VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Samovolně se měnící čas v biosu

https://forum.viry.cz:443/viewtopic.php?t=125020

Stránka 2 z 2

Re: Samovolně se měnící čas v biosu

Napsal: 14 říj 2012 18:42
od tompo
jo jo cas se meni stale.....
takze zkusit prehrat BIOS?

Re: Samovolně se měnící čas v biosu

Napsal: 14 říj 2012 18:47
od Rudy
Reflash zkuste.

Re: Samovolně se měnící čas v biosu

Napsal: 14 říj 2012 22:14
od tompo
BIOS preflashovan, vysledek stale stejny.......muze byt problem i v hardweru?

Re: Samovolně se měnící čas v biosu

Napsal: 15 říj 2012 17:16
od Rudy
Neměl by být. Ještě můžeme zkusit nějaké testy, ovšem za předpokladu, že nebudete svévolně dělat něco, na čem jsme se nedohodli.

Udělejte sken GMER: http://forum.viry.cz/viewtopic.php?f=29&t=62878 a dejte oba logy.

Re: Samovolně se měnící čas v biosu

Napsal: 16 říj 2012 19:37
od tompo
log 1

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2001-01-01 08:43:48
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200BEVT-60A23T0 rev.02.01A02
Running: gmer.exe; Driver: C:\DOCUME~1\TOM~1\LOCALS~1\Temp\pxtdrpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB76EA932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB76EA79D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB7793966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

Re: Samovolně se měnící čas v biosu

Napsal: 16 říj 2012 19:48
od Rudy
Toto je OK. Ještě bych prosil ten druhý log.

Re: Samovolně se měnící čas v biosu

Napsal: 16 říj 2012 19:49
od tompo
log 2

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2001-01-01 08:43:48
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200BEVT-60A23T0 rev.02.01A02
Running: gmer.exe; Driver: C:\DOCUME~1\TOM~1\LOCALS~1\Temp\pxtdrpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB76EA932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB76EA79D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB7793966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

Re: Samovolně se měnící čas v biosu

Napsal: 16 říj 2012 19:52
od tompo
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2001-01-01 09:00:29
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200BEVT-60A23T0 rev.02.01A02
Running: gmer.exe; Driver: C:\DOCUME~1\TOM~1\LOCALS~1\Temp\pxtdrpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB76A8708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB777B7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB76A911C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB76EA401]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB76B3F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB76B3F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB76B40F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB76E9DB5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB76B3E96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB76B3FB8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB76B3EDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB76A9310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB76B40B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB76A9A9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB76A8756]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB76EAAC7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB76EAD7D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB76AD0E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB76EA932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB76EA79D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB777B8AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB76A83BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB76A87A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB76AD456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB76AA464]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB76B3F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB76B3F96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB76B411A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB76EA111]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB76B3EBC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB76ACC5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB76B403A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB76B3F06]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB76ACE8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB76B40D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB777BA2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB76EA618]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB76AA330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB76EA46A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB76A9EDA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB778730E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB76E9428]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB76A87F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB76A8840]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB76A991C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB76A8448]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB76A85F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB76EABCE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB76A859E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB76A9BFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB76A9D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB76A8668]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB76A9632]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB76A9794]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB76A888E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB76A9160]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB7793966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2E80 80503A80 12 Bytes [F2, 87, 6A, B7, 40, 88, 6A, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80503B28 12 Bytes [FE, 9B, 6A, B7, 5A, 9D, 6A, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A4ECC 1 Byte [20]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A4ECC 4 Bytes CALL B76AAAF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAEDA 5 Bytes JMP B7790806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C1810 5 Bytes JMP B7792320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CF966 7 Bytes JMP B779396A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xBA229380, 0x22083D, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF80BA4F 5 Bytes JMP B76AEA6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + E5A BF80C235 5 Bytes JMP B76AE95E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF810175 5 Bytes JMP B76AE918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D0 BF81C0A3 5 Bytes JMP B76ADFCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 92C BF827A40 5 Bytes JMP B76AD6E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + D80 BF83331E 5 Bytes JMP B76AEBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 7717 BF839CB5 5 Bytes JMP B76AEDE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 112EA BF843888 5 Bytes JMP B76AD5AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 5509 BF849B03 5 Bytes JMP B76AD866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 6882 BF84AE7C 5 Bytes JMP B76ADFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 1437 BF854BF4 5 Bytes JMP B76AE81E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1036 BF857AD0 5 Bytes JMP B76AEB20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 62A3 BF87FFC9 5 Bytes JMP B76ADB40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 632C BF880052 5 Bytes JMP B76ADE06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 70B0 BF880DD6 5 Bytes JMP B76AD592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 77A9 BF8814CF 5 Bytes JMP B76ADFE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 245E BF884C65 5 Bytes JMP B76AED3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_hGetColorTransform + A4BC BF89ED1E 5 Bytes JMP B76ADC00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_hGetColorTransform + AFDD BF89F83F 5 Bytes JMP B76ADDC0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF8BCD44 5 Bytes JMP B76AE0A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4E4C BF8CEEE3 5 Bytes JMP B76AD48C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + A434 BF8DAA77 5 Bytes JMP B76AE9A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 77D BF8FAF04 5 Bytes JMP B76AD756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 4768 BF907C6D 5 Bytes JMP B76AE08C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 58C BF908B12 5 Bytes JMP B76AD93E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 80C BF908D92 5 Bytes JMP B76ADA6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1993 BF911AD9 5 Bytes JMP B76AD682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2567 BF9126AD 5 Bytes JMP B76AD812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EC1 BF915007 5 Bytes JMP B76ADF20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 191E BF94290C 5 Bytes JMP B76AEC96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\AVAST Software\Avast\avastUI.exe[144] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[144] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[260] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[260] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[388] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[388] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[400] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\ATK0100\ATKOSD.exe[576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\ATK0100\ATKOSD.exe[576] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00611014
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00610804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00610A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00610C0C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00610E10
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 006101F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 006103FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00610600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 006201F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 006203FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00620804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00620A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00620600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 104089D7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\System32\smss.exe[892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[952] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[952] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1024] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1036] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1148] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1148] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1304] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1416] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1792] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1792] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\ATK0100\HControl.exe[1976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\ATK0100\HControl.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2008] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2008] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2020] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2020] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Wireless Console 2\wcourier.exe[2028] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Wireless Console 2\wcourier.exe[2028] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe[2040] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe[2040] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2216] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2216] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 3 Bytes JMP 009B1014
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E26BE5 1 Byte [88]
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 009B0804
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 009B0A08
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 009B0C0C
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 009B0E10
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 009B01F8
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 009B03FC
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 009B0600
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00AC01F8
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 00AC03FC
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00AC0804
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00AC0A08
.text C:\Documents and Settings\Tomáš\Plocha\gmer.exe[2352] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00AC0600
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E1014
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E0804
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0A08
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E0C0C
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0E10
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E01F8
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E03FC
.text C:\Program Files\Ask.com\Updater\Updater.exe[2712] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\svchost.exe[2868] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2868] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2868] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2868] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[2868] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[2868] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[2868] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[2868] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[2868] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[2868] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[2868] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[2868] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[2868] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[2868] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[2868] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[2868] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 006F1014
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 006F0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 006F0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 006F0C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 006F0E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 006F01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 006F03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 006F0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 007001F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 007003FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00700804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00700A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00700600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[144] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\WINDOWS\system32\services.exe[1024] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINDOWS\system32\services.exe[1024] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1792] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----

Re: Samovolně se měnící čas v biosu

Napsal: 16 říj 2012 20:38
od Rudy
Je to čisté. Ještě vyzkoušejte TDSSKiller: http://support.kaspersky.com/downloads/ ... killer.zip . Stáhněte, rozbalte a spusťte. Nechte pracovat a nakonec sem dejte log.

Re: Samovolně se měnící čas v biosu

Napsal: 16 říj 2012 20:51
od tompo
09:57:59.0046 2452 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
09:57:59.0468 2452 ============================================================
09:57:59.0468 2452 Current date / time: 2001/01/01 09:57:59.0468
09:57:59.0468 2452 SystemInfo:
09:57:59.0468 2452
09:57:59.0468 2452 OS Version: 5.1.2600 ServicePack: 2.0
09:57:59.0468 2452 Product type: Workstation
09:57:59.0468 2452 ComputerName: ASUS
09:57:59.0468 2452 UserName: Tomáš
09:57:59.0468 2452 Windows directory: C:\WINDOWS
09:57:59.0468 2452 System windows directory: C:\WINDOWS
09:57:59.0468 2452 Processor architecture: Intel x86
09:57:59.0468 2452 Number of processors: 2
09:57:59.0468 2452 Page size: 0x1000
09:57:59.0468 2452 Boot type: Normal boot
09:57:59.0468 2452 ============================================================
09:58:01.0062 2452 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:58:01.0062 2452 ============================================================
09:58:01.0062 2452 \Device\Harddisk0\DR0:
09:58:01.0062 2452 MBR partitions:
09:58:01.0062 2452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
09:58:01.0078 2452 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0xC35314E
09:58:01.0093 2452 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1388366D, BlocksNum 0xC35314E
09:58:01.0109 2452 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x1FBD67FA, BlocksNum 0x5856EC7
09:58:01.0109 2452 ============================================================
09:58:01.0156 2452 C: <-> \Device\Harddisk0\DR0\Partition1
09:58:01.0171 2452 G: <-> \Device\Harddisk0\DR0\Partition2
09:58:01.0218 2452 H: <-> \Device\Harddisk0\DR0\Partition3
09:58:01.0250 2452 I: <-> \Device\Harddisk0\DR0\Partition4
09:58:01.0250 2452 ============================================================
09:58:01.0250 2452 Initialize success
09:58:01.0250 2452 ============================================================
09:58:03.0718 4020 ============================================================
09:58:03.0718 4020 Scan started
09:58:03.0718 4020 Mode: Manual;
09:58:03.0718 4020 ============================================================
09:58:04.0812 4020 ================ Scan system memory ========================
09:58:04.0812 4020 System memory - ok
09:58:04.0812 4020 ================ Scan services =============================
09:58:04.0921 4020 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
09:58:04.0921 4020 Aavmker4 - ok
09:58:04.0921 4020 Abiosdsk - ok
09:58:04.0937 4020 abp480n5 - ok
09:58:04.0968 4020 [ FA2FBCDA96D2385F773B059FE5A125A6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:58:04.0968 4020 ACPI - ok
09:58:05.0000 4020 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:58:05.0000 4020 ACPIEC - ok
09:58:05.0000 4020 adpu160m - ok
09:58:05.0031 4020 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:58:05.0031 4020 aec - ok
09:58:05.0046 4020 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:58:05.0062 4020 AFD - ok
09:58:05.0062 4020 Aha154x - ok
09:58:05.0062 4020 aic78u2 - ok
09:58:05.0078 4020 aic78xx - ok
09:58:05.0093 4020 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:58:05.0093 4020 Alerter - ok
09:58:05.0109 4020 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG C:\WINDOWS\System32\alg.exe
09:58:05.0109 4020 ALG - ok
09:58:05.0109 4020 AliIde - ok
09:58:05.0125 4020 amsint - ok
09:58:05.0156 4020 [ 421184F91EAE5C6E78E653C6B32AAE84 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
09:58:05.0156 4020 AppMgmt - ok
09:58:05.0171 4020 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:58:05.0187 4020 Arp1394 - ok
09:58:05.0187 4020 asc - ok
09:58:05.0187 4020 asc3350p - ok
09:58:05.0203 4020 asc3550 - ok
09:58:05.0234 4020 [ ED8CEE58C1E4C5893F5B2FD686A272BF ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
09:58:05.0234 4020 Aspi32 - ok
09:58:05.0265 4020 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
09:58:05.0265 4020 aswFsBlk - ok
09:58:05.0281 4020 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
09:58:05.0281 4020 aswMon2 - ok
09:58:05.0296 4020 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
09:58:05.0296 4020 AswRdr - ok
09:58:05.0328 4020 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
09:58:05.0343 4020 aswSnx - ok
09:58:05.0375 4020 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
09:58:05.0375 4020 aswSP - ok
09:58:05.0390 4020 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
09:58:05.0390 4020 aswTdi - ok
09:58:05.0406 4020 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:58:05.0406 4020 AsyncMac - ok
09:58:05.0421 4020 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:58:05.0437 4020 atapi - ok
09:58:05.0437 4020 Atdisk - ok
09:58:05.0468 4020 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:58:05.0468 4020 Atmarpc - ok
09:58:05.0500 4020 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:58:05.0500 4020 AudioSrv - ok
09:58:05.0531 4020 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:58:05.0531 4020 audstub - ok
09:58:05.0625 4020 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:58:05.0625 4020 avast! Antivirus - ok
09:58:05.0656 4020 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:58:05.0656 4020 Beep - ok
09:58:05.0703 4020 [ E774A26610EC92674273486612C11CFC ] BITS C:\WINDOWS\system32\qmgr.dll
09:58:05.0734 4020 BITS - ok
09:58:05.0765 4020 [ F219E27E88107A50544153898DD8178E ] Browser C:\WINDOWS\System32\browser.dll
09:58:05.0765 4020 Browser - ok
09:58:05.0765 4020 catchme - ok
09:58:05.0796 4020 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:58:05.0796 4020 cbidf2k - ok
09:58:05.0843 4020 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:58:05.0843 4020 CCDECODE - ok
09:58:05.0843 4020 cd20xrnt - ok
09:58:05.0875 4020 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:58:05.0875 4020 Cdaudio - ok
09:58:05.0890 4020 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:58:05.0890 4020 Cdfs - ok
09:58:05.0921 4020 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:58:05.0937 4020 Cdrom - ok
09:58:05.0937 4020 Changer - ok
09:58:05.0953 4020 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:58:05.0968 4020 CiSvc - ok
09:58:05.0984 4020 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:58:06.0000 4020 ClipSrv - ok
09:58:06.0000 4020 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:58:06.0000 4020 CmBatt - ok
09:58:06.0000 4020 CmdIde - ok
09:58:06.0046 4020 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:58:06.0046 4020 Compbatt - ok
09:58:06.0046 4020 COMSysApp - ok
09:58:06.0062 4020 Cpqarray - ok
09:58:06.0078 4020 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:58:06.0093 4020 CryptSvc - ok
09:58:06.0093 4020 dac2w2k - ok
09:58:06.0093 4020 dac960nt - ok
09:58:06.0156 4020 [ C72C15EE57E248C66E57C76CAB086CF2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:58:06.0187 4020 DcomLaunch - ok
09:58:06.0218 4020 [ 562830EFB7CF367FB773FEA5256E67C8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:58:06.0218 4020 Dhcp - ok
09:58:06.0234 4020 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:58:06.0250 4020 Disk - ok
09:58:06.0250 4020 dmadmin - ok
09:58:06.0281 4020 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:58:06.0312 4020 dmboot - ok
09:58:06.0312 4020 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:58:06.0312 4020 dmio - ok
09:58:06.0328 4020 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:58:06.0343 4020 dmload - ok
09:58:06.0359 4020 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:58:06.0375 4020 dmserver - ok
09:58:06.0390 4020 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:58:06.0390 4020 DMusic - ok
09:58:06.0406 4020 [ F605B3F5674D67587C4B6C9E92A3E025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:58:06.0406 4020 Dnscache - ok
09:58:06.0406 4020 dpti2o - ok
09:58:06.0437 4020 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:58:06.0437 4020 drmkaud - ok
09:58:06.0437 4020 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:58:06.0437 4020 ERSvc - ok
09:58:06.0484 4020 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] Eventlog C:\WINDOWS\system32\services.exe
09:58:06.0500 4020 Eventlog - ok
09:58:06.0515 4020 [ 972378B907070F64932A87C90A035487 ] EventSystem C:\WINDOWS\System32\es.dll
09:58:06.0515 4020 EventSystem - ok
09:58:06.0546 4020 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:58:06.0546 4020 Fastfat - ok
09:58:06.0578 4020 [ 8BA76BD2A943F642F267A296A15776D2 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:58:06.0609 4020 FastUserSwitchingCompatibility - ok
09:58:06.0656 4020 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
09:58:06.0656 4020 Fdc - ok
09:58:06.0671 4020 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:58:06.0671 4020 Fips - ok
09:58:06.0687 4020 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
09:58:06.0687 4020 Flpydisk - ok
09:58:06.0718 4020 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:58:06.0718 4020 FltMgr - ok
09:58:06.0718 4020 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:58:06.0734 4020 Fs_Rec - ok
09:58:06.0765 4020 [ 07A83A2E070357075C2056810C67C9E4 ] FTD2XX C:\WINDOWS\system32\Drivers\FTD2XX.sys
09:58:06.0765 4020 FTD2XX - ok
09:58:06.0796 4020 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:58:06.0796 4020 Ftdisk - ok
09:58:06.0859 4020 [ BC9C77FAC763D84BFDF09B55D4B41AFA ] GhostStartService C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
09:58:06.0859 4020 GhostStartService - ok
09:58:06.0875 4020 [ 4D0E1DDFC571285A0BBABB0A534F4D3D ] GhPciScan C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
09:58:06.0875 4020 GhPciScan - ok
09:58:06.0906 4020 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:58:06.0906 4020 Gpc - ok
09:58:06.0953 4020 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:58:06.0953 4020 HDAudBus - ok
09:58:07.0000 4020 [ F59152272782FED8A8197FA788287F68 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:58:07.0000 4020 helpsvc - ok
09:58:07.0015 4020 HidServ - ok
09:58:07.0031 4020 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:58:07.0031 4020 hidusb - ok
09:58:07.0046 4020 hpn - ok
09:58:07.0078 4020 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:58:07.0093 4020 HTTP - ok
09:58:07.0109 4020 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:58:07.0125 4020 HTTPFilter - ok
09:58:07.0140 4020 i2omgmt - ok
09:58:07.0140 4020 i2omp - ok
09:58:07.0187 4020 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:58:07.0187 4020 i8042prt - ok
09:58:07.0187 4020 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:58:07.0187 4020 Imapi - ok
09:58:07.0218 4020 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService C:\WINDOWS\system32\imapi.exe
09:58:07.0234 4020 ImapiService - ok
09:58:07.0234 4020 ini910u - ok
09:58:07.0390 4020 [ 811B31E0E0AC7BE484EFBFFC42AFCBBE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:58:07.0437 4020 IntcAzAudAddService - ok
09:58:07.0453 4020 IntelIde - ok
09:58:07.0468 4020 [ 10A3AC0F0DF720AD3C3FD13861D50EB9 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:58:07.0468 4020 intelppm - ok
09:58:07.0500 4020 [ 4448006B6BC60E6C027932CFC38D6855 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:58:07.0500 4020 ip6fw - ok
09:58:07.0531 4020 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:58:07.0531 4020 IpFilterDriver - ok
09:58:07.0546 4020 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:58:07.0546 4020 IpInIp - ok
09:58:07.0578 4020 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:58:07.0578 4020 IpNat - ok
09:58:07.0593 4020 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:58:07.0593 4020 IPSec - ok
09:58:07.0609 4020 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:58:07.0609 4020 IRENUM - ok
09:58:07.0640 4020 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:58:07.0656 4020 isapnp - ok
09:58:07.0656 4020 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:58:07.0656 4020 Kbdclass - ok
09:58:07.0671 4020 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:58:07.0687 4020 kmixer - ok
09:58:07.0687 4020 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:58:07.0687 4020 KSecDD - ok
09:58:07.0703 4020 [ 6D6BDD68B775986577C48A8DF961A05C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:58:07.0718 4020 lanmanserver - ok
09:58:07.0734 4020 [ 69B0569AAE33F0D5057CA0E8577AAF07 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:58:07.0750 4020 lanmanworkstation - ok
09:58:07.0765 4020 lbrtfdc - ok
09:58:07.0796 4020 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:58:07.0812 4020 LmHosts - ok
09:58:07.0843 4020 [ F74B0648E1B31CC1DC86E8585BF9C88E ] M3AD C:\WINDOWS\system32\drivers\m3aux.sys
09:58:07.0843 4020 M3AD - ok
09:58:07.0875 4020 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:58:07.0890 4020 Messenger - ok
09:58:07.0906 4020 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:58:07.0906 4020 mnmdd - ok
09:58:07.0937 4020 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
09:58:07.0937 4020 mnmsrvc - ok
09:58:07.0968 4020 [ 60210DEB037846AFE521EBF349964F6B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:58:07.0968 4020 Modem - ok
09:58:08.0000 4020 [ B160EC94114715675509115986400FD9 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:58:08.0000 4020 Mouclass - ok
09:58:08.0015 4020 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:58:08.0015 4020 mouhid - ok
09:58:08.0031 4020 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:58:08.0031 4020 MountMgr - ok
09:58:08.0031 4020 mraid35x - ok
09:58:08.0046 4020 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:58:08.0046 4020 MRxDAV - ok
09:58:08.0062 4020 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:58:08.0062 4020 MRxSmb - ok
09:58:08.0093 4020 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC C:\WINDOWS\System32\msdtc.exe
09:58:08.0093 4020 MSDTC - ok
09:58:08.0109 4020 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:58:08.0109 4020 Msfs - ok
09:58:08.0109 4020 MSIServer - ok
09:58:08.0125 4020 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:58:08.0140 4020 MSKSSRV - ok
09:58:08.0156 4020 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:58:08.0156 4020 MSPCLOCK - ok
09:58:08.0156 4020 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:58:08.0171 4020 MSPQM - ok
09:58:08.0187 4020 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:58:08.0187 4020 mssmbios - ok
09:58:08.0203 4020 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
09:58:08.0203 4020 MSTEE - ok
09:58:08.0234 4020 [ E333010A50BF603ACC350F6019E9CE02 ] MTsensor C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
09:58:08.0234 4020 MTsensor - ok
09:58:08.0250 4020 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:58:08.0250 4020 Mup - ok
09:58:08.0265 4020 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:58:08.0265 4020 NABTSFEC - ok
09:58:08.0296 4020 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:58:08.0296 4020 NDIS - ok
09:58:08.0312 4020 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:58:08.0328 4020 NdisIP - ok
09:58:08.0343 4020 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:58:08.0343 4020 NdisTapi - ok
09:58:08.0359 4020 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:58:08.0359 4020 Ndisuio - ok
09:58:08.0359 4020 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:58:08.0359 4020 NdisWan - ok
09:58:08.0390 4020 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:58:08.0390 4020 NDProxy - ok
09:58:08.0406 4020 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:58:08.0406 4020 NetBIOS - ok
09:58:08.0437 4020 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:58:08.0437 4020 NetBT - ok
09:58:08.0468 4020 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE C:\WINDOWS\system32\netdde.exe
09:58:08.0484 4020 NetDDE - ok
09:58:08.0484 4020 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:58:08.0500 4020 NetDDEdsdm - ok
09:58:08.0531 4020 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon C:\WINDOWS\system32\lsass.exe
09:58:08.0546 4020 Netlogon - ok
09:58:08.0578 4020 [ AF342D2781225A8769686E0D47E3123E ] Netman C:\WINDOWS\System32\netman.dll
09:58:08.0593 4020 Netman - ok
09:58:08.0609 4020 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:58:08.0609 4020 NIC1394 - ok
09:58:08.0625 4020 [ 64C078BD4EFD441C3F159EDC5EA4420A ] Nla C:\WINDOWS\System32\mswsock.dll
09:58:08.0640 4020 Nla - ok
09:58:08.0671 4020 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:58:08.0671 4020 Npfs - ok
09:58:08.0703 4020 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:58:08.0718 4020 Ntfs - ok
09:58:08.0750 4020 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
09:58:08.0765 4020 NtLmSsp - ok
09:58:08.0796 4020 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:58:08.0812 4020 NtmsSvc - ok
09:58:08.0843 4020 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:58:08.0843 4020 Null - ok
09:58:08.0953 4020 [ 392AD6A1676FBBC80FA1DAD4C9955131 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:58:09.0000 4020 nv - ok
09:58:09.0031 4020 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:58:09.0031 4020 NwlnkFlt - ok
09:58:09.0046 4020 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:58:09.0046 4020 NwlnkFwd - ok
09:58:09.0062 4020 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:58:09.0062 4020 ohci1394 - ok
09:58:09.0078 4020 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport C:\WINDOWS\system32\drivers\Parport.sys
09:58:09.0093 4020 Parport - ok
09:58:09.0109 4020 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:58:09.0109 4020 PartMgr - ok
09:58:09.0125 4020 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:58:09.0125 4020 ParVdm - ok
09:58:09.0156 4020 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:58:09.0156 4020 PCI - ok
09:58:09.0156 4020 PCIDump - ok
09:58:09.0171 4020 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:58:09.0171 4020 PCIIde - ok
09:58:09.0187 4020 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
09:58:09.0187 4020 Pcmcia - ok
09:58:09.0203 4020 PDCOMP - ok
09:58:09.0203 4020 PDFRAME - ok
09:58:09.0203 4020 PDRELI - ok
09:58:09.0218 4020 PDRFRAME - ok
09:58:09.0218 4020 perc2 - ok
09:58:09.0234 4020 perc2hib - ok
09:58:09.0265 4020 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] PlugPlay C:\WINDOWS\system32\services.exe
09:58:09.0281 4020 PlugPlay - ok
09:58:09.0281 4020 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:58:09.0281 4020 PolicyAgent - ok
09:58:09.0328 4020 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:58:09.0328 4020 PptpMiniport - ok
09:58:09.0343 4020 [ 4228630829C0E521C43D882A00533374 ] PQNTDrv C:\WINDOWS\system32\drivers\PQNTDrv.sys
09:58:09.0343 4020 PQNTDrv - ok
09:58:09.0359 4020 [ 9A10E4FD13824823DA50D4758BD0A645 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
09:58:09.0359 4020 Processor - ok
09:58:09.0375 4020 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:58:09.0375 4020 ProtectedStorage - ok
09:58:09.0390 4020 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:58:09.0390 4020 PSched - ok
09:58:09.0390 4020 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:58:09.0390 4020 Ptilink - ok
09:58:09.0406 4020 ql1080 - ok
09:58:09.0406 4020 Ql10wnt - ok
09:58:09.0421 4020 ql12160 - ok
09:58:09.0421 4020 ql1240 - ok
09:58:09.0421 4020 ql1280 - ok
09:58:09.0437 4020 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:58:09.0437 4020 RasAcd - ok
09:58:09.0484 4020 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:58:09.0484 4020 RasAuto - ok
09:58:09.0500 4020 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:58:09.0515 4020 Rasl2tp - ok
09:58:09.0546 4020 [ 6E519D777C91E90592403C9F981FDF03 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:58:09.0562 4020 RasMan - ok
09:58:09.0562 4020 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:58:09.0578 4020 RasPppoe - ok
09:58:09.0578 4020 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:58:09.0578 4020 Raspti - ok
09:58:09.0609 4020 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:58:09.0625 4020 Rdbss - ok
09:58:09.0625 4020 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:58:09.0640 4020 RDPCDD - ok
09:58:09.0640 4020 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:58:09.0656 4020 rdpdr - ok
09:58:09.0687 4020 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:58:09.0687 4020 RDPWD - ok
09:58:09.0718 4020 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:58:09.0734 4020 RDSessMgr - ok
09:58:09.0765 4020 [ ABA13D33E1F888C9A68599A48A8840D6 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:58:09.0781 4020 redbook - ok
09:58:09.0796 4020 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:58:09.0812 4020 RemoteAccess - ok
09:58:09.0843 4020 [ 5B21208FCF8970BB61FE98E19D828714 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:58:09.0859 4020 RemoteRegistry - ok
09:58:09.0875 4020 [ B6E686AAB08BC276D0000293F9FBA0BB ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
09:58:09.0890 4020 rimmptsk - ok
09:58:09.0890 4020 [ BCFF51E0BE86D6F0E2180E5142203527 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
09:58:09.0890 4020 rimsptsk - ok
09:58:09.0906 4020 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator C:\WINDOWS\System32\locator.exe
09:58:09.0921 4020 RpcLocator - ok
09:58:09.0937 4020 [ C72C15EE57E248C66E57C76CAB086CF2 ] RpcSs C:\WINDOWS\System32\rpcss.dll
09:58:09.0953 4020 RpcSs - ok
09:58:09.0984 4020 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\System32\rsvp.exe
09:58:10.0000 4020 RSVP - ok
09:58:10.0031 4020 [ D6E1B1BD04FAD422AF17FC4B810CB9AF ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
09:58:10.0046 4020 RTL8023xp - ok
09:58:10.0062 4020 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs C:\WINDOWS\system32\lsass.exe
09:58:10.0062 4020 SamSs - ok
09:58:10.0093 4020 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:58:10.0109 4020 SCardSvr - ok
09:58:10.0140 4020 [ 29AC93307C6182DBE336BCA314947F28 ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:58:10.0156 4020 Schedule - ok
09:58:10.0187 4020 [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:58:10.0187 4020 sdbus - ok
09:58:10.0218 4020 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:58:10.0218 4020 Secdrv - ok
09:58:10.0250 4020 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:58:10.0265 4020 seclogon - ok
09:58:10.0265 4020 [ 220AD85BA9C5B3011296354011B901CC ] SENS C:\WINDOWS\system32\sens.dll
09:58:10.0281 4020 SENS - ok
09:58:10.0312 4020 [ C1DDBC85251551A840212999DA3D95F3 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
09:58:10.0312 4020 Serial - ok
09:58:10.0328 4020 [ 1D9F1BEC651815741F088A8FB88E17EE ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
09:58:10.0328 4020 sffdisk - ok
09:58:10.0343 4020 [ 586499FD312FFD7F78553F408E71682E ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
09:58:10.0343 4020 sffp_sd - ok
09:58:10.0343 4020 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:58:10.0359 4020 Sfloppy - ok
09:58:10.0390 4020 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:58:10.0406 4020 SharedAccess - ok
09:58:10.0421 4020 [ 8BA76BD2A943F642F267A296A15776D2 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:58:10.0437 4020 ShellHWDetection - ok
09:58:10.0437 4020 Simbad - ok
09:58:10.0468 4020 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:58:10.0484 4020 SLIP - ok
09:58:10.0484 4020 Sparrow - ok
09:58:10.0515 4020 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:58:10.0515 4020 splitter - ok
09:58:10.0546 4020 [ 21B6FAA88044A41640E03EBB68BE93E8 ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:58:10.0562 4020 Spooler - ok
09:58:10.0609 4020 [ A74035EA526DB97D9D50D2143A55F5CF ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:58:10.0609 4020 sr - ok
09:58:10.0640 4020 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice C:\WINDOWS\system32\srsvc.dll
09:58:10.0671 4020 srservice - ok
09:58:10.0703 4020 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:58:10.0718 4020 Srv - ok
09:58:10.0750 4020 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:58:10.0765 4020 SSDPSRV - ok
09:58:10.0796 4020 [ 0645CCDDDD27F96EEA3534C1DEF736D9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:58:10.0828 4020 stisvc - ok
09:58:10.0875 4020 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:58:10.0875 4020 streamip - ok
09:58:10.0875 4020 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:58:10.0890 4020 swenum - ok
09:58:10.0890 4020 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:58:10.0906 4020 swmidi - ok
09:58:10.0906 4020 SwPrv - ok
09:58:10.0921 4020 symc810 - ok
09:58:10.0921 4020 symc8xx - ok
09:58:10.0921 4020 sym_hi - ok
09:58:10.0937 4020 sym_u3 - ok
09:58:10.0984 4020 [ 03DC419B94C57ADF3AB0FBF887B021F5 ] SynMini C:\WINDOWS\system32\Drivers\SynMini.sys
09:58:11.0000 4020 SynMini - ok
09:58:11.0015 4020 [ E4085705D8D7D4D1536D8EE907439A86 ] SynScan C:\WINDOWS\system32\Drivers\SynScan.sys
09:58:11.0015 4020 SynScan - ok
09:58:11.0031 4020 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:58:11.0031 4020 sysaudio - ok
09:58:11.0062 4020 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:58:11.0078 4020 SysmonLog - ok
09:58:11.0109 4020 [ 37162D29CD61519E6F5EA0DE99786FF6 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:58:11.0125 4020 TapiSrv - ok
09:58:11.0156 4020 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:58:11.0171 4020 Tcpip - ok
09:58:11.0187 4020 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:58:11.0187 4020 TDPIPE - ok
09:58:11.0203 4020 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:58:11.0203 4020 TDTCP - ok
09:58:11.0218 4020 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:58:11.0234 4020 TermDD - ok
09:58:11.0265 4020 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService C:\WINDOWS\System32\termsrv.dll
09:58:11.0281 4020 TermService - ok
09:58:11.0296 4020 [ 8BA76BD2A943F642F267A296A15776D2 ] Themes C:\WINDOWS\System32\shsvcs.dll
09:58:11.0312 4020 Themes - ok
09:58:11.0343 4020 [ 535C2FB97336BAFA509F4783DD1E5746 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
09:58:11.0359 4020 TlntSvr - ok
09:58:11.0359 4020 TosIde - ok
09:58:11.0406 4020 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:58:11.0421 4020 TrkWks - ok
09:58:11.0437 4020 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:58:11.0437 4020 Udfs - ok
09:58:11.0453 4020 ultra - ok
09:58:11.0468 4020 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:58:11.0468 4020 Update - ok
09:58:11.0500 4020 [ 984FC1518B0D5B31D76F0E63608E0500 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:58:11.0531 4020 upnphost - ok
09:58:11.0546 4020 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS C:\WINDOWS\System32\ups.exe
09:58:11.0562 4020 UPS - ok
09:58:11.0593 4020 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:58:11.0609 4020 usbehci - ok
09:58:11.0625 4020 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:58:11.0625 4020 usbhub - ok
09:58:11.0656 4020 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:58:11.0656 4020 usbstor - ok
09:58:11.0671 4020 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:58:11.0671 4020 usbuhci - ok
09:58:11.0718 4020 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:58:11.0734 4020 VgaSave - ok
09:58:11.0734 4020 ViaIde - ok
09:58:11.0750 4020 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:58:11.0765 4020 VolSnap - ok
09:58:11.0796 4020 [ 043539881667BB37B07524032D6FFC3E ] VSS C:\WINDOWS\System32\vssvc.exe
09:58:11.0828 4020 VSS - ok
09:58:11.0875 4020 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time C:\WINDOWS\system32\w32time.dll
09:58:11.0906 4020 W32Time - ok
09:58:11.0968 4020 [ C79918A5BD269035F3A34D157401B9DF ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
09:58:11.0984 4020 w39n51 - ok
09:58:12.0015 4020 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:58:12.0015 4020 Wanarp - ok
09:58:12.0031 4020 WDICA - ok
09:58:12.0031 4020 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:58:12.0046 4020 wdmaud - ok
09:58:12.0078 4020 [ 3791ADF1D3466AC6B4B662D3F79CBFEC ] WebClient C:\WINDOWS\System32\webclnt.dll
09:58:12.0093 4020 WebClient - ok
09:58:12.0140 4020 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:58:12.0140 4020 winmgmt - ok
09:58:12.0171 4020 [ E02E913B3841717A890A644EE167B9A5 ] WmdmPmSN C:\WINDOWS\System32\mspmsnsv.dll
09:58:12.0187 4020 WmdmPmSN - ok
09:58:12.0234 4020 [ 0CDC4A0C6B820FAD99FB4CA74CD0C476 ] Wmi C:\WINDOWS\System32\advapi32.dll
09:58:12.0250 4020 Wmi - ok
09:58:12.0281 4020 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
09:58:12.0281 4020 WmiApSrv - ok
09:58:12.0296 4020 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:58:12.0312 4020 WS2IFSL - ok
09:58:12.0328 4020 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:58:12.0359 4020 wscsvc - ok
09:58:12.0359 4020 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:58:12.0375 4020 WSTCODEC - ok
09:58:12.0390 4020 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:58:12.0406 4020 wuauserv - ok
09:58:12.0437 4020 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:58:12.0468 4020 WZCSVC - ok
09:58:12.0500 4020 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:58:12.0531 4020 xmlprov - ok
09:58:12.0546 4020 ================ Scan global ===============================
09:58:12.0562 4020 [ F642F3368D2839798DA79E7BA9218481 ] C:\WINDOWS\system32\basesrv.dll
09:58:12.0578 4020 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
09:58:12.0609 4020 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
09:58:12.0640 4020 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] C:\WINDOWS\system32\services.exe
09:58:12.0656 4020 [Global] - ok
09:58:12.0656 4020 ================ Scan MBR ==================================
09:58:12.0671 4020 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
09:58:13.0921 4020 \Device\Harddisk0\DR0 - ok
09:58:13.0921 4020 ================ Scan VBR ==================================
09:58:13.0937 4020 [ 4AED4A352654D7268BF5EC2C07A10920 ] \Device\Harddisk0\DR0\Partition1
09:58:13.0937 4020 \Device\Harddisk0\DR0\Partition1 - ok
09:58:13.0953 4020 [ 03535F05B1FC39B0CB98C3F127A3F233 ] \Device\Harddisk0\DR0\Partition2
09:58:13.0953 4020 \Device\Harddisk0\DR0\Partition2 - ok
09:58:13.0984 4020 [ E1580D50131C232134B78BDD141F16AD ] \Device\Harddisk0\DR0\Partition3
09:58:13.0984 4020 \Device\Harddisk0\DR0\Partition3 - ok
09:58:14.0000 4020 [ 44E041F93E363A2D6E292484A671C0F8 ] \Device\Harddisk0\DR0\Partition4
09:58:14.0000 4020 \Device\Harddisk0\DR0\Partition4 - ok
09:58:14.0000 4020 ============================================================
09:58:14.0000 4020 Scan finished
09:58:14.0000 4020 ============================================================
09:58:14.0015 2888 Detected object count: 0
09:58:14.0015 2888 Actual detected object count: 0

Re: Samovolně se měnící čas v biosu

Napsal: 16 říj 2012 21:34
od Rudy
I toto je OK. Rootkit v PC není. Bude třeba změřit napětí té baterie voltmetrem. Proti kostře (při vypnutém PC) byste měl naměřit 3V +/- 10%. Pokud by tam bylo méně, baterii vyměňte. Už opravdu nevím, kde by problém mohl být. Systém přeinstalován, zkontrolován na všechny možné šmejdy, reflashován bios a přesto se čas mění.
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz