A02
Running: gmer.exe; Driver: C:\DOCUME~1\TOM~1\LOCALS~1\Temp\pxtdrpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB76EA932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB76EA79D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB7793966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
Nahoru
tompo
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 13 říj 2012 19:05

Re: Samovolně se měnící čas v biosu

#23 Příspěvek od tompo »

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2001-01-01 09:00:29
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200BEVT-60A23T0 rev.02.01A02
Running: gmer.exe; Driver: C:\DOCUME~1\TOM~1\LOCALS~1\Temp\pxtdrpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB76A8708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB777B7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB76A911C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB76EA401]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB76B3F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB76B3F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB76B40F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB76E9DB5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB76B3E96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB76B3FB8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB76B3EDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB76A9310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB76B40B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB76A9A9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB76A8756]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB76EAAC7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB76EAD7D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB76AD0E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB76EA932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB76EA79D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB777B8AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB76A83BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB76A87A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB76AD456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB76AA464]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB76B3F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB76B3F96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB76B411A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB76EA111]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB76B3EBC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB76ACC5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB76B403A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB76B3F06]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB76ACE8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB76B40D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB777BA2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB76EA618]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB76AA330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB76EA46A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB76A9EDA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB778730E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB76E9428]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB76A87F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB76A8840]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB76A991C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB76A8448]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB76A85F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB76EABCE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB76A859E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB76A9BFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB76A9D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB76A8668]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB76A9632]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB76A9794]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB76A888E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB76A9160]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB7793966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2E80 80503A80 12 Bytes [F2, 87, 6A, B7, 40, 88, 6A, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80503B28 12 Bytes [FE, 9B, 6A, B7, 5A, 9D, 6A, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A4ECC 1 Byte [20]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A4ECC 4 Bytes CALL B76AAAF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAEDA 5 Bytes JMP B7790806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C1810 5 Bytes JMP B7792320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CF966 7 Bytes JMP B779396A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xBA229380, 0x22083D, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF80BA4F 5 Bytes JMP B76AEA6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + E5A BF80C235 5 Bytes JMP B76AE95E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF810175 5 Bytes JMP B76AE918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D0 BF81C0A3 5 Bytes JMP B76ADFCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 92C BF827A40 5 Bytes JMP B76AD6E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + D80 BF83331E 5 Bytes JMP B76AEBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 7717 BF839CB5 5 Bytes JMP B76AEDE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 112EA BF843888 5 Bytes JMP B76AD5AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 5509 BF849B03 5 Bytes JMP B76AD866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 6882 BF84AE7C 5 Bytes JMP B76ADFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 1437 BF854BF4 5 Bytes JMP B76AE81E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1036 BF857AD0 5 Bytes JMP B76AEB20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 62A3 BF87FFC9 5 Bytes JMP B76ADB40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 632C BF880052 5 Bytes JMP B76ADE06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 70B0 BF880DD6 5 Bytes JMP B76AD592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 77A9 BF8814CF 5 Bytes JMP B76ADFE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 245E BF884C65 5 Bytes JMP B76AED3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_hGetColorTransform + A4BC BF89ED1E 5 Bytes JMP B76ADC00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_hGetColorTransform + AFDD BF89F83F 5 Bytes JMP B76ADDC0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF8BCD44 5 Bytes JMP B76AE0A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4E4C BF8CEEE3 5 Bytes JMP B76AD48C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + A434 BF8DAA77 5 Bytes JMP B76AE9A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 77D BF8FAF04 5 Bytes JMP B76AD756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 4768 BF907C6D 5 Bytes JMP B76AE08C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 58C BF908B12 5 Bytes JMP B76AD93E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 80C BF908D92 5 Bytes JMP B76ADA6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1993 BF911AD9 5 Bytes JMP B76AD682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2567 BF9126AD 5 Bytes JMP B76AD812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EC1 BF915007 5 Bytes JMP B76ADF20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 191E BF94290C 5 Bytes JMP B76AEC96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\AVAST Software\Avast\avastUI.exe[144] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[144] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[260] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[260] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[388] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[388] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[400] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\ATK0100\ATKOSD.exe[576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\ATK0100\ATKOSD.exe[576] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00611014
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00610804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00610A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00610C0C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00610E10
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 006101F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 006103FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00610600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 006201F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 006203FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00620804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00620A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00620600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 104089D7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\System32\smss.exe[892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[952] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[952] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1024] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1036] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1148] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1148] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1304] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1416] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1792] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1792] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\ATK0100\HControl.exe[1976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\ATK0100\HControl.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2008] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2008] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2020] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2020] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Wireless Console 2\wcourier.exe[2028] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Wireless Console 2\wcourier.exe[2028] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe[2040] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe[2040] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2216] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2216] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 3 Bytes JMP 009B1014
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E26BE5 1 Byte [88]
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 009B0804
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 009B0A08
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 009B0C0C
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 009B0E10
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 009B01F8
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 009B03FC
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 009B0600
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00AC01F8
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 00AC03FC
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00AC0804
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00AC0A08
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00AC0600
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E1014
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E0804
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0A08
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E0C0C
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0E10
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E01F8
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E03FC
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\svchost.exe[2868] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2868] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2868] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2868] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[2868] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[2868] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[2868] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[2868] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[2868] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[2868] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[2868] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[2868] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[2868] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[2868] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[2868] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[2868] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 006F1014
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 006F0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 006F0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 006F0C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 006F0E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 006F01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 006F03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 006F0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 007001F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 007003FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00700804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00700A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00700600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[144] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\WINDOWS\system32\services.exe[1024] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINDOWS\system32\services.exe[1024] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1792] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119516
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Samovolně se měnící čas v biosu

#24 Příspěvek od Rudy »

Je to čisté. Ještě vyzkoušejte TDSSKiller: http://support.kaspersky.com/downloads/ ... killer.zip . Stáhněte, rozbalte a spusťte. Nechte pracovat a nakonec sem dejte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
tompo
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 13 říj 2012 19:05

Re: Samovolně se měnící čas v biosu

#25 Příspěvek od tompo »

09:57:59.0046 2452 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
09:57:59.0468 2452 ============================================================
09:57:59.0468 2452 Current date / time: 2001/01/01 09:57:59.0468
09:57:59.0468 2452 SystemInfo:
09:57:59.0468 2452
09:57:59.0468 2452 OS Version: 5.1.2600 ServicePack: 2.0
09:57:59.0468 2452 Product type: Workstation
09:57:59.0468 2452 ComputerName: ASUS
09:57:59.0468 2452 UserName: Tomáš
09:57:59.0468 2452 Windows directory: C:\WINDOWS
09:57:59.0468 2452 System windows directory: C:\WINDOWS
09:57:59.0468 2452 Processor architecture: Intel x86
09:57:59.0468 2452 Number of processors: 2
09:57:59.0468 2452 Page size: 0x1000
09:57:59.0468 2452 Boot type: Normal boot
09:57:59.0468 2452 ============================================================
09:58:01.0062 2452 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:58:01.0062 2452 ============================================================
09:58:01.0062 2452 \Device\Harddisk0\DR0:
09:58:01.0062 2452 MBR partitions:
09:58:01.0062 2452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
09:58:01.0078 2452 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0xC35314E
09:58:01.0093 2452 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1388366D, BlocksNum 0xC35314E
09:58:01.0109 2452 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x1FBD67FA, BlocksNum 0x5856EC7
09:58:01.0109 2452 ============================================================
09:58:01.0156 2452 C: <-> \Device\Harddisk0\DR0\Partition1
09:58:01.0171 2452 G: <-> \Device\Harddisk0\DR0\Partition2
09:58:01.0218 2452 H: <-> \Device\Harddisk0\DR0\Partition3
09:58:01.0250 2452 I: <-> \Device\Harddisk0\DR0\Partition4
09:58:01.0250 2452 ============================================================
09:58:01.0250 2452 Initialize success
09:58:01.0250 2452 ============================================================
09:58:03.0718 4020 ============================================================
09:58:03.0718 4020 Scan started
09:58:03.0718 4020 Mode: Manual;
09:58:03.0718 4020 ============================================================
09:58:04.0812 4020 ================ Scan system memory ========================
09:58:04.0812 4020 System memory - ok
09:58:04.0812 4020 ================ Scan services =============================
09:58:04.0921 4020 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
09:58:04.0921 4020 Aavmker4 - ok
09:58:04.0921 4020 Abiosdsk - ok
09:58:04.0937 4020 abp480n5 - ok
09:58:04.0968 4020 [ FA2FBCDA96D2385F773B059FE5A125A6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:58:04.0968 4020 ACPI - ok
09:58:05.0000 4020 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:58:05.0000 4020 ACPIEC - ok
09:58:05.0000 4020 adpu160m - ok
09:58:05.0031 4020 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:58:05.0031 4020 aec - ok
09:58:05.0046 4020 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:58:05.0062 4020 AFD - ok
09:58:05.0062 4020 Aha154x - ok
09:58:05.0062 4020 aic78u2 - ok
09:58:05.0078 4020 aic78xx - ok
09:58:05.0093 4020 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:58:05.0093 4020 Alerter - ok
09:58:05.0109 4020 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG C:\WINDOWS\System32\alg.exe
09:58:05.0109 4020 ALG - ok
09:58:05.0109 4020 AliIde - ok
09:58:05.0125 4020 amsint - ok
09:58:05.0156 4020 [ 421184F91EAE5C6E78E653C6B32AAE84 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
09:58:05.0156 4020 AppMgmt - ok
09:58:05.0171 4020 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:58:05.0187 4020 Arp1394 - ok
09:58:05.0187 4020 asc - ok
09:58:05.0187 4020 asc3350p - ok
09:58:05.0203 4020 asc3550 - ok
09:58:05.0234 4020 [ ED8CEE58C1E4C5893F5B2FD686A272BF ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
09:58:05.0234 4020 Aspi32 - ok
09:58:05.0265 4020 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
09:58:05.0265 4020 aswFsBlk - ok
09:58:05.0281 4020 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
09:58:05.0281 4020 aswMon2 - ok
09:58:05.0296 4020 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
09:58:05.0296 4020 AswRdr - ok
09:58:05.0328 4020 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
09:58:05.0343 4020 aswSnx - ok
09:58:05.0375 4020 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
09:58:05.0375 4020 aswSP - ok
09:58:05.0390 4020 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
09:58:05.0390 4020 aswTdi - ok
09:58:05.0406 4020 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:58:05.0406 4020 AsyncMac - ok
09:58:05.0421 4020 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:58:05.0437 4020 atapi - ok
09:58:05.0437 4020 Atdisk - ok
09:58:05.0468 4020 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:58:05.0468 4020 Atmarpc - ok
09:58:05.0500 4020 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:58:05.0500 4020 AudioSrv - ok
09:58:05.0531 4020 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:58:05.0531 4020 audstub - ok
09:58:05.0625 4020 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:58:05.0625 4020 avast! Antivirus - ok
09:58:05.0656 4020 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:58:05.0656 4020 Beep - ok
09:58:05.0703 4020 [ E774A26610EC92674273486612C11CFC ] BITS C:\WINDOWS\system32\qmgr.dll
09:58:05.0734 4020 BITS - ok
09:58:05.0765 4020 [ F219E27E88107A50544153898DD8178E ] Browser C:\WINDOWS\System32\browser.dll
09:58:05.0765 4020 Browser - ok
09:58:05.0765 4020 catchme - ok
09:58:05.0796 4020 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:58:05.0796 4020 cbidf2k - ok
09:58:05.0843 4020 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:58:05.0843 4020 CCDECODE - ok
09:58:05.0843 4020 cd20xrnt - ok
09:58:05.0875 4020 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:58:05.0875 4020 Cdaudio - ok
09:58:05.0890 4020 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:58:05.0890 4020 Cdfs - ok
09:58:05.0921 4020 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:58:05.0937 4020 Cdrom - ok
09:58:05.0937 4020 Changer - ok
09:58:05.0953 4020 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:58:05.0968 4020 CiSvc - ok
09:58:05.0984 4020 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:58:06.0000 4020 ClipSrv - ok
09:58:06.0000 4020 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:58:06.0000 4020 CmBatt - ok
09:58:06.0000 4020 CmdIde - ok
09:58:06.0046 4020 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:58:06.0046 4020 Compbatt - ok
09:58:06.0046 4020 COMSysApp - ok
09:58:06.0062 4020 Cpqarray - ok
09:58:06.0078 4020 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:58:06.0093 4020 CryptSvc - ok
09:58:06.0093 4020 dac2w2k - ok
09:58:06.0093 4020 dac960nt - ok
09:58:06.0156 4020 [ C72C15EE57E248C66E57C76CAB086CF2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:58:06.0187 4020 DcomLaunch - ok
09:58:06.0218 4020 [ 562830EFB7CF367FB773FEA5256E67C8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:58:06.0218 4020 Dhcp - ok
09:58:06.0234 4020 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:58:06.0250 4020 Disk - ok
09:58:06.0250 4020 dmadmin - ok
09:58:06.0281 4020 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:58:06.0312 4020 dmboot - ok
09:58:06.0312 4020 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:58:06.0312 4020 dmio - ok
09:58:06.0328 4020 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:58:06.0343 4020 dmload - ok
09:58:06.0359 4020 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:58:06.0375 4020 dmserver - ok
09:58:06.0390 4020 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:58:06.0390 4020 DMusic - ok
09:58:06.0406 4020 [ F605B3F5674D67587C4B6C9E92A3E025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:58:06.0406 4020 Dnscache - ok
09:58:06.0406 4020 dpti2o - ok
09:58:06.0437 4020 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:58:06.0437 4020 drmkaud - ok
09:58:06.0437 4020 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:58:06.0437 4020 ERSvc - ok
09:58:06.0484 4020 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] Eventlog C:\WINDOWS\system32\services.exe
09:58:06.0500 4020 Eventlog - ok
09:58:06.0515 4020 [ 972378B907070F64932A87C90A035487 ] EventSystem C:\WINDOWS\System32\es.dll
09:58:06.0515 4020 EventSystem - ok
09:58:06.0546 4020 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:58:06.0546 4020 Fastfat - ok
09:58:06.0578 4020 [ 8BA76BD2A943F642F267A296A15776D2 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:58:06.0609 4020 FastUserSwitchingCompatibility - ok
09:58:06.0656 4020 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
09:58:06.0656 4020 Fdc - ok
09:58:06.0671 4020 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:58:06.0671 4020 Fips - ok
09:58:06.0687 4020 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
09:58:06.0687 4020 Flpydisk - ok
09:58:06.0718 4020 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:58:06.0718 4020 FltMgr - ok
09:58:06.0718 4020 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:58:06.0734 4020 Fs_Rec - ok
09:58:06.0765 4020 [ 07A83A2E070357075C2056810C67C9E4 ] FTD2XX C:\WINDOWS\system32\Drivers\FTD2XX.sys
09:58:06.0765 4020 FTD2XX - ok
09:58:06.0796 4020 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:58:06.0796 4020 Ftdisk - ok
09:58:06.0859 4020 [ BC9C77FAC763D84BFDF09B55D4B41AFA ] GhostStartService C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
09:58:06.0859 4020 GhostStartService - ok
09:58:06.0875 4020 [ 4D0E1DDFC571285A0BBABB0A534F4D3D ] GhPciScan C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
09:58:06.0875 4020 GhPciScan - ok
09:58:06.0906 4020 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:58:06.0906 4020 Gpc - ok
09:58:06.0953 4020 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:58:06.0953 4020 HDAudBus - ok
09:58:07.0000 4020 [ F59152272782FED8A8197FA788287F68 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:58:07.0000 4020 helpsvc - ok
09:58:07.0015 4020 HidServ - ok
09:58:07.0031 4020 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:58:07.0031 4020 hidusb - ok
09:58:07.0046 4020 hpn - ok
09:58:07.0078 4020 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:58:07.0093 4020 HTTP - ok
09:58:07.0109 4020 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:58:07.0125 4020 HTTPFilter - ok
09:58:07.0140 4020 i2omgmt - ok
09:58:07.0140 4020 i2omp - ok
09:58:07.0187 4020 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:58:07.0187 4020 i8042prt - ok
09:58:07.0187 4020 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:58:07.0187 4020 Imapi - ok
09:58:07.0218 4020 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService C:\WINDOWS\system32\imapi.exe
09:58:07.0234 4020 ImapiService - ok
09:58:07.0234 4020 ini910u - ok
09:58:07.0390 4020 [ 811B31E0E0AC7BE484EFBFFC42AFCBBE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:58:07.0437 4020 IntcAzAudAddService - ok
09:58:07.0453 4020 IntelIde - ok
09:58:07.0468 4020 [ 10A3AC0F0DF720AD3C3FD13861D50EB9 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:58:07.0468 4020 intelppm - ok
09:58:07.0500 4020 [ 4448006B6BC60E6C027932CFC38D6855 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:58:07.0500 4020 ip6fw - ok
09:58:07.0531 4020 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:58:07.0531 4020 IpFilterDriver - ok
09:58:07.0546 4020 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:58:07.0546 4020 IpInIp - ok
09:58:07.0578 4020 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:58:07.0578 4020 IpNat - ok
09:58:07.0593 4020 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:58:07.0593 4020 IPSec - ok
09:58:07.0609 4020 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:58:07.0609 4020 IRENUM - ok
09:58:07.0640 4020 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:58:07.0656 4020 isapnp - ok
09:58:07.0656 4020 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:58:07.0656 4020 Kbdclass - ok
09:58:07.0671 4020 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:58:07.0687 4020 kmixer - ok
09:58:07.0687 4020 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:58:07.0687 4020 KSecDD - ok
09:58:07.0703 4020 [ 6D6BDD68B775986577C48A8DF961A05C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:58:07.0718 4020 lanmanserver - ok
09:58:07.0734 4020 [ 69B0569AAE33F0D5057CA0E8577AAF07 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:58:07.0750 4020 lanmanworkstation - ok
09:58:07.0765 4020 lbrtfdc - ok
09:58:07.0796 4020 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:58:07.0812 4020 LmHosts - ok
09:58:07.0843 4020 [ F74B0648E1B31CC1DC86E8585BF9C88E ] M3AD C:\WINDOWS\system32\drivers\m3aux.sys
09:58:07.0843 4020 M3AD - ok
09:58:07.0875 4020 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:58:07.0890 4020 Messenger - ok
09:58:07.0906 4020 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:58:07.0906 4020 mnmdd - ok
09:58:07.0937 4020 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
09:58:07.0937 4020 mnmsrvc - ok
09:58:07.0968 4020 [ 60210DEB037846AFE521EBF349964F6B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:58:07.0968 4020 Modem - ok
09:58:08.0000 4020 [ B160EC94114715675509115986400FD9 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:58:08.0000 4020 Mouclass - ok
09:58:08.0015 4020 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:58:08.0015 4020 mouhid - ok
09:58:08.0031 4020 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:58:08.0031 4020 MountMgr - ok
09:58:08.0031 4020 mraid35x - ok
09:58:08.0046 4020 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:58:08.0046 4020 MRxDAV - ok
09:58:08.0062 4020 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:58:08.0062 4020 MRxSmb - ok
09:58:08.0093 4020 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC C:\WINDOWS\System32\msdtc.exe
09:58:08.0093 4020 MSDTC - ok
09:58:08.0109 4020 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:58:08.0109 4020 Msfs - ok
09:58:08.0109 4020 MSIServer - ok
09:58:08.0125 4020 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:58:08.0140 4020 MSKSSRV - ok
09:58:08.0156 4020 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:58:08.0156 4020 MSPCLOCK - ok
09:58:08.0156 4020 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:58:08.0171 4020 MSPQM - ok
09:58:08.0187 4020 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:58:08.0187 4020 mssmbios - ok
09:58:08.0203 4020 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
09:58:08.0203 4020 MSTEE - ok
09:58:08.0234 4020 [ E333010A50BF603ACC350F6019E9CE02 ] MTsensor C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
09:58:08.0234 4020 MTsensor - ok
09:58:08.0250 4020 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:58:08.0250 4020 Mup - ok
09:58:08.0265 4020 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:58:08.0265 4020 NABTSFEC - ok
09:58:08.0296 4020 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:58:08.0296 4020 NDIS - ok
09:58:08.0312 4020 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:58:08.0328 4020 NdisIP - ok
09:58:08.0343 4020 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:58:08.0343 4020 NdisTapi - ok
09:58:08.0359 4020 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:58:08.0359 4020 Ndisuio - ok
09:58:08.0359 4020 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:58:08.0359 4020 NdisWan - ok
09:58:08.0390 4020 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:58:08.0390 4020 NDProxy - ok
09:58:08.0406 4020 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:58:08.0406 4020 NetBIOS - ok
09:58:08.0437 4020 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:58:08.0437 4020 NetBT - ok
09:58:08.0468 4020 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE C:\WINDOWS\system32\netdde.exe
09:58:08.0484 4020 NetDDE - ok
09:58:08.0484 4020 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:58:08.0500 4020 NetDDEdsdm - ok
09:58:08.0531 4020 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon C:\WINDOWS\system32\lsass.exe
09:58:08.0546 4020 Netlogon - ok
09:58:08.0578 4020 [ AF342D2781225A8769686E0D47E3123E ] Netman C:\WINDOWS\System32\netman.dll
09:58:08.0593 4020 Netman - ok
09:58:08.0609 4020 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:58:08.0609 4020 NIC1394 - ok
09:58:08.0625 4020 [ 64C078BD4EFD441C3F159EDC5EA4420A ] Nla C:\WINDOWS\System32\mswsock.dll
09:58:08.0640 4020 Nla - ok
09:58:08.0671 4020 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:58:08.0671 4020 Npfs - ok
09:58:08.0703 4020 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:58:08.0718 4020 Ntfs - ok
09:58:08.0750 4020 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
09:58:08.0765 4020 NtLmSsp - ok
09:58:08.0796 4020 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:58:08.0812 4020 NtmsSvc - ok
09:58:08.0843 4020 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:58:08.0843 4020 Null - ok
09:58:08.0953 4020 [ 392AD6A1676FBBC80FA1DAD4C9955131 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:58:09.0000 4020 nv - ok
09:58:09.0031 4020 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:58:09.0031 4020 NwlnkFlt - ok
09:58:09.0046 4020 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:58:09.0046 4020 NwlnkFwd - ok
09:58:09.0062 4020 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:58:09.0062 4020 ohci1394 - ok
09:58:09.0078 4020 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport C:\WINDOWS\system32\drivers\Parport.sys
09:58:09.0093 4020 Parport - ok
09:58:09.0109 4020 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:58:09.0109 4020 PartMgr - ok
09:58:09.0125 4020 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:58:09.0125 4020 ParVdm - ok
09:58:09.0156 4020 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:58:09.0156 4020 PCI - ok
09:58:09.0156 4020 PCIDump - ok
09:58:09.0171 4020 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:58:09.0171 4020 PCIIde - ok
09:58:09.0187 4020 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
09:58:09.0187 4020 Pcmcia - ok
09:58:09.0203 4020 PDCOMP - ok
09:58:09.0203 4020 PDFRAME - ok
09:58:09.0203 4020 PDRELI - ok
09:58:09.0218 4020 PDRFRAME - ok
09:58:09.0218 4020 perc2 - ok
09:58:09.0234 4020 perc2hib - ok
09:58:09.0265 4020 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] PlugPlay C:\WINDOWS\system32\services.exe
09:58:09.0281 4020 PlugPlay - ok
09:58:09.0281 4020 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:58:09.0281 4020 PolicyAgent - ok
09:58:09.0328 4020 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:58:09.0328 4020 PptpMiniport - ok
09:58:09.0343 4020 [ 4228630829C0E521C43D882A00533374 ] PQNTDrv C:\WINDOWS\system32\drivers\PQNTDrv.sys
09:58:09.0343 4020 PQNTDrv - ok
09:58:09.0359 4020 [ 9A10E4FD13824823DA50D4758BD0A645 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
09:58:09.0359 4020 Processor - ok
09:58:09.0375 4020 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:58:09.0375 4020 ProtectedStorage - ok
09:58:09.0390 4020 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:58:09.0390 4020 PSched - ok
09:58:09.0390 4020 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:58:09.0390 4020 Ptilink - ok
09:58:09.0406 4020 ql1080 - ok
09:58:09.0406 4020 Ql10wnt - ok
09:58:09.0421 4020 ql12160 - ok
09:58:09.0421 4020 ql1240 - ok
09:58:09.0421 4020 ql1280 - ok
09:58:09.0437 4020 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:58:09.0437 4020 RasAcd - ok
09:58:09.0484 4020 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:58:09.0484 4020 RasAuto - ok
09:58:09.0500 4020 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:58:09.0515 4020 Rasl2tp - ok
09:58:09.0546 4020 [ 6E519D777C91E90592403C9F981FDF03 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:58:09.0562 4020 RasMan - ok
09:58:09.0562 4020 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:58:09.0578 4020 RasPppoe - ok
09:58:09.0578 4020 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:58:09.0578 4020 Raspti - ok
09:58:09.0609 4020 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:58:09.0625 4020 Rdbss - ok
09:58:09.0625 4020 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:58:09.0640 4020 RDPCDD - ok
09:58:09.0640 4020 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:58:09.0656 4020 rdpdr - ok
09:58:09.0687 4020 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:58:09.0687 4020 RDPWD - ok
09:58:09.0718 4020 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:58:09.0734 4020 RDSessMgr - ok
09:58:09.0765 4020 [ ABA13D33E1F888C9A68599A48A8840D6 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:58:09.0781 4020 redbook - ok
09:58:09.0796 4020 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:58:09.0812 4020 RemoteAccess - ok
09:58:09.0843 4020 [ 5B21208FCF8970BB61FE98E19D828714 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:58:09.0859 4020 RemoteRegistry - ok
09:58:09.0875 4020 [ B6E686AAB08BC276D0000293F9FBA0BB ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
09:58:09.0890 4020 rimmptsk - ok
09:58:09.0890 4020 [ BCFF51E0BE86D6F0E2180E5142203527 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
09:58:09.0890 4020 rimsptsk - ok
09:58:09.0906 4020 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator C:\WINDOWS\System32\locator.exe
09:58:09.0921 4020 RpcLocator - ok
09:58:09.0937 4020 [ C72C15EE57E248C66E57C76CAB086CF2 ] RpcSs C:\WINDOWS\System32\rpcss.dll
09:58:09.0953 4020 RpcSs - ok
09:58:09.0984 4020 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\System32\rsvp.exe
09:58:10.0000 4020 RSVP - ok
09:58:10.0031 4020 [ D6E1B1BD04FAD422AF17FC4B810CB9AF ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
09:58:10.0046 4020 RTL8023xp - ok
09:58:10.0062 4020 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs C:\WINDOWS\system32\lsass.exe
09:58:10.0062 4020 SamSs - ok
09:58:10.0093 4020 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:58:10.0109 4020 SCardSvr - ok
09:58:10.0140 4020 [ 29AC93307C6182DBE336BCA314947F28 ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:58:10.0156 4020 Schedule - ok
09:58:10.0187 4020 [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:58:10.0187 4020 sdbus - ok
09:58:10.0218 4020 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:58:10.0218 4020 Secdrv - ok
09:58:10.0250 4020 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:58:10.0265 4020 seclogon - ok
09:58:10.0265 4020 [ 220AD85BA9C5B3011296354011B901CC ] SENS C:\WINDOWS\system32\sens.dll
09:58:10.0281 4020 SENS - ok
09:58:10.0312 4020 [ C1DDBC85251551A840212999DA3D95F3 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
09:58:10.0312 4020 Serial - ok
09:58:10.0328 4020 [ 1D9F1BEC651815741F088A8FB88E17EE ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
09:58:10.0328 4020 sffdisk - ok
09:58:10.0343 4020 [ 586499FD312FFD7F78553F408E71682E ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
09:58:10.0343 4020 sffp_sd - ok
09:58:10.0343 4020 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:58:10.0359 4020 Sfloppy - ok
09:58:10.0390 4020 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:58:10.0406 4020 SharedAccess - ok
09:58:10.0421 4020 [ 8BA76BD2A943F642F267A296A15776D2 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:58:10.0437 4020 ShellHWDetection - ok
09:58:10.0437 4020 Simbad - ok
09:58:10.0468 4020 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:58:10.0484 4020 SLIP - ok
09:58:10.0484 4020 Sparrow - ok
09:58:10.0515 4020 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:58:10.0515 4020 splitter - ok
09:58:10.0546 4020 [ 21B6FAA88044A41640E03EBB68BE93E8 ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:58:10.0562 4020 Spooler - ok
09:58:10.0609 4020 [ A74035EA526DB97D9D50D2143A55F5CF ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:58:10.0609 4020 sr - ok
09:58:10.0640 4020 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice C:\WINDOWS\system32\srsvc.dll
09:58:10.0671 4020 srservice - ok
09:58:10.0703 4020 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:58:10.0718 4020 Srv - ok
09:58:10.0750 4020 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:58:10.0765 4020 SSDPSRV - ok
09:58:10.0796 4020 [ 0645CCDDDD27F96EEA3534C1DEF736D9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:58:10.0828 4020 stisvc - ok
09:58:10.0875 4020 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:58:10.0875 4020 streamip - ok
09:58:10.0875 4020 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:58:10.0890 4020 swenum - ok
09:58:10.0890 4020 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:58:10.0906 4020 swmidi - ok
09:58:10.0906 4020 SwPrv - ok
09:58:10.0921 4020 symc810 - ok
09:58:10.0921 4020 symc8xx - ok
09:58:10.0921 4020 sym_hi - ok
09:58:10.0937 4020 sym_u3 - ok
09:58:10.0984 4020 [ 03DC419B94C57ADF3AB0FBF887B021F5 ] SynMini C:\WINDOWS\system32\Drivers\SynMini.sys
09:58:11.0000 4020 SynMini - ok
09:58:11.0015 4020 [ E4085705D8D7D4D1536D8EE907439A86 ] SynScan C:\WINDOWS\system32\Drivers\SynScan.sys
09:58:11.0015 4020 SynScan - ok
09:58:11.0031 4020 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:58:11.0031 4020 sysaudio - ok
09:58:11.0062 4020 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:58:11.0078 4020 SysmonLog - ok
09:58:11.0109 4020 [ 37162D29CD61519E6F5EA0DE99786FF6 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:58:11.0125 4020 TapiSrv - ok
09:58:11.0156 4020 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:58:11.0171 4020 Tcpip - ok
09:58:11.0187 4020 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:58:11.0187 4020 TDPIPE - ok
09:58:11.0203 4020 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:58:11.0203 4020 TDTCP - ok
09:58:11.0218 4020 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:58:11.0234 4020 TermDD - ok
09:58:11.0265 4020 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService C:\WINDOWS\System32\termsrv.dll
09:58:11.0281 4020 TermService - ok
09:58:11.0296 4020 [ 8BA76BD2A943F642F267A296A15776D2 ] Themes C:\WINDOWS\System32\shsvcs.dll
09:58:11.0312 4020 Themes - ok
09:58:11.0343 4020 [ 535C2FB97336BAFA509F4783DD1E5746 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
09:58:11.0359 4020 TlntSvr - ok
09:58:11.0359 4020 TosIde - ok
09:58:11.0406 4020 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:58:11.0421 4020 TrkWks - ok
09:58:11.0437 4020 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:58:11.0437 4020 Udfs - ok
09:58:11.0453 4020 ultra - ok
09:58:11.0468 4020 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:58:11.0468 4020 Update - ok
09:58:11.0500 4020 [ 984FC1518B0D5B31D76F0E63608E0500 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:58:11.0531 4020 upnphost - ok
09:58:11.0546 4020 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS C:\WINDOWS\System32\ups.exe
09:58:11.0562 4020 UPS - ok
09:58:11.0593 4020 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:58:11.0609 4020 usbehci - ok
09:58:11.0625 4020 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:58:11.0625 4020 usbhub - ok
09:58:11.0656 4020 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:58:11.0656 4020 usbstor - ok
09:58:11.0671 4020 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:58:11.0671 4020 usbuhci - ok
09:58:11.0718 4020 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:58:11.0734 4020 VgaSave - ok
09:58:11.0734 4020 ViaIde - ok
09:58:11.0750 4020 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:58:11.0765 4020 VolSnap - ok
09:58:11.0796 4020 [ 043539881667BB37B07524032D6FFC3E ] VSS C:\WINDOWS\System32\vssvc.exe
09:58:11.0828 4020 VSS - ok
09:58:11.0875 4020 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time C:\WINDOWS\system32\w32time.dll
09:58:11.0906 4020 W32Time - ok
09:58:11.0968 4020 [ C79918A5BD269035F3A34D157401B9DF ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
09:58:11.0984 4020 w39n51 - ok
09:58:12.0015 4020 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:58:12.0015 4020 Wanarp - ok
09:58:12.0031 4020 WDICA - ok
09:58:12.0031 4020 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:58:12.0046 4020 wdmaud - ok
09:58:12.0078 4020 [ 3791ADF1D3466AC6B4B662D3F79CBFEC ] WebClient C:\WINDOWS\System32\webclnt.dll
09:58:12.0093 4020 WebClient - ok
09:58:12.0140 4020 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:58:12.0140 4020 winmgmt - ok
09:58:12.0171 4020 [ E02E913B3841717A890A644EE167B9A5 ] WmdmPmSN C:\WINDOWS\System32\mspmsnsv.dll
09:58:12.0187 4020 WmdmPmSN - ok
09:58:12.0234 4020 [ 0CDC4A0C6B820FAD99FB4CA74CD0C476 ] Wmi C:\WINDOWS\System32\advapi32.dll
09:58:12.0250 4020 Wmi - ok
09:58:12.0281 4020 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
09:58:12.0281 4020 WmiApSrv - ok
09:58:12.0296 4020 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:58:12.0312 4020 WS2IFSL - ok
09:58:12.0328 4020 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:58:12.0359 4020 wscsvc - ok
09:58:12.0359 4020 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:58:12.0375 4020 WSTCODEC - ok
09:58:12.0390 4020 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:58:12.0406 4020 wuauserv - ok
09:58:12.0437 4020 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:58:12.0468 4020 WZCSVC - ok
09:58:12.0500 4020 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:58:12.0531 4020 xmlprov - ok
09:58:12.0546 4020 ================ Scan global ===============================
09:58:12.0562 4020 [ F642F3368D2839798DA79E7BA9218481 ] C:\WINDOWS\system32\basesrv.dll
09:58:12.0578 4020 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
09:58:12.0609 4020 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
09:58:12.0640 4020 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] C:\WINDOWS\system32\services.exe
09:58:12.0656 4020 [Global] - ok
09:58:12.0656 4020 ================ Scan MBR ==================================
09:58:12.0671 4020 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
09:58:13.0921 4020 \Device\Harddisk0\DR0 - ok
09:58:13.0921 4020 ================ Scan VBR ==================================
09:58:13.0937 4020 [ 4AED4A352654D7268BF5EC2C07A10920 ] \Device\Harddisk0\DR0\Partition1
09:58:13.0937 4020 \Device\Harddisk0\DR0\Partition1 - ok
09:58:13.0953 4020 [ 03535F05B1FC39B0CB98C3F127A3F233 ] \Device\Harddisk0\DR0\Partition2
09:58:13.0953 4020 \Device\Harddisk0\DR0\Partition2 - ok
09:58:13.0984 4020 [ E1580D50131C232134B78BDD141F16AD ] \Device\Harddisk0\DR0\Partition3
09:58:13.0984 4020 \Device\Harddisk0\DR0\Partition3 - ok
09:58:14.0000 4020 [ 44E041F93E363A2D6E292484A671C0F8 ] \Device\Harddisk0\DR0\Partition4
09:58:14.0000 4020 \Device\Harddisk0\DR0\Partition4 - ok
09:58:14.0000 4020 ============================================================
09:58:14.0000 4020 Scan finished
09:58:14.0000 4020 ============================================================
09:58:14.0015 2888 Detected object count: 0
09:58:14.0015 2888 Actual detected object count: 0
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119516
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Samovolně se měnící čas v biosu

#26 Příspěvek od Rudy »

I toto je OK. Rootkit v PC není. Bude třeba změřit napětí té baterie voltmetrem. Proti kostře (při vypnutém PC) byste měl naměřit 3V +/- 10%. Pokud by tam bylo méně, baterii vyměňte. Už opravdu nevím, kde by problém mohl být. Systém přeinstalován, zkontrolován na všechny možné šmejdy, reflashován bios a přesto se čas mění.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“