trhané překreslování oken

Zpráva

Mates86 · #1 Příspěvek od **Mates86** » 25 říj 2012 21:25

Zdravím,
Poprosím o kontrolu logu.
počítač je výrazně pomalý. Překreslování oken je strašně trhané ,jako by mi chyběl ovladač pro grafickou kartu (ten jsem instaloval nově), často hrabe na disk po dlouhou dobu. Kontroloval jsem jak disk, tak ramky. Počítač je sice staršího data ale pracovat se s ním ještě dalo. Tak kdyby jste objevili něco co by to mohlo brzdit a pomoct mi to odstranit, budu rád.
Předem díky.

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Krejci at 19:49:41 on 2012-10-24
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.446.134 [GMT 2:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=15768
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [S3Trayp] S3Trayp.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: NameServer = 217.112.162.34 217.112.160.1
TCP: Interfaces\{5FE059A6-EDED-4467-B45B-6840351BC44D} : DHCPNameServer = 217.112.162.34 217.112.160.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\krejci\data aplikací\mozilla\firefox\profiles\wm380znu.default\
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-10-21 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-10-21 202928]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2009-9-28 11264]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-10-21 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-10-21 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-20 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-20 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-20 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-20 44808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-10-21 133912]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2009-9-28 70272]
R3 xcpip;Ovladač protokolu TCP/IP;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2009-9-28 9472]
S2 gupdate;Služba Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-8 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
S3 0zx_fqi6i.sys;0zx_fqi6i.sys;\??\c:\windows\system32\drivers\0zx_fqi6i.sys --> c:\windows\system32\drivers\0zx_fqi6i.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-14 250808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-1-25 1691480]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-8 136176]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 S3GIGP;S3GIGP;c:\windows\system32\drivers\s3gigpm.sys --> c:\windows\system32\drivers\S3gIGPm.sys [?]
.
=============== Created Last 30 ================
.
2012-10-23 20:46:19 -------- d-----w- c:\program files\HD Tune
2012-10-22 22:32:50 -------- d-----w- c:\documents and settings\krejci\data aplikací\Carambis
2012-10-21 09:43:08 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-21 09:42:43 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-21 09:42:42 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-21 09:42:25 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-10-21 09:38:15 -------- d-----w- c:\program files\CCleaner
2012-10-20 12:18:01 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-20 12:17:10 41224 ----a-w- c:\windows\avastSS.scr
2012-10-20 12:13:37 -------- d-----w- c:\program files\AVAST Software
2012-10-19 17:04:14 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-10-19 17:04:14 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-10-09 17:51:41 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-04 19:17:49 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 9
.
==================== Find3M ====================
.
2012-10-09 18:51:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 18:51:34 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 19:50:13,59 ===============

#2 Příspěvek od **vyosek** » 25 říj 2012 22:03

Zdravim

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V okne Additional Option zakliknete vsechny moznosti
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Mates86 · #3 Příspěvek od **Mates86** » 26 říj 2012 15:41

Log z MBrScan:

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 15 Model 95 Stepping 2, AuthenticAMD
BOOT           : Normal Boot
DATE           : 2012/10/26 (ISO 8601) at 16:38:05
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST3160815AS (3.AAC)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	149.1 Go  [Fixed] ==> Unknown MBR Code

MBR_MD5   : 8E73815687C11CCE19AA6250AFD4A197
MBR_SHA1  : BB457FCC9175D2809D88A5F373919C43D2E59C3F

Device\Harddisk0\Partition1	149.0 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xF66BB000
SIZE    : 96.0 Ko

DRIVER  : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xF7B54000
SIZE    : 8.0 Ko

DRIVER  : C:\WINDOWS\system32\drivers\xpsec.sys => Invisible on the disk
ADDRESS : 0xF5B60000
SIZE    : 76.0 Ko

DRIVER  : C:\WINDOWS\system32\drivers\xcpip.sys => Invisible on the disk
ADDRESS : 0xF5B07000
SIZE    : 356.0 Ko

SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT

________________________________________________________________________________

_____FAKED   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D8 8E C0 8E D0 BC 00 7C BE 1A 7C BF 00   3À.Ø.À.Ð¼.|¾.|¿.
0x00000010   06 B9 E6 01 50 57 FC F3 A4 CB BE A4 07 B1 04 90   .¹æ.PWüó¤Ë¾¤.±..
0x00000020   80 3C 80 74 0D 38 2C 0F 85 C0 00 83 C6 10 E2 F0   .<.t.8,..À..Æ.âð
0x00000030   CD 18 66 8B 44 08 8B 14 89 E3 B9 01 00 E8 64 00   Í.f.D....ã¹..èd.
0x00000040   73 0C 8B 4C 02 B8 01 02 CD 13 0F 82 B8 00 B9 55   s..L.¸..Í...¸.¹U
0x00000050   AA 2B 0E FE 7D 0F 85 CF 00 66 B8 00 00 00 00 66   ª+.þ}..Ï.f¸....f
0x00000060   39 44 08 72 08 66 8B 44 08 66 03 44 0C 83 C6 10   9D.r.f.D.f.D..Æ.
0x00000070   81 FE E4 07 72 E9 66 09 C0 74 1E B9 09 00 81 C3   .þä.réf.Àt.¹...Ã
0x00000080   00 02 E8 1F 00 72 12 89 DE 81 C6 0C 02 8D 54 F4   ..è..r..Þ.Æ...Tô
0x00000090   66 81 3C 75 2F F3 A4 74 05 EA 00 7C 00 00 89 DE   f.<u/ó¤t.ê.|...Þ
0x000000A0   FF D2 EB F5 66 60 B2 80 BB AA 55 B4 41 CD 13 73   .Òëõf`².»ªU´AÍ.s
0x000000B0   04 F9 66 61 C3 81 FB 55 AA 75 F6 F6 C1 01 74 F1   .ùfaÃ.ûUªuööÁ.tñ
0x000000C0   66 61 66 60 6A 00 6A 00 66 50 06 53 51 6A 10 B4   faf`j.j.fP.SQj.´
0x000000D0   42 89 E6 CD 13 61 66 61 C3 5E AC 08 C0 74 FC 56   B.æÍ.afaÃ^¬.ÀtüV
0x000000E0   1E BB 07 00 B4 0E CD 10 1F EB EE E8 EB FF 49 6E   .»..´.Í..ëîèë.In
0x000000F0   76 61 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20   valid partition 
0x00000100   74 61 62 6C 65 00 E8 D0 FF 45 72 72 6F 72 20 6C   table.èÐ.Error l
0x00000110   6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E 67   oading operating
0x00000120   20 73 79 73 74 65 6D 00 E8 AE FF 4D 69 73 73 69    system.è®.Missi
0x00000130   6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73   ng operating sys
0x00000140   74 65 6D 00 00 00 00 00 00 00 00 00 00 00 00 00   tem.............
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A B5 CD B5 CD 00 00 80 01   .....,DjµÍµÍ....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 C1 4B A1 12 00 00   ...þ..?...ÁK¡...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__ORIGINAL   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C   2ä.V.Í.ëÖaùÃNepl
0x00000130   61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64   atn. tabulka odd
0x00000140   A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61   ¡l..Chyba pýi na
0x00000150   9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68   .¡t.n¡ opera.n¡h
0x00000160   6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F   o syst.mu.Opera.
0x00000170   6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65   n¡ syst.m nenale
0x00000180   7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00   zen.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A B5 CD B5 CD 00 00 80 01   .....,DjµÍµÍ....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 C1 4B A1 12 00 00   ...þ..?...ÁK¡...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

Mates86 · #4 Příspěvek od **Mates86** » 26 říj 2012 15:54

a z TDSSKiller:
16:45:15.0140 3556 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
16:45:17.0406 3556 ============================================================
16:45:17.0406 3556 Current date / time: 2012/10/26 16:45:17.0406
16:45:17.0406 3556 SystemInfo:
16:45:17.0406 3556
16:45:17.0437 3556 OS Version: 5.1.2600 ServicePack: 3.0
16:45:17.0437 3556 Product type: Workstation
16:45:17.0437 3556 ComputerName: POCITAC1
16:45:17.0437 3556 UserName: Krejci
16:45:17.0437 3556 Windows directory: C:\WINDOWS
16:45:17.0437 3556 System windows directory: C:\WINDOWS
16:45:17.0437 3556 Processor architecture: Intel x86
16:45:17.0437 3556 Number of processors: 1
16:45:17.0437 3556 Page size: 0x1000
16:45:17.0437 3556 Boot type: Normal boot
16:45:17.0437 3556 ============================================================
16:45:26.0187 3556 BG loaded
16:45:27.0250 3556 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x000000A4
16:45:28.0109 3556 ============================================================
16:45:28.0109 3556 \Device\Harddisk0\DR0:
16:45:28.0234 3556 MBR partitions:
16:45:28.0234 3556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
16:45:28.0234 3556 ============================================================
16:45:28.0343 3556 C: <-> \Device\Harddisk0\DR0\Partition1
16:45:28.0468 3556 ============================================================
16:45:28.0468 3556 Initialize success
16:45:28.0468 3556 ============================================================
16:49:13.0468 5504 ============================================================
16:49:13.0484 5504 Scan started
16:49:13.0484 5504 Mode: Manual; SigCheck; TDLFS;
16:49:13.0484 5504 ============================================================
16:49:14.0421 5504 ================ Scan system memory ========================
16:49:16.0421 5504 System memory ( MEM:Backdoor.Win32.Sinowal.d ) - infected
16:49:16.0421 5504 System memory - detected MEM:Backdoor.Win32.Sinowal.d (0)
16:49:16.0421 5504 ================ Scan services =============================
16:49:16.0796 5504 0zx_fqi6i.sys - ok
16:49:16.0921 5504 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
16:49:17.0828 5504 Aavmker4 - ok
16:49:17.0859 5504 Abiosdsk - ok
16:49:17.0906 5504 abp480n5 - ok
16:49:17.0968 5504 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:49:19.0015 5504 ACPI - ok
16:49:19.0125 5504 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:49:19.0328 5504 ACPIEC - ok
16:49:19.0468 5504 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:49:19.0546 5504 AdobeFlashPlayerUpdateSvc - ok
16:49:19.0593 5504 adpu160m - ok
16:49:19.0718 5504 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:49:19.0937 5504 aec - ok
16:49:20.0046 5504 [ 38D7B715504DA4741DF35E3594FE2099 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:49:20.0156 5504 AFD - ok
16:49:20.0218 5504 Aha154x - ok
16:49:20.0281 5504 aic78u2 - ok
16:49:20.0328 5504 aic78xx - ok
16:49:20.0437 5504 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:49:20.0703 5504 Alerter - ok
16:49:20.0750 5504 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
16:49:20.0921 5504 ALG - ok
16:49:20.0968 5504 AliIde - ok
16:49:21.0156 5504 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
16:49:21.0281 5504 Ambfilt - ok
16:49:21.0359 5504 [ 59301936898AE62245A6F09C0ABA9475 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
16:49:21.0437 5504 AmdK8 - ok
16:49:21.0484 5504 amsint - ok
16:49:21.0562 5504 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:49:21.0687 5504 AppMgmt - ok
16:49:21.0734 5504 asc - ok
16:49:21.0734 5504 asc3350p - ok
16:49:21.0781 5504 asc3550 - ok
16:49:22.0015 5504 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:49:22.0062 5504 aspnet_state - ok
16:49:22.0156 5504 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
16:49:22.0218 5504 aswFsBlk - ok
16:49:22.0296 5504 [ 09678587C5C70F91720631EF048B4744 ] aswFW C:\WINDOWS\system32\drivers\aswFW.sys
16:49:22.0312 5504 aswFW - ok
16:49:22.0421 5504 [ 31E0D16EB06D09A248AFF20C76F9091B ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
16:49:22.0437 5504 aswKbd - ok
16:49:22.0546 5504 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
16:49:22.0609 5504 aswMon2 - ok
16:49:22.0718 5504 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\WINDOWS\system32\DRIVERS\aswNdis.sys
16:49:22.0718 5504 aswNdis - ok
16:49:22.0812 5504 [ C6E5E1E0FB3827B2359F4D394ECAA070 ] aswNdis2 C:\WINDOWS\system32\drivers\aswNdis2.sys
16:49:22.0875 5504 aswNdis2 - ok
16:49:22.0953 5504 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
16:49:22.0984 5504 AswRdr - ok
16:49:23.0046 5504 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
16:49:23.0171 5504 aswSnx - ok
16:49:23.0281 5504 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
16:49:23.0312 5504 aswSP - ok
16:49:23.0390 5504 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
16:49:23.0406 5504 aswTdi - ok
16:49:23.0515 5504 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:49:23.0734 5504 AsyncMac - ok
16:49:23.0812 5504 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:49:24.0062 5504 atapi - ok
16:49:24.0109 5504 Atdisk - ok
16:49:24.0171 5504 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:49:24.0437 5504 Atmarpc - ok
16:49:24.0531 5504 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:49:24.0796 5504 AudioSrv - ok
16:49:24.0875 5504 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:49:25.0140 5504 audstub - ok
16:49:25.0312 5504 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:49:25.0328 5504 avast! Antivirus - ok
16:49:25.0390 5504 [ DD4C61CB3CDBC8B0A7D2107C6944DC71 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
16:49:25.0421 5504 avast! Firewall - ok
16:49:25.0531 5504 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:49:25.0875 5504 Beep - ok
16:49:25.0937 5504 [ 3AEDE727580F0A7C3929DD6526145759 ] BITS C:\WINDOWS\system32\qmgr.dll
16:49:26.0093 5504 BITS - ok
16:49:26.0218 5504 [ 39CE94B2B33771A3D95C70F41847F3F9 ] Browser C:\WINDOWS\System32\browser.dll
16:49:26.0296 5504 Browser - ok
16:49:26.0406 5504 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:49:26.0656 5504 cbidf2k - ok
16:49:26.0734 5504 cd20xrnt - ok
16:49:26.0859 5504 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:49:27.0093 5504 Cdaudio - ok
16:49:27.0171 5504 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:49:27.0468 5504 Cdfs - ok
16:49:27.0578 5504 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:49:27.0687 5504 Cdrom - ok
16:49:27.0765 5504 Changer - ok
16:49:27.0843 5504 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:49:28.0171 5504 CiSvc - ok
16:49:28.0234 5504 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:49:28.0531 5504 ClipSrv - ok
16:49:28.0625 5504 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:49:28.0656 5504 clr_optimization_v2.0.50727_32 - ok
16:49:28.0750 5504 CmdIde - ok
16:49:28.0828 5504 COMSysApp - ok
16:49:29.0000 5504 Cpqarray - ok
16:49:29.0078 5504 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:49:29.0343 5504 CryptSvc - ok
16:49:29.0421 5504 dac2w2k - ok
16:49:29.0468 5504 dac960nt - ok
16:49:29.0609 5504 [ C0BD34A62508BA68F146E22CE45919F9 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:49:29.0734 5504 DcomLaunch - ok
16:49:29.0812 5504 [ EB737F46D7D494C7760A932C9B6491A4 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:49:29.0953 5504 Dhcp - ok
16:49:30.0062 5504 [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:49:30.0093 5504 Disk - ok
16:49:30.0140 5504 dmadmin - ok
16:49:30.0187 5504 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:49:30.0609 5504 dmboot - ok
16:49:30.0671 5504 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:49:31.0015 5504 dmio - ok
16:49:31.0093 5504 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:49:31.0343 5504 dmload - ok
16:49:31.0421 5504 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:49:31.0656 5504 dmserver - ok
16:49:31.0734 5504 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:49:31.0968 5504 DMusic - ok
16:49:32.0093 5504 [ 38AAD7E982198CB4F642BB60E59511F1 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:49:32.0140 5504 Dnscache - ok
16:49:32.0203 5504 [ AACFC38E9D085D58F9F933CFD6AF1D2B ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:49:32.0250 5504 Dot3svc - ok
16:49:32.0296 5504 dpti2o - ok
16:49:32.0359 5504 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:49:32.0625 5504 drmkaud - ok
16:49:32.0734 5504 [ B327281012B48BD73F587799F9F29BE2 ] DumpDrv C:\WINDOWS\system32\drivers\DumpDrv.sys
16:49:32.0781 5504 DumpDrv - ok
16:49:32.0828 5504 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:49:33.0062 5504 EapHost - ok
16:49:33.0171 5504 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:49:33.0484 5504 ERSvc - ok
16:49:33.0546 5504 [ 3D107D45CCFDB266E91D84B52CD7F430 ] Eventlog C:\WINDOWS\system32\services.exe
16:49:33.0640 5504 Eventlog - ok
16:49:33.0703 5504 [ BE68EA4457E2E5717231CF91BE5448E0 ] EventSystem C:\WINDOWS\system32\es.dll
16:49:33.0843 5504 EventSystem - ok
16:49:33.0937 5504 [ 4D893323DAE445E34A4C9038B0551BC9 ] exFat C:\WINDOWS\system32\drivers\exFat.sys
16:49:33.0968 5504 exFat - ok
16:49:34.0031 5504 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:49:34.0218 5504 Fastfat - ok
16:49:34.0343 5504 [ 54A6BF743E0517528A5064CEAEB40EA7 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:49:34.0468 5504 FastUserSwitchingCompatibility - ok
16:49:34.0546 5504 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:49:34.0843 5504 Fdc - ok
16:49:34.0921 5504 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
16:49:35.0171 5504 FETNDIS - ok
16:49:35.0234 5504 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:49:35.0671 5504 Fips - ok
16:49:35.0921 5504 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:49:36.0578 5504 Flpydisk - ok
16:49:36.0625 5504 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:49:36.0875 5504 FltMgr - ok
16:49:36.0953 5504 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:49:36.0984 5504 FontCache3.0.0.0 - ok
16:49:37.0046 5504 [ 30D42943A54704EF13E2562911DBFCEA ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:49:37.0078 5504 Fs_Rec - ok
16:49:37.0171 5504 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:49:37.0812 5504 Ftdisk - ok
16:49:37.0843 5504 [ 3A74C423CF6BCCA6982715878F450A3B ] gagp30kx C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
16:49:38.0203 5504 gagp30kx - ok
16:49:38.0250 5504 GMSIPCI - ok
16:49:38.0359 5504 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:49:38.0578 5504 Gpc - ok
16:49:38.0718 5504 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:49:38.0734 5504 gupdate - ok
16:49:38.0796 5504 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:49:38.0843 5504 gupdatem - ok
16:49:38.0968 5504 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:49:39.0203 5504 HDAudBus - ok
16:49:39.0312 5504 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:49:39.0593 5504 helpsvc - ok
16:49:39.0656 5504 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:49:39.0921 5504 HidServ - ok
16:49:40.0000 5504 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:49:40.0250 5504 hidusb - ok
16:49:40.0312 5504 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:49:40.0515 5504 hkmsvc - ok
16:49:40.0562 5504 hpn - ok
16:49:40.0625 5504 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:49:40.0734 5504 HPZid412 - ok
16:49:40.0812 5504 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:49:41.0234 5504 HPZipr12 - ok
16:49:41.0312 5504 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:49:41.0390 5504 HPZius12 - ok
16:49:41.0453 5504 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:49:41.0687 5504 HTTP - ok
16:49:41.0765 5504 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:49:42.0000 5504 HTTPFilter - ok
16:49:42.0046 5504 i2omgmt - ok
16:49:42.0125 5504 i2omp - ok
16:49:42.0171 5504 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:49:42.0437 5504 i8042prt - ok
16:49:42.0578 5504 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:49:42.0609 5504 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:49:42.0609 5504 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:49:42.0718 5504 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:49:42.0796 5504 idsvc - ok
16:49:42.0875 5504 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:49:43.0125 5504 Imapi - ok
16:49:43.0187 5504 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:49:43.0390 5504 ImapiService - ok
16:49:43.0468 5504 ini910u - ok
16:49:43.0843 5504 [ ED90E04F7A1E385E2EA956CAD83F8070 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:49:44.0343 5504 IntcAzAudAddService - ok
16:49:44.0375 5504 IntelIde - ok
16:49:44.0484 5504 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:49:44.0765 5504 Ip6Fw - ok
16:49:44.0812 5504 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:49:45.0062 5504 IpFilterDriver - ok
16:49:45.0125 5504 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:49:45.0421 5504 IpInIp - ok
16:49:45.0500 5504 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:49:45.0828 5504 IpNat - ok
16:49:45.0921 5504 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:49:46.0234 5504 IPSec - ok
16:49:46.0328 5504 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:49:46.0406 5504 IRENUM - ok
16:49:46.0515 5504 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:49:46.0828 5504 isapnp - ok
16:49:47.0171 5504 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
16:49:47.0187 5504 JavaQuickStarterService - ok
16:49:47.0265 5504 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:49:47.0515 5504 Kbdclass - ok
16:49:47.0593 5504 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:49:47.0843 5504 kbdhid - ok
16:49:47.0906 5504 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:49:48.0093 5504 kmixer - ok
16:49:48.0234 5504 [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:49:48.0312 5504 KSecDD - ok
16:49:48.0406 5504 [ 21920AC69594AB021237054FA728FE46 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
16:49:48.0640 5504 LanmanServer - ok
16:49:48.0718 5504 [ 9A2E7EE3989AAC0079E9D23555545D52 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:49:48.0828 5504 lanmanworkstation - ok
16:49:48.0859 5504 lbrtfdc - ok
16:49:49.0031 5504 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:49:49.0265 5504 LmHosts - ok
16:49:49.0343 5504 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:49:49.0578 5504 Messenger - ok
16:49:49.0656 5504 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:49:49.0906 5504 mnmdd - ok
16:49:50.0000 5504 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:49:50.0312 5504 mnmsrvc - ok
16:49:50.0375 5504 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:49:50.0625 5504 Modem - ok
16:49:50.0734 5504 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
16:49:51.0000 5504 Monfilt - ok
16:49:51.0062 5504 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:49:51.0265 5504 Mouclass - ok
16:49:51.0328 5504 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:49:51.0531 5504 mouhid - ok
16:49:51.0593 5504 [ 1A1FAA5102466F418494E94FF9B0B091 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:49:51.0656 5504 MountMgr - ok
16:49:51.0687 5504 mraid35x - ok
16:49:51.0812 5504 [ 6A7C4AC5B52155115DEE97995C1CF157 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:49:51.0968 5504 MRxDAV - ok
16:49:52.0046 5504 [ EAD71A165EB3B9DF09A2BC0DE3BD22A8 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:49:52.0140 5504 MRxSmb - ok
16:49:52.0203 5504 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:49:52.0453 5504 MSDTC - ok
16:49:52.0562 5504 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:49:52.0843 5504 Msfs - ok
16:49:52.0890 5504 MSICPL - ok
16:49:52.0984 5504 MSIServer - ok
16:49:53.0093 5504 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:49:53.0328 5504 MSKSSRV - ok
16:49:53.0406 5504 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:49:53.0640 5504 MSPCLOCK - ok
16:49:53.0703 5504 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:49:53.0921 5504 MSPQM - ok
16:49:54.0015 5504 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:49:54.0218 5504 mssmbios - ok
16:49:54.0281 5504 [ 6546FE6639499FA4BEF180BDF08266A1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:49:54.0718 5504 Mup - ok
16:49:54.0906 5504 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:49:55.0109 5504 napagent - ok
16:49:55.0218 5504 [ B5B1080D35974C0E718D64280761BCD5 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:49:55.0265 5504 NDIS - ok
16:49:55.0328 5504 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:49:55.0875 5504 NdisTapi - ok
16:49:55.0937 5504 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:49:56.0203 5504 Ndisuio - ok
16:49:56.0250 5504 [ B053A8411045FD0664B389A090CB2BBC ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:49:56.0375 5504 NdisWan - ok
16:49:56.0453 5504 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:49:56.0703 5504 NDProxy - ok
16:49:56.0781 5504 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:49:57.0046 5504 NetBIOS - ok
16:49:57.0156 5504 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:49:57.0390 5504 NetBT - ok
16:49:57.0500 5504 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
16:49:57.0734 5504 NetDDE - ok
16:49:57.0781 5504 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:49:58.0000 5504 NetDDEdsdm - ok
16:49:58.0093 5504 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:49:58.0375 5504 Netlogon - ok
16:49:58.0437 5504 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
16:49:58.0687 5504 Netman - ok
16:49:58.0765 5504 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:49:58.0781 5504 NetTcpPortSharing - ok
16:49:58.0875 5504 [ 0D594D828829E1BC727B870899376B19 ] Nla C:\WINDOWS\System32\mswsock.dll
16:49:58.0968 5504 Nla - ok
16:49:59.0031 5504 [ B0A67DE1A128389AEA4D42C5A56215FD ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
16:49:59.0265 5504 nmwcd - ok
16:49:59.0328 5504 [ 025C54F9F8C8BC1894EA38529C742C54 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
16:49:59.0515 5504 nmwcdc - ok
16:49:59.0593 5504 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:49:59.0812 5504 Npfs - ok
16:49:59.0906 5504 NTACCESS - ok
16:50:00.0031 5504 [ AE8CAD8F28DB13B515A68510A539B0B8 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:50:00.0453 5504 Ntfs - ok
16:50:00.0531 5504 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:50:00.0828 5504 NtLmSsp - ok
16:50:00.0968 5504 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:50:01.0390 5504 NtmsSvc - ok
16:50:01.0484 5504 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:50:01.0812 5504 Null - ok
16:50:01.0890 5504 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:50:02.0109 5504 NwlnkFlt - ok
16:50:02.0203 5504 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:50:02.0546 5504 NwlnkFwd - ok
16:50:02.0625 5504 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:50:02.0703 5504 ose - ok
16:50:02.0812 5504 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:50:03.0140 5504 Parport - ok
16:50:03.0234 5504 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:50:03.0593 5504 PartMgr - ok
16:50:03.0687 5504 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:50:03.0953 5504 ParVdm - ok
16:50:04.0093 5504 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:50:04.0328 5504 PCI - ok
16:50:04.0406 5504 PCIDump - ok
16:50:04.0484 5504 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
16:50:04.0796 5504 PCIIde - ok
16:50:04.0906 5504 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:50:05.0171 5504 Pcmcia - ok
16:50:05.0218 5504 PDCOMP - ok
16:50:05.0312 5504 PDFRAME - ok
16:50:05.0406 5504 PDRELI - ok
16:50:05.0500 5504 PDRFRAME - ok
16:50:05.0546 5504 perc2 - ok
16:50:05.0656 5504 perc2hib - ok
16:50:05.0890 5504 [ 3D107D45CCFDB266E91D84B52CD7F430 ] PlugPlay C:\WINDOWS\system32\services.exe
16:50:06.0000 5504 PlugPlay - ok
16:50:06.0093 5504 [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
16:50:06.0218 5504 Pml Driver HPZ12 - ok
16:50:06.0281 5504 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:50:06.0578 5504 PolicyAgent - ok
16:50:06.0656 5504 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:50:06.0968 5504 PptpMiniport - ok
16:50:07.0046 5504 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
16:50:07.0281 5504 Processor - ok
16:50:07.0375 5504 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:50:07.0593 5504 ProtectedStorage - ok
16:50:07.0656 5504 [ D8E11D311785F89F1D70A28B0E879127 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:50:07.0703 5504 PSched - ok
16:50:07.0828 5504 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:50:08.0109 5504 Ptilink - ok
16:50:08.0140 5504 ql1080 - ok
16:50:08.0250 5504 Ql10wnt - ok
16:50:08.0328 5504 ql12160 - ok
16:50:08.0375 5504 ql1240 - ok
16:50:08.0468 5504 ql1280 - ok
16:50:08.0562 5504 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:50:08.0812 5504 RasAcd - ok
16:50:08.0984 5504 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:50:09.0203 5504 RasAuto - ok
16:50:09.0343 5504 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:50:09.0546 5504 Rasl2tp - ok
16:50:09.0625 5504 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:50:09.0875 5504 RasMan - ok
16:50:09.0921 5504 [ 2C9D4620A0FD35DE1828370B392F6E2D ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:50:10.0000 5504 RasPppoe - ok
16:50:10.0093 5504 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:50:10.0359 5504 Raspti - ok
16:50:10.0421 5504 [ 77050C6615F6EB5402F832B27FD695E0 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:50:10.0484 5504 Rdbss - ok
16:50:10.0562 5504 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:50:10.0796 5504 RDPCDD - ok
16:50:10.0921 5504 [ C694A927EB7C354F7AE97955043A9641 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:50:11.0000 5504 rdpdr - ok
16:50:11.0125 5504 [ E8E3107243B16A549B88D145EC051B06 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:50:11.0203 5504 RDPWD - ok
16:50:11.0265 5504 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:50:11.0562 5504 RDSessMgr - ok
16:50:11.0687 5504 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:50:11.0890 5504 redbook - ok
16:50:12.0031 5504 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:50:12.0234 5504 RemoteAccess - ok
16:50:12.0312 5504 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:50:12.0484 5504 RemoteRegistry - ok
16:50:12.0578 5504 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
16:50:12.0812 5504 RpcLocator - ok
16:50:12.0875 5504 [ C0BD34A62508BA68F146E22CE45919F9 ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:50:12.0937 5504 RpcSs - ok
16:50:13.0015 5504 [ 743D7D59767073A617B1DCC6C546F234 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
16:50:13.0062 5504 rspndr - ok
16:50:13.0156 5504 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:50:13.0328 5504 RSVP - ok
16:50:13.0406 5504 S3GIGP - ok
16:50:13.0500 5504 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
16:50:13.0734 5504 SamSs - ok
16:50:13.0812 5504 SANDRA - ok
16:50:13.0921 5504 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:50:14.0265 5504 SCardSvr - ok
16:50:14.0359 5504 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:50:14.0578 5504 Schedule - ok
16:50:14.0687 5504 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:50:14.0781 5504 Secdrv - ok
16:50:14.0859 5504 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:50:15.0171 5504 seclogon - ok
16:50:15.0296 5504 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
16:50:15.0531 5504 SENS - ok
16:50:15.0578 5504 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:50:15.0828 5504 serenum - ok
16:50:15.0890 5504 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:50:16.0125 5504 Serial - ok
16:50:16.0359 5504 SetupNTGLM7X - ok
16:50:16.0468 5504 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:50:16.0671 5504 Sfloppy - ok
16:50:16.0750 5504 [ 65EACFE3182AFEE8D222D0B17FE05EDA ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:50:16.0812 5504 SharedAccess - ok
16:50:16.0875 5504 [ 54A6BF743E0517528A5064CEAEB40EA7 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:50:16.0937 5504 ShellHWDetection - ok
16:50:17.0015 5504 Simbad - ok
16:50:17.0156 5504 [ 17EAB7852FF9F15FBAAB4E95EFC0B812 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:50:17.0171 5504 SkypeUpdate - ok
16:50:17.0312 5504 Sparrow - ok
16:50:17.0421 5504 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:50:17.0656 5504 splitter - ok
16:50:17.0734 5504 [ CB1090BCA0E7B40D0B5B4E4D66531809 ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:50:17.0953 5504 Spooler - ok
16:50:18.0031 5504 [ 94610C8653635E4459316A0050D55CE7 ] SR C:\WINDOWS\system32\DRIVERS\sr.sys
16:50:18.0171 5504 SR - ok
16:50:18.0265 5504 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
16:50:18.0359 5504 srservice - ok
16:50:18.0421 5504 [ E89B42B216BC86ADA4345908284519CB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:50:18.0531 5504 Srv - ok
16:50:18.0609 5504 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:50:18.0750 5504 SSDPSRV - ok
16:50:18.0828 5504 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:50:19.0078 5504 stisvc - ok
16:50:19.0156 5504 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:50:19.0406 5504 swenum - ok
16:50:19.0484 5504 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:50:19.0750 5504 swmidi - ok
16:50:19.0796 5504 SwPrv - ok
16:50:19.0843 5504 symc810 - ok
16:50:19.0937 5504 symc8xx - ok
16:50:20.0031 5504 sym_hi - ok
16:50:20.0109 5504 sym_u3 - ok
16:50:20.0187 5504 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:50:20.0437 5504 sysaudio - ok
16:50:20.0500 5504 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:50:20.0765 5504 SysmonLog - ok
16:50:20.0859 5504 [ AF2A883CC63318A8BDA168BDD7AC80D9 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:50:20.0890 5504 TapiSrv - ok
16:50:21.0015 5504 [ 367DE8E5F638C091F49273144274F629 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:50:21.0093 5504 Tcpip - ok
16:50:21.0156 5504 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:50:21.0390 5504 TDPIPE - ok
16:50:21.0484 5504 [ C0578456F29E5F26285F81B7B71FE57D ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:50:21.0578 5504 TDTCP - ok
16:50:21.0640 5504 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:50:21.0859 5504 TermDD - ok
16:50:21.0937 5504 [ 0E43A7CF302D85273FC86F5FCA9A1909 ] TermService C:\WINDOWS\System32\termsrv.dll
16:50:22.0046 5504 TermService - ok
16:50:22.0109 5504 [ 54A6BF743E0517528A5064CEAEB40EA7 ] Themes C:\WINDOWS\System32\shsvcs.dll
16:50:22.0140 5504 Themes - ok
16:50:22.0218 5504 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:50:22.0328 5504 TlntSvr - ok
16:50:22.0375 5504 TosIde - ok
16:50:22.0437 5504 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:50:22.0625 5504 TrkWks - ok
16:50:22.0750 5504 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:50:23.0000 5504 Udfs - ok
16:50:23.0140 5504 ultra - ok
16:50:23.0171 5504 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:50:23.0390 5504 Update - ok
16:50:23.0453 5504 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
16:50:23.0593 5504 upnphost - ok
16:50:23.0703 5504 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
16:50:23.0968 5504 UPS - ok
16:50:24.0000 5504 [ C18D6C74953621346DF6B0A11F80C1CC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:50:24.0093 5504 usbccgp - ok
16:50:24.0187 5504 [ 52674B5DBEE499342A599C7771ABECAA ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:50:24.0218 5504 usbehci - ok
16:50:24.0265 5504 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:50:24.0484 5504 usbhub - ok
16:50:24.0562 5504 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:50:24.0765 5504 usbprint - ok
16:50:24.0843 5504 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:50:25.0046 5504 usbscan - ok
16:50:25.0125 5504 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:50:25.0312 5504 USBSTOR - ok
16:50:25.0406 5504 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:50:25.0562 5504 usbuhci - ok
16:50:25.0640 5504 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:50:25.0812 5504 VgaSave - ok
16:50:25.0875 5504 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\drivers\ViaIde.sys
16:50:26.0140 5504 ViaIde - ok
16:50:26.0250 5504 [ C8EE49FA76EB7C41A9CDDFE58151A74E ] videX32 C:\WINDOWS\system32\DRIVERS\videX32.sys
16:50:26.0328 5504 videX32 - ok
16:50:26.0375 5504 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:50:26.0625 5504 VolSnap - ok
16:50:26.0687 5504 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
16:50:26.0843 5504 VSS - ok
16:50:26.0921 5504 [ DF2E8EA96391126977DA1B8AB6FC39FC ] W32Time C:\WINDOWS\system32\w32time.dll
16:50:27.0062 5504 W32Time - ok
16:50:27.0125 5504 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:50:27.0406 5504 Wanarp - ok
16:50:27.0562 5504 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
16:50:27.0640 5504 Wdf01000 - ok
16:50:27.0687 5504 WDICA - ok
16:50:27.0796 5504 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:50:28.0015 5504 wdmaud - ok
16:50:28.0093 5504 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:50:28.0328 5504 WebClient - ok
16:50:28.0546 5504 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:50:28.0765 5504 winmgmt - ok
16:50:28.0968 5504 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:50:29.0078 5504 WmdmPmSN - ok
16:50:29.0187 5504 [ 4E68A735673CE17152329428524BA1C3 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:50:29.0343 5504 Wmi - ok
16:50:29.0468 5504 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:50:29.0671 5504 WmiApSrv - ok
16:50:29.0812 5504 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:50:29.0859 5504 WMPNetworkSvc - ok
16:50:29.0984 5504 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:50:30.0015 5504 WpdUsb - ok
16:50:30.0125 5504 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:50:30.0359 5504 WS2IFSL - ok
16:50:30.0437 5504 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:50:30.0671 5504 wscsvc - ok
16:50:30.0781 5504 [ 02E4055488047729B333F99D93877038 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:50:30.0875 5504 wuauserv - ok
16:50:31.0000 5504 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:50:31.0046 5504 WudfPf - ok
16:50:31.0203 5504 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:50:31.0234 5504 WudfRd - ok
16:50:31.0359 5504 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:50:31.0406 5504 WudfSvc - ok
16:50:31.0500 5504 [ F345FF726D92D58ABE5B0AEE08D29DF1 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:50:31.0609 5504 WZCSVC - ok
16:50:31.0656 5504 xcpip - ok
16:50:31.0765 5504 [ FCBC27869092850CDB75139F3818653A ] xfilt C:\WINDOWS\system32\DRIVERS\xfilt.sys
16:50:31.0828 5504 xfilt - ok
16:50:31.0906 5504 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:50:32.0171 5504 xmlprov - ok
16:50:32.0218 5504 xpsec - ok
16:50:32.0265 5504 ================ Scan global ===============================
16:50:32.0390 5504 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
16:50:32.0468 5504 [ 990864D32638714B63056A61D93CF42E ] C:\WINDOWS\system32\winsrv.dll
16:50:32.0593 5504 [ 990864D32638714B63056A61D93CF42E ] C:\WINDOWS\system32\winsrv.dll
16:50:32.0640 5504 [ 3D107D45CCFDB266E91D84B52CD7F430 ] C:\WINDOWS\system32\services.exe
16:50:32.0656 5504 [Global] - ok
16:50:32.0703 5504 ================ Scan MBR ==================================
16:50:32.0750 5504 [ 2EE71BF0EED0EA80EA06D295A1A50104 ] \Device\Harddisk0\DR0
16:50:32.0781 5504 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
16:50:32.0812 5504 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
16:50:32.0937 5504 ================ Scan VBR ==================================
16:50:32.0968 5504 [ 7298785A890FB27DA1F45BA593140F2C ] \Device\Harddisk0\DR0\Partition1
16:50:32.0968 5504 \Device\Harddisk0\DR0\Partition1 - ok
16:50:32.0984 5504 ============================================================
16:50:32.0984 5504 Scan finished
16:50:32.0984 5504 ============================================================
16:50:33.0234 4500 Detected object count: 3
16:50:33.0234 4500 Actual detected object count: 3
16:50:58.0687 4500 System memory ( MEM:Backdoor.Win32.Sinowal.d ) - skipped by user
16:50:58.0687 4500 System memory ( MEM:Backdoor.Win32.Sinowal.d ) - User select action: Skip
16:50:58.0687 4500 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:58.0687 4500 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:50:58.0687 4500 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - skipped by user
16:50:58.0687 4500 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Skip

#5 Příspěvek od **vyosek** » 26 říj 2012 18:38

Spustte znovu TDSSKiller a u polozky Rootkit.Boot.Sinowal.b zvolte moznost Cure

Mates86 · #6 Příspěvek od **Mates86** » 26 říj 2012 19:08

Tady nový log:
20:03:11.0984 2100 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
20:03:12.0812 2100 ============================================================
20:03:12.0812 2100 Current date / time: 2012/10/26 20:03:12.0812
20:03:12.0812 2100 SystemInfo:
20:03:12.0812 2100
20:03:12.0812 2100 OS Version: 5.1.2600 ServicePack: 3.0
20:03:12.0812 2100 Product type: Workstation
20:03:12.0812 2100 ComputerName: POCITAC1
20:03:12.0812 2100 UserName: Krejci
20:03:12.0812 2100 Windows directory: C:\WINDOWS
20:03:12.0812 2100 System windows directory: C:\WINDOWS
20:03:12.0812 2100 Processor architecture: Intel x86
20:03:12.0812 2100 Number of processors: 1
20:03:12.0812 2100 Page size: 0x1000
20:03:12.0812 2100 Boot type: Normal boot
20:03:12.0812 2100 ============================================================
20:03:15.0531 2100 BG loaded
20:03:16.0078 2100 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:03:16.0093 2100 ============================================================
20:03:16.0093 2100 \Device\Harddisk0\DR0:
20:03:16.0109 2100 MBR partitions:
20:03:16.0109 2100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
20:03:16.0109 2100 ============================================================
20:03:16.0218 2100 C: <-> \Device\Harddisk0\DR0\Partition1
20:03:16.0250 2100 ============================================================
20:03:16.0250 2100 Initialize success
20:03:16.0250 2100 ============================================================
20:03:33.0203 3408 ============================================================
20:03:33.0203 3408 Scan started
20:03:33.0203 3408 Mode: Manual; SigCheck; TDLFS;
20:03:33.0203 3408 ============================================================
20:03:34.0062 3408 ================ Scan system memory ========================
20:03:34.0062 3408 System memory - ok
20:03:34.0109 3408 ================ Scan services =============================
20:03:34.0375 3408 0zx_fqi6i.sys - ok
20:03:34.0484 3408 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
20:03:34.0875 3408 Aavmker4 - ok
20:03:34.0953 3408 Abiosdsk - ok
20:03:35.0046 3408 abp480n5 - ok
20:03:35.0156 3408 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:03:36.0421 3408 ACPI - ok
20:03:36.0484 3408 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:03:36.0734 3408 ACPIEC - ok
20:03:36.0843 3408 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:03:36.0859 3408 AdobeFlashPlayerUpdateSvc - ok
20:03:36.0937 3408 adpu160m - ok
20:03:37.0078 3408 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:03:37.0265 3408 aec - ok
20:03:37.0375 3408 [ 38D7B715504DA4741DF35E3594FE2099 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:03:37.0437 3408 AFD - ok
20:03:37.0468 3408 Aha154x - ok
20:03:37.0562 3408 aic78u2 - ok
20:03:37.0593 3408 aic78xx - ok
20:03:37.0703 3408 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:03:37.0953 3408 Alerter - ok
20:03:38.0000 3408 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
20:03:38.0156 3408 ALG - ok
20:03:38.0250 3408 AliIde - ok
20:03:38.0421 3408 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
20:03:38.0531 3408 Ambfilt - ok
20:03:38.0640 3408 [ 59301936898AE62245A6F09C0ABA9475 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
20:03:38.0703 3408 AmdK8 - ok
20:03:38.0781 3408 amsint - ok
20:03:38.0890 3408 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:03:39.0015 3408 AppMgmt - ok
20:03:39.0093 3408 asc - ok
20:03:39.0140 3408 asc3350p - ok
20:03:39.0218 3408 asc3550 - ok
20:03:39.0484 3408 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:03:39.0515 3408 aspnet_state - ok
20:03:39.0625 3408 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:03:39.0625 3408 aswFsBlk - ok
20:03:39.0734 3408 [ 09678587C5C70F91720631EF048B4744 ] aswFW C:\WINDOWS\system32\drivers\aswFW.sys
20:03:39.0796 3408 aswFW - ok
20:03:39.0906 3408 [ 31E0D16EB06D09A248AFF20C76F9091B ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
20:03:39.0921 3408 aswKbd - ok
20:03:40.0000 3408 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
20:03:40.0015 3408 aswMon2 - ok
20:03:40.0125 3408 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\WINDOWS\system32\DRIVERS\aswNdis.sys
20:03:40.0156 3408 aswNdis - ok
20:03:40.0218 3408 [ C6E5E1E0FB3827B2359F4D394ECAA070 ] aswNdis2 C:\WINDOWS\system32\drivers\aswNdis2.sys
20:03:40.0250 3408 aswNdis2 - ok
20:03:40.0343 3408 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
20:03:40.0390 3408 AswRdr - ok
20:03:40.0484 3408 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
20:03:40.0546 3408 aswSnx - ok
20:03:40.0656 3408 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
20:03:40.0703 3408 aswSP - ok
20:03:40.0796 3408 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
20:03:40.0796 3408 aswTdi - ok
20:03:40.0921 3408 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:03:41.0093 3408 AsyncMac - ok
20:03:41.0156 3408 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:03:41.0359 3408 atapi - ok
20:03:41.0406 3408 Atdisk - ok
20:03:41.0515 3408 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:03:41.0734 3408 Atmarpc - ok
20:03:41.0796 3408 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:03:42.0046 3408 AudioSrv - ok
20:03:42.0125 3408 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:03:42.0359 3408 audstub - ok
20:03:42.0484 3408 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:03:42.0500 3408 avast! Antivirus - ok
20:03:42.0578 3408 [ DD4C61CB3CDBC8B0A7D2107C6944DC71 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
20:03:42.0593 3408 avast! Firewall - ok
20:03:42.0703 3408 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:03:42.0921 3408 Beep - ok
20:03:43.0000 3408 [ 3AEDE727580F0A7C3929DD6526145759 ] BITS C:\WINDOWS\system32\qmgr.dll
20:03:43.0062 3408 BITS - ok
20:03:43.0187 3408 [ 39CE94B2B33771A3D95C70F41847F3F9 ] Browser C:\WINDOWS\System32\browser.dll
20:03:43.0234 3408 Browser - ok
20:03:43.0296 3408 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:03:43.0546 3408 cbidf2k - ok
20:03:43.0593 3408 cd20xrnt - ok
20:03:43.0687 3408 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:03:43.0890 3408 Cdaudio - ok
20:03:44.0000 3408 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:03:44.0218 3408 Cdfs - ok
20:03:44.0296 3408 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:03:44.0359 3408 Cdrom - ok
20:03:44.0406 3408 Changer - ok
20:03:44.0500 3408 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:03:44.0703 3408 CiSvc - ok
20:03:44.0765 3408 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:03:44.0953 3408 ClipSrv - ok
20:03:45.0062 3408 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:03:45.0093 3408 clr_optimization_v2.0.50727_32 - ok
20:03:45.0140 3408 CmdIde - ok
20:03:45.0218 3408 COMSysApp - ok
20:03:45.0343 3408 Cpqarray - ok
20:03:45.0453 3408 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:03:45.0703 3408 CryptSvc - ok
20:03:45.0750 3408 dac2w2k - ok
20:03:45.0828 3408 dac960nt - ok
20:03:45.0906 3408 [ C0BD34A62508BA68F146E22CE45919F9 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:03:45.0968 3408 DcomLaunch - ok
20:03:46.0078 3408 [ EB737F46D7D494C7760A932C9B6491A4 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:03:46.0156 3408 Dhcp - ok
20:03:46.0218 3408 [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:03:46.0281 3408 Disk - ok
20:03:46.0328 3408 dmadmin - ok
20:03:46.0453 3408 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:03:46.0687 3408 dmboot - ok
20:03:46.0796 3408 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:03:47.0015 3408 dmio - ok
20:03:47.0078 3408 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:03:47.0296 3408 dmload - ok
20:03:47.0359 3408 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:03:47.0593 3408 dmserver - ok
20:03:47.0687 3408 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:03:47.0906 3408 DMusic - ok
20:03:47.0968 3408 [ 38AAD7E982198CB4F642BB60E59511F1 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:03:48.0015 3408 Dnscache - ok
20:03:48.0109 3408 [ AACFC38E9D085D58F9F933CFD6AF1D2B ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:03:48.0171 3408 Dot3svc - ok
20:03:48.0250 3408 dpti2o - ok
20:03:48.0359 3408 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:03:48.0593 3408 drmkaud - ok
20:03:48.0703 3408 [ B327281012B48BD73F587799F9F29BE2 ] DumpDrv C:\WINDOWS\system32\drivers\DumpDrv.sys
20:03:48.0734 3408 DumpDrv - ok
20:03:48.0843 3408 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:03:49.0062 3408 EapHost - ok
20:03:49.0171 3408 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:03:49.0390 3408 ERSvc - ok
20:03:49.0468 3408 [ 3D107D45CCFDB266E91D84B52CD7F430 ] Eventlog C:\WINDOWS\system32\services.exe
20:03:49.0562 3408 Eventlog - ok
20:03:49.0625 3408 [ BE68EA4457E2E5717231CF91BE5448E0 ] EventSystem C:\WINDOWS\system32\es.dll
20:03:49.0687 3408 EventSystem - ok
20:03:49.0765 3408 [ 4D893323DAE445E34A4C9038B0551BC9 ] exFat C:\WINDOWS\system32\drivers\exFat.sys
20:03:49.0843 3408 exFat - ok
20:03:49.0906 3408 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:03:50.0125 3408 Fastfat - ok
20:03:50.0250 3408 [ 54A6BF743E0517528A5064CEAEB40EA7 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:03:50.0296 3408 FastUserSwitchingCompatibility - ok
20:03:50.0406 3408 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:03:50.0625 3408 Fdc - ok
20:03:50.0734 3408 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
20:03:50.0937 3408 FETNDIS - ok
20:03:51.0031 3408 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:03:51.0250 3408 Fips - ok
20:03:51.0312 3408 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:03:51.0531 3408 Flpydisk - ok
20:03:51.0640 3408 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:03:51.0859 3408 FltMgr - ok
20:03:51.0953 3408 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:03:51.0953 3408 FontCache3.0.0.0 - ok
20:03:52.0031 3408 [ 30D42943A54704EF13E2562911DBFCEA ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:03:52.0109 3408 Fs_Rec - ok
20:03:52.0203 3408 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:03:52.0406 3408 Ftdisk - ok
20:03:52.0453 3408 [ 3A74C423CF6BCCA6982715878F450A3B ] gagp30kx C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
20:03:52.0734 3408 gagp30kx - ok
20:03:52.0812 3408 GMSIPCI - ok
20:03:52.0906 3408 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:03:53.0109 3408 Gpc - ok
20:03:53.0250 3408 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:03:53.0265 3408 gupdate - ok
20:03:53.0359 3408 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:03:53.0375 3408 gupdatem - ok
20:03:53.0437 3408 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:03:53.0671 3408 HDAudBus - ok
20:03:53.0765 3408 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:03:54.0000 3408 helpsvc - ok
20:03:54.0078 3408 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:03:54.0281 3408 HidServ - ok
20:03:54.0359 3408 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:03:54.0546 3408 hidusb - ok
20:03:54.0656 3408 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:03:54.0890 3408 hkmsvc - ok
20:03:54.0984 3408 hpn - ok
20:03:55.0078 3408 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:03:55.0171 3408 HPZid412 - ok
20:03:55.0296 3408 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:03:55.0359 3408 HPZipr12 - ok
20:03:55.0437 3408 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:03:55.0468 3408 HPZius12 - ok
20:03:55.0593 3408 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:03:55.0796 3408 HTTP - ok
20:03:55.0921 3408 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:03:56.0140 3408 HTTPFilter - ok
20:03:56.0265 3408 i2omgmt - ok
20:03:56.0312 3408 i2omp - ok
20:03:56.0390 3408 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:03:56.0625 3408 i8042prt - ok
20:03:56.0750 3408 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:03:56.0796 3408 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:03:56.0796 3408 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:03:56.0937 3408 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:03:57.0000 3408 idsvc - ok
20:03:57.0078 3408 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:03:57.0281 3408 Imapi - ok
20:03:57.0343 3408 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:03:57.0515 3408 ImapiService - ok
20:03:57.0609 3408 ini910u - ok
20:03:57.0906 3408 [ ED90E04F7A1E385E2EA956CAD83F8070 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:03:58.0218 3408 IntcAzAudAddService - ok
20:03:58.0296 3408 IntelIde - ok
20:03:58.0406 3408 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:03:58.0609 3408 Ip6Fw - ok
20:03:58.0671 3408 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:03:58.0890 3408 IpFilterDriver - ok
20:03:58.0953 3408 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:03:59.0187 3408 IpInIp - ok
20:03:59.0250 3408 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:03:59.0437 3408 IpNat - ok
20:03:59.0500 3408 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:03:59.0734 3408 IPSec - ok
20:03:59.0796 3408 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:03:59.0890 3408 IRENUM - ok
20:03:59.0984 3408 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:04:00.0203 3408 isapnp - ok
20:04:00.0343 3408 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
20:04:00.0359 3408 JavaQuickStarterService - ok
20:04:00.0437 3408 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:04:00.0656 3408 Kbdclass - ok
20:04:00.0718 3408 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:04:00.0921 3408 kbdhid - ok
20:04:01.0031 3408 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:04:01.0234 3408 kmixer - ok
20:04:01.0343 3408 [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:04:01.0359 3408 KSecDD - ok
20:04:01.0437 3408 [ 21920AC69594AB021237054FA728FE46 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
20:04:01.0609 3408 LanmanServer - ok
20:04:01.0718 3408 [ 9A2E7EE3989AAC0079E9D23555545D52 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:04:01.0781 3408 lanmanworkstation - ok
20:04:01.0859 3408 lbrtfdc - ok
20:04:02.0046 3408 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:04:02.0265 3408 LmHosts - ok
20:04:02.0343 3408 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:04:02.0578 3408 Messenger - ok
20:04:02.0671 3408 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:04:02.0859 3408 mnmdd - ok
20:04:02.0968 3408 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:04:03.0187 3408 mnmsrvc - ok
20:04:03.0296 3408 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:04:03.0484 3408 Modem - ok
20:04:03.0562 3408 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
20:04:03.0656 3408 Monfilt - ok
20:04:03.0703 3408 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:04:03.0937 3408 Mouclass - ok
20:04:04.0000 3408 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:04:04.0218 3408 mouhid - ok
20:04:04.0328 3408 [ 1A1FAA5102466F418494E94FF9B0B091 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:04:04.0343 3408 MountMgr - ok
20:04:04.0421 3408 mraid35x - ok
20:04:04.0515 3408 [ 6A7C4AC5B52155115DEE97995C1CF157 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:04:04.0578 3408 MRxDAV - ok
20:04:04.0703 3408 [ EAD71A165EB3B9DF09A2BC0DE3BD22A8 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:04:04.0781 3408 MRxSmb - ok
20:04:04.0890 3408 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:04:05.0078 3408 MSDTC - ok
20:04:05.0156 3408 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:04:05.0406 3408 Msfs - ok
20:04:05.0484 3408 MSICPL - ok
20:04:05.0562 3408 MSIServer - ok
20:04:05.0687 3408 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:04:05.0875 3408 MSKSSRV - ok
20:04:05.0937 3408 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:04:06.0156 3408 MSPCLOCK - ok
20:04:06.0218 3408 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:04:06.0453 3408 MSPQM - ok
20:04:06.0593 3408 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:04:06.0796 3408 mssmbios - ok
20:04:06.0906 3408 [ 6546FE6639499FA4BEF180BDF08266A1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:04:06.0953 3408 Mup - ok
20:04:07.0046 3408 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:04:07.0265 3408 napagent - ok
20:04:07.0375 3408 [ B5B1080D35974C0E718D64280761BCD5 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:04:07.0421 3408 NDIS - ok
20:04:07.0531 3408 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:04:07.0718 3408 NdisTapi - ok
20:04:07.0781 3408 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:04:08.0000 3408 Ndisuio - ok
20:04:08.0093 3408 [ B053A8411045FD0664B389A090CB2BBC ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:04:08.0125 3408 NdisWan - ok
20:04:08.0250 3408 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:04:08.0437 3408 NDProxy - ok
20:04:08.0515 3408 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:04:08.0671 3408 NetBIOS - ok
20:04:08.0765 3408 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:04:08.0937 3408 NetBT - ok
20:04:09.0046 3408 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
20:04:09.0218 3408 NetDDE - ok
20:04:09.0265 3408 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:04:09.0437 3408 NetDDEdsdm - ok
20:04:09.0546 3408 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:04:09.0718 3408 Netlogon - ok
20:04:09.0796 3408 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
20:04:10.0015 3408 Netman - ok
20:04:10.0093 3408 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:04:10.0109 3408 NetTcpPortSharing - ok
20:04:10.0187 3408 [ 0D594D828829E1BC727B870899376B19 ] Nla C:\WINDOWS\System32\mswsock.dll
20:04:10.0234 3408 Nla - ok
20:04:10.0312 3408 [ B0A67DE1A128389AEA4D42C5A56215FD ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
20:04:10.0468 3408 nmwcd - ok
20:04:10.0578 3408 [ 025C54F9F8C8BC1894EA38529C742C54 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
20:04:10.0687 3408 nmwcdc - ok
20:04:10.0796 3408 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:04:10.0984 3408 Npfs - ok
20:04:11.0062 3408 NTACCESS - ok
20:04:11.0125 3408 [ AE8CAD8F28DB13B515A68510A539B0B8 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:04:11.0250 3408 Ntfs - ok
20:04:11.0296 3408 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:04:11.0531 3408 NtLmSsp - ok
20:04:11.0625 3408 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:04:11.0859 3408 NtmsSvc - ok
20:04:11.0968 3408 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:04:12.0156 3408 Null - ok
20:04:12.0218 3408 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:04:12.0437 3408 NwlnkFlt - ok
20:04:12.0531 3408 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:04:12.0703 3408 NwlnkFwd - ok
20:04:12.0781 3408 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:04:12.0843 3408 ose - ok
20:04:12.0906 3408 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:04:13.0109 3408 Parport - ok
20:04:13.0171 3408 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:04:13.0406 3408 PartMgr - ok
20:04:13.0468 3408 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:04:13.0671 3408 ParVdm - ok
20:04:13.0750 3408 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:04:13.0953 3408 PCI - ok
20:04:13.0984 3408 PCIDump - ok
20:04:14.0093 3408 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
20:04:14.0328 3408 PCIIde - ok
20:04:14.0406 3408 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:04:14.0562 3408 Pcmcia - ok
20:04:14.0609 3408 PDCOMP - ok
20:04:14.0687 3408 PDFRAME - ok
20:04:14.0781 3408 PDRELI - ok
20:04:14.0859 3408 PDRFRAME - ok
20:04:14.0937 3408 perc2 - ok
20:04:15.0031 3408 perc2hib - ok
20:04:15.0250 3408 [ 3D107D45CCFDB266E91D84B52CD7F430 ] PlugPlay C:\WINDOWS\system32\services.exe
20:04:15.0296 3408 PlugPlay - ok
20:04:15.0375 3408 [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
20:04:15.0500 3408 Pml Driver HPZ12 - ok
20:04:15.0578 3408 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:04:15.0765 3408 PolicyAgent - ok
20:04:15.0875 3408 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:04:16.0078 3408 PptpMiniport - ok
20:04:16.0140 3408 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:04:16.0375 3408 Processor - ok
20:04:16.0468 3408 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:04:16.0640 3408 ProtectedStorage - ok
20:04:16.0718 3408 [ D8E11D311785F89F1D70A28B0E879127 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:04:16.0750 3408 PSched - ok
20:04:16.0859 3408 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:04:17.0046 3408 Ptilink - ok
20:04:17.0125 3408 ql1080 - ok
20:04:17.0218 3408 Ql10wnt - ok
20:04:17.0296 3408 ql12160 - ok
20:04:17.0343 3408 ql1240 - ok
20:04:17.0421 3408 ql1280 - ok
20:04:17.0515 3408 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:04:17.0734 3408 RasAcd - ok
20:04:17.0812 3408 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:04:18.0015 3408 RasAuto - ok
20:04:18.0109 3408 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:04:18.0296 3408 Rasl2tp - ok
20:04:18.0437 3408 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:04:18.0625 3408 RasMan - ok
20:04:18.0734 3408 [ 2C9D4620A0FD35DE1828370B392F6E2D ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:04:18.0875 3408 RasPppoe - ok
20:04:19.0000 3408 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:04:19.0171 3408 Raspti - ok
20:04:19.0281 3408 [ 77050C6615F6EB5402F832B27FD695E0 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:04:19.0453 3408 Rdbss - ok
20:04:19.0515 3408 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:04:19.0671 3408 RDPCDD - ok
20:04:19.0828 3408 [ C694A927EB7C354F7AE97955043A9641 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:04:19.0906 3408 rdpdr - ok
20:04:20.0015 3408 [ E8E3107243B16A549B88D145EC051B06 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:04:20.0140 3408 RDPWD - ok
20:04:20.0218 3408 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:04:20.0453 3408 RDSessMgr - ok
20:04:20.0515 3408 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:04:20.0734 3408 redbook - ok
20:04:20.0843 3408 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:04:21.0000 3408 RemoteAccess - ok
20:04:21.0078 3408 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:04:21.0234 3408 RemoteRegistry - ok
20:04:21.0296 3408 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
20:04:21.0500 3408 RpcLocator - ok
20:04:21.0578 3408 [ C0BD34A62508BA68F146E22CE45919F9 ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:04:21.0703 3408 RpcSs - ok
20:04:21.0765 3408 [ 743D7D59767073A617B1DCC6C546F234 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
20:04:21.0812 3408 rspndr - ok
20:04:21.0937 3408 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:04:22.0187 3408 RSVP - ok
20:04:22.0312 3408 S3GIGP - ok
20:04:22.0406 3408 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
20:04:22.0593 3408 SamSs - ok
20:04:22.0671 3408 SANDRA - ok
20:04:22.0781 3408 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:04:23.0078 3408 SCardSvr - ok
20:04:23.0187 3408 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:04:23.0437 3408 Schedule - ok
20:04:23.0578 3408 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:04:23.0687 3408 Secdrv - ok
20:04:23.0750 3408 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:04:24.0062 3408 seclogon - ok
20:04:24.0140 3408 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
20:04:24.0359 3408 SENS - ok
20:04:24.0421 3408 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:04:24.0609 3408 serenum - ok
20:04:24.0718 3408 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:04:24.0937 3408 Serial - ok
20:04:25.0093 3408 SetupNTGLM7X - ok
20:04:25.0171 3408 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:04:25.0328 3408 Sfloppy - ok
20:04:25.0406 3408 [ 65EACFE3182AFEE8D222D0B17FE05EDA ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:04:25.0640 3408 SharedAccess - ok
20:04:25.0687 3408 [ 54A6BF743E0517528A5064CEAEB40EA7 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:04:25.0750 3408 ShellHWDetection - ok
20:04:25.0828 3408 Simbad - ok
20:04:25.0953 3408 [ 17EAB7852FF9F15FBAAB4E95EFC0B812 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:04:26.0015 3408 SkypeUpdate - ok
20:04:26.0125 3408 Sparrow - ok
20:04:26.0250 3408 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:04:26.0390 3408 splitter - ok
20:04:26.0468 3408 [ CB1090BCA0E7B40D0B5B4E4D66531809 ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:04:26.0656 3408 Spooler - ok
20:04:26.0781 3408 [ 94610C8653635E4459316A0050D55CE7 ] SR C:\WINDOWS\system32\DRIVERS\sr.sys
20:04:26.0906 3408 SR - ok
20:04:26.0984 3408 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
20:04:27.0140 3408 srservice - ok
20:04:27.0203 3408 [ E89B42B216BC86ADA4345908284519CB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:04:27.0296 3408 Srv - ok
20:04:27.0406 3408 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:04:27.0531 3408 SSDPSRV - ok
20:04:27.0656 3408 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:04:27.0843 3408 stisvc - ok
20:04:27.0906 3408 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:04:28.0062 3408 swenum - ok
20:04:28.0109 3408 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:04:28.0328 3408 swmidi - ok
20:04:28.0406 3408 SwPrv - ok
20:04:28.0500 3408 symc810 - ok
20:04:28.0578 3408 symc8xx - ok
20:04:28.0656 3408 sym_hi - ok
20:04:28.0703 3408 sym_u3 - ok
20:04:28.0796 3408 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:04:29.0015 3408 sysaudio - ok
20:04:29.0125 3408 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:04:29.0296 3408 SysmonLog - ok
20:04:29.0421 3408 [ AF2A883CC63318A8BDA168BDD7AC80D9 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:04:29.0484 3408 TapiSrv - ok
20:04:29.0609 3408 [ 367DE8E5F638C091F49273144274F629 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:04:29.0640 3408 Tcpip - ok
20:04:29.0687 3408 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:04:29.0921 3408 TDPIPE - ok
20:04:30.0015 3408 [ C0578456F29E5F26285F81B7B71FE57D ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:04:30.0078 3408 TDTCP - ok
20:04:30.0156 3408 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:04:30.0343 3408 TermDD - ok
20:04:30.0437 3408 [ 0E43A7CF302D85273FC86F5FCA9A1909 ] TermService C:\WINDOWS\System32\termsrv.dll
20:04:30.0484 3408 TermService - ok
20:04:30.0562 3408 [ 54A6BF743E0517528A5064CEAEB40EA7 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:04:30.0625 3408 Themes - ok
20:04:30.0750 3408 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:04:30.0875 3408 TlntSvr - ok
20:04:30.0921 3408 TosIde - ok
20:04:31.0031 3408 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:04:31.0218 3408 TrkWks - ok
20:04:31.0328 3408 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:04:31.0531 3408 Udfs - ok
20:04:31.0671 3408 ultra - ok
20:04:31.0765 3408 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:04:31.0921 3408 Update - ok
20:04:32.0031 3408 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
20:04:32.0140 3408 upnphost - ok
20:04:32.0250 3408 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
20:04:32.0390 3408 UPS - ok
20:04:32.0531 3408 [ C18D6C74953621346DF6B0A11F80C1CC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:04:32.0593 3408 usbccgp - ok
20:04:32.0656 3408 [ 52674B5DBEE499342A599C7771ABECAA ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:04:32.0703 3408 usbehci - ok
20:04:32.0750 3408 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:04:32.0937 3408 usbhub - ok
20:04:33.0015 3408 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:04:33.0203 3408 usbprint - ok
20:04:33.0265 3408 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:04:33.0453 3408 usbscan - ok
20:04:33.0515 3408 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:04:33.0703 3408 USBSTOR - ok
20:04:33.0781 3408 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:04:33.0968 3408 usbuhci - ok
20:04:34.0031 3408 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:04:34.0218 3408 VgaSave - ok
20:04:34.0265 3408 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\drivers\ViaIde.sys
20:04:34.0484 3408 ViaIde - ok
20:04:34.0546 3408 [ C8EE49FA76EB7C41A9CDDFE58151A74E ] videX32 C:\WINDOWS\system32\DRIVERS\videX32.sys
20:04:34.0640 3408 videX32 - ok
20:04:34.0687 3408 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:04:34.0906 3408 VolSnap - ok
20:04:35.0000 3408 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
20:04:35.0093 3408 VSS - ok
20:04:35.0171 3408 [ DF2E8EA96391126977DA1B8AB6FC39FC ] W32Time C:\WINDOWS\system32\w32time.dll
20:04:35.0203 3408 W32Time - ok
20:04:35.0296 3408 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:04:35.0515 3408 Wanarp - ok
20:04:35.0625 3408 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
20:04:35.0703 3408 Wdf01000 - ok
20:04:35.0781 3408 WDICA - ok
20:04:35.0843 3408 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:04:36.0046 3408 wdmaud - ok
20:04:36.0156 3408 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:04:36.0359 3408 WebClient - ok
20:04:36.0546 3408 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:04:36.0687 3408 winmgmt - ok
20:04:36.0937 3408 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:04:37.0015 3408 WmdmPmSN - ok
20:04:37.0078 3408 [ 4E68A735673CE17152329428524BA1C3 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:04:37.0187 3408 Wmi - ok
20:04:37.0296 3408 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:04:37.0453 3408 WmiApSrv - ok
20:04:37.0546 3408 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:04:37.0625 3408 WMPNetworkSvc - ok
20:04:37.0703 3408 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:04:37.0718 3408 WpdUsb - ok
20:04:37.0781 3408 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:04:37.0984 3408 WS2IFSL - ok
20:04:38.0140 3408 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:04:38.0265 3408 wscsvc - ok
20:04:38.0343 3408 [ 02E4055488047729B333F99D93877038 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:04:38.0421 3408 wuauserv - ok
20:04:38.0500 3408 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:04:38.0531 3408 WudfPf - ok
20:04:38.0625 3408 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:04:38.0671 3408 WudfRd - ok
20:04:38.0734 3408 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:04:38.0781 3408 WudfSvc - ok
20:04:38.0890 3408 [ F345FF726D92D58ABE5B0AEE08D29DF1 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:04:38.0968 3408 WZCSVC - ok
20:04:39.0046 3408 xcpip - ok
20:04:39.0156 3408 [ FCBC27869092850CDB75139F3818653A ] xfilt C:\WINDOWS\system32\DRIVERS\xfilt.sys
20:04:39.0203 3408 xfilt - ok
20:04:39.0281 3408 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:04:39.0500 3408 xmlprov - ok
20:04:39.0531 3408 xpsec - ok
20:04:39.0625 3408 ================ Scan global ===============================
20:04:39.0671 3408 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
20:04:39.0750 3408 [ 990864D32638714B63056A61D93CF42E ] C:\WINDOWS\system32\winsrv.dll
20:04:39.0796 3408 [ 990864D32638714B63056A61D93CF42E ] C:\WINDOWS\system32\winsrv.dll
20:04:39.0875 3408 [ 3D107D45CCFDB266E91D84B52CD7F430 ] C:\WINDOWS\system32\services.exe
20:04:39.0875 3408 [Global] - ok
20:04:39.0921 3408 ================ Scan MBR ==================================
20:04:39.0968 3408 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
20:04:40.0203 3408 \Device\Harddisk0\DR0 - ok
20:04:40.0250 3408 ================ Scan VBR ==================================
20:04:40.0281 3408 [ 7298785A890FB27DA1F45BA593140F2C ] \Device\Harddisk0\DR0\Partition1
20:04:40.0281 3408 \Device\Harddisk0\DR0\Partition1 - ok
20:04:40.0328 3408 ============================================================
20:04:40.0328 3408 Scan finished
20:04:40.0328 3408 ============================================================
20:04:40.0562 3400 Detected object count: 1
20:04:40.0562 3400 Actual detected object count: 1
20:04:54.0453 3400 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:54.0453 3400 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

#7 Příspěvek od **vyosek** » 26 říj 2012 21:12

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Mates86 · #8 Příspěvek od **Mates86** » 26 říj 2012 22:13

log z Rkill:
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/26/2012 11:09:41 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\sfcfiles.dll [NoSig]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/26/2012 11:11:08 PM
Execution time: 0 hours(s), 1 minute(s), and 26 seconds(s)

Mates86 · #9 Příspěvek od **Mates86** » 26 říj 2012 22:47

a tady log z CF:
ComboFix 12-10-26.05 - Krejci 26.10.2012 23:31:28.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.446.180 [GMT 2:00]
Spuštěný z: c:\documents and settings\Krejci\Plocha\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-26 do 2012-10-26 )))))))))))))))))))))))))))))))
.
.
2012-10-26 17:58 . 2012-10-26 17:58 177496 ----a-w- c:\windows\system32\drivers\53908153.sys
2012-10-26 17:58 . 2012-10-26 17:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-26 17:52 . 2012-10-26 17:52 177496 ----a-w- c:\windows\system32\drivers\04509875.sys
2012-10-26 14:41 . 2012-10-26 14:41 177496 ----a-w- c:\windows\system32\drivers\01585443.sys
2012-10-23 20:46 . 2012-10-23 20:46 -------- d-----w- c:\program files\HD Tune
2012-10-22 22:32 . 2012-10-22 22:32 -------- d-----w- c:\documents and settings\Krejci\Data aplikací\Carambis
2012-10-22 22:23 . 2012-10-22 22:23 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xml12.tmp
2012-10-22 22:23 . 2012-10-22 22:23 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xml11.tmp
2012-10-21 09:43 . 2012-08-21 09:13 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-21 09:42 . 2012-08-21 09:13 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-21 09:42 . 2012-08-21 09:13 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-21 09:42 . 2012-07-13 10:47 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-10-21 09:38 . 2012-10-21 09:38 -------- d-----w- c:\program files\CCleaner
2012-10-20 12:31 . 2012-10-20 12:31 13535 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlFC.tmp
2012-10-20 12:31 . 2012-10-20 12:31 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlFE.tmp
2012-10-20 12:31 . 2012-10-20 12:31 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlFD.tmp
2012-10-20 12:31 . 2012-10-20 12:31 10719 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlFB.tmp
2012-10-20 12:18 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-20 12:18 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-20 12:18 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-20 12:18 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-20 12:18 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-20 12:17 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-20 12:17 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-20 12:17 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-20 12:17 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-20 12:17 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-20 12:13 . 2012-10-20 12:13 -------- d-----w- c:\program files\AVAST Software
2012-10-20 12:13 . 2012-10-20 12:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-10-19 17:04 . 2008-04-14 04:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-10-19 17:04 . 2008-04-14 04:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-10-09 17:51 . 2012-10-09 18:51 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-04 19:17 . 2012-10-20 08:02 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 9
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 18:51 . 2012-09-14 15:44 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:51 . 2011-08-18 11:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 01:05 . 2012-10-20 12:16 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-09-28 . 66E217E5E009815E06BA4F632794B731 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-01-24 149280]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2011-1-24 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-09-28 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58744:TCP"= 58744:TCP:Pando Media Booster
"58744:UDP"= 58744:UDP:Pando Media Booster
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [21.10.2012 11:42 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [21.10.2012 11:42 202928]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [21.10.2012 11:43 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [21.10.2012 11:42 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [20.10.2012 14:18 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.10.2012 14:18 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.10.2012 14:18 21256]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [21.10.2012 11:42 133912]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [28.9.2009 15:38 9472]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.3.2012 19:35 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [31.1.2012 16:09 158856]
S3 0zx_fqi6i.sys;0zx_fqi6i.sys;\??\c:\windows\system32\drivers\0zx_fqi6i.sys --> c:\windows\system32\drivers\0zx_fqi6i.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14.9.2012 17:44 250808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25.1.2011 1:27 1691480]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8.3.2012 19:35 136176]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 18:51]
.
2012-10-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-20 09:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=15768
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.112.162.34 217.112.160.1
FF - ProfilePath - c:\documents and settings\Krejci\Data aplikací\Mozilla\Firefox\Profiles\wm380znu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com/?l=dis&o=15768
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&q=
FF - ExtSQL: 2012-10-20 14:17; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-10-23 00:34; toolbar@ask.com; c:\documents and settings\Krejci\Data aplikacĂÂ\Mozilla\Firefox\Profiles\wm380znu.default\extensions\toolbar@ask.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-VTTimer - VTTimer.exe
HKLM-Run-S3Trayp - S3Trayp.exe
SafeBoot-11669289.sys
SafeBoot-40381152.sys
SafeBoot-90306214.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-26 23:41
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-606747145-1417001333-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5a,38,cd,d0,f7,67,fb,4e,e4,0d,ef,97,4c,d7,a1,39,52,0a,4b,2e,3f,9d,e9,
67,43,bf,76,a4,3a,4a,36,6d,79,aa,5a,88,d2,1e,99,69,0d,d1,74,ee,7c,72,5e,3b,\
"??"=hex:60,59,a3,12,10,a1,01,9c,c7,bf,20,13,24,a3,c0,88
.
[HKEY_USERS\S-1-5-21-790525478-606747145-1417001333-1004\Software\SecuROM\License information*]
"datasecu"=hex:c6,20,e6,a9,df,3c,37,64,48,eb,69,3e,6f,12,7c,9c,47,12,eb,94,de,
50,dc,a4,3d,c1,8e,86,e1,36,f7,25,75,f6,b9,e0,4c,c7,6c,c9,12,a9,b2,81,33,ff,\
"rkeysecu"=hex:8c,59,e6,0f,1a,98,ad,6f,18,86,71,bf,95,01,65,f2
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(188)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-10-26 23:44:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-26 21:44
.
Před spuštěním: Volných bajtů: 95 600 984 064
Po spuštění: Volných bajtů: 95 514 017 792
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B951FFA077EDF02599729362414E30A2

#10 Příspěvek od **vyosek** » 27 říj 2012 10:37

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Collect::
C:\WINDOWS\system32\drivers\xpsec.sys
C:\WINDOWS\system32\drivers\xcpip.sys
c:\windows\system32\drivers\0zx_fqi6i.sys

File::
c:\windows\system32\drivers\53908153.sys
c:\windows\system32\drivers\04509875.sys
c:\windows\system32\drivers\01585443.sys
c:\documents and settings\All Users\Data aplikací\xml12.tmp
c:\documents and settings\All Users\Data aplikací\xml11.tmp
c:\documents and settings\All Users\Data aplikací\xmlFC.tmp
c:\documents and settings\All Users\Data aplikací\xmlFE.tmp
c:\documents and settings\All Users\Data aplikací\xmlFD.tmp
c:\documents and settings\All Users\Data aplikací\xmlFB.tmp

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"Adobe ARM"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58744:TCP"=-
"58744:UDP"=-
"3389:TCP"=-
"65533:TCP"=-

Driver::
0zx_fqi6i.sys
gupdate
gupdatem
SetupNTGLM7X

DDS::
uStart Page = hxxp://eu.ask.com/?l=dis&o=15768

Firefox::
FF - ProfilePath - c:\documents and settings\Krejci\Data aplikací\Mozilla\Firefox\Profiles\wm380znu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com/?l=dis&o=15768
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2801948&q=
FF - ExtSQL: 2012-10-23 00:34; toolbar@ask.com; c:\documents and settings\Krejci\Data aplikacĂÂ\Mozilla\Firefox\Profiles\wm380znu.default\extensions\toolbar@ask.com

RegNull::
[HKEY_USERS\S-1-5-21-790525478-606747145-1417001333-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-790525478-606747145-1417001333-1004\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Mates86 · #11 Příspěvek od **Mates86** » 27 říj 2012 15:00

Nový log z CF:

ComboFix 12-10-26.05 - Krejci 27.10.2012 14:24:22.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.446.165 [GMT 2:00]
Spuštěný z: c:\documents and settings\Krejci\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Krejci\Plocha\CFScript.txt.txt
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\All Users\Data aplikací\xml11.tmp"
"c:\documents and settings\All Users\Data aplikací\xml12.tmp"
"c:\documents and settings\All Users\Data aplikací\xmlFB.tmp"
"c:\documents and settings\All Users\Data aplikací\xmlFC.tmp"
"c:\documents and settings\All Users\Data aplikací\xmlFD.tmp"
"c:\documents and settings\All Users\Data aplikací\xmlFE.tmp"
"c:\windows\system32\drivers\01585443.sys"
"c:\windows\system32\drivers\04509875.sys"
"c:\windows\system32\drivers\53908153.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_0ZX_FQI6I.SYS
-------\Legacy_GUPDATE
-------\Legacy_GUPDATEM
-------\Legacy_SETUPNTGLM7X
-------\Service_0zx_fqi6i.sys
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_SetupNTGLM7X
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-27 do 2012-10-27 )))))))))))))))))))))))))))))))
.
.
2012-10-26 17:58 . 2012-10-26 17:58 177496 ----a-w- c:\windows\system32\drivers\53908153.sys
2012-10-26 17:58 . 2012-10-26 17:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-26 17:52 . 2012-10-26 17:52 177496 ----a-w- c:\windows\system32\drivers\04509875.sys
2012-10-26 14:41 . 2012-10-26 14:41 177496 ----a-w- c:\windows\system32\drivers\01585443.sys
2012-10-23 20:46 . 2012-10-23 20:46 -------- d-----w- c:\program files\HD Tune
2012-10-22 22:32 . 2012-10-22 22:32 -------- d-----w- c:\documents and settings\Krejci\Data aplikací\Carambis
2012-10-22 22:23 . 2012-10-22 22:23 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xml12.tmp
2012-10-22 22:23 . 2012-10-22 22:23 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xml11.tmp
2012-10-21 09:43 . 2012-08-21 09:13 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-21 09:42 . 2012-08-21 09:13 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-21 09:42 . 2012-08-21 09:13 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-21 09:42 . 2012-07-13 10:47 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-10-21 09:38 . 2012-10-21 09:38 -------- d-----w- c:\program files\CCleaner
2012-10-20 12:31 . 2012-10-20 12:31 13535 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlFC.tmp
2012-10-20 12:31 . 2012-10-20 12:31 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlFE.tmp
2012-10-20 12:31 . 2012-10-20 12:31 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlFD.tmp
2012-10-20 12:31 . 2012-10-20 12:31 10719 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlFB.tmp
2012-10-20 12:18 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-20 12:18 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-20 12:18 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-20 12:18 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-20 12:18 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-20 12:17 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-20 12:17 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-20 12:17 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-20 12:17 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-20 12:17 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-20 12:13 . 2012-10-20 12:13 -------- d-----w- c:\program files\AVAST Software
2012-10-20 12:13 . 2012-10-20 12:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-10-19 17:04 . 2008-04-14 04:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-10-19 17:04 . 2008-04-14 04:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-10-09 17:51 . 2012-10-09 18:51 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-04 19:17 . 2012-10-20 08:02 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 9
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 18:51 . 2012-09-14 15:44 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:51 . 2011-08-18 11:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 01:05 . 2012-10-20 12:16 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-09-28 . 66E217E5E009815E06BA4F632794B731 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2011-1-24 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-09-28 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"52344:TCP"= 52344:TCP:Services
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [21.10.2012 11:42 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [21.10.2012 11:42 202928]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [21.10.2012 11:43 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [21.10.2012 11:42 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [20.10.2012 14:18 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.10.2012 14:18 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.10.2012 14:18 21256]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [21.10.2012 11:42 133912]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [28.9.2009 15:38 9472]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [31.1.2012 16:09 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14.9.2012 17:44 250808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25.1.2011 1:27 1691480]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 18:51]
.
2012-10-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-20 09:12]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.112.162.34 217.112.160.1
FF - ProfilePath - c:\documents and settings\Krejci\Data aplikací\Mozilla\Firefox\Profiles\wm380znu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2012-10-20 14:17; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-10-23 00:34; toolbar@ask.com; c:\documents and settings\Krejci\Data aplikacĂÂ\Mozilla\Firefox\Profiles\wm380znu.default\extensions\toolbar@ask.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-27 14:34
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2636)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-10-27 14:37:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-27 12:37
ComboFix2.txt 2012-10-26 21:44
.
Před spuštěním: Volných bajtů: 95 323 189 248
Po spuštění: Volných bajtů: 95 422 943 232
.
- - End Of File - - 07E5C73AE71D282B1DC0FC240BAAC65B

#12 Příspěvek od **vyosek** » 27 říj 2012 16:12

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"52344:TCP"=-

:files
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\system32\drivers\53908153.sys
c:\windows\system32\drivers\04509875.sys
c:\windows\system32\drivers\01585443.sys
c:\documents and settings\All Users\Data aplikací\xml*.tmp
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

Mates86 · #13 Příspěvek od **Mates86** » 27 říj 2012 20:08

Log z OTM:
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
========== FILES ==========
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
c:\windows\system32\drivers\53908153.sys moved successfully.
c:\windows\system32\drivers\04509875.sys moved successfully.
c:\windows\system32\drivers\01585443.sys moved successfully.
c:\documents and settings\All Users\Data aplikací\xml11.tmp moved successfully.
c:\documents and settings\All Users\Data aplikací\xml12.tmp moved successfully.
c:\documents and settings\All Users\Data aplikací\xml6F.tmp moved successfully.
c:\documents and settings\All Users\Data aplikací\xml70.tmp moved successfully.
c:\documents and settings\All Users\Data aplikací\xml71.tmp moved successfully.
c:\documents and settings\All Users\Data aplikací\xml72.tmp moved successfully.
c:\documents and settings\All Users\Data aplikací\xmlFB.tmp moved successfully.
c:\documents and settings\All Users\Data aplikací\xmlFC.tmp moved successfully.
c:\documents and settings\All Users\Data aplikací\xmlFD.tmp moved successfully.
c:\documents and settings\All Users\Data aplikací\xmlFE.tmp moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Krejci
->Temp folder emptied: 710461 bytes
->Temporary Internet Files folder emptied: 98438 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65348395 bytes
->Google Chrome cache emptied: 35749355 bytes
->Flash cache emptied: 3089369 bytes

User: LocalService
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 100,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Krejci
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default User

User: Krejci
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 10272012_210122

Files moved on Reboot...

Registry entries deleted on Reboot...

#14 Příspěvek od **vyosek** » 28 říj 2012 23:14

Fajn, jak se chova nas pacient

Mates86 · #15 Příspěvek od **Mates86** » 29 říj 2012 23:10

Překreslování oken je už OK. Počítač sice pořád hrabe často na disku ale nemůžu čekat zázraky od 6-tiletého dědečka s 512 RAM

. Pracovat se s tím teď rozhodně dá.
Díky moc za pomoc s čištěním, obdivuji že v tom dokážete najít, to co tam nepatří

VIRY.CZ

trhané překreslování oken

trhané překreslování oken

Re: trhané překreslování oken

Re: trhané překreslování oken

Re: trhané překreslování oken

Re: trhané překreslování oken

Re: trhané překreslování oken

Re: trhané překreslování oken

Re: trhané překreslování oken

Re: trhané překreslování oken

Re: trhané překreslování oken

Re: trhané překreslování oken

Re: trhané překreslování oken

Re: trhané překreslování oken

Re: trhané překreslování oken

Re: trhané překreslování oken