Prosím pomoc

Zpráva

Bogdan · #1 Příspěvek od **Bogdan** » 15 dub 2013 00:37

Dobrý den,mám problém patrně s rootkitem,mohla by nějaká dobrá duše prověřit můj log?Děkuji za ochotu.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomáš at 2013-04-15 01:33:20
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 191 GB (97%) free of 197 GB
Total RAM: 3071 MB (85% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:33:40, on 15.4.2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tomáš\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Tomáš.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1409082233-484061587-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: COVTAIGXZCT - Sysinternals - www.sysinternals.com - C:\DOCUME~1\TOM~1\LOCALS~1\Temp\COVTAIGXZCT.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: NTPHNIOHEQ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\TOM~1\LOCALS~1\Temp\NTPHNIOHEQ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

--
End of file - 4432 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-14 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-14 170912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2013-03-15 15668512]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2013-03-15 1982312]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-18 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-07-26 716800]
"AVG_UI"=C:\Program Files\AVG\AVG2013\avgui.exe [2013-03-13 4394032]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\AVG\AVG2013\avgnsx.exe"="C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2013\avgdiagex.exe"="C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostika 2013"
"C:\Program Files\AVG\AVG2013\avgmfapx.exe"="C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG2013\avgemcx.exe"="C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Obecná kontrola pošty"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-04-15 01:15:06 ----D---- C:\Program Files\trend micro
2013-04-15 01:15:05 ----D---- C:\rsit
2013-04-15 01:07:19 ----A---- C:\RootkitReveal.txt
2013-04-14 23:37:44 ----D---- C:\Program Files\ESET
2013-04-14 23:20:44 ----D---- C:\Program Files\Google
2013-04-14 22:52:36 ----D---- C:\WINDOWS\system32\NtmsData
2013-04-14 22:34:25 ----A---- C:\WINDOWS\system32\wmpns.dll
2013-04-14 22:26:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2013-04-14 22:26:13 ----D---- C:\Program Files\Common Files\Java
2013-04-14 22:24:42 ----A---- C:\WINDOWS\system32\deployJava1.dll
2013-04-14 22:24:39 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2013-04-14 22:24:39 ----A---- C:\WINDOWS\system32\javaws.exe
2013-04-14 22:24:00 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-04-14 22:24:00 ----A---- C:\WINDOWS\system32\javaw.exe
2013-04-14 22:24:00 ----A---- C:\WINDOWS\system32\java.exe
2013-04-14 22:20:24 ----D---- C:\Program Files\Java
2013-04-14 22:16:59 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\Sun
2013-04-14 20:48:58 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\NVIDIA
2013-04-14 14:15:45 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\AVG2013
2013-04-14 14:11:31 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\TuneUp Software
2013-04-14 14:05:14 ----HD---- C:\$AVG
2013-04-14 14:04:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG2013
2013-04-14 13:59:40 ----D---- C:\Program Files\AVG
2013-04-14 13:56:25 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2013-04-14 13:56:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2013-04-14 13:23:54 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\Macromedia
2013-04-14 13:23:54 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\Adobe
2013-04-14 13:22:27 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-04-14 13:21:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2013-04-14 13:18:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla
2013-04-14 12:56:25 ----N---- C:\WINDOWS\system32\wdmioctl.dll
2013-04-14 12:56:24 ----N---- C:\WINDOWS\system32\SMMedia.dll
2013-04-14 12:56:22 ----D---- C:\Program Files\Analog Devices
2013-04-14 12:56:22 ----A---- C:\WINDOWS\system32\DSndUp.exe
2013-04-14 12:56:18 ----N---- C:\WINDOWS\system32\CleanUp.exe
2013-04-14 12:55:38 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2013-04-14 12:55:36 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2013-04-14 12:55:35 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2013-04-14 12:55:31 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2013-04-14 12:55:29 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2013-04-14 12:55:28 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2013-04-14 12:55:27 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2013-04-14 12:55:26 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2013-04-14 12:55:24 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2013-04-14 12:55:23 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2013-04-14 12:55:20 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2013-04-14 12:55:13 ----A---- C:\WINDOWS\system32\ksuser.dll
2013-04-14 12:55:13 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2013-04-14 12:55:13 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2013-04-14 12:54:51 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2013-04-14 12:54:50 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2013-04-14 12:51:10 ----A---- C:\WINDOWS\AS_Debug.txt
2013-04-14 12:46:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA Corporation
2013-04-14 12:44:52 ----D---- C:\Program Files\AGEIA Technologies
2013-04-14 12:44:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2013-04-14 12:42:45 ----A---- C:\WINDOWS\system32\nvrszht.dll
2013-04-14 12:42:45 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2013-04-14 12:42:45 ----A---- C:\WINDOWS\system32\nvrstr.dll
2013-04-14 12:42:45 ----A---- C:\WINDOWS\system32\nvrsth.dll
2013-04-14 12:42:45 ----A---- C:\WINDOWS\system32\nvrssv.dll
2013-04-14 12:42:45 ----A---- C:\WINDOWS\system32\nvrssl.dll
2013-04-14 12:42:45 ----A---- C:\WINDOWS\system32\nvrssk.dll
2013-04-14 12:42:45 ----A---- C:\WINDOWS\system32\nvrsru.dll
2013-04-14 12:42:45 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2013-04-14 12:42:45 ----A---- C:\WINDOWS\system32\nvrspt.dll
2013-04-14 12:42:45 ----A---- C:\WINDOWS\system32\nvrspl.dll
2013-04-14 12:42:45 ----A---- C:\WINDOWS\system32\nvrsno.dll
2013-04-14 12:42:38 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2013-04-14 12:42:38 ----A---- C:\WINDOWS\system32\nvrsko.dll
2013-04-14 12:42:38 ----A---- C:\WINDOWS\system32\nvrsja.dll
2013-04-14 12:42:38 ----A---- C:\WINDOWS\system32\nvrsit.dll
2013-04-14 12:42:38 ----A---- C:\WINDOWS\system32\nvrshu.dll
2013-04-14 12:42:38 ----A---- C:\WINDOWS\system32\nvrshe.dll
2013-04-14 12:42:38 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2013-04-14 12:42:38 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2013-04-14 12:42:38 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2013-04-14 12:42:38 ----A---- C:\WINDOWS\system32\nvrses.dll
2013-04-14 12:42:38 ----A---- C:\WINDOWS\system32\nvrseng.dll
2013-04-14 12:42:38 ----A---- C:\WINDOWS\system32\nvrsel.dll
2013-04-14 12:42:38 ----A---- C:\WINDOWS\system32\nvrsde.dll
2013-04-14 12:42:38 ----A---- C:\WINDOWS\system32\nvrsda.dll
2013-04-14 12:42:38 ----A---- C:\WINDOWS\system32\nvrscs.dll
2013-04-14 12:42:29 ----A---- C:\WINDOWS\system32\nvrsar.dll
2013-04-14 12:42:28 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2013-04-14 12:42:28 ----A---- C:\WINDOWS\system32\nvcolor.exe
2013-04-14 12:42:11 ----A---- C:\WINDOWS\system32\nvmctray.dll
2013-04-14 12:42:11 ----A---- C:\WINDOWS\system32\nvcpl.dll
2013-04-14 12:41:11 ----A---- C:\WINDOWS\system32\nvwddi.dll
2013-04-14 12:34:33 ----A---- C:\WINDOWS\system32\OpenCL.dll
2013-04-14 12:29:24 ----A---- C:\WINDOWS\system32\nvopencl.dll
2013-04-14 12:29:24 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2013-04-14 12:29:18 ----A---- C:\WINDOWS\system32\nvdispgenco3231422.dll
2013-04-14 12:29:18 ----A---- C:\WINDOWS\system32\nvdispco3231422.dll
2013-04-14 12:29:02 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2013-04-14 12:29:02 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2013-04-14 12:29:02 ----A---- C:\WINDOWS\system32\nvcuda.dll
2013-04-14 12:27:47 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2013-04-14 12:27:47 ----A---- C:\WINDOWS\system32\nvapi.dll
2013-04-14 12:27:47 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2013-04-14 12:27:47 ----A---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2013-04-14 12:27:18 ----D---- C:\Program Files\NVIDIA Corporation
2013-04-14 12:24:03 ----D---- C:\NVIDIA
2013-04-14 12:08:37 ----SHD---- C:\RECYCLER
2013-04-14 11:57:30 ----HD---- C:\Program Files\InstallShield Installation Information
2013-04-14 11:57:30 ----D---- C:\Program Files\ASUS
2013-04-14 11:57:08 ----D---- C:\Program Files\Common Files\InstallShield
2013-04-14 11:54:11 ----D---- C:\WINDOWS\system32\drivers\system32
2013-04-14 11:54:11 ----D---- C:\WINDOWS\system32\drivers\INF
2013-04-14 11:53:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2013-04-14 11:53:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-04-14 11:53:35 ----D---- C:\Program Files\Intel
2013-04-14 11:53:19 ----D---- C:\Intel
2013-04-14 11:51:29 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\Identities
2013-04-14 11:51:28 ----HD---- C:\Program Files\Uninstall Information
2013-04-14 11:51:15 ----SD---- C:\Documents and Settings\Tomáš\Data aplikací\Microsoft
2013-04-14 11:51:15 ----ASH---- C:\Documents and Settings\Tomáš\Data aplikací\desktop.ini
2013-04-14 11:49:45 ----D---- C:\WINDOWS\SoftwareDistribution
2013-04-14 11:49:44 ----D---- C:\WINDOWS\Prefetch
2013-04-14 11:49:43 ----SD---- C:\WINDOWS\system32\Microsoft
2013-04-14 11:49:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-04-14 11:48:16 ----AS---- C:\WINDOWS\bootstat.dat
2013-04-14 11:42:50 ----D---- C:\WINDOWS\system32\xircom
2013-04-14 11:42:50 ----D---- C:\Program Files\xerox
2013-04-14 11:42:50 ----D---- C:\Program Files\microsoft frontpage
2013-04-14 11:42:28 ----HD---- C:\WINDOWS\$hf_mig$
2013-04-14 11:42:06 ----RASH---- C:\MSDOS.SYS
2013-04-14 11:42:06 ----RASH---- C:\IO.SYS
2013-04-14 11:42:06 ----A---- C:\WINDOWS\control.ini
2013-04-14 11:42:06 ----A---- C:\CONFIG.SYS
2013-04-14 11:42:06 ----A---- C:\AUTOEXEC.BAT
2013-04-14 11:41:56 ----A---- C:\WINDOWS\OEWABLog.txt
2013-04-14 11:41:47 ----A---- C:\WINDOWS\system32\mapi32.dll
2013-04-14 11:40:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2013-04-14 11:40:27 ----RD---- C:\WINDOWS\Offline Web Pages
2013-04-14 11:40:12 ----HD---- C:\Program Files\WindowsUpdate
2013-04-14 11:40:07 ----D---- C:\Program Files\Online Services
2013-04-14 11:39:45 ----D---- C:\WINDOWS\system32\DirectX
2013-04-14 11:39:21 ----A---- C:\WINDOWS\system32\atrace.dll
2013-04-14 11:39:18 ----A---- C:\WINDOWS\system32\desktop.ini
2013-04-14 11:39:18 ----A---- C:\WINDOWS\desktop.ini
2013-04-14 11:39:09 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2013-04-14 11:39:05 ----D---- C:\Program Files\Common Files\Services
2013-04-14 11:39:05 ----A---- C:\WINDOWS\system32\acctres.dll
2013-04-14 11:39:01 ----SD---- C:\WINDOWS\Tasks
2013-04-14 11:39:01 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2013-04-14 11:38:59 ----D---- C:\Program Files\Common Files\MSSoap
2013-04-14 11:38:56 ----D---- C:\WINDOWS\srchasst
2013-04-14 11:38:55 ----D---- C:\WINDOWS\system32\Macromed
2013-04-14 11:38:53 ----A---- C:\WINDOWS\system32\wuweb.dll
2013-04-14 11:38:53 ----A---- C:\WINDOWS\system32\wucltui.dll
2013-04-14 11:38:53 ----A---- C:\WINDOWS\system32\wuauserv.dll
2013-04-14 11:38:53 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2013-04-14 11:38:52 ----A---- C:\WINDOWS\system32\wups.dll
2013-04-14 11:38:52 ----A---- C:\WINDOWS\system32\wuaueng.dll
2013-04-14 11:38:52 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2013-04-14 11:38:52 ----A---- C:\WINDOWS\system32\wuauclt.exe
2013-04-14 11:38:52 ----A---- C:\WINDOWS\system32\wuapi.dll
2013-04-14 11:38:52 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2013-04-14 11:38:52 ----A---- C:\WINDOWS\system32\qmgr.dll
2013-04-14 11:38:52 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2013-04-14 11:38:52 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2013-04-14 11:38:43 ----D---- C:\Program Files\Movie Maker
2013-04-14 11:38:39 ----A---- C:\WINDOWS\system32\safrslv.dll
2013-04-14 11:38:39 ----A---- C:\WINDOWS\system32\safrdm.dll
2013-04-14 11:38:39 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2013-04-14 11:38:39 ----A---- C:\WINDOWS\system32\racpldlg.dll
2013-04-14 11:38:36 ----A---- C:\WINDOWS\system32\fltMc.exe
2013-04-14 11:38:36 ----A---- C:\WINDOWS\system32\fltlib.dll
2013-04-14 11:38:35 ----D---- C:\WINDOWS\system32\Restore
2013-04-14 11:38:35 ----A---- C:\WINDOWS\system32\srsvc.dll
2013-04-14 11:38:35 ----A---- C:\WINDOWS\system32\srrstr.dll
2013-04-14 11:38:35 ----A---- C:\WINDOWS\system32\srclient.dll
2013-04-14 11:38:35 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2013-04-14 11:38:35 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2013-04-14 11:38:34 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2013-04-14 11:38:34 ----A---- C:\WINDOWS\system32\mnmdd.dll
2013-04-14 11:38:34 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2013-04-14 11:38:34 ----A---- C:\WINDOWS\system32\ils.dll
2013-04-14 11:38:33 ----A---- C:\WINDOWS\system32\msconf.dll
2013-04-14 11:38:33 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2013-04-14 11:38:28 ----D---- C:\Program Files\NetMeeting
2013-04-14 11:38:28 ----A---- C:\WINDOWS\system32\msoert2.dll
2013-04-14 11:38:28 ----A---- C:\WINDOWS\system32\msoeacct.dll
2013-04-14 11:38:27 ----A---- C:\WINDOWS\system32\inetres.dll
2013-04-14 11:38:27 ----A---- C:\WINDOWS\system32\inetcomm.dll
2013-04-14 11:38:25 ----D---- C:\Program Files\Outlook Express
2013-04-14 11:38:25 ----A---- C:\WINDOWS\system32\schedsvc.dll
2013-04-14 11:38:25 ----A---- C:\WINDOWS\system32\mstinit.exe
2013-04-14 11:38:25 ----A---- C:\WINDOWS\system32\mstask.dll
2013-04-14 11:38:24 ----A---- C:\WINDOWS\system32\isign32.dll
2013-04-14 11:38:24 ----A---- C:\WINDOWS\system32\inetcfg.dll
2013-04-14 11:38:24 ----A---- C:\WINDOWS\system32\icwphbk.dll
2013-04-14 11:38:24 ----A---- C:\WINDOWS\system32\icwdial.dll
2013-04-14 11:38:19 ----D---- C:\Program Files\Common Files\System
2013-04-14 11:38:15 ----D---- C:\Program Files\Internet Explorer
2013-04-14 11:38:13 ----A---- C:\WINDOWS\system32\emptyregdb.dat
2013-04-14 11:38:03 ----D---- C:\Program Files\ComPlus Applications
2013-04-14 11:38:01 ----A---- C:\WINDOWS\vbaddin.ini
2013-04-14 11:38:01 ----A---- C:\WINDOWS\vb.ini
2013-04-14 11:37:55 ----D---- C:\WINDOWS\Registration
2013-04-14 11:37:02 ----D---- C:\Program Files\Windows Media Player
2013-04-14 11:36:49 ----D---- C:\Program Files\Messenger
2013-04-14 11:36:46 ----D---- C:\Program Files\MSN Gaming Zone
2013-04-14 11:36:46 ----A---- C:\WINDOWS\system32\write.exe
2013-04-14 11:36:37 ----A---- C:\WINDOWS\system32\sndvol32.exe
2013-04-14 11:36:37 ----A---- C:\WINDOWS\system32\hticons.dll
2013-04-14 11:36:37 ----A---- C:\WINDOWS\system32\avwav.dll
2013-04-14 11:36:37 ----A---- C:\WINDOWS\system32\avtapi.dll
2013-04-14 11:36:37 ----A---- C:\WINDOWS\system32\avmeter.dll
2013-04-14 11:36:36 ----A---- C:\WINDOWS\system32\winchat.exe
2013-04-14 11:36:30 ----A---- C:\WINDOWS\system32\sol.exe
2013-04-14 11:36:30 ----A---- C:\WINDOWS\system32\charmap.exe
2013-04-14 11:36:30 ----A---- C:\WINDOWS\system32\getuname.dll
2013-04-14 11:36:30 ----A---- C:\WINDOWS\system32\calc.exe
2013-04-14 11:36:29 ----A---- C:\WINDOWS\system32\winmine.exe
2013-04-14 11:36:29 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2013-04-14 11:36:29 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2013-04-14 11:36:29 ----A---- C:\WINDOWS\system32\tslabels.ini
2013-04-14 11:36:29 ----A---- C:\WINDOWS\system32\tskill.exe
2013-04-14 11:36:29 ----A---- C:\WINDOWS\system32\reset.exe
2013-04-14 11:36:29 ----A---- C:\WINDOWS\system32\mshearts.exe
2013-04-14 11:36:29 ----A---- C:\WINDOWS\system32\freecell.exe
2013-04-14 11:36:28 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2013-04-14 11:36:28 ----A---- C:\WINDOWS\system32\tscon.exe
2013-04-14 11:36:28 ----A---- C:\WINDOWS\system32\shadow.exe
2013-04-14 11:36:28 ----A---- C:\WINDOWS\system32\rwinsta.exe
2013-04-14 11:36:28 ----A---- C:\WINDOWS\system32\regini.exe
2013-04-14 11:36:28 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2013-04-14 11:36:28 ----A---- C:\WINDOWS\system32\qwinsta.exe
2013-04-14 11:36:28 ----A---- C:\WINDOWS\system32\qappsrv.exe
2013-04-14 11:36:28 ----A---- C:\WINDOWS\system32\msg.exe
2013-04-14 11:36:28 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2013-04-14 11:36:28 ----A---- C:\WINDOWS\system32\logoff.exe
2013-04-14 11:36:28 ----A---- C:\WINDOWS\system32\cdmodem.dll
2013-04-14 11:36:27 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2013-04-14 11:36:27 ----A---- C:\WINDOWS\system32\mtxex.dll
2013-04-14 11:36:27 ----A---- C:\WINDOWS\system32\mtxdm.dll
2013-04-14 11:36:27 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2013-04-14 11:36:27 ----A---- C:\WINDOWS\system32\comrepl.dll
2013-04-14 11:36:27 ----A---- C:\WINDOWS\system32\comaddin.dll
2013-04-14 11:36:26 ----A---- C:\WINDOWS\system32\stclient.dll
2013-04-14 11:36:26 ----A---- C:\WINDOWS\system32\comsnap.dll
2013-04-14 11:36:18 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2013-04-14 11:36:18 ----A---- C:\WINDOWS\system32\accwiz.exe
2013-04-14 11:36:17 ----D---- C:\Program Files\Windows NT
2013-04-14 11:36:17 ----A---- C:\WINDOWS\system32\sndrec32.exe
2013-04-14 11:36:17 ----A---- C:\WINDOWS\system32\mplay32.exe
2013-04-14 11:36:17 ----A---- C:\WINDOWS\system32\hypertrm.dll
2013-04-14 11:36:16 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2013-04-14 11:36:16 ----A---- C:\WINDOWS\system32\spider.exe
2013-04-14 11:36:16 ----A---- C:\WINDOWS\system32\mspaint.exe
2013-04-14 11:36:16 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2013-04-14 11:36:16 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2013-04-14 11:36:16 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2013-04-14 11:36:16 ----A---- C:\WINDOWS\system32\clipbrd.exe
2013-04-14 11:36:15 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2013-04-14 11:36:15 ----A---- C:\WINDOWS\system32\termsrv.dll
2013-04-14 11:36:15 ----A---- C:\WINDOWS\system32\sessmgr.exe
2013-04-14 11:36:15 ----A---- C:\WINDOWS\system32\remotepg.dll
2013-04-14 11:36:15 ----A---- C:\WINDOWS\system32\rdshost.exe
2013-04-14 11:36:15 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2013-04-14 11:36:15 ----A---- C:\WINDOWS\system32\rdchost.dll
2013-04-14 11:36:15 ----A---- C:\WINDOWS\system32\mstscax.dll
2013-04-14 11:36:15 ----A---- C:\WINDOWS\system32\mstsc.exe
2013-04-14 11:36:14 ----D---- C:\WINDOWS\system32\MsDtc
2013-04-14 11:36:14 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2013-04-14 11:36:14 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2013-04-14 11:36:14 ----A---- C:\WINDOWS\system32\rdpclip.exe
2013-04-14 11:36:14 ----A---- C:\WINDOWS\system32\qprocess.exe
2013-04-14 11:36:14 ----A---- C:\WINDOWS\system32\mtxoci.dll
2013-04-14 11:36:14 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2013-04-14 11:36:14 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2013-04-14 11:36:14 ----A---- C:\WINDOWS\system32\icaapi.dll
2013-04-14 11:36:14 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2013-04-14 11:36:13 ----A---- C:\WINDOWS\system32\xolehlp.dll
2013-04-14 11:36:13 ----A---- C:\WINDOWS\system32\msdtctm.dll
2013-04-14 11:36:13 ----A---- C:\WINDOWS\system32\msdtclog.dll
2013-04-14 11:36:13 ----A---- C:\WINDOWS\system32\msdtc.exe
2013-04-14 11:36:12 ----D---- C:\WINDOWS\system32\Com
2013-04-14 11:36:12 ----A---- C:\WINDOWS\system32\comsvcs.dll
2013-04-14 11:36:12 ----A---- C:\WINDOWS\system32\colbact.dll
2013-04-14 11:36:12 ----A---- C:\WINDOWS\system32\clbcatex.dll
2013-04-14 11:36:12 ----A---- C:\WINDOWS\system32\catsrvut.dll
2013-04-14 11:36:12 ----A---- C:\WINDOWS\system32\catsrvps.dll
2013-04-14 11:36:12 ----A---- C:\WINDOWS\system32\catsrv.dll
2013-04-14 11:36:11 ----A---- C:\WINDOWS\system32\comuid.dll
2013-04-14 11:36:10 ----A---- C:\WINDOWS\system32\clbcatq.dll
2013-04-14 11:36:06 ----A---- C:\WINDOWS\system32\servdeps.dll
2013-04-14 11:36:06 ----A---- C:\WINDOWS\system32\mmfutil.dll
2013-04-14 11:36:06 ----A---- C:\WINDOWS\system32\licwmi.dll
2013-04-14 11:36:05 ----A---- C:\WINDOWS\system32\cmprops.dll
2013-04-14 11:35:58 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2013-04-14 11:35:58 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2013-04-13 13:34:43 ----A---- C:\WINDOWS\system32\h323log.txt
2013-04-13 13:34:03 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2013-04-13 13:33:41 ----A---- C:\WINDOWS\system32\hidserv.dll
2013-04-13 13:33:18 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2013-04-13 13:32:36 ----A---- C:\WINDOWS\system32\usbui.dll
2013-04-13 13:31:05 ----A---- C:\WINDOWS\imsins.BAK
2013-04-13 13:31:03 ----SHD---- C:\WINDOWS\Installer
2013-04-13 13:31:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-04-13 13:31:00 ----D---- C:\Program Files\Common Files\ODBC
2013-04-13 13:31:00 ----A---- C:\WINDOWS\ODBCINST.INI
2013-04-13 13:30:55 ----RD---- C:\Program Files
2013-04-13 13:30:55 ----D---- C:\Program Files\Common Files\SpeechEngines
2013-04-13 13:30:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-04-13 13:30:55 ----D---- C:\Program Files\Common Files
2013-04-13 13:30:51 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2013-04-13 13:30:51 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2013-04-13 13:30:51 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2013-04-13 13:30:49 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2013-04-13 13:30:49 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2013-04-13 13:30:49 ----RA---- C:\WINDOWS\system32\kbdur.dll
2013-04-13 13:30:49 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2013-04-13 13:30:49 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2013-04-13 13:30:49 ----RA---- C:\WINDOWS\system32\kbdru.dll
2013-04-13 13:30:49 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2013-04-13 13:30:49 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2013-04-13 13:30:49 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2013-04-13 13:30:49 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2013-04-13 13:30:49 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2013-04-13 13:30:49 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2013-04-13 13:30:47 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2013-04-13 13:30:47 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2013-04-13 13:30:47 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2013-04-13 13:30:47 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2013-04-13 13:30:47 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2013-04-13 13:30:47 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2013-04-13 13:30:47 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2013-04-13 13:30:46 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2013-04-13 13:30:46 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2013-04-13 13:30:46 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2013-04-13 13:30:46 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2013-04-13 13:30:45 ----RA---- C:\WINDOWS\system32\kbdest.dll
2013-04-13 13:30:43 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2013-04-13 13:30:42 ----A---- C:\WINDOWS\system32\kbdycl.dll
2013-04-13 13:30:42 ----A---- C:\WINDOWS\system32\kbdsl.dll
2013-04-13 13:30:42 ----A---- C:\WINDOWS\system32\kbdro.dll
2013-04-13 13:30:42 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2013-04-13 13:30:42 ----A---- C:\WINDOWS\system32\kbdpl.dll
2013-04-13 13:30:42 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2013-04-13 13:30:42 ----A---- C:\WINDOWS\system32\kbdhu.dll
2013-04-13 13:30:42 ----A---- C:\WINDOWS\system32\kbdcr.dll
2013-04-13 13:30:42 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2013-04-13 13:30:41 ----A---- C:\WINDOWS\system32\spxcoins.dll
2013-04-13 13:30:41 ----A---- C:\WINDOWS\system32\irclass.dll
2013-04-13 13:30:41 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2013-04-13 13:30:41 ----A---- C:\WINDOWS\system32\dgsetup.dll
2013-04-13 13:30:41 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2013-04-13 13:30:39 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2013-04-13 13:30:39 ----A---- C:\WINDOWS\TASKMAN.EXE
2013-04-13 13:30:39 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2013-04-13 13:30:39 ----A---- C:\WINDOWS\system32\batt.dll
2013-04-13 13:30:38 ----A---- C:\WINDOWS\system32\storprop.dll
2013-04-13 13:30:38 ----A---- C:\WINDOWS\NOTEPAD.EXE
2013-04-13 13:30:27 ----RA---- C:\WINDOWS\SET21.tmp
2013-04-13 13:30:27 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2013-04-13 13:30:19 ----RA---- C:\WINDOWS\SET8.tmp
2013-04-13 13:30:07 ----RA---- C:\WINDOWS\SET4.tmp
2013-04-13 13:30:04 ----RA---- C:\WINDOWS\SET3.tmp
2013-04-13 13:29:51 ----D---- C:\WINDOWS\system32\CatRoot2
2013-04-13 13:29:51 ----D---- C:\WINDOWS\system32\CatRoot
2013-04-13 13:29:45 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2013-04-13 13:29:28 ----A---- C:\WINDOWS\setuplog.txt
2013-04-13 13:29:25 ----SHD---- C:\System Volume Information
2013-04-13 13:29:25 ----D---- C:\Documents and Settings
2013-04-13 13:29:24 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2013-04-13 13:28:40 ----SH---- C:\boot.ini
2013-04-13 13:19:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-04-13 13:19:08 ----RSD---- C:\WINDOWS\Fonts
2013-04-13 13:19:08 ----RD---- C:\WINDOWS\Web
2013-04-13 13:19:08 ----HD---- C:\WINDOWS\inf
2013-04-13 13:19:08 ----D---- C:\WINDOWS\WinSxS
2013-04-13 13:19:08 ----D---- C:\WINDOWS\twain_32
2013-04-13 13:19:08 ----D---- C:\WINDOWS\Temp
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\wins
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\wbem
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\usmt
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\spool
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\ShellExt
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\Setup
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\ras
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\oobe
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\npp
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\mui
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\inetsrv
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\IME
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\icsxml
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\ias
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\export
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\drivers\etc
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\drivers\disdn
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\drivers
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\dhcp
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\config
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\3com_dmi
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\3076
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\2052
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\1054
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\1042
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\1041
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\1037
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\1033
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\1031
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\1029
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\1028
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32\1025
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system32
2013-04-13 13:19:08 ----D---- C:\WINDOWS\system
2013-04-13 13:19:08 ----D---- C:\WINDOWS\security
2013-04-13 13:19:08 ----D---- C:\WINDOWS\Resources
2013-04-13 13:19:08 ----D---- C:\WINDOWS\repair
2013-04-13 13:19:08 ----D---- C:\WINDOWS\Provisioning
2013-04-13 13:19:08 ----D---- C:\WINDOWS\pchealth
2013-04-13 13:19:08 ----D---- C:\WINDOWS\PeerNet
2013-04-13 13:19:08 ----D---- C:\WINDOWS\mui
2013-04-13 13:19:08 ----D---- C:\WINDOWS\msapps
2013-04-13 13:19:08 ----D---- C:\WINDOWS\msagent
2013-04-13 13:19:08 ----D---- C:\WINDOWS\Media
2013-04-13 13:19:08 ----D---- C:\WINDOWS\java
2013-04-13 13:19:08 ----D---- C:\WINDOWS\ime
2013-04-13 13:19:08 ----D---- C:\WINDOWS\Help
2013-04-13 13:19:08 ----D---- C:\WINDOWS\Driver Cache
2013-04-13 13:19:08 ----D---- C:\WINDOWS\Debug
2013-04-13 13:19:08 ----D---- C:\WINDOWS\Cursors
2013-04-13 13:19:08 ----D---- C:\WINDOWS\Connection Wizard
2013-04-13 13:19:08 ----D---- C:\WINDOWS\Config
2013-04-13 13:19:08 ----D---- C:\WINDOWS\AppPatch
2013-04-13 13:19:08 ----D---- C:\WINDOWS\addins
2013-04-13 13:19:08 ----D---- C:\WINDOWS
2013-04-13 13:19:08 ----ASH---- C:\pagefile.sys

======List of files/folders modified in the last 1 month======

2013-04-14 11:42:06 ----A---- C:\WINDOWS\win.ini
2013-04-14 11:41:38 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2013-04-13 13:30:53 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2013-02-08 60216]
R0 Avglogx;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avglogx.sys [2013-02-08 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2013-02-08 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2013-02-08 39224]
R1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2013-02-26 208184]
R1 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2013-03-01 22328]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2013-02-08 170808]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2013-02-14 182072]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2006-03-02 14848]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-07-05 151552]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-12-19 92800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-02 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2013-03-15 10713024]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-14 83200]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-06-07 393088]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-03-02 31616]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [2013-02-27 4937264]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [2013-02-19 282624]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-04-14 170912]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2013-03-15 156960]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-15 1266464]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-14 116648]
S3 COVTAIGXZCT;COVTAIGXZCT; C:\DOCUME~1\TOM~1\LOCALS~1\Temp\COVTAIGXZCT.exe [2013-04-15 490368]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-14 116648]
S3 NTPHNIOHEQ;NTPHNIOHEQ; C:\DOCUME~1\TOM~1\LOCALS~1\Temp\NTPHNIOHEQ.exe [2013-04-15 584576]

-----------------EOF-----------------

#2 Příspěvek od **JaRon** » 15 dub 2013 06:41

ahoj
stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim

akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

Bogdan · #3 Příspěvek od **Bogdan** » 15 dub 2013 16:49

Bohužel při skenování Combofixem pc opakovaně zamrzlo a musel jsem natvrdo restartovat. RootkitRevealer mě najde přes 9000 záznamů,ale při pokusu o uložení logu spadne.Už se ta infekce pěkně rozlézá.Kašlu na to, jdu formátovat.

#4 Příspěvek od **JaRon** » 16 dub 2013 06:02

vloz log z TDSSKiller + skus CF v nudzovom rezime

Bogdan · #5 Příspěvek od **Bogdan** » 16 dub 2013 17:39

Několikátý reinstal nepomohl.Nemůžu se toho svinstva zbavit.Combofix zamrzne i v nouzovém režimu.

18:28:03.0500 1624 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:28:03.0687 1624 ============================================================
18:28:03.0687 1624 Current date / time: 2013/04/16 18:28:03.0687
18:28:03.0687 1624 SystemInfo:
18:28:03.0687 1624
18:28:03.0687 1624 OS Version: 5.1.2600 ServicePack: 2.0
18:28:03.0687 1624 Product type: Workstation
18:28:03.0687 1624 ComputerName: H1N1
18:28:03.0687 1624 UserName: tom
18:28:03.0687 1624 Windows directory: E:\WINDOWS
18:28:03.0687 1624 System windows directory: E:\WINDOWS
18:28:03.0687 1624 Processor architecture: Intel x86
18:28:03.0687 1624 Number of processors: 2
18:28:03.0687 1624 Page size: 0x1000
18:28:03.0687 1624 Boot type: Normal boot
18:28:03.0687 1624 ============================================================
18:28:04.0953 1624 Drive \Device\Harddisk0\DR0 - Size: 0x49C7747A00 (295.12 Gb), SectorSize: 0x200, Cylinders: 0x967D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:28:04.0953 1624 Drive \Device\Harddisk1\DR6 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:28:04.0953 1624 ============================================================
18:28:04.0953 1624 \Device\Harddisk0\DR0:
18:28:04.0953 1624 MBR partitions:
18:28:04.0953 1624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17FFC0E8
18:28:04.0968 1624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17FFC166, BlocksNum 0x2F14A82
18:28:04.0984 1624 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1AF10C27, BlocksNum 0x9F2AE16
18:28:04.0984 1624 \Device\Harddisk1\DR6:
18:28:04.0984 1624 MBR partitions:
18:28:04.0984 1624 \Device\Harddisk1\DR6\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x777FE0
18:28:04.0984 1624 ============================================================
18:28:05.0000 1624 D: <-> \Device\Harddisk0\DR0\Partition2
18:28:05.0031 1624 E: <-> \Device\Harddisk0\DR0\Partition3
18:28:05.0046 1624 C: <-> \Device\Harddisk0\DR0\Partition1
18:28:05.0046 1624 ============================================================
18:28:05.0046 1624 Initialize success
18:28:05.0046 1624 ============================================================
18:28:09.0875 1132 ============================================================
18:28:09.0875 1132 Scan started
18:28:09.0875 1132 Mode: Manual;
18:28:09.0875 1132 ============================================================
18:28:10.0906 1132 ================ Scan system memory ========================
18:28:10.0906 1132 System memory - ok
18:28:10.0906 1132 ================ Scan services =============================
18:28:11.0406 1132 Abiosdsk - ok
18:28:11.0421 1132 abp480n5 - ok
18:28:11.0453 1132 [ FA2FBCDA96D2385F773B059FE5A125A6 ] ACPI E:\WINDOWS\system32\DRIVERS\ACPI.sys
18:28:11.0468 1132 ACPI - ok
18:28:11.0484 1132 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC E:\WINDOWS\system32\drivers\ACPIEC.sys
18:28:11.0484 1132 ACPIEC - ok
18:28:11.0515 1132 [ AE3475450BD241598AE60CAB4A40FADF ] ADIHdAudAddService E:\WINDOWS\system32\drivers\ADIHdAud.sys
18:28:11.0515 1132 ADIHdAudAddService - ok
18:28:11.0531 1132 adpu160m - ok
18:28:11.0562 1132 [ F932A37FFF15D1B35289213089E9C78D ] AEAudioService E:\WINDOWS\system32\drivers\AEAudio.sys
18:28:11.0562 1132 AEAudioService - ok
18:28:11.0593 1132 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec E:\WINDOWS\system32\drivers\aec.sys
18:28:11.0593 1132 aec - ok
18:28:11.0625 1132 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD E:\WINDOWS\System32\drivers\afd.sys
18:28:11.0625 1132 AFD - ok
18:28:11.0640 1132 Aha154x - ok
18:28:11.0656 1132 aic78u2 - ok
18:28:11.0687 1132 aic78xx - ok
18:28:11.0718 1132 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter E:\WINDOWS\system32\alrsvc.dll
18:28:11.0718 1132 Alerter - ok
18:28:11.0734 1132 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG E:\WINDOWS\System32\alg.exe
18:28:11.0734 1132 ALG - ok
18:28:11.0750 1132 AliIde - ok
18:28:11.0781 1132 amsint - ok
18:28:11.0796 1132 AppMgmt - ok
18:28:11.0812 1132 asc - ok
18:28:11.0843 1132 asc3350p - ok
18:28:11.0859 1132 asc3550 - ok
18:28:11.0890 1132 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac E:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:28:11.0890 1132 AsyncMac - ok
18:28:11.0937 1132 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi E:\WINDOWS\system32\DRIVERS\atapi.sys
18:28:11.0937 1132 atapi - ok
18:28:11.0937 1132 Atdisk - ok
18:28:11.0968 1132 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc E:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:28:11.0968 1132 Atmarpc - ok
18:28:12.0000 1132 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv E:\WINDOWS\System32\audiosrv.dll
18:28:12.0000 1132 AudioSrv - ok
18:28:12.0031 1132 [ D9F724AA26C010A217C97606B160ED68 ] audstub E:\WINDOWS\system32\DRIVERS\audstub.sys
18:28:12.0031 1132 audstub - ok
18:28:12.0062 1132 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep E:\WINDOWS\system32\drivers\Beep.sys
18:28:12.0062 1132 Beep - ok
18:28:12.0093 1132 [ E774A26610EC92674273486612C11CFC ] BITS E:\WINDOWS\system32\qmgr.dll
18:28:12.0109 1132 BITS - ok
18:28:12.0156 1132 [ F219E27E88107A50544153898DD8178E ] Browser E:\WINDOWS\System32\browser.dll
18:28:12.0156 1132 Browser - ok
18:28:12.0187 1132 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k E:\WINDOWS\system32\drivers\cbidf2k.sys
18:28:12.0187 1132 cbidf2k - ok
18:28:12.0203 1132 cd20xrnt - ok
18:28:12.0218 1132 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio E:\WINDOWS\system32\drivers\Cdaudio.sys
18:28:12.0218 1132 Cdaudio - ok
18:28:12.0250 1132 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs E:\WINDOWS\system32\drivers\Cdfs.sys
18:28:12.0250 1132 Cdfs - ok
18:28:12.0265 1132 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom E:\WINDOWS\system32\DRIVERS\cdrom.sys
18:28:12.0265 1132 Cdrom - ok
18:28:12.0281 1132 Changer - ok
18:28:12.0312 1132 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc E:\WINDOWS\system32\cisvc.exe
18:28:12.0312 1132 CiSvc - ok
18:28:12.0343 1132 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv E:\WINDOWS\system32\clipsrv.exe
18:28:12.0343 1132 ClipSrv - ok
18:28:12.0343 1132 CmdIde - ok
18:28:12.0375 1132 COMSysApp - ok
18:28:12.0406 1132 Cpqarray - ok
18:28:12.0437 1132 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc E:\WINDOWS\System32\cryptsvc.dll
18:28:12.0437 1132 CryptSvc - ok
18:28:12.0453 1132 dac2w2k - ok
18:28:12.0484 1132 dac960nt - ok
18:28:12.0515 1132 [ C72C15EE57E248C66E57C76CAB086CF2 ] DcomLaunch E:\WINDOWS\system32\rpcss.dll
18:28:12.0531 1132 DcomLaunch - ok
18:28:12.0562 1132 [ 562830EFB7CF367FB773FEA5256E67C8 ] Dhcp E:\WINDOWS\System32\dhcpcsvc.dll
18:28:12.0562 1132 Dhcp - ok
18:28:12.0578 1132 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk E:\WINDOWS\system32\DRIVERS\disk.sys
18:28:12.0578 1132 Disk - ok
18:28:12.0593 1132 dmadmin - ok
18:28:12.0656 1132 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot E:\WINDOWS\system32\drivers\dmboot.sys
18:28:12.0687 1132 dmboot - ok
18:28:12.0703 1132 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio E:\WINDOWS\system32\drivers\dmio.sys
18:28:12.0703 1132 dmio - ok
18:28:12.0718 1132 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload E:\WINDOWS\system32\drivers\dmload.sys
18:28:12.0718 1132 dmload - ok
18:28:12.0750 1132 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver E:\WINDOWS\System32\dmserver.dll
18:28:12.0750 1132 dmserver - ok
18:28:12.0765 1132 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic E:\WINDOWS\system32\drivers\DMusic.sys
18:28:12.0765 1132 DMusic - ok
18:28:12.0796 1132 [ F605B3F5674D67587C4B6C9E92A3E025 ] Dnscache E:\WINDOWS\System32\dnsrslvr.dll
18:28:12.0796 1132 Dnscache - ok
18:28:12.0812 1132 dpti2o - ok
18:28:12.0828 1132 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud E:\WINDOWS\system32\drivers\drmkaud.sys
18:28:12.0828 1132 drmkaud - ok
18:28:12.0859 1132 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc E:\WINDOWS\System32\ersvc.dll
18:28:12.0859 1132 ERSvc - ok
18:28:12.0875 1132 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] Eventlog E:\WINDOWS\system32\services.exe
18:28:12.0875 1132 Eventlog - ok
18:28:12.0906 1132 [ 972378B907070F64932A87C90A035487 ] EventSystem E:\WINDOWS\system32\es.dll
18:28:12.0921 1132 EventSystem - ok
18:28:12.0937 1132 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat E:\WINDOWS\system32\drivers\Fastfat.sys
18:28:12.0937 1132 Fastfat - ok
18:28:12.0968 1132 [ 8BA76BD2A943F642F267A296A15776D2 ] FastUserSwitchingCompatibility E:\WINDOWS\System32\shsvcs.dll
18:28:12.0968 1132 FastUserSwitchingCompatibility - ok
18:28:13.0000 1132 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc E:\WINDOWS\system32\DRIVERS\fdc.sys
18:28:13.0000 1132 Fdc - ok
18:28:13.0015 1132 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips E:\WINDOWS\system32\drivers\Fips.sys
18:28:13.0015 1132 Fips - ok
18:28:13.0046 1132 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk E:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:28:13.0046 1132 Flpydisk - ok
18:28:13.0078 1132 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr E:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:28:13.0078 1132 FltMgr - ok
18:28:13.0093 1132 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec E:\WINDOWS\system32\drivers\Fs_Rec.sys
18:28:13.0093 1132 Fs_Rec - ok
18:28:13.0109 1132 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk E:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:28:13.0109 1132 Ftdisk - ok
18:28:13.0140 1132 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc E:\WINDOWS\system32\DRIVERS\msgpc.sys
18:28:13.0140 1132 Gpc - ok
18:28:13.0171 1132 [ F58D2900C66A1E773E3375098E0E9337 ] HdAudAddService E:\WINDOWS\system32\drivers\HdAudio.sys
18:28:13.0171 1132 HdAudAddService - ok
18:28:13.0203 1132 [ CBC3DEF409549672B915FB9403D63F74 ] HDAudBus E:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:28:13.0203 1132 HDAudBus - ok
18:28:13.0218 1132 [ F59152272782FED8A8197FA788287F68 ] helpsvc E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:28:13.0218 1132 helpsvc - ok
18:28:13.0250 1132 [ D2DCF769E5A70027058AD5BE1F9B55BF ] HidServ E:\WINDOWS\System32\hidserv.dll
18:28:13.0250 1132 HidServ - ok
18:28:13.0265 1132 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb E:\WINDOWS\system32\DRIVERS\hidusb.sys
18:28:13.0265 1132 hidusb - ok
18:28:13.0281 1132 hpn - ok
18:28:13.0312 1132 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP E:\WINDOWS\system32\Drivers\HTTP.sys
18:28:13.0328 1132 HTTP - ok
18:28:13.0343 1132 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter E:\WINDOWS\System32\w3ssl.dll
18:28:13.0343 1132 HTTPFilter - ok
18:28:13.0359 1132 i2omgmt - ok
18:28:13.0390 1132 i2omp - ok
18:28:13.0421 1132 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt E:\WINDOWS\system32\drivers\i8042prt.sys
18:28:13.0421 1132 i8042prt - ok
18:28:13.0453 1132 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi E:\WINDOWS\system32\DRIVERS\imapi.sys
18:28:13.0453 1132 Imapi - ok
18:28:13.0484 1132 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService E:\WINDOWS\system32\imapi.exe
18:28:13.0484 1132 ImapiService - ok
18:28:13.0515 1132 ini910u - ok
18:28:13.0546 1132 IntelIde - ok
18:28:13.0562 1132 [ 10A3AC0F0DF720AD3C3FD13861D50EB9 ] intelppm E:\WINDOWS\system32\DRIVERS\intelppm.sys
18:28:13.0562 1132 intelppm - ok
18:28:13.0593 1132 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw E:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:28:13.0593 1132 Ip6Fw - ok
18:28:13.0625 1132 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:28:13.0625 1132 IpFilterDriver - ok
18:28:13.0640 1132 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp E:\WINDOWS\system32\DRIVERS\ipinip.sys
18:28:13.0640 1132 IpInIp - ok
18:28:13.0656 1132 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat E:\WINDOWS\system32\DRIVERS\ipnat.sys
18:28:13.0656 1132 IpNat - ok
18:28:13.0703 1132 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec E:\WINDOWS\system32\DRIVERS\ipsec.sys
18:28:13.0703 1132 IPSec - ok
18:28:13.0734 1132 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM E:\WINDOWS\system32\DRIVERS\irenum.sys
18:28:13.0734 1132 IRENUM - ok
18:28:13.0781 1132 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp E:\WINDOWS\system32\DRIVERS\isapnp.sys
18:28:13.0781 1132 isapnp - ok
18:28:13.0796 1132 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass E:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:28:13.0796 1132 Kbdclass - ok
18:28:13.0812 1132 [ 065B5A83AA78C0C7047BF22E0AB5C821 ] kbdhid E:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:28:13.0812 1132 kbdhid - ok
18:28:13.0843 1132 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer E:\WINDOWS\system32\drivers\kmixer.sys
18:28:13.0843 1132 kmixer - ok
18:28:13.0859 1132 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD E:\WINDOWS\system32\drivers\KSecDD.sys
18:28:13.0875 1132 KSecDD - ok
18:28:13.0906 1132 [ 6D6BDD68B775986577C48A8DF961A05C ] lanmanserver E:\WINDOWS\System32\srvsvc.dll
18:28:13.0906 1132 lanmanserver - ok
18:28:13.0937 1132 [ 69B0569AAE33F0D5057CA0E8577AAF07 ] lanmanworkstation E:\WINDOWS\System32\wkssvc.dll
18:28:13.0937 1132 lanmanworkstation - ok
18:28:13.0953 1132 lbrtfdc - ok
18:28:14.0000 1132 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts E:\WINDOWS\System32\lmhsvc.dll
18:28:14.0000 1132 LmHosts - ok
18:28:14.0015 1132 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger E:\WINDOWS\System32\msgsvc.dll
18:28:14.0015 1132 Messenger - ok
18:28:14.0046 1132 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd E:\WINDOWS\system32\drivers\mnmdd.sys
18:28:14.0046 1132 mnmdd - ok
18:28:14.0078 1132 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc E:\WINDOWS\system32\mnmsrvc.exe
18:28:14.0078 1132 mnmsrvc - ok
18:28:14.0093 1132 [ 60210DEB037846AFE521EBF349964F6B ] Modem E:\WINDOWS\system32\drivers\Modem.sys
18:28:14.0093 1132 Modem - ok
18:28:14.0109 1132 [ B160EC94114715675509115986400FD9 ] Mouclass E:\WINDOWS\system32\DRIVERS\mouclass.sys
18:28:14.0109 1132 Mouclass - ok
18:28:14.0140 1132 [ BB269EBA740737AB749B214D568B6812 ] mouhid E:\WINDOWS\system32\DRIVERS\mouhid.sys
18:28:14.0140 1132 mouhid - ok
18:28:14.0156 1132 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr E:\WINDOWS\system32\drivers\MountMgr.sys
18:28:14.0156 1132 MountMgr - ok
18:28:14.0218 1132 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:28:14.0218 1132 MozillaMaintenance - ok
18:28:14.0234 1132 mraid35x - ok
18:28:14.0265 1132 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV E:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:28:14.0265 1132 MRxDAV - ok
18:28:14.0312 1132 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:28:14.0328 1132 MRxSmb - ok
18:28:14.0343 1132 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC E:\WINDOWS\system32\msdtc.exe
18:28:14.0343 1132 MSDTC - ok
18:28:14.0375 1132 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs E:\WINDOWS\system32\drivers\Msfs.sys
18:28:14.0375 1132 Msfs - ok
18:28:14.0390 1132 MSIServer - ok
18:28:14.0406 1132 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV E:\WINDOWS\system32\drivers\MSKSSRV.sys
18:28:14.0406 1132 MSKSSRV - ok
18:28:14.0437 1132 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK E:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:28:14.0437 1132 MSPCLOCK - ok
18:28:14.0453 1132 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM E:\WINDOWS\system32\drivers\MSPQM.sys
18:28:14.0453 1132 MSPQM - ok
18:28:14.0484 1132 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios E:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:28:14.0484 1132 mssmbios - ok
18:28:14.0515 1132 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup E:\WINDOWS\system32\drivers\Mup.sys
18:28:14.0515 1132 Mup - ok
18:28:14.0531 1132 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS E:\WINDOWS\system32\drivers\NDIS.sys
18:28:14.0546 1132 NDIS - ok
18:28:14.0562 1132 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi E:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:28:14.0562 1132 NdisTapi - ok
18:28:14.0578 1132 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio E:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:28:14.0578 1132 Ndisuio - ok
18:28:14.0609 1132 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan E:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:28:14.0609 1132 NdisWan - ok
18:28:14.0625 1132 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy E:\WINDOWS\system32\drivers\NDProxy.sys
18:28:14.0625 1132 NDProxy - ok
18:28:14.0656 1132 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS E:\WINDOWS\system32\DRIVERS\netbios.sys
18:28:14.0656 1132 NetBIOS - ok
18:28:14.0687 1132 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT E:\WINDOWS\system32\DRIVERS\netbt.sys
18:28:14.0687 1132 NetBT - ok
18:28:14.0718 1132 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE E:\WINDOWS\system32\netdde.exe
18:28:14.0718 1132 NetDDE - ok
18:28:14.0734 1132 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm E:\WINDOWS\system32\netdde.exe
18:28:14.0734 1132 NetDDEdsdm - ok
18:28:14.0765 1132 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon E:\WINDOWS\system32\lsass.exe
18:28:14.0765 1132 Netlogon - ok
18:28:14.0781 1132 [ AF342D2781225A8769686E0D47E3123E ] Netman E:\WINDOWS\System32\netman.dll
18:28:14.0781 1132 Netman - ok
18:28:14.0812 1132 [ 64C078BD4EFD441C3F159EDC5EA4420A ] Nla E:\WINDOWS\System32\mswsock.dll
18:28:14.0812 1132 Nla - ok
18:28:14.0828 1132 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs E:\WINDOWS\system32\drivers\Npfs.sys
18:28:14.0828 1132 Npfs - ok
18:28:14.0875 1132 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs E:\WINDOWS\system32\drivers\Ntfs.sys
18:28:14.0890 1132 Ntfs - ok
18:28:14.0890 1132 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp E:\WINDOWS\system32\lsass.exe
18:28:14.0890 1132 NtLmSsp - ok
18:28:14.0937 1132 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc E:\WINDOWS\system32\ntmssvc.dll
18:28:14.0953 1132 NtmsSvc - ok
18:28:14.0968 1132 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null E:\WINDOWS\system32\drivers\Null.sys
18:28:14.0968 1132 Null - ok
18:28:15.0000 1132 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:28:15.0000 1132 NwlnkFlt - ok
18:28:15.0015 1132 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:28:15.0015 1132 NwlnkFwd - ok
18:28:15.0062 1132 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport E:\WINDOWS\system32\DRIVERS\parport.sys
18:28:15.0062 1132 Parport - ok
18:28:15.0078 1132 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr E:\WINDOWS\system32\drivers\PartMgr.sys
18:28:15.0078 1132 PartMgr - ok
18:28:15.0109 1132 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm E:\WINDOWS\system32\drivers\ParVdm.sys
18:28:15.0109 1132 ParVdm - ok
18:28:15.0125 1132 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI E:\WINDOWS\system32\DRIVERS\pci.sys
18:28:15.0140 1132 PCI - ok
18:28:15.0140 1132 PCIDump - ok
18:28:15.0171 1132 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde E:\WINDOWS\system32\DRIVERS\pciide.sys
18:28:15.0171 1132 PCIIde - ok
18:28:15.0203 1132 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia E:\WINDOWS\system32\drivers\Pcmcia.sys
18:28:15.0203 1132 Pcmcia - ok
18:28:15.0218 1132 PDCOMP - ok
18:28:15.0234 1132 PDFRAME - ok
18:28:15.0250 1132 PDRELI - ok
18:28:15.0281 1132 PDRFRAME - ok
18:28:15.0296 1132 perc2 - ok
18:28:15.0312 1132 perc2hib - ok
18:28:15.0390 1132 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] PlugPlay E:\WINDOWS\system32\services.exe
18:28:15.0390 1132 PlugPlay - ok
18:28:15.0406 1132 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent E:\WINDOWS\system32\lsass.exe
18:28:15.0406 1132 PolicyAgent - ok
18:28:15.0437 1132 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport E:\WINDOWS\system32\DRIVERS\raspptp.sys
18:28:15.0437 1132 PptpMiniport - ok
18:28:15.0453 1132 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage E:\WINDOWS\system32\lsass.exe
18:28:15.0453 1132 ProtectedStorage - ok
18:28:15.0484 1132 [ 48671F327553DCF1D27F6197F622A668 ] PSched E:\WINDOWS\system32\DRIVERS\psched.sys
18:28:15.0484 1132 PSched - ok
18:28:15.0500 1132 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink E:\WINDOWS\system32\DRIVERS\ptilink.sys
18:28:15.0500 1132 Ptilink - ok
18:28:15.0515 1132 ql1080 - ok
18:28:15.0531 1132 Ql10wnt - ok
18:28:15.0562 1132 ql12160 - ok
18:28:15.0578 1132 ql1240 - ok
18:28:15.0609 1132 ql1280 - ok
18:28:15.0625 1132 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd E:\WINDOWS\system32\DRIVERS\rasacd.sys
18:28:15.0625 1132 RasAcd - ok
18:28:15.0656 1132 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto E:\WINDOWS\System32\rasauto.dll
18:28:15.0656 1132 RasAuto - ok
18:28:15.0671 1132 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:28:15.0671 1132 Rasl2tp - ok
18:28:15.0718 1132 [ 6E519D777C91E90592403C9F981FDF03 ] RasMan E:\WINDOWS\System32\rasmans.dll
18:28:15.0718 1132 RasMan - ok
18:28:15.0734 1132 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe E:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:28:15.0734 1132 RasPppoe - ok
18:28:15.0750 1132 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti E:\WINDOWS\system32\DRIVERS\raspti.sys
18:28:15.0750 1132 Raspti - ok
18:28:15.0781 1132 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss E:\WINDOWS\system32\DRIVERS\rdbss.sys
18:28:15.0781 1132 Rdbss - ok
18:28:15.0796 1132 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:28:15.0796 1132 RDPCDD - ok
18:28:15.0859 1132 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD E:\WINDOWS\system32\drivers\RDPWD.sys
18:28:15.0859 1132 RDPWD - ok
18:28:15.0890 1132 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr E:\WINDOWS\system32\sessmgr.exe
18:28:15.0906 1132 RDSessMgr - ok
18:28:15.0921 1132 [ ABA13D33E1F888C9A68599A48A8840D6 ] redbook E:\WINDOWS\system32\DRIVERS\redbook.sys
18:28:15.0921 1132 redbook - ok
18:28:15.0937 1132 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess E:\WINDOWS\System32\mprdim.dll
18:28:15.0953 1132 RemoteAccess - ok
18:28:15.0968 1132 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator E:\WINDOWS\system32\locator.exe
18:28:15.0984 1132 RpcLocator - ok
18:28:16.0000 1132 [ C72C15EE57E248C66E57C76CAB086CF2 ] RpcSs E:\WINDOWS\system32\rpcss.dll
18:28:16.0015 1132 RpcSs - ok
18:28:16.0031 1132 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP E:\WINDOWS\system32\rsvp.exe
18:28:16.0031 1132 RSVP - ok
18:28:16.0078 1132 [ 25BE98C05808C57E4D8D26477DC12D39 ] RTLE8023xp E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
18:28:16.0078 1132 RTLE8023xp - ok
18:28:16.0078 1132 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs E:\WINDOWS\system32\lsass.exe
18:28:16.0078 1132 SamSs - ok
18:28:16.0125 1132 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr E:\WINDOWS\System32\SCardSvr.exe
18:28:16.0140 1132 SCardSvr - ok
18:28:16.0187 1132 [ 29AC93307C6182DBE336BCA314947F28 ] Schedule E:\WINDOWS\system32\schedsvc.dll
18:28:16.0187 1132 Schedule - ok
18:28:16.0203 1132 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv E:\WINDOWS\system32\DRIVERS\secdrv.sys
18:28:16.0218 1132 Secdrv - ok
18:28:16.0234 1132 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon E:\WINDOWS\System32\seclogon.dll
18:28:16.0234 1132 seclogon - ok
18:28:16.0265 1132 [ 23228966244CDD9627BDE4141B3BE1F0 ] SenFiltService E:\WINDOWS\system32\drivers\Senfilt.sys
18:28:16.0281 1132 SenFiltService - ok
18:28:16.0281 1132 [ 220AD85BA9C5B3011296354011B901CC ] SENS E:\WINDOWS\system32\sens.dll
18:28:16.0296 1132 SENS - ok
18:28:16.0312 1132 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum E:\WINDOWS\system32\DRIVERS\serenum.sys
18:28:16.0312 1132 serenum - ok
18:28:16.0343 1132 [ C1DDBC85251551A840212999DA3D95F3 ] Serial E:\WINDOWS\system32\DRIVERS\serial.sys
18:28:16.0343 1132 Serial - ok
18:28:16.0359 1132 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy E:\WINDOWS\system32\drivers\Sfloppy.sys
18:28:16.0359 1132 Sfloppy - ok
18:28:16.0406 1132 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess E:\WINDOWS\System32\ipnathlp.dll
18:28:16.0406 1132 SharedAccess - ok
18:28:16.0421 1132 [ 8BA76BD2A943F642F267A296A15776D2 ] ShellHWDetection E:\WINDOWS\System32\shsvcs.dll
18:28:16.0421 1132 ShellHWDetection - ok
18:28:16.0437 1132 Simbad - ok
18:28:16.0468 1132 Sparrow - ok
18:28:16.0500 1132 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter E:\WINDOWS\system32\drivers\splitter.sys
18:28:16.0500 1132 splitter - ok
18:28:16.0515 1132 [ 21B6FAA88044A41640E03EBB68BE93E8 ] Spooler E:\WINDOWS\system32\spoolsv.exe
18:28:16.0515 1132 Spooler - ok
18:28:16.0546 1132 [ A74035EA526DB97D9D50D2143A55F5CF ] sr E:\WINDOWS\system32\DRIVERS\sr.sys
18:28:16.0546 1132 sr - ok
18:28:16.0578 1132 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice E:\WINDOWS\system32\srsvc.dll
18:28:16.0578 1132 srservice - ok
18:28:16.0609 1132 [ 20B7E396720353E4117D64D9DCB926CA ] Srv E:\WINDOWS\system32\DRIVERS\srv.sys
18:28:16.0625 1132 Srv - ok
18:28:16.0656 1132 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV E:\WINDOWS\System32\ssdpsrv.dll
18:28:16.0656 1132 SSDPSRV - ok
18:28:16.0718 1132 [ 0645CCDDDD27F96EEA3534C1DEF736D9 ] stisvc E:\WINDOWS\system32\wiaservc.dll
18:28:16.0718 1132 stisvc - ok
18:28:16.0750 1132 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum E:\WINDOWS\system32\DRIVERS\swenum.sys
18:28:16.0750 1132 swenum - ok
18:28:16.0796 1132 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi E:\WINDOWS\system32\drivers\swmidi.sys
18:28:16.0796 1132 swmidi - ok
18:28:16.0796 1132 SwPrv - ok
18:28:16.0828 1132 symc810 - ok
18:28:16.0843 1132 symc8xx - ok
18:28:16.0859 1132 sym_hi - ok
18:28:16.0890 1132 sym_u3 - ok
18:28:16.0921 1132 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio E:\WINDOWS\system32\drivers\sysaudio.sys
18:28:16.0921 1132 sysaudio - ok
18:28:16.0937 1132 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog E:\WINDOWS\system32\smlogsvc.exe
18:28:16.0953 1132 SysmonLog - ok
18:28:16.0984 1132 [ 37162D29CD61519E6F5EA0DE99786FF6 ] TapiSrv E:\WINDOWS\System32\tapisrv.dll
18:28:16.0984 1132 TapiSrv - ok
18:28:17.0031 1132 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip E:\WINDOWS\system32\DRIVERS\tcpip.sys
18:28:17.0031 1132 Tcpip - ok
18:28:17.0062 1132 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE E:\WINDOWS\system32\drivers\TDPIPE.sys
18:28:17.0062 1132 TDPIPE - ok
18:28:17.0093 1132 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP E:\WINDOWS\system32\drivers\TDTCP.sys
18:28:17.0093 1132 TDTCP - ok
18:28:17.0109 1132 [ A540A99C281D933F3D69D55E48727F47 ] TermDD E:\WINDOWS\system32\DRIVERS\termdd.sys
18:28:17.0109 1132 TermDD - ok
18:28:17.0156 1132 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService E:\WINDOWS\System32\termsrv.dll
18:28:17.0156 1132 TermService - ok
18:28:17.0187 1132 [ 8BA76BD2A943F642F267A296A15776D2 ] Themes E:\WINDOWS\System32\shsvcs.dll
18:28:17.0187 1132 Themes - ok
18:28:17.0203 1132 TosIde - ok
18:28:17.0234 1132 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks E:\WINDOWS\system32\trkwks.dll
18:28:17.0234 1132 TrkWks - ok
18:28:17.0265 1132 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs E:\WINDOWS\system32\drivers\Udfs.sys
18:28:17.0265 1132 Udfs - ok
18:28:17.0281 1132 ultra - ok
18:28:17.0328 1132 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update E:\WINDOWS\system32\DRIVERS\update.sys
18:28:17.0328 1132 Update - ok
18:28:17.0375 1132 [ 984FC1518B0D5B31D76F0E63608E0500 ] upnphost E:\WINDOWS\System32\upnphost.dll
18:28:17.0375 1132 upnphost - ok
18:28:17.0390 1132 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS E:\WINDOWS\System32\ups.exe
18:28:17.0390 1132 UPS - ok
18:28:17.0421 1132 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp E:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:28:17.0421 1132 usbccgp - ok
18:28:17.0453 1132 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci E:\WINDOWS\system32\DRIVERS\usbehci.sys
18:28:17.0453 1132 usbehci - ok
18:28:17.0468 1132 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub E:\WINDOWS\system32\DRIVERS\usbhub.sys
18:28:17.0468 1132 usbhub - ok
18:28:17.0500 1132 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:28:17.0500 1132 USBSTOR - ok
18:28:17.0515 1132 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci E:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:28:17.0515 1132 usbuhci - ok
18:28:17.0531 1132 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave E:\WINDOWS\System32\drivers\vga.sys
18:28:17.0531 1132 VgaSave - ok
18:28:17.0546 1132 ViaIde - ok
18:28:17.0578 1132 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap E:\WINDOWS\system32\drivers\VolSnap.sys
18:28:17.0578 1132 VolSnap - ok
18:28:17.0609 1132 [ 043539881667BB37B07524032D6FFC3E ] VSS E:\WINDOWS\System32\vssvc.exe
18:28:17.0625 1132 VSS - ok
18:28:17.0656 1132 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time E:\WINDOWS\system32\w32time.dll
18:28:17.0656 1132 W32Time - ok
18:28:17.0703 1132 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp E:\WINDOWS\system32\DRIVERS\wanarp.sys
18:28:17.0703 1132 Wanarp - ok
18:28:17.0703 1132 WDICA - ok
18:28:17.0734 1132 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud E:\WINDOWS\system32\drivers\wdmaud.sys
18:28:17.0734 1132 wdmaud - ok
18:28:17.0765 1132 [ 3791ADF1D3466AC6B4B662D3F79CBFEC ] WebClient E:\WINDOWS\System32\webclnt.dll
18:28:17.0765 1132 WebClient - ok
18:28:17.0828 1132 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt E:\WINDOWS\system32\wbem\WMIsvc.dll
18:28:17.0828 1132 winmgmt - ok
18:28:17.0890 1132 [ E02E913B3841717A890A644EE167B9A5 ] WmdmPmSN E:\WINDOWS\system32\mspmsnsv.dll
18:28:17.0890 1132 WmdmPmSN - ok
18:28:17.0921 1132 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv E:\WINDOWS\system32\wbem\wmiapsrv.exe
18:28:17.0921 1132 WmiApSrv - ok
18:28:17.0968 1132 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc E:\WINDOWS\system32\wscsvc.dll
18:28:17.0968 1132 wscsvc - ok
18:28:18.0000 1132 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv E:\WINDOWS\system32\wuauserv.dll
18:28:18.0000 1132 wuauserv - ok
18:28:18.0062 1132 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC E:\WINDOWS\System32\wzcsvc.dll
18:28:18.0062 1132 WZCSVC - ok
18:28:18.0093 1132 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov E:\WINDOWS\System32\xmlprov.dll
18:28:18.0093 1132 xmlprov - ok
18:28:18.0109 1132 ================ Scan global ===============================
18:28:18.0125 1132 [ F642F3368D2839798DA79E7BA9218481 ] E:\WINDOWS\system32\basesrv.dll
18:28:18.0140 1132 [ E4E57FBA176F2752527B1D53A663D2D7 ] E:\WINDOWS\system32\winsrv.dll
18:28:18.0156 1132 [ E4E57FBA176F2752527B1D53A663D2D7 ] E:\WINDOWS\system32\winsrv.dll
18:28:18.0171 1132 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] E:\WINDOWS\system32\services.exe
18:28:18.0171 1132 [Global] - ok
18:28:18.0171 1132 ================ Scan MBR ==================================
18:28:18.0203 1132 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
18:28:18.0296 1132 \Device\Harddisk0\DR0 - ok
18:28:18.0312 1132 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR6
18:28:18.0343 1132 \Device\Harddisk1\DR6 - ok
18:28:18.0343 1132 ================ Scan VBR ==================================
18:28:18.0359 1132 [ 94E4BAD0CE1A0029706B7176DCBCE7C2 ] \Device\Harddisk0\DR0\Partition1
18:28:18.0359 1132 \Device\Harddisk0\DR0\Partition1 - ok
18:28:18.0406 1132 [ A5E1DE6262425BB2670AE7B34275C430 ] \Device\Harddisk0\DR0\Partition2
18:28:18.0406 1132 \Device\Harddisk0\DR0\Partition2 - ok
18:28:18.0421 1132 [ D234B4B8567F409D168A6855F4FD2088 ] \Device\Harddisk0\DR0\Partition3
18:28:18.0421 1132 \Device\Harddisk0\DR0\Partition3 - ok
18:28:18.0437 1132 [ 1097EBB994905D31C01DF2BAD4534218 ] \Device\Harddisk1\DR6\Partition1
18:28:18.0437 1132 \Device\Harddisk1\DR6\Partition1 - ok
18:28:18.0437 1132 ============================================================
18:28:18.0437 1132 Scan finished
18:28:18.0437 1132 ============================================================
18:28:18.0484 0876 Detected object count: 0
18:28:18.0484 0876 Actual detected object count: 0

#6 Příspěvek od **JaRon** » 17 dub 2013 06:08

premenuj CF na NoMbr a spust

Bogdan · #7 Příspěvek od **Bogdan** » 17 dub 2013 11:10

Tak konečně se zadařil scan CF

ComboFix 13-04-15.01 - tom 17.04.2013 10:56:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.3071.2830 [GMT 2:00]
Spuštěný z: e:\documents and settings\tom\Plocha\NoMbr.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\windows\regopt.log
.
e:\windows\NOTEPAD.EXE . . . je infikován!!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-17 do 2013-04-17 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-17 04:53 1642448 ----a-w- e:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-17 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2013-04-17 04:50]
.
2013-04-17 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2013-04-17 04:50]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 83.240.0.214 83.240.0.136
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-17 11:00
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2013-04-17 11:02:28
ComboFix-quarantined-files.txt 2013-04-17 09:02
.
Před spuštěním: Volných bajtů: 202 419 679 232
Po spuštění: Volných bajtů: 202 387 681 280
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 4FC20021C0B52FDCFE9A447E96D76BCD

#8 Příspěvek od **JaRon** » 17 dub 2013 12:22

prescanuj to Stingerom http://www.mcafee.com/us/downloads/free ... inger.aspx

Bogdan · #9 Příspěvek od **Bogdan** » 17 dub 2013 13:58

Zeptám se vás, jestli máte už nějaké potuchy, co za svinstvo mě do té mé postarší mašinky nalezlo?Pc je extrémně pomalé,chová se co chvíli jinak,pořád mě překvapuje novými chybovými hlášeními.Pořád mě vyskakuje okno program provedl neplatnou operaci a bude ukončen, tak ho zavřu a za pár sekund vyskočí znova.Při restartu často probíhá kontrola konzistence disku.Občas se objeví modrá smrt.Několikrát se pc nenabootovalo(modrá smrt nebo s hláškou chybějící soubor C:WINDOWS\system32....)a musel jsem reinstalovat.Při přechodu do nouzového režimu se mi dokonce objevila úvodní stránka win s výběrem uživatelů, kde jsem byl já a ještě nějaký jiný uživatel.V prohlížeči se nemůžu dostat na stránky tohoto fóra atd.Je toho moc a připadá mi,jako kdyby se na můj pc někdo vzdáleně připojoval a házel mi klacky pod nohy.Teď píšu z práce,večer se pokusím to projet tím McAfee po velice pravděpodobném dalším reinstalu.

#10 Příspěvek od **JaRon** » 17 dub 2013 14:06

no Stinger nam napovie cosi viac - nevylucujem ani nakazu typu Virut ,,,
robis zasadnu chybu, ked po novej instalacii nedavas SP3 - to je taky zakladny kamen typu "musi byt"

Bogdan · #11 Příspěvek od **Bogdan** » 17 dub 2013 14:23

ok mam teda nejdriv instal. sp3 a pak az stingr?

Bogdan · #12 Příspěvek od **Bogdan** » 17 dub 2013 16:40

Tak stinger se mi podarilo spustit jen v nouzovém režimu a to po přihlášení na účet administrator.Zde je log.

Custom Scan Report File

Virus Scan Information

McAfee® Labs Stinger™ Version 11.0.0.248 built on Apr 17 2013 at 13:07:12
Copyright© 2013, McAfee Inc. All rights Reserved.
Virus data file v1000.0 created on Apr 17, 2013
Ready to scan for 6224 Viruses, Trojans and variants.

Scan initiated on středa, duben 17, 2013 17:22:47

Rootkit scan result : Not Scanned.

Scan completed on středa, duben 17, 2013 17:23:38

#13 Příspěvek od **JaRon** » 18 dub 2013 06:15

otestuj disk s programom HDTune http://forum.viry.cz/viewtopic.php?f=46&t=79325 cast 8

Bogdan · #14 Příspěvek od **Bogdan** » 18 dub 2013 06:58

taky to začínám vidět spíše na HW problém pravděpodobně s HDD.Včera při dalším reinstalu se opět vyskytla po formátu a nahrání instal.souborů z cd modrá smrt.Tentokrát se však pc hned nerestartovalo a stihl jsem si opsat chybu.
STOP: C000021 unknown hard error\systemroot\system32\ntdll.dll

system se mi podaří nainstalovat vždy jen po rychlém formátu.

#15 Příspěvek od **JaRon** » 18 dub 2013 07:07

Tebou popisovane problemy su natolko roznorode, ze skor sa priklanam k HW problemu ,,,
takze otestovat disk s HDTune a pamat RAM memtestom

VIRY.CZ

Prosím pomoc

Prosím pomoc

Re: Prosím pomoc

Re: Prosím pomoc

Re: Prosím pomoc

Re: Prosím pomoc

Re: Prosím pomoc

Re: Prosím pomoc

Re: Prosím pomoc

Re: Prosím pomoc

Re: Prosím pomoc

Re: Prosím pomoc

Re: Prosím pomoc

Re: Prosím pomoc

Re: Prosím pomoc

Re: Prosím pomoc