Nejde vytvořit log

Zpráva

Figa · #1 Příspěvek od **Figa** » 24 dub 2012 14:04

Ahoj mám podobný problém jako zde http://forum.viry.cz/viewtopic.php?f=13&t=113407 Nejdou instalovat aplikace ani spouštět některé programy. Jak mám postupovat děkuji.

#2 Příspěvek od **vyosek** » 24 dub 2012 14:08

Zdravim

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

Aplikujte exeHelper by Raktor

Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Pak zkuste udelat log z RSIT

Figa · #3 Příspěvek od **Figa** » 24 dub 2012 14:16

Také nelze všechny verze RKill hlásí Win32. A .PIF nejde stáhnout.

#4 Příspěvek od **vyosek** » 24 dub 2012 14:32

Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) a zkuste RKill a pripadne exeHelper tam

Figa · #5 Příspěvek od **Figa** » 24 dub 2012 14:49

Tak tam to šlo, ale po nabootování do normálního režimu rsit stejně nespustím.

#6 Příspěvek od **vyosek** » 24 dub 2012 14:52

Takze sup do nouzaku a zatim pracujte tam

Aplikovat RKill

Zkusit udelat log z RSIT

Figa · #7 Příspěvek od **Figa** » 24 dub 2012 15:07

Logfile of random's system information tool 1.09 (written by random/random)
Run by Toth at 2012-04-24 16:04:52
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 39 GB (41%) free of 96 GB
Total RAM: 2038 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:05:34, on 24.4.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.exe
C:\Users\Toth\Desktop\RSIT.exe
C:\Program Files\trend micro\Toth.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: rpcnetp - Unknown owner - C:\Windows\System32\rpcnetp.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4111 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Toth\AppData\Roaming\Mozilla\Firefox\Profiles\5lu5fwik.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.102, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
NPOFF12.DLL

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Toth\AppData\Roaming\Mozilla\Firefox\Profiles\5lu5fwik.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-25 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-25 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-25 129560]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-12-15 184320]
"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-10-25 413696]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NoIE4StubProcessing"=C:\Windows\system32\reg.exe [2009-04-11 61952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2007-12-29 430080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-09-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-04-24 16:04:53 ----D---- C:\Program Files\trend micro
2012-04-24 16:04:52 ----D---- C:\rsit
2012-04-24 15:59:52 ----A---- C:\Windows\system32\rpcnetp.dll
2012-04-24 15:53:05 ----A---- C:\Windows\system32\rpcnetp.exe
2012-04-22 08:58:23 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-22 08:58:22 ----A---- C:\Windows\system32\jscript9.dll
2012-04-22 08:58:22 ----A---- C:\Windows\system32\jscript.dll
2012-04-22 08:58:22 ----A---- C:\Windows\system32\iertutil.dll
2012-04-22 08:58:21 ----A---- C:\Windows\system32\wininet.dll
2012-04-22 08:58:20 ----A---- C:\Windows\system32\url.dll
2012-04-22 08:58:20 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-22 08:58:20 ----A---- C:\Windows\system32\ieui.dll
2012-04-22 08:58:19 ----A---- C:\Windows\system32\urlmon.dll
2012-04-22 08:58:18 ----A---- C:\Windows\system32\ieframe.dll
2012-04-22 08:58:16 ----A---- C:\Windows\system32\mshtml.dll
2012-04-22 08:57:38 ----A---- C:\Windows\system32\wmi.dll
2012-04-22 08:57:38 ----A---- C:\Windows\system32\wintrust.dll
2012-04-22 08:57:38 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-22 08:57:38 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-22 08:56:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-04-22 08:56:28 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-04-19 17:13:42 ----A---- C:\Windows\system32\win32k.sys
2012-04-19 17:13:37 ----A---- C:\Windows\system32\iphlpsvc.dll
2012-04-19 17:13:37 ----A---- C:\Windows\system32\drivers\tunnel.sys
2012-04-19 17:13:33 ----A---- C:\Windows\system32\DWrite.dll
2012-04-19 17:13:32 ----A---- C:\Windows\system32\d3d10warp.dll
2012-04-19 17:13:32 ----A---- C:\Windows\system32\d3d10_1core.dll
2012-04-19 17:13:32 ----A---- C:\Windows\system32\d3d10_1.dll
2012-04-19 17:13:32 ----A---- C:\Windows\system32\d2d1.dll
2012-04-19 17:11:21 ----A---- C:\Windows\system32\rdpencom.dll
2012-04-19 17:11:20 ----A---- C:\Windows\system32\drivers\rdpwd.sys

======List of files/folders modified in the last 1 month======

2012-04-24 16:04:53 ----RD---- C:\Program Files
2012-04-24 16:02:47 ----A---- C:\Windows\ntbtlog.txt
2012-04-24 16:01:20 ----D---- C:\Windows\Temp
2012-04-24 15:59:52 ----D---- C:\Windows\System32
2012-04-24 15:57:54 ----D---- C:\Windows\inf
2012-04-24 15:57:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-24 15:46:29 ----A---- C:\Windows\system32\agremove.exe
2012-04-24 15:36:32 ----RSD---- C:\Windows\assembly
2012-04-24 15:36:32 ----D---- C:\Windows\Microsoft.NET
2012-04-24 14:52:39 ----SHD---- C:\Windows\Installer
2012-04-24 14:45:48 ----D---- C:\Windows\winsxs
2012-04-24 14:45:40 ----SHD---- C:\System Volume Information
2012-04-24 14:45:04 ----D---- C:\Windows\Prefetch
2012-04-24 14:44:56 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-04-24 14:43:38 ----D---- C:\Windows\system32\catroot
2012-04-24 14:42:31 ----D---- C:\Windows\system32\Tasks
2012-04-22 09:14:25 ----D---- C:\Windows\system32\migration
2012-04-22 09:14:24 ----D---- C:\Windows\system32\drivers
2012-04-22 09:14:24 ----D---- C:\Program Files\Windows Mail
2012-04-22 09:14:24 ----D---- C:\Program Files\Internet Explorer
2012-04-22 08:58:39 ----D---- C:\Windows\system32\catroot2
2012-04-22 08:58:07 ----D---- C:\ProgramData\Microsoft Help
2012-03-29 03:02:04 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-11-27 164400]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728]
R3 QIOMem;Generic IO & Memory Access; C:\Windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]
S1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-08-07 8704]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-10-28 188416]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-08-02 985600]
S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-08-02 208896]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 1925632]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
S3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-08-02 660480]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 rpcnetp;rpcnetp; C:\Windows\System32\rpcnetp.exe [2012-04-24 17408]
S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-08-07 386560]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

#8 Příspěvek od **vyosek** » 24 dub 2012 15:15

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Figa · #9 Příspěvek od **Figa** » 24 dub 2012 16:20

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v: Nouzový režim s prací v síti
Uživatel: Toth [Práva správce]
Mód: Kontrola -- Datum: 04/24/2012 17:16:38

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NENAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost
::1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2046GSX ATA Device +++++
--- User ---
[MBR] b7d5d989bc1132fd9b3a4c77402df8da
[BSP] 2d7271ed27c65c029354acef9fddd1fc : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 96137 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 199962624 | Size: 93144 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

17:17:19.0105 1844 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
17:17:19.0355 1844 ============================================================
17:17:19.0355 1844 Current date / time: 2012/04/24 17:17:19.0355
17:17:19.0355 1844 SystemInfo:
17:17:19.0355 1844
17:17:19.0355 1844 OS Version: 6.0.6002 ServicePack: 2.0
17:17:19.0355 1844 Product type: Workstation
17:17:19.0355 1844 ComputerName: TOTH-PC
17:17:19.0355 1844 UserName: Toth
17:17:19.0355 1844 Windows directory: C:\Windows
17:17:19.0355 1844 System windows directory: C:\Windows
17:17:19.0355 1844 Processor architecture: Intel x86
17:17:19.0355 1844 Number of processors: 2
17:17:19.0355 1844 Page size: 0x1000
17:17:19.0355 1844 Boot type: Safe boot with network
17:17:19.0355 1844 ============================================================
17:17:20.0400 1844 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:17:20.0400 1844 ============================================================
17:17:20.0400 1844 \Device\Harddisk0\DR0:
17:17:20.0400 1844 MBR partitions:
17:17:20.0400 1844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xBBC4800
17:17:20.0400 1844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xBEB3000, BlocksNum 0xB5EC000
17:17:20.0400 1844 ============================================================
17:17:20.0431 1844 C: <-> \Device\Harddisk0\DR0\Partition0
17:17:20.0478 1844 D: <-> \Device\Harddisk0\DR0\Partition1
17:17:20.0478 1844 ============================================================
17:17:20.0478 1844 Initialize success
17:17:20.0478 1844 ============================================================
17:17:52.0489 1912 ============================================================
17:17:52.0489 1912 Scan started
17:17:52.0489 1912 Mode: Manual; SigCheck; TDLFS;
17:17:52.0489 1912 ============================================================
17:17:52.0926 1912 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:17:53.0020 1912 ACPI - ok
17:17:53.0066 1912 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:17:53.0098 1912 adp94xx - ok
17:17:53.0144 1912 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:17:53.0160 1912 adpahci - ok
17:17:53.0191 1912 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:17:53.0191 1912 adpu160m - ok
17:17:53.0222 1912 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:17:53.0238 1912 adpu320 - ok
17:17:53.0285 1912 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:17:53.0378 1912 AeLookupSvc - ok
17:17:53.0456 1912 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:17:53.0503 1912 AFD - ok
17:17:53.0566 1912 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:17:53.0566 1912 agp440 - ok
17:17:53.0597 1912 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:17:53.0612 1912 aic78xx - ok
17:17:53.0628 1912 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:17:53.0737 1912 ALG - ok
17:17:53.0768 1912 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:17:53.0784 1912 aliide - ok
17:17:53.0800 1912 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:17:53.0815 1912 amdagp - ok
17:17:53.0846 1912 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:17:53.0846 1912 amdide - ok
17:17:53.0862 1912 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:17:53.0924 1912 AmdK7 - ok
17:17:53.0940 1912 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:17:53.0971 1912 AmdK8 - ok
17:17:54.0049 1912 ApfiltrService (45f47f79ad3f587a334345fd2969354b) C:\Windows\system32\DRIVERS\Apfiltr.sys
17:17:54.0080 1912 ApfiltrService - ok
17:17:54.0127 1912 Appinfo (b46cbf10f4cca23026d77c72c17a6f7f) C:\Windows\System32\appinfo.dll
17:17:54.0252 1912 Appinfo ( UnsignedFile.Multi.Generic ) - warning
17:17:54.0252 1912 Appinfo - detected UnsignedFile.Multi.Generic (1)
17:17:54.0314 1912 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:17:54.0330 1912 arc - ok
17:17:54.0361 1912 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:17:54.0377 1912 arcsas - ok
17:17:54.0408 1912 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:17:54.0455 1912 AsyncMac - ok
17:17:54.0470 1912 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:17:54.0486 1912 atapi - ok
17:17:54.0548 1912 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:17:54.0595 1912 AudioEndpointBuilder - ok
17:17:54.0595 1912 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:17:54.0626 1912 Audiosrv - ok
17:17:54.0673 1912 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:17:54.0720 1912 Beep - ok
17:17:54.0782 1912 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
17:17:54.0892 1912 BFE - ok
17:17:55.0016 1912 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
17:17:55.0094 1912 BITS - ok
17:17:55.0157 1912 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:17:55.0188 1912 blbdrive - ok
17:17:55.0250 1912 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:17:55.0297 1912 bowser - ok
17:17:55.0328 1912 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:17:55.0360 1912 BrFiltLo - ok
17:17:55.0360 1912 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:17:55.0391 1912 BrFiltUp - ok
17:17:55.0422 1912 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:17:55.0500 1912 Browser - ok
17:17:55.0562 1912 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:17:55.0734 1912 Brserid - ok
17:17:55.0781 1912 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:17:55.0828 1912 BrSerWdm - ok
17:17:55.0859 1912 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:17:55.0921 1912 BrUsbMdm - ok
17:17:55.0937 1912 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:17:55.0984 1912 BrUsbSer - ok
17:17:56.0030 1912 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
17:17:56.0093 1912 BthEnum - ok
17:17:56.0140 1912 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:17:56.0186 1912 BTHMODEM - ok
17:17:56.0264 1912 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
17:17:56.0296 1912 BthPan - ok
17:17:56.0389 1912 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
17:17:56.0483 1912 BTHPORT - ok
17:17:56.0561 1912 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
17:17:56.0576 1912 BthServ - ok
17:17:56.0592 1912 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
17:17:56.0623 1912 BTHUSB - ok
17:17:56.0654 1912 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:17:56.0686 1912 cdfs - ok
17:17:56.0732 1912 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:17:56.0779 1912 cdrom - ok
17:17:56.0810 1912 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:17:56.0873 1912 CertPropSvc - ok
17:17:56.0888 1912 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:17:56.0935 1912 circlass - ok
17:17:56.0982 1912 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:17:56.0998 1912 CLFS - ok
17:17:57.0107 1912 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:17:57.0122 1912 clr_optimization_v2.0.50727_32 - ok
17:17:57.0232 1912 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:17:57.0294 1912 clr_optimization_v4.0.30319_32 - ok
17:17:57.0325 1912 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:17:57.0372 1912 CmBatt - ok
17:17:57.0403 1912 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:17:57.0403 1912 cmdide - ok
17:17:57.0481 1912 CnxtHdAudService (ebbe1ab313569d2e853ed891859be96d) C:\Windows\system32\drivers\CHDRT32.sys
17:17:57.0528 1912 CnxtHdAudService - ok
17:17:57.0559 1912 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:17:57.0575 1912 Compbatt - ok
17:17:57.0575 1912 COMSysApp - ok
17:17:57.0590 1912 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:17:57.0590 1912 crcdisk - ok
17:17:57.0606 1912 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:17:57.0653 1912 Crusoe - ok
17:17:57.0700 1912 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
17:17:57.0731 1912 CryptSvc - ok
17:17:57.0809 1912 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:17:57.0856 1912 DcomLaunch - ok
17:17:57.0902 1912 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:17:57.0934 1912 DfsC - ok
17:17:58.0121 1912 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
17:17:58.0308 1912 DFSR - ok
17:17:58.0573 1912 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
17:17:58.0604 1912 Dhcp - ok
17:17:58.0667 1912 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:17:58.0667 1912 disk - ok
17:17:58.0729 1912 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
17:17:58.0776 1912 Dnscache - ok
17:17:58.0807 1912 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
17:17:58.0854 1912 dot3svc - ok
17:17:58.0901 1912 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:17:58.0948 1912 DPS - ok
17:17:59.0010 1912 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:17:59.0041 1912 drmkaud - ok
17:17:59.0119 1912 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:17:59.0166 1912 DXGKrnl - ok
17:17:59.0228 1912 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:17:59.0275 1912 E1G60 - ok
17:17:59.0338 1912 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:17:59.0369 1912 EapHost - ok
17:17:59.0431 1912 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:17:59.0447 1912 Ecache - ok
17:17:59.0540 1912 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:17:59.0556 1912 ehRecvr - ok
17:17:59.0572 1912 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:17:59.0618 1912 ehSched - ok
17:17:59.0634 1912 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:17:59.0650 1912 ehstart - ok
17:17:59.0743 1912 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:17:59.0759 1912 elxstor - ok
17:17:59.0837 1912 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
17:17:59.0930 1912 EMDMgmt - ok
17:17:59.0993 1912 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:18:00.0040 1912 ErrDev - ok
17:18:00.0086 1912 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
17:18:00.0133 1912 EventSystem - ok
17:18:00.0196 1912 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:18:00.0242 1912 exfat - ok
17:18:00.0289 1912 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:18:00.0305 1912 fastfat - ok
17:18:00.0352 1912 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:18:00.0383 1912 fdc - ok
17:18:00.0430 1912 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:18:00.0461 1912 fdPHost - ok
17:18:00.0461 1912 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:18:00.0508 1912 FDResPub - ok
17:18:00.0539 1912 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:18:00.0554 1912 FileInfo - ok
17:18:00.0570 1912 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:18:00.0617 1912 Filetrace - ok
17:18:00.0648 1912 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:18:00.0695 1912 flpydisk - ok
17:18:00.0726 1912 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:18:00.0742 1912 FltMgr - ok
17:18:00.0851 1912 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
17:18:00.0929 1912 FontCache - ok
17:18:01.0007 1912 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:18:01.0022 1912 FontCache3.0.0.0 - ok
17:18:01.0054 1912 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
17:18:01.0116 1912 Fs_Rec - ok
17:18:01.0163 1912 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:18:01.0178 1912 gagp30kx - ok
17:18:01.0256 1912 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
17:18:01.0303 1912 gpsvc - ok
17:18:01.0350 1912 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:18:01.0412 1912 HdAudAddService - ok
17:18:01.0490 1912 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:18:01.0553 1912 HDAudBus - ok
17:18:01.0615 1912 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:18:01.0678 1912 HidBth - ok
17:18:01.0709 1912 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:18:01.0756 1912 HidIr - ok
17:18:01.0787 1912 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
17:18:01.0818 1912 hidserv - ok
17:18:01.0834 1912 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:18:01.0880 1912 HidUsb - ok
17:18:01.0912 1912 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:18:01.0958 1912 hkmsvc - ok
17:18:01.0974 1912 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:18:01.0990 1912 HpCISSs - ok
17:18:02.0130 1912 HSF_DPV (ee4b433cf5b77ca55d2b7f6111c23c8b) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:18:02.0239 1912 HSF_DPV - ok
17:18:02.0286 1912 HSXHWAZL (155c5a5e499ef780286b0731b5b72dbf) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:18:02.0348 1912 HSXHWAZL - ok
17:18:02.0395 1912 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:18:02.0442 1912 HTTP - ok
17:18:02.0473 1912 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:18:02.0489 1912 i2omp - ok
17:18:02.0536 1912 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:18:02.0567 1912 i8042prt - ok
17:18:02.0629 1912 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:18:02.0645 1912 iaStorV - ok
17:18:02.0738 1912 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:18:02.0754 1912 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:18:02.0754 1912 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:18:02.0894 1912 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:18:02.0988 1912 idsvc - ok
17:18:03.0206 1912 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:18:03.0456 1912 igfx - ok
17:18:03.0674 1912 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:18:03.0690 1912 iirsp - ok
17:18:03.0752 1912 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
17:18:03.0784 1912 IKEEXT - ok
17:18:03.0815 1912 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:18:03.0830 1912 intelide - ok
17:18:03.0862 1912 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:18:03.0893 1912 intelppm - ok
17:18:03.0940 1912 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:18:03.0971 1912 IPBusEnum - ok
17:18:04.0002 1912 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:18:04.0033 1912 IpFilterDriver - ok
17:18:04.0096 1912 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
17:18:04.0127 1912 iphlpsvc - ok
17:18:04.0142 1912 IpInIp - ok
17:18:04.0174 1912 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:18:04.0205 1912 IPMIDRV - ok
17:18:04.0220 1912 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:18:04.0267 1912 IPNAT - ok
17:18:04.0283 1912 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:18:04.0314 1912 IRENUM - ok
17:18:04.0330 1912 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:18:04.0345 1912 isapnp - ok
17:18:04.0392 1912 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:18:04.0408 1912 iScsiPrt - ok
17:18:04.0439 1912 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:18:04.0439 1912 iteatapi - ok
17:18:04.0501 1912 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:18:04.0517 1912 iteraid - ok
17:18:04.0532 1912 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:18:04.0548 1912 kbdclass - ok
17:18:04.0564 1912 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
17:18:04.0595 1912 kbdhid - ok
17:18:04.0626 1912 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:18:04.0657 1912 KeyIso - ok
17:18:04.0704 1912 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:18:04.0720 1912 KSecDD - ok
17:18:04.0798 1912 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:18:04.0876 1912 KtmRm - ok
17:18:04.0938 1912 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
17:18:04.0954 1912 LanmanServer - ok
17:18:05.0016 1912 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
17:18:05.0047 1912 LanmanWorkstation - ok
17:18:05.0094 1912 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:18:05.0110 1912 lltdio - ok
17:18:05.0156 1912 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:18:05.0219 1912 lltdsvc - ok
17:18:05.0234 1912 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:18:05.0281 1912 lmhosts - ok
17:18:05.0297 1912 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:18:05.0312 1912 LSI_FC - ok
17:18:05.0344 1912 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:18:05.0359 1912 LSI_SAS - ok
17:18:05.0390 1912 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:18:05.0390 1912 LSI_SCSI - ok
17:18:05.0422 1912 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:18:05.0468 1912 luafv - ok
17:18:05.0500 1912 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
17:18:05.0531 1912 Mcx2Svc - ok
17:18:05.0562 1912 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:18:05.0593 1912 mdmxsdk - ok
17:18:05.0624 1912 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:18:05.0640 1912 megasas - ok
17:18:05.0687 1912 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:18:05.0734 1912 MegaSR - ok
17:18:05.0843 1912 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:18:05.0858 1912 Microsoft Office Groove Audit Service - ok
17:18:05.0890 1912 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:18:05.0936 1912 MMCSS - ok
17:18:05.0952 1912 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:18:05.0999 1912 Modem - ok
17:18:06.0046 1912 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:18:06.0077 1912 monitor - ok
17:18:06.0092 1912 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:18:06.0108 1912 mouclass - ok
17:18:06.0124 1912 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:18:06.0170 1912 mouhid - ok
17:18:06.0202 1912 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:18:06.0202 1912 MountMgr - ok
17:18:06.0248 1912 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
17:18:06.0264 1912 MpFilter - ok
17:18:06.0295 1912 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:18:06.0311 1912 mpio - ok
17:18:06.0326 1912 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
17:18:06.0342 1912 MpNWMon - ok
17:18:06.0358 1912 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:18:06.0389 1912 mpsdrv - ok
17:18:06.0451 1912 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
17:18:06.0514 1912 MpsSvc - ok
17:18:06.0545 1912 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:18:06.0560 1912 Mraid35x - ok
17:18:06.0592 1912 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:18:06.0607 1912 MRxDAV - ok
17:18:06.0638 1912 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:18:06.0670 1912 mrxsmb - ok
17:18:06.0716 1912 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:18:06.0748 1912 mrxsmb10 - ok
17:18:06.0779 1912 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:18:06.0794 1912 mrxsmb20 - ok
17:18:06.0841 1912 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
17:18:06.0841 1912 msahci - ok
17:18:06.0888 1912 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:18:06.0904 1912 msdsm - ok
17:18:06.0935 1912 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:18:06.0982 1912 MSDTC - ok
17:18:07.0013 1912 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:18:07.0060 1912 Msfs - ok
17:18:07.0075 1912 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:18:07.0075 1912 msisadrv - ok
17:18:07.0122 1912 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:18:07.0169 1912 MSiSCSI - ok
17:18:07.0169 1912 msiserver - ok
17:18:07.0216 1912 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:18:07.0247 1912 MSKSSRV - ok
17:18:07.0340 1912 MsMpSvc (578c809bf745608646ea338a9ac48158) C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
17:18:07.0356 1912 MsMpSvc - ok
17:18:07.0356 1912 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:18:07.0387 1912 MSPCLOCK - ok
17:18:07.0434 1912 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:18:07.0465 1912 MSPQM - ok
17:18:07.0512 1912 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:18:07.0512 1912 MsRPC - ok
17:18:07.0559 1912 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:18:07.0559 1912 mssmbios - ok
17:18:07.0574 1912 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:18:07.0621 1912 MSTEE - ok
17:18:07.0637 1912 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:18:07.0652 1912 Mup - ok
17:18:07.0699 1912 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
17:18:07.0746 1912 napagent - ok
17:18:07.0808 1912 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:18:07.0840 1912 NativeWifiP - ok
17:18:07.0933 1912 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:18:07.0949 1912 NDIS - ok
17:18:07.0980 1912 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:18:08.0027 1912 NdisTapi - ok
17:18:08.0042 1912 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:18:08.0074 1912 Ndisuio - ok
17:18:08.0120 1912 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:18:08.0136 1912 NdisWan - ok
17:18:08.0152 1912 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:18:08.0183 1912 NDProxy - ok
17:18:08.0198 1912 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:18:08.0214 1912 NetBIOS - ok
17:18:08.0261 1912 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:18:08.0308 1912 netbt - ok
17:18:08.0339 1912 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:18:08.0354 1912 Netlogon - ok
17:18:08.0401 1912 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:18:08.0448 1912 Netman - ok
17:18:08.0495 1912 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:18:08.0557 1912 netprofm - ok
17:18:08.0620 1912 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:18:08.0635 1912 NetTcpPortSharing - ok
17:18:08.0869 1912 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
17:18:08.0963 1912 NETw3v32 - ok
17:18:09.0431 1912 NETw5v32 (f0c42e0cdce558d658fa53a222b4ccb1) C:\Windows\system32\DRIVERS\NETw5v32.sys
17:18:09.0790 1912 NETw5v32 - ok
17:18:09.0930 1912 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:18:09.0946 1912 nfrd960 - ok
17:18:09.0992 1912 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:18:10.0039 1912 NlaSvc - ok
17:18:10.0070 1912 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:18:10.0102 1912 Npfs - ok
17:18:10.0133 1912 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:18:10.0164 1912 nsi - ok
17:18:10.0195 1912 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:18:10.0226 1912 nsiproxy - ok
17:18:10.0351 1912 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:18:10.0445 1912 Ntfs - ok
17:18:10.0476 1912 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:18:10.0523 1912 ntrigdigi - ok
17:18:10.0538 1912 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:18:10.0570 1912 Null - ok
17:18:10.0601 1912 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:18:10.0616 1912 nvraid - ok
17:18:10.0632 1912 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:18:10.0648 1912 nvstor - ok
17:18:10.0663 1912 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:18:10.0679 1912 nv_agp - ok
17:18:10.0679 1912 NwlnkFlt - ok
17:18:10.0694 1912 NwlnkFwd - ok
17:18:10.0726 1912 O2MDRDR (634ff60f418792906887b3d6ceecb431) C:\Windows\system32\DRIVERS\o2media.sys
17:18:10.0741 1912 O2MDRDR - ok
17:18:10.0866 1912 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:18:10.0882 1912 odserv - ok
17:18:10.0928 1912 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:18:10.0975 1912 ohci1394 - ok
17:18:11.0006 1912 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:18:11.0022 1912 ose - ok
17:18:11.0116 1912 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:18:11.0178 1912 p2pimsvc - ok
17:18:11.0194 1912 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:18:11.0240 1912 p2psvc - ok
17:18:11.0303 1912 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:18:11.0334 1912 Parport - ok
17:18:11.0381 1912 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:18:11.0396 1912 partmgr - ok
17:18:11.0412 1912 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:18:11.0459 1912 Parvdm - ok
17:18:11.0506 1912 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:18:11.0537 1912 PcaSvc - ok
17:18:11.0584 1912 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:18:11.0599 1912 pci - ok
17:18:11.0630 1912 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
17:18:11.0646 1912 pciide - ok
17:18:11.0677 1912 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:18:11.0693 1912 pcmcia - ok
17:18:11.0786 1912 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:18:11.0849 1912 PEAUTH - ok
17:18:12.0005 1912 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:18:12.0098 1912 pla - ok
17:18:12.0286 1912 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
17:18:12.0317 1912 PlugPlay - ok
17:18:12.0395 1912 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:18:12.0457 1912 PNRPAutoReg - ok
17:18:12.0473 1912 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:18:12.0520 1912 PNRPsvc - ok
17:18:12.0629 1912 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
17:18:12.0691 1912 PolicyAgent - ok
17:18:12.0785 1912 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:18:12.0832 1912 PptpMiniport - ok
17:18:12.0847 1912 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:18:12.0863 1912 Processor - ok
17:18:12.0910 1912 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
17:18:12.0941 1912 ProfSvc - ok
17:18:12.0956 1912 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:18:12.0972 1912 ProtectedStorage - ok
17:18:13.0019 1912 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:18:13.0050 1912 PSched - ok
17:18:13.0081 1912 QIOMem (674eba70a52c02696e503b0a57ae6372) C:\Windows\system32\DRIVERS\QIOMem.sys
17:18:13.0128 1912 QIOMem - ok
17:18:13.0268 1912 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:18:13.0378 1912 ql2300 - ok
17:18:13.0424 1912 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:18:13.0440 1912 ql40xx - ok
17:18:13.0518 1912 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:18:13.0565 1912 QWAVE - ok
17:18:13.0580 1912 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:18:13.0612 1912 QWAVEdrv - ok
17:18:13.0643 1912 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:18:13.0658 1912 RasAcd - ok
17:18:13.0690 1912 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:18:13.0736 1912 RasAuto - ok
17:18:13.0768 1912 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:18:13.0799 1912 Rasl2tp - ok
17:18:13.0846 1912 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
17:18:13.0892 1912 RasMan - ok
17:18:13.0924 1912 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:18:13.0955 1912 RasPppoe - ok
17:18:14.0002 1912 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:18:14.0033 1912 RasSstp - ok
17:18:14.0080 1912 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:18:14.0111 1912 rdbss - ok
17:18:14.0126 1912 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:18:14.0173 1912 RDPCDD - ok
17:18:14.0204 1912 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:18:14.0236 1912 rdpdr - ok
17:18:14.0236 1912 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:18:14.0282 1912 RDPENCDD - ok
17:18:14.0314 1912 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
17:18:14.0329 1912 RDPWD - ok
17:18:14.0376 1912 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:18:14.0407 1912 RemoteAccess - ok
17:18:14.0438 1912 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
17:18:14.0470 1912 RemoteRegistry - ok
17:18:14.0516 1912 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
17:18:14.0548 1912 RFCOMM - ok
17:18:14.0563 1912 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:18:14.0579 1912 RpcLocator - ok
17:18:14.0641 1912 rpcnetp (2d762ac60763e732ebd667179aa19577) C:\Windows\System32\rpcnetp.exe
17:18:14.0657 1912 rpcnetp ( UnsignedFile.Multi.Generic ) - warning
17:18:14.0657 1912 rpcnetp - detected UnsignedFile.Multi.Generic (1)
17:18:14.0735 1912 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:18:14.0766 1912 RpcSs - ok
17:18:14.0797 1912 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:18:14.0828 1912 rspndr - ok
17:18:14.0860 1912 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:18:14.0875 1912 SamSs - ok
17:18:14.0891 1912 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:18:14.0906 1912 sbp2port - ok
17:18:14.0953 1912 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
17:18:14.0969 1912 SCardSvr - ok
17:18:15.0047 1912 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
17:18:15.0109 1912 Schedule - ok
17:18:15.0140 1912 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:18:15.0156 1912 SCPolicySvc - ok
17:18:15.0203 1912 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
17:18:15.0234 1912 sdbus - ok
17:18:15.0265 1912 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:18:15.0296 1912 SDRSVC - ok
17:18:15.0328 1912 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:18:15.0390 1912 secdrv - ok
17:18:15.0406 1912 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:18:15.0452 1912 seclogon - ok
17:18:15.0468 1912 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
17:18:15.0515 1912 SENS - ok
17:18:15.0546 1912 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:18:15.0593 1912 Serenum - ok
17:18:15.0624 1912 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:18:15.0671 1912 Serial - ok
17:18:15.0702 1912 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:18:15.0718 1912 sermouse - ok
17:18:15.0764 1912 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:18:15.0796 1912 SessionEnv - ok
17:18:15.0827 1912 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
17:18:15.0842 1912 sffdisk - ok
17:18:15.0858 1912 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:18:15.0905 1912 sffp_mmc - ok
17:18:15.0952 1912 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:18:15.0983 1912 sffp_sd - ok
17:18:16.0014 1912 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:18:16.0076 1912 sfloppy - ok
17:18:16.0139 1912 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:18:16.0170 1912 SharedAccess - ok
17:18:16.0232 1912 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
17:18:16.0264 1912 ShellHWDetection - ok
17:18:16.0295 1912 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:18:16.0310 1912 sisagp - ok
17:18:16.0326 1912 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:18:16.0342 1912 SiSRaid2 - ok
17:18:16.0357 1912 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:18:16.0373 1912 SiSRaid4 - ok
17:18:16.0654 1912 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
17:18:16.0778 1912 slsvc - ok
17:18:16.0950 1912 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
17:18:16.0981 1912 SLUINotify - ok
17:18:17.0044 1912 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:18:17.0075 1912 Smb - ok
17:18:17.0106 1912 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:18:17.0122 1912 SNMPTRAP - ok
17:18:17.0153 1912 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:18:17.0168 1912 spldr - ok
17:18:17.0215 1912 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
17:18:17.0246 1912 Spooler - ok
17:18:17.0293 1912 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:18:17.0340 1912 srv - ok
17:18:17.0387 1912 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:18:17.0434 1912 srv2 - ok
17:18:17.0449 1912 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:18:17.0465 1912 srvnet - ok
17:18:17.0496 1912 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:18:17.0543 1912 SSDPSRV - ok
17:18:17.0590 1912 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:18:17.0605 1912 SstpSvc - ok
17:18:17.0668 1912 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
17:18:17.0714 1912 stisvc - ok
17:18:17.0761 1912 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:18:17.0777 1912 swenum - ok
17:18:17.0824 1912 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
17:18:17.0870 1912 swprv - ok
17:18:17.0886 1912 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:18:17.0886 1912 Symc8xx - ok
17:18:17.0917 1912 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:18:17.0917 1912 Sym_hi - ok
17:18:17.0933 1912 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:18:17.0948 1912 Sym_u3 - ok
17:18:18.0011 1912 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
17:18:18.0073 1912 SysMain - ok
17:18:18.0120 1912 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:18:18.0136 1912 TabletInputService - ok
17:18:18.0182 1912 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
17:18:18.0229 1912 TapiSrv - ok
17:18:18.0260 1912 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:18:18.0276 1912 TBS - ok
17:18:18.0385 1912 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:18:18.0479 1912 Tcpip - ok
17:18:18.0494 1912 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:18:18.0604 1912 Tcpip6 - ok
17:18:18.0650 1912 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:18:18.0666 1912 tcpipreg - ok
17:18:18.0744 1912 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:18:18.0775 1912 TDPIPE - ok
17:18:18.0791 1912 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:18:18.0822 1912 TDTCP - ok
17:18:18.0853 1912 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:18:18.0900 1912 tdx - ok
17:18:18.0931 1912 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:18:18.0947 1912 TermDD - ok
17:18:19.0009 1912 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
17:18:19.0072 1912 TermService - ok
17:18:19.0134 1912 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
17:18:19.0150 1912 Themes - ok
17:18:19.0181 1912 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:18:19.0212 1912 THREADORDER - ok
17:18:19.0274 1912 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
17:18:19.0290 1912 tosrfec - ok
17:18:19.0321 1912 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:18:19.0352 1912 TrkWks - ok
17:18:19.0430 1912 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
17:18:19.0446 1912 TrustedInstaller - ok
17:18:19.0477 1912 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:18:19.0508 1912 tssecsrv - ok
17:18:19.0540 1912 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:18:19.0571 1912 tunmp - ok
17:18:19.0602 1912 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:18:19.0633 1912 tunnel - ok
17:18:19.0649 1912 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
17:18:19.0664 1912 TVALZ - ok
17:18:19.0696 1912 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:18:19.0711 1912 uagp35 - ok
17:18:19.0758 1912 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:18:19.0774 1912 udfs - ok
17:18:19.0820 1912 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:18:19.0836 1912 UI0Detect - ok
17:18:19.0867 1912 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:18:19.0867 1912 uliagpkx - ok
17:18:19.0898 1912 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:18:19.0914 1912 uliahci - ok
17:18:19.0945 1912 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:18:19.0961 1912 UlSata - ok
17:18:19.0992 1912 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:18:20.0008 1912 ulsata2 - ok
17:18:20.0023 1912 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:18:20.0086 1912 umbus - ok
17:18:20.0132 1912 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:18:20.0164 1912 upnphost - ok
17:18:20.0210 1912 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:18:20.0242 1912 usbccgp - ok
17:18:20.0257 1912 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:18:20.0320 1912 usbcir - ok
17:18:20.0351 1912 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:18:20.0382 1912 usbehci - ok
17:18:20.0429 1912 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:18:20.0444 1912 usbhub - ok
17:18:20.0476 1912 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:18:20.0522 1912 usbohci - ok
17:18:20.0538 1912 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
17:18:20.0585 1912 usbprint - ok
17:18:20.0600 1912 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:18:20.0616 1912 USBSTOR - ok
17:18:20.0632 1912 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:18:20.0678 1912 usbuhci - ok
17:18:20.0725 1912 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
17:18:20.0756 1912 usbvideo - ok
17:18:20.0788 1912 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
17:18:20.0819 1912 UVCFTR - ok
17:18:20.0850 1912 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
17:18:20.0866 1912 UxSms - ok
17:18:20.0928 1912 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
17:18:20.0959 1912 vds - ok
17:18:21.0006 1912 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:18:21.0053 1912 vga - ok
17:18:21.0084 1912 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:18:21.0100 1912 VgaSave - ok
17:18:21.0115 1912 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:18:21.0131 1912 viaagp - ok
17:18:21.0146 1912 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:18:21.0178 1912 ViaC7 - ok
17:18:21.0193 1912 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:18:21.0209 1912 viaide - ok
17:18:21.0224 1912 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:18:21.0240 1912 volmgr - ok
17:18:21.0287 1912 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:18:21.0302 1912 volmgrx - ok
17:18:21.0334 1912 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:18:21.0349 1912 volsnap - ok
17:18:21.0396 1912 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:18:21.0412 1912 vsmraid - ok
17:18:21.0521 1912 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
17:18:21.0614 1912 VSS - ok
17:18:21.0677 1912 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
17:18:21.0708 1912 W32Time - ok
17:18:21.0786 1912 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:18:21.0848 1912 WacomPen - ok
17:18:21.0864 1912 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:18:21.0880 1912 Wanarp - ok
17:18:21.0880 1912 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:18:21.0911 1912 Wanarpv6 - ok
17:18:21.0958 1912 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
17:18:21.0973 1912 wcncsvc - ok
17:18:22.0004 1912 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:18:22.0036 1912 WcsPlugInService - ok
17:18:22.0051 1912 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:18:22.0051 1912 Wd - ok
17:18:22.0114 1912 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:18:22.0160 1912 Wdf01000 - ok
17:18:22.0192 1912 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:18:22.0223 1912 WdiServiceHost - ok
17:18:22.0223 1912 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:18:22.0254 1912 WdiSystemHost - ok
17:18:22.0301 1912 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
17:18:22.0332 1912 WebClient - ok
17:18:22.0363 1912 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:18:22.0410 1912 Wecsvc - ok
17:18:22.0457 1912 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:18:22.0504 1912 wercplsupport - ok
17:18:22.0535 1912 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
17:18:22.0550 1912 WerSvc - ok
17:18:22.0628 1912 winachsf (5b08eb7a6e2aba210a218636fa65927d) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:18:22.0675 1912 winachsf - ok
17:18:22.0784 1912 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
17:18:22.0800 1912 WinDefend - ok
17:18:22.0800 1912 WinHttpAutoProxySvc - ok
17:18:22.0894 1912 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
17:18:22.0909 1912 Winmgmt - ok
17:18:23.0050 1912 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:18:23.0096 1912 WinRM - ok
17:18:23.0174 1912 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
17:18:23.0237 1912 Wlansvc - ok
17:18:23.0315 1912 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:18:23.0330 1912 WmiAcpi - ok
17:18:23.0424 1912 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
17:18:23.0440 1912 wmiApSrv - ok
17:18:23.0596 1912 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:18:23.0642 1912 WMPNetworkSvc - ok
17:18:23.0705 1912 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
17:18:23.0736 1912 WPCSvc - ok
17:18:23.0767 1912 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
17:18:23.0783 1912 WPDBusEnum - ok
17:18:23.0954 1912 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:18:23.0986 1912 WPFFontCache_v0400 - ok
17:18:24.0048 1912 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:18:24.0079 1912 ws2ifsl - ok
17:18:24.0110 1912 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
17:18:24.0142 1912 wscsvc - ok
17:18:24.0142 1912 WSearch - ok
17:18:24.0329 1912 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
17:18:24.0407 1912 wuauserv - ok
17:18:24.0578 1912 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:18:24.0610 1912 WUDFRd - ok
17:18:24.0641 1912 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:18:24.0656 1912 wudfsvc - ok
17:18:24.0688 1912 XAudio (725e96971f22fe237e553eb35fc83564) C:\Windows\system32\DRIVERS\xaudio.sys
17:18:24.0703 1912 XAudio - ok
17:18:24.0750 1912 XAudioService (46aa0fe850264152e2ba74fbe9a6aad1) C:\Windows\system32\DRIVERS\xaudio.exe
17:18:24.0781 1912 XAudioService - ok
17:18:24.0859 1912 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
17:18:24.0922 1912 yukonwlh - ok
17:18:24.0968 1912 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:18:25.0124 1912 \Device\Harddisk0\DR0 - ok
17:18:25.0124 1912 Boot (0x1200) (bf38e326d6cc7a6bf63d9a1fa0ad77a0) \Device\Harddisk0\DR0\Partition0
17:18:25.0124 1912 \Device\Harddisk0\DR0\Partition0 - ok
17:18:25.0156 1912 Boot (0x1200) (86292acfd61d410dde5233e3d6889d5e) \Device\Harddisk0\DR0\Partition1
17:18:25.0156 1912 \Device\Harddisk0\DR0\Partition1 - ok
17:18:25.0156 1912 ============================================================
17:18:25.0156 1912 Scan finished
17:18:25.0156 1912 ============================================================
17:18:25.0156 1388 Detected object count: 3
17:18:25.0156 1388 Actual detected object count: 3
17:18:55.0030 1388 Appinfo ( UnsignedFile.Multi.Generic ) - skipped by user
17:18:55.0030 1388 Appinfo ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:18:55.0030 1388 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:18:55.0030 1388 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:18:55.0030 1388 rpcnetp ( UnsignedFile.Multi.Generic ) - skipped by user
17:18:55.0030 1388 rpcnetp ( UnsignedFile.Multi.Generic ) - User select action: Skip

#10 Příspěvek od **vyosek** » 24 dub 2012 16:32

Stale budte v nouzovem rezimu

Spustte znovu RogueKiller

Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Figa · #11 Příspěvek od **Figa** » 24 dub 2012 17:25

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v: Nouzový režim s prací v síti
Uživatel: Toth [Práva správce]
Mód: Odebrat -- Datum: 04/24/2012 17:37:16

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NENAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost
::1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2046GSX ATA Device +++++
--- User ---
[MBR] b7d5d989bc1132fd9b3a4c77402df8da
[BSP] 2d7271ed27c65c029354acef9fddd1fc : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 96137 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 199962624 | Size: 93144 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

ComboFix 12-04-24.02 - Toth 24.04.2012 17:44:37.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2038.1504 [GMT 2:00]
Spuštěný z: c:\users\Toth\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Toth\AppData\Roaming\Microsoft\Windows\Recent\klaster 1_0003.jpg.URL
c:\users\Toth\Desktop\Setup.exe
.
c:\windows\System32\autochk.exe . . . je infikován!!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-24 do 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 14:04 . 2012-04-24 14:05 -------- d-----w- c:\program files\trend micro
2012-04-24 14:04 . 2012-04-24 14:05 -------- d-----w- C:\rsit
2012-04-24 13:59 . 2012-04-24 13:59 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-04-24 13:53 . 2012-04-24 14:02 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-04-22 06:57 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-22 06:57 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-22 06:57 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-22 06:57 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-22 06:56 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-22 06:56 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-19 15:13 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-04-19 15:13 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-04-19 15:13 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-04-19 15:13 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-19 15:13 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-04-19 15:13 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-04-19 15:13 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-19 15:13 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-04-19 15:13 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-04-19 15:12 . 2012-04-12 22:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BDD0255-79B8-42C8-BF33-CB06CA6ABD77}\mpengine.dll
2012-04-19 15:11 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-04-19 15:11 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 13:46 . 2010-12-15 10:38 44544 ----a-w- c:\windows\system32\agremove.exe
2012-02-27 15:27 . 2012-02-27 15:27 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-27 15:27 . 2012-02-27 15:27 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-27 15:27 . 2012-02-27 15:27 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-27 15:27 . 2012-02-27 15:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-27 15:27 . 2012-02-27 15:27 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-27 15:27 . 2012-02-27 15:27 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-27 15:27 . 2012-02-27 15:27 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-27 15:27 . 2012-02-27 15:27 367104 ----a-w- c:\windows\system32\html.iec
2012-02-27 15:27 . 2012-02-27 15:27 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-27 15:27 . 2012-02-27 15:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-27 15:27 . 2012-02-27 15:27 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-27 15:27 . 2012-02-27 15:27 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-27 15:27 . 2012-02-27 15:27 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-27 15:27 . 2012-02-27 15:27 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-27 15:27 . 2012-02-27 15:27 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-27 15:27 . 2012-02-27 15:27 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-27 15:27 . 2012-02-27 15:27 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-08 06:03 . 2010-12-28 11:43 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-01-31 12:44 . 2010-12-15 07:12 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2007-12-29 430080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 129560]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NoIE4StubProcessing"="c:\windows\system32\reg.exe DELETE HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 72892614
*NewlyCreated* - ECACHE
*Deregistered* - 72892614
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\users\Toth\AppData\Roaming\Mozilla\Firefox\Profiles\5lu5fwik.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2012-04-24 18:23:16
ComboFix-quarantined-files.txt 2012-04-24 16:23
.
Před spuštěním: Volných bajtů: 41 514 921 984
Po spuštění: Volných bajtů: 42 078 740 480
.
- - End Of File - - E544CBCB1B68546C3AC8F96198DC9A59

#12 Příspěvek od **vyosek** » 25 dub 2012 04:10

Nooo, pekna mrcha, koukam ze se nam nejak mnozi a infikuje cim dal vice PC - drive to byla vzacnost, ted jste druhy za tyden.

Udelejte kroky dle kolegy Naughtyho - nedavam je do citace aby se to dalo lepe cist

Dělej na nenakaženém pc!

Nejdříve stáhni soubory:

http://wintoflash.com/download/version-0-7-0043/ftp-1/
http://oldtimer.geekstogo.com/OTLPENet.exe

Předpříprava instalačních souborů
----------------------------------

1.

Za pomocí winrar/7-zip rozbal OTLPENet do libovolné složky, jenž bude obsahovat tři soubory:

ImgBurn.exe
ImgBurn.ini
OTLPE_New_Net.iso <-- Opět rozbal, ale tentokrát na plochu, tak aby byla složka OTLPE_New_Std, v ní budou už složky/soubory programu

2.

Rozbal "Novicorp WinToFlash 0.7.0043 beta.zip" vedle složky OTLPE_New_Std, tak aby existovala jen jedna složka "WinToFlash" obsahující samotné soubory/složky programu.

Příprava bootovací flash (klúče)
----------------------------------

Vlož prázdnou flash (min. požadavek kapacity 512MB) do usb. Spusť WinToFlash.exe, objeví se otravný průvodce.
- klik na next
- odoznač "I agree to send statistical information", klik na next
- klik next, bude se připojovat na net, pokud není fyzicky odpojeno nebo zablokováno firewallem nejde zrušit (akceptuj prosím nešvar programu)
- klik na next
- klik na záložku "Rozšířený režim"
- zvol úlohu: "Transfer WinPe XP/2000 na USB disk!
- klik na "Běžet"
- nastav cesty pro
a) PE soubor zdrojová cesta: (vyber složku OTLPE_New_Std)
b) Usb disk: (cesta k prázdné flash)

- ostatní nasatvení neměn.
- klik na "Běžet"
- po proběhnutí kopírování souborů (cca 20 minut) na flashdisk, pak program ukonči.
- utilita nastavila bootování jako USB-HDD s FAT32

Získávání logu
-------------------
- nabootuj
- spusť OTLpe (z plochy)
- dojde k výzvě připojení registru (Do you wish to load remote user profile(s) scanning), klik na YES
- zvol účet administrátora (nebo s jeho oprávněním, tj. třeba tvůj profil pokud seš neomezený vládce

))
- pokud bude chtít připoj mu i uživatelské účty nacházející se v profilech uživatelů (dat soubor)
- ponech nastavení programu tak jak je
- zde doplňek: - do bílého pole mající titulek "Customs scans/Fixes" programu zkopíruj následující skript taktéž z bílého pole:

Kód: Vybrat vše


netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
netlogon.dll
scecli.dll
user32.dll
winsrv.dll
ws2_32.dll
autochk.exe
cmd.exe
csrss.exe
explorer.exe
lsass.exe
ntkrnlpa.exe
ntoskrnl.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
regedit.exe
userinit.exe
winlogon.exe
wscript.exe
afd.sys
adp3132.sys
acpi.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys 
Changer.sys
fastfat.sys
i8042prt.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys 
JakNDis.sys
kbdclass.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys 
nvrd32.sys 
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
tdx.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
Win32k.sys
Wdf01000.sys
autochk.*
rpcnetp.exe
rpcnetp.dll
rpcnet.dll
rpcnet.exel
apphelp.dll
autoconv.exe
/md5stop
%systemroot%\system32\drivers\*.sys /md5

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\Spool\prtprocs\*.* /s
%systemroot%\system32\drivers\*.sys /10
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /10
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job
%systemroot%\*.* /U /s
%systemroot%\*. /rp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Nabídka Start\*.lnk /x
%ALLUSERSPROFILE%\Data Aplikácií\*.*
%ALLUSERSPROFILE%\Data Aplikácií\*.exe /s
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\system32|bak;true;false;false /fp
%PROGRAMFILES%|bak;true;false;false /fp

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems" /v Windows /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
bcdedit /v >C:\boot.txt /c
type C:\boot.txt >> test1.txt /c

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rpcnet /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPC /s
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager /s

CREATERESTOREPOINT

- Klik na Run Scan
- po chvíli šrotování by se měl otevřít textový soubor, jehož obsah zkopíruj do svého příspěvku nebo vlož v podobě zip/rar souboru do přílohy. Jinak je uložen C:\otl.txt

VIRY.CZ

Nejde vytvořit log

Nejde vytvořit log

Re: Nejde vytvořit log

Re: Nejde vytvořit log

Re: Nejde vytvořit log

Re: Nejde vytvořit log

Re: Nejde vytvořit log

Re: Nejde vytvořit log

Re: Nejde vytvořit log

Re: Nejde vytvořit log

Re: Nejde vytvořit log

Re: Nejde vytvořit log

Re: Nejde vytvořit log