Zdravím, mám problém s PC, jede podezřele pomale a např. Firefox a Internet Explorer se často nečekaně ukončují. Pustil jsem combofix, ale pc pokaždé vytuhne ještě než začne fáze 1, vytuhne tak, že nejde ani hejbat s myší.
Log z mbr.exe (po spuštení se program neukončí, ale vytuhne stejně jak u combofixu)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JS-00MHB0 rev.02.01C03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 46 !
Druhý log, zkusil jsem mbr.exe -f, log se sice změnil, ale problém pořád přetrvává bezezměny
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JS-00MHB0 rev.02.01C03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-06-08 23:17:05
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 103 GB (70%) free of 148 GB
Total RAM: 1013 MB (63% free)
HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-04-17 16143872]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"VX1000"=C:\WINDOWS\vVX1000.exe [2010-05-20 762736]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2010-05-20 119152]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-01-18 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2007-01-18 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2007-01-18 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\sttray.exe [2007-01-18 303104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2
"ose"=3
"NBService"=3
"avast! Mail Scanner"=3
"aawservice"=2
"STacSV"=2
"MSCamSvc"=2
"idsvc"=3
"wuauserv"=2
"EapHostEventSystem"=2
"BITS"=3
"AlerterALG"=2
"PEVSystemStart"=2
"MozillaMaintenance"=3
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-18 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"LegalNoticeTextCAutoLog"=
"LegalNoticeCaptionCAutoLog"=
"LogonType"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoSecurityTab"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe"="C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Microsoft LifeCam\LifeTray.exe"="C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv
"midi1"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
======List of files/folders created in the last 1 month======
2012-06-08 23:12:40 ----D---- C:\rsit
2012-06-08 22:05:02 ----ASH---- C:\pagefile.sys
2012-06-08 18:50:56 ----ASH---- C:\hiberfil.sys
2012-06-08 18:38:52 ----SD---- C:\ComboFix
2012-06-08 18:38:20 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2012-06-08 16:32:25 ----A---- C:\WINDOWS\MBR.exe
2012-06-08 16:32:11 ----D---- C:\Qoobox
2012-06-08 16:05:25 ----D---- C:\Program Files\CCleaner
======List of files/folders modified in the last 1 month======
2012-06-08 23:15:53 ----D---- C:\WINDOWS\system32
2012-06-08 23:15:53 ----D---- C:\WINDOWS
2012-06-08 23:15:22 ----D---- C:\WINDOWS\Prefetch
2012-06-08 23:15:21 ----RD---- C:\Program Files
2012-06-08 23:15:20 ----D---- C:\Program Files\Mozilla Firefox
2012-06-08 23:15:19 ----D---- C:\Documents and Settings\Admin\Application Data\Mozilla
2012-06-08 23:06:08 ----D---- C:\WINDOWS\temp
2012-06-08 22:57:45 ----D---- C:\WINDOWS\Registration
2012-06-08 22:57:41 ----D---- C:\WINDOWS\system32\CatRoot2
2012-06-08 22:55:30 ----A---- C:\WINDOWS\NeroDigital.ini
2012-06-08 22:50:00 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-06-08 22:47:50 ----D---- C:\Documents and Settings
2012-06-08 22:40:45 ----D---- C:\WINDOWS\pss
2012-06-08 22:39:31 ----SHD---- C:\System Volume Information
2012-06-08 22:39:31 ----D---- C:\WINDOWS\system32\Restore
2012-06-08 22:38:58 ----ASH---- C:\boot.ini
2012-06-08 22:38:58 ----A---- C:\WINDOWS\win.ini
2012-06-08 22:38:58 ----A---- C:\WINDOWS\system.ini
2012-06-08 22:36:44 ----D---- C:\Documents and Settings\Admin\Application Data\Skype
2012-06-08 22:36:38 ----D---- C:\WINDOWS\Minidump
2012-06-08 22:36:38 ----D---- C:\WINDOWS\Logs
2012-06-08 22:36:38 ----D---- C:\WINDOWS\Debug
2012-06-08 18:46:12 ----D---- C:\WINDOWS\system32\drivers
2012-06-08 17:47:08 ----HD---- C:\WINDOWS\inf
2012-06-08 16:09:25 ----SHD---- C:\WINDOWS\Installer
2012-06-08 16:09:25 ----HD---- C:\Config.Msi
2012-06-04 13:35:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-06-04 06:57:14 ----HD---- C:\WINDOWS\$hf_mig$
2012-05-31 15:22:09 ----A---- C:\WINDOWS\system32\crypt32.dll
2012-05-23 07:17:25 ----D---- C:\WINDOWS\Microsoft.NET
2012-05-22 07:35:20 ----D---- C:\WINDOWS\WinSxS
2012-05-12 18:49:17 ----RSD---- C:\WINDOWS\assembly
2012-05-10 15:40:06 ----D---- C:\WINDOWS\system32\XPSViewer
2012-05-10 15:36:51 ----A---- C:\WINDOWS\system32\MRT.exe
2012-05-10 15:36:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-05-12 20576]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-03-07 24920]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-03-07 35672]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-15 12032]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-03-07 95704]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-01-18 165760]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-18 1181824]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-04-10 1271032]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 26cba73a;26cba73a; C:\WINDOWS\System32\drivers\26cba73a.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-17 4262912]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-08-22 97152]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 uftdqpob;uftdqpob; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\uftdqpob.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2010-05-20 1961072]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2010-05-20 139632]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-08 208896]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 PEVSystemStart;PEVSystemStart; C:\ComboFix\pev.3XE [2011-06-26 256000]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
S4 STacSV;Audio Service; C:\WINDOWS\system32\STacSV.exe [2008-04-10 212992]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Problém asi s MBR
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Problém asi s MBR
Kód: Vybrat vše
MBRScan v1.1.1
OS : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR : x86 Family 15 Model 4 Stepping 7, GenuineIntel
BOOT : Normal Boot
DATE : 2012/06/09 (ISO 8601) at 10:27:45
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __WDC WD1600JS-00MHB0 (02.01C03)
BUS_TYPE : (0x03) P-ATA
USE_PIO : YES
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 144.1 Go [Fixed] ==> XP MBR Code
MBR_MD5 : DF76A09814CD06197433FEB3A6E484BA
MBR_SHA1 : 86BE1A7C818B6185D80CF1FB553E3A633EA59920
Device\Harddisk0\Partition1 144.1 Go 0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xAA321000
SIZE : 96.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xF7A86000
SIZE : 8.0 Ko
SystemStartOptions : NOEXECUTE=OPTIN FASTDETECT
________________________________________________________________________________
_______MBR \Device\Harddisk0\DR0
0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.м.|ûP.P.ü¾.|
0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW¹å.ó¤Ë½¾.±.
0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ
0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´..
0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò.
0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t.
0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..¶.uÒ.F...
0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..¶.ë
0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ¼.>þ}Uªt..~..tÈ.
0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©.ü.W.õË¿...V
0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü
0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|
0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä.
0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ
0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a`
0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j
0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot.
0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61 2ä.V.Í.ëÖaùÃInva
0x00000130 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 lid partition ta
0x00000140 62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E ble.Error loadin
0x00000150 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
0x00000160 65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 em.Missing opera
0x00000170 74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00 ting system.....
0x00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 2C 44 63 65 BA 65 BA 00 00 80 01 .....,Dceºeº....
0x000001C0 01 00 07 FE BF A8 3F 00 00 00 BF EB 03 12 00 00 ...þ¿¨?...¿ë....
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
__________________________16_BIT_ASM_CODE
0x0000 33c0 XOR AX, AX
0x0002 8ed0 MOV SS, AX
0x0004 bc 007c MOV SP, 0x7c00
0x0007 fb STI
0x0008 50 PUSH AX
0x0009 07 POP ES
0x000A 50 PUSH AX
0x000B 1f POP DS
0x000C fc CLD
0x000D be 1b7c MOV SI, 0x7c1b
0x0010 bf 1b06 MOV DI, 0x61b
0x0013 50 PUSH AX
0x0014 57 PUSH DI
0x0015 b9 e501 MOV CX, 0x1e5
0x0018 f3 a4 REP MOVSB
0x001A cb RETF
0x001B bd be07 MOV BP, 0x7be
0x001E b1 04 MOV CL, 0x4
0x0020 386e 00 CMP [BP+0x0], CH
0x0023 7c 09 JL 0x2e
0x0025 75 13 JNZ 0x3a
0x0027 83c5 10 ADD BP, 0x10
0x002A e2 f4 LOOP 0x20
0x002C cd 18 INT 0x18
0x002E 8bf5 MOV SI, BP
0x0030 83c6 10 ADD SI, 0x10
0x0033 49 DEC CX
0x0034 74 19 JZ 0x4f
0x0036 382c CMP [SI], CH
0x0038 74 f6 JZ 0x30
0x003A a0 b507 MOV AL, [0x7b5]
0x003D b4 07 MOV AH, 0x7
0x003F 8bf0 MOV SI, AX
0x0041 ac LODSB
0x0042 3c 00 CMP AL, 0x0
0x0044 74 fc JZ 0x42
0x0046 bb 0700 MOV BX, 0x7
0x0049 b4 0e MOV AH, 0xe
0x004B cd 10 INT 0x10
0x004D eb f2 JMP 0x41
0x004F 884e 10 MOV [BP+0x10], CL
0x0052 e8 4600 CALL 0x9b
0x0055 73 2a JAE 0x81
0x0057 fe46 10 INC BYTE [BP+0x10]
0x005A 807e 04 0b CMP BYTE [BP+0x4], 0xb
0x005E 74 0b JZ 0x6b
0x0060 807e 04 0c CMP BYTE [BP+0x4], 0xc
0x0064 74 05 JZ 0x6b
0x0066 a0 b607 MOV AL, [0x7b6]
0x0069 75 d2 JNZ 0x3d
0x006B 8046 02 06 ADD BYTE [BP+0x2], 0x6
0x006F 8346 08 06 ADD WORD [BP+0x8], 0x6
0x0073 8356 0a 00 ADC WORD [BP+0xa], 0x0
0x0077 e8 2100 CALL 0x9b
0x007A 73 05 JAE 0x81
0x007C a0 b607 MOV AL, [0x7b6]
0x007F eb bc JMP 0x3d
0x0081 813e fe7d 55aa CMP WORD [0x7dfe], 0xaa55
0x0087 74 0b JZ 0x94
0x0089 807e 10 00 CMP BYTE [BP+0x10], 0x0
0x008D 74 c8 JZ 0x57
0x008F a0 b707 MOV AL, [0x7b7]
0x0092 eb a9 JMP 0x3d
0x0094 8bfc MOV DI, SP
0x0096 1e PUSH DS
0x0097 57 PUSH DI
0x0098 8bf5 MOV SI, BP
0x009A cb RETF
0x009B bf 0500 MOV DI, 0x5
0x009E 8a56 00 MOV DL, [BP+0x0]
0x00A1 b4 08 MOV AH, 0x8
0x00A3 cd 13 INT 0x13
0x00A5 72 23 JB 0xca
0x00A7 8ac1 MOV AL, CL
0x00A9 24 3f AND AL, 0x3f
0x00AB 98 CBW
0x00AC 8ade MOV BL, DH
0x00AE 8afc MOV BH, AH
0x00B0 43 INC BX
0x00B1 f7e3 MUL BX
0x00B3 8bd1 MOV DX, CX
0x00B5 86d6 XCHG DH, DL
0x00B7 b1 06 MOV CL, 0x6
0x00B9 d2ee SHR DH, CL
0x00BB 42 INC DX
0x00BC f7e2 MUL DX
0x00BE 3956 0a CMP [BP+0xa], DX
0x00C1 77 23 JA 0xe6
0x00C3 72 05 JB 0xca
0x00C5 3946 08 CMP [BP+0x8], AX
0x00C8 73 1c JAE 0xe6
0x00CA b8 0102 MOV AX, 0x201
0x00CD bb 007c MOV BX, 0x7c00
0x00D0 8b4e 02 MOV CX, [BP+0x2]
0x00D3 8b56 00 MOV DX, [BP+0x0]
0x00D6 cd 13 INT 0x13
0x00D8 73 51 JAE 0x12b
0x00DA 4f DEC DI
0x00DB 74 4e JZ 0x12b
0x00DD 32e4 XOR AH, AH
0x00DF 8a56 00 MOV DL, [BP+0x0]
0x00E2 cd 13 INT 0x13
0x00E4 eb e4 JMP 0xca
0x00E6 8a56 00 MOV DL, [BP+0x0]
0x00E9 60 PUSHA
0x00EA bb aa55 MOV BX, 0x55aa
0x00ED b4 41 MOV AH, 0x41
0x00EF cd 13 INT 0x13
0x00F1 72 36 JB 0x129
0x00F3 81fb 55aa CMP BX, 0xaa55
0x00F7 75 30 JNZ 0x129
0x00F9 f6c1 01 TEST CL, 0x1
0x00FC 74 2b JZ 0x129
0x00FE 61 POPA
0x00FF 60 PUSHA
0x0100 6a 00 PUSH 0x0
0x0102 6a 00 PUSH 0x0
0x0104 ff76 0a PUSH WORD [BP+0xa]
0x0107 ff76 08 PUSH WORD [BP+0x8]
0x010A 6a 00 PUSH 0x0
0x010C 68 007c PUSH 0x7c00
0x010F 6a 01 PUSH 0x1
0x0111 6a 10 PUSH 0x10
0x0113 b4 42 MOV AH, 0x42
0x0115 8bf4 MOV SI, SP
0x0117 cd 13 INT 0x13
0x0119 61 POPA
0x011A 61 POPA
0x011B 73 0e JAE 0x12b
0x011D 4f DEC DI
0x011E 74 0b JZ 0x12b
0x0120 32e4 XOR AH, AH
0x0122 8a56 00 MOV DL, [BP+0x0]
0x0125 cd 13 INT 0x13
0x0127 eb d6 JMP 0xff
0x0129 61 POPA
0x012A f9 STC
0x012B c3 RET
0x012C 49 DEC CX
0x012D 6e OUTSB
0x012E 76 61 JBE 0x191
0x0130 6c INSB
0x0131 6964 20 7061 IMUL SP, [SI+0x20], 0x6170
0x0136 72 74 JB 0x1ac
0x0138 6974 69 6f6e IMUL SI, [SI+0x69], 0x6e6f
0x013D 2074 61 AND [SI+0x61], DH
0x0140 626c 65 BOUND BP, [SI+0x65]
0x0143 0045 72 ADD [DI+0x72], AL
0x0146 72 6f JB 0x1b7
0x0148 72 20 JB 0x16a
0x014A 6c INSB
0x014B 6f OUTSW
0x014C 61 POPA
0x014D 64 696e 67 206f IMUL BP, FS:[BP+0x67], 0x6f20
0x0153 70 65 JO 0x1ba
0x0155 72 61 JB 0x1b8
0x0157 74 69 JZ 0x1c2
0x0159 6e OUTSB
0x015A 67 2073 79 AND [EBX+0x79], DH
0x015E 73 74 JAE 0x1d4
0x0160 65 6d INS WORD GS:[DI], DX
0x0162 004d 69 ADD [DI+0x69], CL
0x0165 73 73 JAE 0x1da
0x0167 696e 67 206f IMUL BP, [BP+0x67], 0x6f20
0x016C 70 65 JO 0x1d3
0x016E 72 61 JB 0x1d1
0x0170 74 69 JZ 0x1db
0x0172 6e OUTSB
0x0173 67 2073 79 AND [EBX+0x79], DH
0x0177 73 74 JAE 0x1ed
0x0179 65 6d INS WORD GS:[DI], DX
0x017B 0000 ADD [BX+SI], AL
0x017D 0000 ADD [BX+SI], AL
0x017F 0000 ADD [BX+SI], AL
0x0181 0000 ADD [BX+SI], AL
0x0183 0000 ADD [BX+SI], AL
0x0185 0000 ADD [BX+SI], AL
0x0187 0000 ADD [BX+SI], AL
0x0189 0000 ADD [BX+SI], AL
0x018B 0000 ADD [BX+SI], AL
0x018D 0000 ADD [BX+SI], AL
0x018F 0000 ADD [BX+SI], AL
0x0191 0000 ADD [BX+SI], AL
0x0193 0000 ADD [BX+SI], AL
0x0195 0000 ADD [BX+SI], AL
0x0197 0000 ADD [BX+SI], AL
0x0199 0000 ADD [BX+SI], AL
0x019B 0000 ADD [BX+SI], AL
0x019D 0000 ADD [BX+SI], AL
0x019F 0000 ADD [BX+SI], AL
0x01A1 0000 ADD [BX+SI], AL
0x01A3 0000 ADD [BX+SI], AL
0x01A5 0000 ADD [BX+SI], AL
0x01A7 0000 ADD [BX+SI], AL
0x01A9 0000 ADD [BX+SI], AL
0x01AB 0000 ADD [BX+SI], AL
0x01AD 0000 ADD [BX+SI], AL
0x01AF 0000 ADD [BX+SI], AL
0x01B1 0000 ADD [BX+SI], AL
0x01B3 0000 ADD [BX+SI], AL
0x01B5 2c 44 SUB AL, 0x44
0x01B7 6365 ba ARPL [DI-0x46], SP
0x01BA 65 DB 0x65
0x01BA 65 ba 0000 MOV DX, 0x0
0x01BE 8001 01 ADD BYTE [BX+DI], 0x1
0x01C1 0007 ADD [BX], AL
0x01C3 fe DB 0xfe
0x01C4 bf a83f MOV DI, 0x3fa8
0x01C7 0000 ADD [BX+SI], AL
0x01C9 00bf eb03 ADD [BX+0x3eb], BH
0x01CD 1200 ADC AL, [BX+SI]
0x01CF 0000 ADD [BX+SI], AL
0x01D1 0000 ADD [BX+SI], AL
0x01D3 0000 ADD [BX+SI], AL
0x01D5 0000 ADD [BX+SI], AL
0x01D7 0000 ADD [BX+SI], AL
0x01D9 0000 ADD [BX+SI], AL
0x01DB 0000 ADD [BX+SI], AL
0x01DD 0000 ADD [BX+SI], AL
0x01DF 0000 ADD [BX+SI], AL
0x01E1 0000 ADD [BX+SI], AL
0x01E3 0000 ADD [BX+SI], AL
0x01E5 0000 ADD [BX+SI], AL
0x01E7 0000 ADD [BX+SI], AL
0x01E9 0000 ADD [BX+SI], AL
0x01EB 0000 ADD [BX+SI], AL
0x01ED 0000 ADD [BX+SI], AL
0x01EF 0000 ADD [BX+SI], AL
0x01F1 0000 ADD [BX+SI], AL
0x01F3 0000 ADD [BX+SI], AL
0x01F5 0000 ADD [BX+SI], AL
0x01F7 0000 ADD [BX+SI], AL
0x01F9 0000 ADD [BX+SI], AL
0x01FB 0000 ADD [BX+SI], AL
0x01FD 0055 aa ADD [DI-0x56], DL
Re: Problém asi s MBR
https://www.virustotal.com/file/eee5c48 ... 339239899/
13:06:23.0483 2396 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
13:06:23.0717 2396 ============================================================
13:06:23.0717 2396 Current date / time: 2012/06/09 13:06:23.0717
13:06:23.0717 2396 SystemInfo:
13:06:23.0717 2396
13:06:23.0717 2396 OS Version: 5.1.2600 ServicePack: 3.0
13:06:23.0717 2396 Product type: Workstation
13:06:23.0717 2396 ComputerName: COMFOR
13:06:23.0717 2396 UserName: Admin
13:06:23.0717 2396 Windows directory: C:\WINDOWS
13:06:23.0717 2396 System windows directory: C:\WINDOWS
13:06:23.0717 2396 Processor architecture: Intel x86
13:06:23.0717 2396 Number of processors: 2
13:06:23.0717 2396 Page size: 0x1000
13:06:23.0717 2396 Boot type: Normal boot
13:06:23.0717 2396 ============================================================
13:06:25.0389 2396 Drive \Device\Harddisk0\DR0 - Size: 0x2407D7FC00 (144.12 Gb), SectorSize: 0x200, Cylinders: 0x497E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:06:25.0405 2396 ============================================================
13:06:25.0405 2396 \Device\Harddisk0\DR0:
13:06:25.0405 2396 MBR partitions:
13:06:25.0405 2396 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1203EBBF
13:06:25.0405 2396 ============================================================
13:06:25.0452 2396 C: <-> \Device\Harddisk0\DR0\Partition0
13:06:25.0452 2396 ============================================================
13:06:25.0452 2396 Initialize success
13:06:25.0452 2396 ============================================================
13:06:55.0074 2732 ============================================================
13:06:55.0074 2732 Scan started
13:06:55.0074 2732 Mode: Manual; SigCheck; TDLFS;
13:06:55.0074 2732 ============================================================
13:06:55.0277 2732 26cba73a - ok
13:06:55.0371 2732 3xHybrid (315a45b5a334ed03667b1aa95d4a1f15) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
13:06:55.0714 2732 3xHybrid - ok
13:06:55.0793 2732 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
13:06:55.0871 2732 Aavmker4 - ok
13:06:55.0871 2732 Abiosdsk - ok
13:06:55.0871 2732 abp480n5 - ok
13:06:55.0918 2732 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:06:56.0121 2732 ACPI - ok
13:06:56.0152 2732 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:06:56.0324 2732 ACPIEC - ok
13:06:56.0339 2732 adpu160m - ok
13:06:56.0371 2732 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:06:56.0558 2732 aec - ok
13:06:56.0589 2732 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:06:56.0636 2732 AFD - ok
13:06:56.0652 2732 Aha154x - ok
13:06:56.0652 2732 aic78u2 - ok
13:06:56.0668 2732 aic78xx - ok
13:06:56.0699 2732 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:06:56.0902 2732 Alerter - ok
13:06:56.0933 2732 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:06:57.0105 2732 ALG - ok
13:06:57.0121 2732 AliIde - ok
13:06:57.0121 2732 amsint - ok
13:06:57.0152 2732 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:06:57.0402 2732 AppMgmt - ok
13:06:57.0402 2732 asc - ok
13:06:57.0417 2732 asc3350p - ok
13:06:57.0417 2732 asc3550 - ok
13:06:57.0511 2732 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:06:57.0542 2732 aspnet_state - ok
13:06:57.0574 2732 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:06:57.0589 2732 aswFsBlk - ok
13:06:57.0621 2732 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
13:06:57.0636 2732 aswMon2 - ok
13:06:57.0652 2732 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
13:06:57.0667 2732 aswRdr - ok
13:06:57.0730 2732 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
13:06:57.0761 2732 aswSnx - ok
13:06:57.0792 2732 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
13:06:57.0824 2732 aswSP - ok
13:06:57.0839 2732 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
13:06:57.0855 2732 aswTdi - ok
13:06:57.0886 2732 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:06:58.0074 2732 AsyncMac - ok
13:06:58.0089 2732 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:06:58.0292 2732 atapi - ok
13:06:58.0308 2732 Atdisk - ok
13:06:58.0339 2732 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:06:58.0542 2732 Atmarpc - ok
13:06:58.0558 2732 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:06:58.0761 2732 AudioSrv - ok
13:06:58.0777 2732 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:06:58.0995 2732 audstub - ok
13:06:59.0074 2732 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:06:59.0089 2732 avast! Antivirus - ok
13:06:59.0136 2732 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:06:59.0339 2732 Beep - ok
13:06:59.0386 2732 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:06:59.0620 2732 BITS - ok
13:06:59.0652 2732 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:06:59.0886 2732 Browser - ok
13:06:59.0917 2732 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:07:00.0136 2732 cbidf2k - ok
13:07:00.0167 2732 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:07:00.0370 2732 CCDECODE - ok
13:07:00.0370 2732 cd20xrnt - ok
13:07:00.0402 2732 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:07:00.0636 2732 Cdaudio - ok
13:07:00.0652 2732 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:07:00.0855 2732 Cdfs - ok
13:07:00.0870 2732 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:07:01.0073 2732 Cdrom - ok
13:07:01.0089 2732 Changer - ok
13:07:01.0136 2732 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:07:01.0323 2732 CiSvc - ok
13:07:01.0355 2732 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:07:01.0573 2732 ClipSrv - ok
13:07:01.0651 2732 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:07:01.0714 2732 clr_optimization_v2.0.50727_32 - ok
13:07:01.0714 2732 CmdIde - ok
13:07:01.0730 2732 COMSysApp - ok
13:07:01.0745 2732 Cpqarray - ok
13:07:01.0761 2732 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:07:01.0964 2732 CryptSvc - ok
13:07:01.0964 2732 dac2w2k - ok
13:07:01.0964 2732 dac960nt - ok
13:07:02.0011 2732 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:07:02.0058 2732 DcomLaunch - ok
13:07:02.0105 2732 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:07:02.0308 2732 Dhcp - ok
13:07:02.0339 2732 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:07:02.0558 2732 Disk - ok
13:07:02.0558 2732 dmadmin - ok
13:07:02.0636 2732 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:07:02.0886 2732 dmboot - ok
13:07:02.0933 2732 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:07:03.0120 2732 dmio - ok
13:07:03.0136 2732 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:07:03.0339 2732 dmload - ok
13:07:03.0354 2732 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:07:03.0542 2732 dmserver - ok
13:07:03.0542 2732 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:07:03.0729 2732 DMusic - ok
13:07:03.0761 2732 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:07:03.0792 2732 Dnscache - ok
13:07:03.0839 2732 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:07:04.0073 2732 Dot3svc - ok
13:07:04.0073 2732 dpti2o - ok
13:07:04.0104 2732 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:07:04.0292 2732 drmkaud - ok
13:07:04.0323 2732 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:07:04.0339 2732 E100B - ok
13:07:04.0370 2732 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:07:04.0557 2732 EapHost - ok
13:07:04.0620 2732 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
13:07:04.0682 2732 ehRecvr - ok
13:07:04.0729 2732 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
13:07:04.0776 2732 ehSched - ok
13:07:04.0792 2732 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
13:07:04.0807 2732 ENTECH ( UnsignedFile.Multi.Generic ) - warning
13:07:04.0807 2732 ENTECH - detected UnsignedFile.Multi.Generic (1)
13:07:04.0823 2732 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:07:05.0042 2732 ERSvc - ok
13:07:05.0057 2732 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:07:05.0089 2732 Eventlog - ok
13:07:05.0120 2732 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:07:05.0167 2732 EventSystem - ok
13:07:05.0198 2732 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:07:05.0385 2732 Fastfat - ok
13:07:05.0432 2732 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:07:05.0479 2732 FastUserSwitchingCompatibility - ok
13:07:05.0479 2732 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:07:05.0682 2732 Fdc - ok
13:07:05.0698 2732 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:07:05.0885 2732 Fips - ok
13:07:05.0901 2732 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:07:06.0104 2732 Flpydisk - ok
13:07:06.0120 2732 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:07:06.0354 2732 FltMgr - ok
13:07:06.0448 2732 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:07:06.0464 2732 FontCache3.0.0.0 - ok
13:07:06.0495 2732 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:07:06.0698 2732 Fs_Rec - ok
13:07:06.0729 2732 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:07:06.0948 2732 Ftdisk - ok
13:07:06.0979 2732 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:07:07.0167 2732 Gpc - ok
13:07:07.0182 2732 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:07:07.0401 2732 HDAudBus - ok
13:07:07.0448 2732 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:07:07.0635 2732 helpsvc - ok
13:07:07.0682 2732 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:07:07.0870 2732 HidServ - ok
13:07:07.0885 2732 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:07:08.0073 2732 HidUsb - ok
13:07:08.0120 2732 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:07:08.0323 2732 hkmsvc - ok
13:07:08.0323 2732 hpn - ok
13:07:08.0370 2732 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:07:08.0416 2732 HPZid412 - ok
13:07:08.0432 2732 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:07:08.0463 2732 HPZipr12 - ok
13:07:08.0479 2732 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:07:08.0526 2732 HPZius12 - ok
13:07:08.0557 2732 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:07:08.0588 2732 HTTP - ok
13:07:08.0620 2732 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:07:08.0791 2732 HTTPFilter - ok
13:07:08.0791 2732 i2omgmt - ok
13:07:08.0807 2732 i2omp - ok
13:07:08.0823 2732 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:07:09.0010 2732 i8042prt - ok
13:07:09.0104 2732 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:07:09.0198 2732 ialm - ok
13:07:09.0307 2732 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:07:09.0370 2732 idsvc - ok
13:07:09.0463 2732 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:07:09.0651 2732 Imapi - ok
13:07:09.0682 2732 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:07:09.0869 2732 ImapiService - ok
13:07:09.0869 2732 ini910u - ok
13:07:10.0135 2732 IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:07:10.0354 2732 IntcAzAudAddService - ok
13:07:10.0416 2732 IntelIde - ok
13:07:10.0448 2732 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:07:10.0619 2732 intelppm - ok
13:07:10.0635 2732 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:07:10.0822 2732 Ip6Fw - ok
13:07:10.0869 2732 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:07:11.0088 2732 IpFilterDriver - ok
13:07:11.0104 2732 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:07:11.0291 2732 IpInIp - ok
13:07:11.0307 2732 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:07:11.0494 2732 IpNat - ok
13:07:11.0526 2732 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:07:11.0697 2732 IPSec - ok
13:07:11.0729 2732 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:07:11.0901 2732 IRENUM - ok
13:07:11.0932 2732 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:07:12.0104 2732 isapnp - ok
13:07:12.0119 2732 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:07:12.0307 2732 Kbdclass - ok
13:07:12.0354 2732 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:07:12.0541 2732 kmixer - ok
13:07:12.0557 2732 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:07:12.0604 2732 KSecDD - ok
13:07:12.0635 2732 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:07:12.0666 2732 lanmanserver - ok
13:07:12.0697 2732 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:07:12.0744 2732 lanmanworkstation - ok
13:07:12.0744 2732 lbrtfdc - ok
13:07:12.0775 2732 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:07:12.0963 2732 LmHosts - ok
13:07:13.0025 2732 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
13:07:13.0072 2732 McrdSvc - ok
13:07:13.0104 2732 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:07:13.0275 2732 Messenger - ok
13:07:13.0307 2732 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
13:07:13.0338 2732 MHN ( UnsignedFile.Multi.Generic ) - warning
13:07:13.0338 2732 MHN - detected UnsignedFile.Multi.Generic (1)
13:07:13.0354 2732 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
13:07:13.0385 2732 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
13:07:13.0385 2732 MHNDRV - detected UnsignedFile.Multi.Generic (1)
13:07:13.0416 2732 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:07:13.0650 2732 mnmdd - ok
13:07:13.0682 2732 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:07:13.0869 2732 mnmsrvc - ok
13:07:13.0916 2732 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:07:14.0119 2732 Modem - ok
13:07:14.0135 2732 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:07:14.0338 2732 Mouclass - ok
13:07:14.0369 2732 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:07:14.0588 2732 mouhid - ok
13:07:14.0603 2732 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:07:14.0807 2732 MountMgr - ok
13:07:14.0853 2732 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
13:07:15.0041 2732 MPE - ok
13:07:15.0041 2732 mraid35x - ok
13:07:15.0072 2732 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:07:15.0260 2732 MRxDAV - ok
13:07:15.0306 2732 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:07:15.0385 2732 MRxSmb - ok
13:07:15.0478 2732 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
13:07:15.0494 2732 MSCamSvc - ok
13:07:15.0525 2732 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:07:15.0713 2732 MSDTC - ok
13:07:15.0728 2732 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:07:15.0900 2732 Msfs - ok
13:07:15.0916 2732 MSIServer - ok
13:07:15.0947 2732 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:07:16.0135 2732 MSKSSRV - ok
13:07:16.0166 2732 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:07:16.0338 2732 MSPCLOCK - ok
13:07:16.0353 2732 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:07:16.0525 2732 MSPQM - ok
13:07:16.0541 2732 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:07:16.0728 2732 mssmbios - ok
13:07:16.0728 2732 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:07:16.0900 2732 MSTEE - ok
13:07:16.0931 2732 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:07:16.0963 2732 Mup - ok
13:07:16.0978 2732 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:07:17.0166 2732 NABTSFEC - ok
13:07:17.0213 2732 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:07:17.0463 2732 napagent - ok
13:07:17.0541 2732 NBService (7db7924793b9bd0ec991ad321664c486) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
13:07:17.0572 2732 NBService ( UnsignedFile.Multi.Generic ) - warning
13:07:17.0572 2732 NBService - detected UnsignedFile.Multi.Generic (1)
13:07:17.0603 2732 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:07:17.0791 2732 NDIS - ok
13:07:17.0791 2732 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:07:17.0962 2732 NdisIP - ok
13:07:17.0994 2732 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:07:18.0025 2732 NdisTapi - ok
13:07:18.0041 2732 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:07:18.0212 2732 Ndisuio - ok
13:07:18.0212 2732 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:07:18.0416 2732 NdisWan - ok
13:07:18.0447 2732 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:07:18.0462 2732 NDProxy - ok
13:07:18.0478 2732 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:07:18.0650 2732 NetBIOS - ok
13:07:18.0666 2732 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:07:18.0869 2732 NetBT - ok
13:07:18.0900 2732 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:07:19.0103 2732 NetDDE - ok
13:07:19.0103 2732 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:07:19.0290 2732 NetDDEdsdm - ok
13:07:19.0322 2732 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:07:19.0494 2732 Netlogon - ok
13:07:19.0540 2732 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:07:19.0775 2732 Netman - ok
13:07:19.0869 2732 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:07:19.0915 2732 NetTcpPortSharing - ok
13:07:19.0978 2732 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:07:20.0009 2732 Nla - ok
13:07:20.0040 2732 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:07:20.0228 2732 Npfs - ok
13:07:20.0259 2732 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:07:20.0494 2732 Ntfs - ok
13:07:20.0494 2732 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:07:20.0681 2732 NtLmSsp - ok
13:07:20.0728 2732 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:07:20.0931 2732 NtmsSvc - ok
13:07:20.0947 2732 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:07:21.0165 2732 Null - ok
13:07:21.0181 2732 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:07:21.0400 2732 NwlnkFlt - ok
13:07:21.0400 2732 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:07:21.0618 2732 NwlnkFwd - ok
13:07:21.0697 2732 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:07:21.0712 2732 ose - ok
13:07:21.0743 2732 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:07:21.0931 2732 Parport - ok
13:07:21.0931 2732 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:07:22.0103 2732 PartMgr - ok
13:07:22.0118 2732 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:07:22.0353 2732 ParVdm - ok
13:07:22.0353 2732 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:07:22.0525 2732 PCI - ok
13:07:22.0540 2732 PCIDump - ok
13:07:22.0556 2732 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:07:22.0853 2732 PCIIde - ok
13:07:22.0884 2732 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:07:23.0071 2732 Pcmcia - ok
13:07:23.0071 2732 PDCOMP - ok
13:07:23.0087 2732 PDFRAME - ok
13:07:23.0087 2732 PDRELI - ok
13:07:23.0087 2732 PDRFRAME - ok
13:07:23.0103 2732 perc2 - ok
13:07:23.0103 2732 perc2hib - ok
13:07:23.0275 2732 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE
13:07:23.0337 2732 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
13:07:23.0337 2732 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
13:07:23.0368 2732 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:07:23.0415 2732 PlugPlay - ok
13:07:23.0462 2732 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
13:07:23.0493 2732 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:07:23.0493 2732 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:07:23.0524 2732 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:07:23.0696 2732 PolicyAgent - ok
13:07:23.0728 2732 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:07:23.0931 2732 PptpMiniport - ok
13:07:23.0931 2732 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:07:24.0103 2732 ProtectedStorage - ok
13:07:24.0118 2732 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:07:24.0306 2732 PSched - ok
13:07:24.0321 2732 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:07:24.0540 2732 Ptilink - ok
13:07:24.0556 2732 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:07:24.0634 2732 PxHelp20 - ok
13:07:24.0634 2732 ql1080 - ok
13:07:24.0634 2732 Ql10wnt - ok
13:07:24.0649 2732 ql12160 - ok
13:07:24.0649 2732 ql1240 - ok
13:07:24.0665 2732 ql1280 - ok
13:07:24.0681 2732 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:07:24.0884 2732 RasAcd - ok
13:07:24.0915 2732 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:07:25.0087 2732 RasAuto - ok
13:07:25.0118 2732 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:07:25.0290 2732 Rasl2tp - ok
13:07:25.0321 2732 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:07:25.0509 2732 RasMan - ok
13:07:25.0524 2732 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:07:25.0696 2732 RasPppoe - ok
13:07:25.0712 2732 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:07:25.0946 2732 Raspti - ok
13:07:25.0977 2732 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:07:26.0196 2732 Rdbss - ok
13:07:26.0196 2732 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:07:26.0430 2732 RDPCDD - ok
13:07:26.0462 2732 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:07:26.0696 2732 rdpdr - ok
13:07:26.0727 2732 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:07:26.0759 2732 RDPWD - ok
13:07:26.0805 2732 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:07:26.0993 2732 RDSessMgr - ok
13:07:27.0009 2732 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:07:27.0196 2732 redbook - ok
13:07:27.0227 2732 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:07:27.0430 2732 RemoteAccess - ok
13:07:27.0462 2732 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:07:27.0680 2732 RemoteRegistry - ok
13:07:27.0774 2732 RichVideo (06a49b7bdc36cfbf97dd90804f833369) C:\Program Files\CyberLink\Shared files\RichVideo.exe
13:07:27.0852 2732 RichVideo - ok
13:07:27.0883 2732 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:07:28.0040 2732 RpcLocator - ok
13:07:28.0087 2732 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
13:07:28.0118 2732 RpcSs - ok
13:07:28.0165 2732 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:07:28.0446 2732 RSVP - ok
13:07:28.0477 2732 RTL8023xp (e0cd8c78f70accb2f1f21343fbbd3b54) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
13:07:28.0587 2732 RTL8023xp - ok
13:07:28.0618 2732 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:07:28.0712 2732 rtl8139 - ok
13:07:28.0743 2732 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:07:28.0915 2732 SamSs - ok
13:07:28.0961 2732 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:07:29.0149 2732 SCardSvr - ok
13:07:29.0196 2732 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:07:29.0415 2732 Schedule - ok
13:07:29.0446 2732 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:07:29.0618 2732 Secdrv - ok
13:07:29.0649 2732 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:07:29.0836 2732 seclogon - ok
13:07:29.0883 2732 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:07:30.0071 2732 SENS - ok
13:07:30.0102 2732 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:07:30.0274 2732 serenum - ok
13:07:30.0290 2732 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:07:30.0477 2732 Serial - ok
13:07:30.0508 2732 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:07:30.0680 2732 Sfloppy - ok
13:07:30.0711 2732 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:07:30.0914 2732 SharedAccess - ok
13:07:30.0946 2732 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:07:30.0993 2732 ShellHWDetection - ok
13:07:30.0993 2732 Simbad - ok
13:07:30.0993 2732 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:07:31.0164 2732 SLIP - ok
13:07:31.0180 2732 Sparrow - ok
13:07:31.0180 2732 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:07:31.0368 2732 splitter - ok
13:07:31.0399 2732 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:07:31.0414 2732 Spooler - ok
13:07:31.0446 2732 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:07:31.0618 2732 sr - ok
13:07:31.0664 2732 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:07:31.0836 2732 srservice - ok
13:07:31.0883 2732 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:07:31.0946 2732 Srv - ok
13:07:31.0977 2732 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:07:32.0149 2732 SSDPSRV - ok
13:07:32.0196 2732 STacSV (b8ce501a576695746cdd344d9e866c37) C:\WINDOWS\system32\STacSV.exe
13:07:32.0242 2732 STacSV - ok
13:07:32.0336 2732 STHDA (6ad7569cc5e40b94932ec56097c5dccd) C:\WINDOWS\system32\drivers\sthda.sys
13:07:32.0414 2732 STHDA - ok
13:07:32.0477 2732 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:07:32.0680 2732 stisvc - ok
13:07:32.0711 2732 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:07:32.0930 2732 streamip - ok
13:07:32.0961 2732 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:07:33.0133 2732 swenum - ok
13:07:33.0149 2732 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:07:33.0320 2732 swmidi - ok
13:07:33.0320 2732 SwPrv - ok
13:07:33.0336 2732 symc810 - ok
13:07:33.0352 2732 symc8xx - ok
13:07:33.0352 2732 sym_hi - ok
13:07:33.0352 2732 sym_u3 - ok
13:07:33.0367 2732 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:07:33.0555 2732 sysaudio - ok
13:07:33.0570 2732 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:07:33.0805 2732 SysmonLog - ok
13:07:33.0820 2732 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:07:34.0008 2732 TapiSrv - ok
13:07:34.0055 2732 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:07:34.0164 2732 Tcpip - ok
13:07:34.0195 2732 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:07:34.0367 2732 TDPIPE - ok
13:07:34.0383 2732 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:07:34.0570 2732 TDTCP - ok
13:07:34.0586 2732 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:07:34.0773 2732 TermDD - ok
13:07:34.0789 2732 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:07:34.0977 2732 TermService - ok
13:07:35.0023 2732 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:07:35.0039 2732 Themes - ok
13:07:35.0070 2732 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
13:07:35.0242 2732 TlntSvr - ok
13:07:35.0242 2732 TosIde - ok
13:07:35.0258 2732 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:07:35.0445 2732 TrkWks - ok
13:07:35.0508 2732 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:07:35.0680 2732 Udfs - ok
13:07:35.0680 2732 ultra - ok
13:07:35.0742 2732 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:07:35.0945 2732 Update - ok
13:07:35.0976 2732 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:07:36.0195 2732 upnphost - ok
13:07:36.0211 2732 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:07:36.0398 2732 UPS - ok
13:07:36.0430 2732 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:07:36.0601 2732 usbaudio - ok
13:07:36.0633 2732 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:07:36.0820 2732 usbccgp - ok
13:07:36.0836 2732 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:07:37.0023 2732 usbehci - ok
13:07:37.0055 2732 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:07:37.0258 2732 usbhub - ok
13:07:37.0273 2732 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:07:37.0539 2732 usbohci - ok
13:07:37.0554 2732 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:07:37.0742 2732 usbprint - ok
13:07:37.0742 2732 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:07:37.0929 2732 usbscan - ok
13:07:37.0945 2732 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:07:38.0164 2732 usbstor - ok
13:07:38.0195 2732 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:07:38.0367 2732 usbuhci - ok
13:07:38.0367 2732 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:07:38.0586 2732 VgaSave - ok
13:07:38.0586 2732 ViaIde - ok
13:07:38.0601 2732 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:07:38.0789 2732 VolSnap - ok
13:07:38.0836 2732 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:07:39.0039 2732 VSS - ok
13:07:39.0164 2732 VX1000 (d22c6b9c2f840d403fd387ad207a4b16) C:\WINDOWS\system32\DRIVERS\VX1000.sys
13:07:39.0367 2732 VX1000 - ok
13:07:39.0461 2732 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:07:39.0664 2732 W32Time - ok
13:07:39.0695 2732 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:07:39.0867 2732 Wanarp - ok
13:07:39.0882 2732 WDICA - ok
13:07:39.0898 2732 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:07:40.0101 2732 wdmaud - ok
13:07:40.0117 2732 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:07:40.0335 2732 WebClient - ok
13:07:40.0398 2732 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:07:40.0585 2732 winmgmt - ok
13:07:40.0617 2732 WmdmPmSN (482069cda24aa0e94b1351e30eb3d01f) C:\WINDOWS\system32\MsPMSNSv.dll
13:07:40.0648 2732 WmdmPmSN - ok
13:07:40.0710 2732 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:07:40.0789 2732 Wmi - ok
13:07:40.0804 2732 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:07:41.0039 2732 WmiApSrv - ok
13:07:41.0070 2732 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:07:41.0320 2732 WS2IFSL - ok
13:07:41.0367 2732 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:07:41.0570 2732 wscsvc - ok
13:07:41.0570 2732 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:07:41.0773 2732 WSTCODEC - ok
13:07:41.0804 2732 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:07:41.0976 2732 wuauserv - ok
13:07:42.0038 2732 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:07:42.0257 2732 WZCSVC - ok
13:07:42.0288 2732 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:07:42.0742 2732 xmlprov - ok
13:07:42.0820 2732 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
13:07:42.0835 2732 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
13:07:42.0851 2732 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:07:43.0351 2732 \Device\Harddisk0\DR0 - ok
13:07:43.0366 2732 Boot (0x1200) (f22de11f778c057b8b3c9c21039b7f56) \Device\Harddisk0\DR0\Partition0
13:07:43.0366 2732 \Device\Harddisk0\DR0\Partition0 - ok
13:07:43.0366 2732 ============================================================
13:07:43.0366 2732 Scan finished
13:07:43.0366 2732 ============================================================
13:07:43.0476 2724 Detected object count: 6
13:07:43.0476 2724 Actual detected object count: 6
13:07:59.0178 2724 ENTECH ( UnsignedFile.Multi.Generic ) - skipped by user
13:07:59.0178 2724 ENTECH ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:07:59.0178 2724 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
13:07:59.0178 2724 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:07:59.0178 2724 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
13:07:59.0178 2724 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:07:59.0178 2724 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
13:07:59.0178 2724 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:07:59.0178 2724 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
13:07:59.0178 2724 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:07:59.0193 2724 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:07:59.0193 2724 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:06:23.0483 2396 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
13:06:23.0717 2396 ============================================================
13:06:23.0717 2396 Current date / time: 2012/06/09 13:06:23.0717
13:06:23.0717 2396 SystemInfo:
13:06:23.0717 2396
13:06:23.0717 2396 OS Version: 5.1.2600 ServicePack: 3.0
13:06:23.0717 2396 Product type: Workstation
13:06:23.0717 2396 ComputerName: COMFOR
13:06:23.0717 2396 UserName: Admin
13:06:23.0717 2396 Windows directory: C:\WINDOWS
13:06:23.0717 2396 System windows directory: C:\WINDOWS
13:06:23.0717 2396 Processor architecture: Intel x86
13:06:23.0717 2396 Number of processors: 2
13:06:23.0717 2396 Page size: 0x1000
13:06:23.0717 2396 Boot type: Normal boot
13:06:23.0717 2396 ============================================================
13:06:25.0389 2396 Drive \Device\Harddisk0\DR0 - Size: 0x2407D7FC00 (144.12 Gb), SectorSize: 0x200, Cylinders: 0x497E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:06:25.0405 2396 ============================================================
13:06:25.0405 2396 \Device\Harddisk0\DR0:
13:06:25.0405 2396 MBR partitions:
13:06:25.0405 2396 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1203EBBF
13:06:25.0405 2396 ============================================================
13:06:25.0452 2396 C: <-> \Device\Harddisk0\DR0\Partition0
13:06:25.0452 2396 ============================================================
13:06:25.0452 2396 Initialize success
13:06:25.0452 2396 ============================================================
13:06:55.0074 2732 ============================================================
13:06:55.0074 2732 Scan started
13:06:55.0074 2732 Mode: Manual; SigCheck; TDLFS;
13:06:55.0074 2732 ============================================================
13:06:55.0277 2732 26cba73a - ok
13:06:55.0371 2732 3xHybrid (315a45b5a334ed03667b1aa95d4a1f15) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
13:06:55.0714 2732 3xHybrid - ok
13:06:55.0793 2732 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
13:06:55.0871 2732 Aavmker4 - ok
13:06:55.0871 2732 Abiosdsk - ok
13:06:55.0871 2732 abp480n5 - ok
13:06:55.0918 2732 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:06:56.0121 2732 ACPI - ok
13:06:56.0152 2732 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:06:56.0324 2732 ACPIEC - ok
13:06:56.0339 2732 adpu160m - ok
13:06:56.0371 2732 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:06:56.0558 2732 aec - ok
13:06:56.0589 2732 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:06:56.0636 2732 AFD - ok
13:06:56.0652 2732 Aha154x - ok
13:06:56.0652 2732 aic78u2 - ok
13:06:56.0668 2732 aic78xx - ok
13:06:56.0699 2732 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:06:56.0902 2732 Alerter - ok
13:06:56.0933 2732 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:06:57.0105 2732 ALG - ok
13:06:57.0121 2732 AliIde - ok
13:06:57.0121 2732 amsint - ok
13:06:57.0152 2732 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:06:57.0402 2732 AppMgmt - ok
13:06:57.0402 2732 asc - ok
13:06:57.0417 2732 asc3350p - ok
13:06:57.0417 2732 asc3550 - ok
13:06:57.0511 2732 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:06:57.0542 2732 aspnet_state - ok
13:06:57.0574 2732 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:06:57.0589 2732 aswFsBlk - ok
13:06:57.0621 2732 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
13:06:57.0636 2732 aswMon2 - ok
13:06:57.0652 2732 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
13:06:57.0667 2732 aswRdr - ok
13:06:57.0730 2732 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
13:06:57.0761 2732 aswSnx - ok
13:06:57.0792 2732 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
13:06:57.0824 2732 aswSP - ok
13:06:57.0839 2732 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
13:06:57.0855 2732 aswTdi - ok
13:06:57.0886 2732 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:06:58.0074 2732 AsyncMac - ok
13:06:58.0089 2732 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:06:58.0292 2732 atapi - ok
13:06:58.0308 2732 Atdisk - ok
13:06:58.0339 2732 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:06:58.0542 2732 Atmarpc - ok
13:06:58.0558 2732 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:06:58.0761 2732 AudioSrv - ok
13:06:58.0777 2732 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:06:58.0995 2732 audstub - ok
13:06:59.0074 2732 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:06:59.0089 2732 avast! Antivirus - ok
13:06:59.0136 2732 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:06:59.0339 2732 Beep - ok
13:06:59.0386 2732 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:06:59.0620 2732 BITS - ok
13:06:59.0652 2732 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:06:59.0886 2732 Browser - ok
13:06:59.0917 2732 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:07:00.0136 2732 cbidf2k - ok
13:07:00.0167 2732 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:07:00.0370 2732 CCDECODE - ok
13:07:00.0370 2732 cd20xrnt - ok
13:07:00.0402 2732 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:07:00.0636 2732 Cdaudio - ok
13:07:00.0652 2732 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:07:00.0855 2732 Cdfs - ok
13:07:00.0870 2732 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:07:01.0073 2732 Cdrom - ok
13:07:01.0089 2732 Changer - ok
13:07:01.0136 2732 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:07:01.0323 2732 CiSvc - ok
13:07:01.0355 2732 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:07:01.0573 2732 ClipSrv - ok
13:07:01.0651 2732 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:07:01.0714 2732 clr_optimization_v2.0.50727_32 - ok
13:07:01.0714 2732 CmdIde - ok
13:07:01.0730 2732 COMSysApp - ok
13:07:01.0745 2732 Cpqarray - ok
13:07:01.0761 2732 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:07:01.0964 2732 CryptSvc - ok
13:07:01.0964 2732 dac2w2k - ok
13:07:01.0964 2732 dac960nt - ok
13:07:02.0011 2732 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:07:02.0058 2732 DcomLaunch - ok
13:07:02.0105 2732 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:07:02.0308 2732 Dhcp - ok
13:07:02.0339 2732 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:07:02.0558 2732 Disk - ok
13:07:02.0558 2732 dmadmin - ok
13:07:02.0636 2732 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:07:02.0886 2732 dmboot - ok
13:07:02.0933 2732 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:07:03.0120 2732 dmio - ok
13:07:03.0136 2732 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:07:03.0339 2732 dmload - ok
13:07:03.0354 2732 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:07:03.0542 2732 dmserver - ok
13:07:03.0542 2732 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:07:03.0729 2732 DMusic - ok
13:07:03.0761 2732 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:07:03.0792 2732 Dnscache - ok
13:07:03.0839 2732 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:07:04.0073 2732 Dot3svc - ok
13:07:04.0073 2732 dpti2o - ok
13:07:04.0104 2732 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:07:04.0292 2732 drmkaud - ok
13:07:04.0323 2732 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:07:04.0339 2732 E100B - ok
13:07:04.0370 2732 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:07:04.0557 2732 EapHost - ok
13:07:04.0620 2732 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
13:07:04.0682 2732 ehRecvr - ok
13:07:04.0729 2732 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
13:07:04.0776 2732 ehSched - ok
13:07:04.0792 2732 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
13:07:04.0807 2732 ENTECH ( UnsignedFile.Multi.Generic ) - warning
13:07:04.0807 2732 ENTECH - detected UnsignedFile.Multi.Generic (1)
13:07:04.0823 2732 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:07:05.0042 2732 ERSvc - ok
13:07:05.0057 2732 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:07:05.0089 2732 Eventlog - ok
13:07:05.0120 2732 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:07:05.0167 2732 EventSystem - ok
13:07:05.0198 2732 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:07:05.0385 2732 Fastfat - ok
13:07:05.0432 2732 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:07:05.0479 2732 FastUserSwitchingCompatibility - ok
13:07:05.0479 2732 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:07:05.0682 2732 Fdc - ok
13:07:05.0698 2732 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:07:05.0885 2732 Fips - ok
13:07:05.0901 2732 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:07:06.0104 2732 Flpydisk - ok
13:07:06.0120 2732 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:07:06.0354 2732 FltMgr - ok
13:07:06.0448 2732 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:07:06.0464 2732 FontCache3.0.0.0 - ok
13:07:06.0495 2732 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:07:06.0698 2732 Fs_Rec - ok
13:07:06.0729 2732 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:07:06.0948 2732 Ftdisk - ok
13:07:06.0979 2732 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:07:07.0167 2732 Gpc - ok
13:07:07.0182 2732 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:07:07.0401 2732 HDAudBus - ok
13:07:07.0448 2732 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:07:07.0635 2732 helpsvc - ok
13:07:07.0682 2732 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:07:07.0870 2732 HidServ - ok
13:07:07.0885 2732 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:07:08.0073 2732 HidUsb - ok
13:07:08.0120 2732 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:07:08.0323 2732 hkmsvc - ok
13:07:08.0323 2732 hpn - ok
13:07:08.0370 2732 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:07:08.0416 2732 HPZid412 - ok
13:07:08.0432 2732 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:07:08.0463 2732 HPZipr12 - ok
13:07:08.0479 2732 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:07:08.0526 2732 HPZius12 - ok
13:07:08.0557 2732 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:07:08.0588 2732 HTTP - ok
13:07:08.0620 2732 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:07:08.0791 2732 HTTPFilter - ok
13:07:08.0791 2732 i2omgmt - ok
13:07:08.0807 2732 i2omp - ok
13:07:08.0823 2732 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:07:09.0010 2732 i8042prt - ok
13:07:09.0104 2732 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:07:09.0198 2732 ialm - ok
13:07:09.0307 2732 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:07:09.0370 2732 idsvc - ok
13:07:09.0463 2732 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:07:09.0651 2732 Imapi - ok
13:07:09.0682 2732 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:07:09.0869 2732 ImapiService - ok
13:07:09.0869 2732 ini910u - ok
13:07:10.0135 2732 IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:07:10.0354 2732 IntcAzAudAddService - ok
13:07:10.0416 2732 IntelIde - ok
13:07:10.0448 2732 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:07:10.0619 2732 intelppm - ok
13:07:10.0635 2732 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:07:10.0822 2732 Ip6Fw - ok
13:07:10.0869 2732 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:07:11.0088 2732 IpFilterDriver - ok
13:07:11.0104 2732 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:07:11.0291 2732 IpInIp - ok
13:07:11.0307 2732 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:07:11.0494 2732 IpNat - ok
13:07:11.0526 2732 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:07:11.0697 2732 IPSec - ok
13:07:11.0729 2732 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:07:11.0901 2732 IRENUM - ok
13:07:11.0932 2732 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:07:12.0104 2732 isapnp - ok
13:07:12.0119 2732 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:07:12.0307 2732 Kbdclass - ok
13:07:12.0354 2732 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:07:12.0541 2732 kmixer - ok
13:07:12.0557 2732 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:07:12.0604 2732 KSecDD - ok
13:07:12.0635 2732 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:07:12.0666 2732 lanmanserver - ok
13:07:12.0697 2732 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:07:12.0744 2732 lanmanworkstation - ok
13:07:12.0744 2732 lbrtfdc - ok
13:07:12.0775 2732 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:07:12.0963 2732 LmHosts - ok
13:07:13.0025 2732 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
13:07:13.0072 2732 McrdSvc - ok
13:07:13.0104 2732 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:07:13.0275 2732 Messenger - ok
13:07:13.0307 2732 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
13:07:13.0338 2732 MHN ( UnsignedFile.Multi.Generic ) - warning
13:07:13.0338 2732 MHN - detected UnsignedFile.Multi.Generic (1)
13:07:13.0354 2732 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
13:07:13.0385 2732 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
13:07:13.0385 2732 MHNDRV - detected UnsignedFile.Multi.Generic (1)
13:07:13.0416 2732 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:07:13.0650 2732 mnmdd - ok
13:07:13.0682 2732 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:07:13.0869 2732 mnmsrvc - ok
13:07:13.0916 2732 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:07:14.0119 2732 Modem - ok
13:07:14.0135 2732 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:07:14.0338 2732 Mouclass - ok
13:07:14.0369 2732 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:07:14.0588 2732 mouhid - ok
13:07:14.0603 2732 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:07:14.0807 2732 MountMgr - ok
13:07:14.0853 2732 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
13:07:15.0041 2732 MPE - ok
13:07:15.0041 2732 mraid35x - ok
13:07:15.0072 2732 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:07:15.0260 2732 MRxDAV - ok
13:07:15.0306 2732 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:07:15.0385 2732 MRxSmb - ok
13:07:15.0478 2732 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
13:07:15.0494 2732 MSCamSvc - ok
13:07:15.0525 2732 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:07:15.0713 2732 MSDTC - ok
13:07:15.0728 2732 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:07:15.0900 2732 Msfs - ok
13:07:15.0916 2732 MSIServer - ok
13:07:15.0947 2732 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:07:16.0135 2732 MSKSSRV - ok
13:07:16.0166 2732 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:07:16.0338 2732 MSPCLOCK - ok
13:07:16.0353 2732 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:07:16.0525 2732 MSPQM - ok
13:07:16.0541 2732 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:07:16.0728 2732 mssmbios - ok
13:07:16.0728 2732 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:07:16.0900 2732 MSTEE - ok
13:07:16.0931 2732 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:07:16.0963 2732 Mup - ok
13:07:16.0978 2732 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:07:17.0166 2732 NABTSFEC - ok
13:07:17.0213 2732 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:07:17.0463 2732 napagent - ok
13:07:17.0541 2732 NBService (7db7924793b9bd0ec991ad321664c486) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
13:07:17.0572 2732 NBService ( UnsignedFile.Multi.Generic ) - warning
13:07:17.0572 2732 NBService - detected UnsignedFile.Multi.Generic (1)
13:07:17.0603 2732 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:07:17.0791 2732 NDIS - ok
13:07:17.0791 2732 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:07:17.0962 2732 NdisIP - ok
13:07:17.0994 2732 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:07:18.0025 2732 NdisTapi - ok
13:07:18.0041 2732 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:07:18.0212 2732 Ndisuio - ok
13:07:18.0212 2732 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:07:18.0416 2732 NdisWan - ok
13:07:18.0447 2732 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:07:18.0462 2732 NDProxy - ok
13:07:18.0478 2732 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:07:18.0650 2732 NetBIOS - ok
13:07:18.0666 2732 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:07:18.0869 2732 NetBT - ok
13:07:18.0900 2732 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:07:19.0103 2732 NetDDE - ok
13:07:19.0103 2732 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:07:19.0290 2732 NetDDEdsdm - ok
13:07:19.0322 2732 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:07:19.0494 2732 Netlogon - ok
13:07:19.0540 2732 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:07:19.0775 2732 Netman - ok
13:07:19.0869 2732 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:07:19.0915 2732 NetTcpPortSharing - ok
13:07:19.0978 2732 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:07:20.0009 2732 Nla - ok
13:07:20.0040 2732 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:07:20.0228 2732 Npfs - ok
13:07:20.0259 2732 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:07:20.0494 2732 Ntfs - ok
13:07:20.0494 2732 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:07:20.0681 2732 NtLmSsp - ok
13:07:20.0728 2732 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:07:20.0931 2732 NtmsSvc - ok
13:07:20.0947 2732 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:07:21.0165 2732 Null - ok
13:07:21.0181 2732 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:07:21.0400 2732 NwlnkFlt - ok
13:07:21.0400 2732 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:07:21.0618 2732 NwlnkFwd - ok
13:07:21.0697 2732 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:07:21.0712 2732 ose - ok
13:07:21.0743 2732 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:07:21.0931 2732 Parport - ok
13:07:21.0931 2732 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:07:22.0103 2732 PartMgr - ok
13:07:22.0118 2732 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:07:22.0353 2732 ParVdm - ok
13:07:22.0353 2732 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:07:22.0525 2732 PCI - ok
13:07:22.0540 2732 PCIDump - ok
13:07:22.0556 2732 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:07:22.0853 2732 PCIIde - ok
13:07:22.0884 2732 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:07:23.0071 2732 Pcmcia - ok
13:07:23.0071 2732 PDCOMP - ok
13:07:23.0087 2732 PDFRAME - ok
13:07:23.0087 2732 PDRELI - ok
13:07:23.0087 2732 PDRFRAME - ok
13:07:23.0103 2732 perc2 - ok
13:07:23.0103 2732 perc2hib - ok
13:07:23.0275 2732 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE
13:07:23.0337 2732 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
13:07:23.0337 2732 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
13:07:23.0368 2732 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:07:23.0415 2732 PlugPlay - ok
13:07:23.0462 2732 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
13:07:23.0493 2732 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:07:23.0493 2732 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:07:23.0524 2732 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:07:23.0696 2732 PolicyAgent - ok
13:07:23.0728 2732 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:07:23.0931 2732 PptpMiniport - ok
13:07:23.0931 2732 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:07:24.0103 2732 ProtectedStorage - ok
13:07:24.0118 2732 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:07:24.0306 2732 PSched - ok
13:07:24.0321 2732 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:07:24.0540 2732 Ptilink - ok
13:07:24.0556 2732 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:07:24.0634 2732 PxHelp20 - ok
13:07:24.0634 2732 ql1080 - ok
13:07:24.0634 2732 Ql10wnt - ok
13:07:24.0649 2732 ql12160 - ok
13:07:24.0649 2732 ql1240 - ok
13:07:24.0665 2732 ql1280 - ok
13:07:24.0681 2732 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:07:24.0884 2732 RasAcd - ok
13:07:24.0915 2732 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:07:25.0087 2732 RasAuto - ok
13:07:25.0118 2732 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:07:25.0290 2732 Rasl2tp - ok
13:07:25.0321 2732 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:07:25.0509 2732 RasMan - ok
13:07:25.0524 2732 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:07:25.0696 2732 RasPppoe - ok
13:07:25.0712 2732 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:07:25.0946 2732 Raspti - ok
13:07:25.0977 2732 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:07:26.0196 2732 Rdbss - ok
13:07:26.0196 2732 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:07:26.0430 2732 RDPCDD - ok
13:07:26.0462 2732 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:07:26.0696 2732 rdpdr - ok
13:07:26.0727 2732 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:07:26.0759 2732 RDPWD - ok
13:07:26.0805 2732 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:07:26.0993 2732 RDSessMgr - ok
13:07:27.0009 2732 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:07:27.0196 2732 redbook - ok
13:07:27.0227 2732 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:07:27.0430 2732 RemoteAccess - ok
13:07:27.0462 2732 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:07:27.0680 2732 RemoteRegistry - ok
13:07:27.0774 2732 RichVideo (06a49b7bdc36cfbf97dd90804f833369) C:\Program Files\CyberLink\Shared files\RichVideo.exe
13:07:27.0852 2732 RichVideo - ok
13:07:27.0883 2732 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:07:28.0040 2732 RpcLocator - ok
13:07:28.0087 2732 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
13:07:28.0118 2732 RpcSs - ok
13:07:28.0165 2732 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:07:28.0446 2732 RSVP - ok
13:07:28.0477 2732 RTL8023xp (e0cd8c78f70accb2f1f21343fbbd3b54) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
13:07:28.0587 2732 RTL8023xp - ok
13:07:28.0618 2732 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:07:28.0712 2732 rtl8139 - ok
13:07:28.0743 2732 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:07:28.0915 2732 SamSs - ok
13:07:28.0961 2732 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:07:29.0149 2732 SCardSvr - ok
13:07:29.0196 2732 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:07:29.0415 2732 Schedule - ok
13:07:29.0446 2732 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:07:29.0618 2732 Secdrv - ok
13:07:29.0649 2732 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:07:29.0836 2732 seclogon - ok
13:07:29.0883 2732 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:07:30.0071 2732 SENS - ok
13:07:30.0102 2732 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:07:30.0274 2732 serenum - ok
13:07:30.0290 2732 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:07:30.0477 2732 Serial - ok
13:07:30.0508 2732 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:07:30.0680 2732 Sfloppy - ok
13:07:30.0711 2732 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:07:30.0914 2732 SharedAccess - ok
13:07:30.0946 2732 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:07:30.0993 2732 ShellHWDetection - ok
13:07:30.0993 2732 Simbad - ok
13:07:30.0993 2732 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:07:31.0164 2732 SLIP - ok
13:07:31.0180 2732 Sparrow - ok
13:07:31.0180 2732 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:07:31.0368 2732 splitter - ok
13:07:31.0399 2732 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:07:31.0414 2732 Spooler - ok
13:07:31.0446 2732 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:07:31.0618 2732 sr - ok
13:07:31.0664 2732 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:07:31.0836 2732 srservice - ok
13:07:31.0883 2732 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:07:31.0946 2732 Srv - ok
13:07:31.0977 2732 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:07:32.0149 2732 SSDPSRV - ok
13:07:32.0196 2732 STacSV (b8ce501a576695746cdd344d9e866c37) C:\WINDOWS\system32\STacSV.exe
13:07:32.0242 2732 STacSV - ok
13:07:32.0336 2732 STHDA (6ad7569cc5e40b94932ec56097c5dccd) C:\WINDOWS\system32\drivers\sthda.sys
13:07:32.0414 2732 STHDA - ok
13:07:32.0477 2732 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:07:32.0680 2732 stisvc - ok
13:07:32.0711 2732 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:07:32.0930 2732 streamip - ok
13:07:32.0961 2732 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:07:33.0133 2732 swenum - ok
13:07:33.0149 2732 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:07:33.0320 2732 swmidi - ok
13:07:33.0320 2732 SwPrv - ok
13:07:33.0336 2732 symc810 - ok
13:07:33.0352 2732 symc8xx - ok
13:07:33.0352 2732 sym_hi - ok
13:07:33.0352 2732 sym_u3 - ok
13:07:33.0367 2732 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:07:33.0555 2732 sysaudio - ok
13:07:33.0570 2732 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:07:33.0805 2732 SysmonLog - ok
13:07:33.0820 2732 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:07:34.0008 2732 TapiSrv - ok
13:07:34.0055 2732 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:07:34.0164 2732 Tcpip - ok
13:07:34.0195 2732 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:07:34.0367 2732 TDPIPE - ok
13:07:34.0383 2732 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:07:34.0570 2732 TDTCP - ok
13:07:34.0586 2732 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:07:34.0773 2732 TermDD - ok
13:07:34.0789 2732 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:07:34.0977 2732 TermService - ok
13:07:35.0023 2732 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:07:35.0039 2732 Themes - ok
13:07:35.0070 2732 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
13:07:35.0242 2732 TlntSvr - ok
13:07:35.0242 2732 TosIde - ok
13:07:35.0258 2732 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:07:35.0445 2732 TrkWks - ok
13:07:35.0508 2732 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:07:35.0680 2732 Udfs - ok
13:07:35.0680 2732 ultra - ok
13:07:35.0742 2732 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:07:35.0945 2732 Update - ok
13:07:35.0976 2732 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:07:36.0195 2732 upnphost - ok
13:07:36.0211 2732 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:07:36.0398 2732 UPS - ok
13:07:36.0430 2732 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:07:36.0601 2732 usbaudio - ok
13:07:36.0633 2732 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:07:36.0820 2732 usbccgp - ok
13:07:36.0836 2732 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:07:37.0023 2732 usbehci - ok
13:07:37.0055 2732 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:07:37.0258 2732 usbhub - ok
13:07:37.0273 2732 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:07:37.0539 2732 usbohci - ok
13:07:37.0554 2732 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:07:37.0742 2732 usbprint - ok
13:07:37.0742 2732 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:07:37.0929 2732 usbscan - ok
13:07:37.0945 2732 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:07:38.0164 2732 usbstor - ok
13:07:38.0195 2732 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:07:38.0367 2732 usbuhci - ok
13:07:38.0367 2732 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:07:38.0586 2732 VgaSave - ok
13:07:38.0586 2732 ViaIde - ok
13:07:38.0601 2732 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:07:38.0789 2732 VolSnap - ok
13:07:38.0836 2732 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:07:39.0039 2732 VSS - ok
13:07:39.0164 2732 VX1000 (d22c6b9c2f840d403fd387ad207a4b16) C:\WINDOWS\system32\DRIVERS\VX1000.sys
13:07:39.0367 2732 VX1000 - ok
13:07:39.0461 2732 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:07:39.0664 2732 W32Time - ok
13:07:39.0695 2732 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:07:39.0867 2732 Wanarp - ok
13:07:39.0882 2732 WDICA - ok
13:07:39.0898 2732 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:07:40.0101 2732 wdmaud - ok
13:07:40.0117 2732 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:07:40.0335 2732 WebClient - ok
13:07:40.0398 2732 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:07:40.0585 2732 winmgmt - ok
13:07:40.0617 2732 WmdmPmSN (482069cda24aa0e94b1351e30eb3d01f) C:\WINDOWS\system32\MsPMSNSv.dll
13:07:40.0648 2732 WmdmPmSN - ok
13:07:40.0710 2732 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:07:40.0789 2732 Wmi - ok
13:07:40.0804 2732 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:07:41.0039 2732 WmiApSrv - ok
13:07:41.0070 2732 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:07:41.0320 2732 WS2IFSL - ok
13:07:41.0367 2732 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:07:41.0570 2732 wscsvc - ok
13:07:41.0570 2732 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:07:41.0773 2732 WSTCODEC - ok
13:07:41.0804 2732 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:07:41.0976 2732 wuauserv - ok
13:07:42.0038 2732 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:07:42.0257 2732 WZCSVC - ok
13:07:42.0288 2732 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:07:42.0742 2732 xmlprov - ok
13:07:42.0820 2732 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
13:07:42.0835 2732 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
13:07:42.0851 2732 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:07:43.0351 2732 \Device\Harddisk0\DR0 - ok
13:07:43.0366 2732 Boot (0x1200) (f22de11f778c057b8b3c9c21039b7f56) \Device\Harddisk0\DR0\Partition0
13:07:43.0366 2732 \Device\Harddisk0\DR0\Partition0 - ok
13:07:43.0366 2732 ============================================================
13:07:43.0366 2732 Scan finished
13:07:43.0366 2732 ============================================================
13:07:43.0476 2724 Detected object count: 6
13:07:43.0476 2724 Actual detected object count: 6
13:07:59.0178 2724 ENTECH ( UnsignedFile.Multi.Generic ) - skipped by user
13:07:59.0178 2724 ENTECH ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:07:59.0178 2724 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
13:07:59.0178 2724 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:07:59.0178 2724 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
13:07:59.0178 2724 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:07:59.0178 2724 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
13:07:59.0178 2724 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:07:59.0178 2724 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
13:07:59.0178 2724 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:07:59.0193 2724 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:07:59.0193 2724 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Re: Problém asi s MBR
Tak combofix se zase kousne ještě před fazi 1
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-06-09 14:06:46
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 104 GB (71%) free of 148 GB
Total RAM: 1013 MB (62% free)
HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-04-17 16143872]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"VX1000"=C:\WINDOWS\vVX1000.exe [2010-05-20 762736]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2010-05-20 119152]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-01-18 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2007-01-18 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2007-01-18 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\sttray.exe [2007-01-18 303104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2
"ose"=3
"NBService"=3
"avast! Mail Scanner"=3
"aawservice"=2
"STacSV"=2
"MSCamSvc"=2
"idsvc"=3
"wuauserv"=2
"EapHostEventSystem"=2
"BITS"=3
"AlerterALG"=2
"PEVSystemStart"=2
"MozillaMaintenance"=3
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-18 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92869651.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\92869651.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"LegalNoticeTextCAutoLog"=
"LegalNoticeCaptionCAutoLog"=
"LogonType"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoSecurityTab"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe"="C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Microsoft LifeCam\LifeTray.exe"="C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv
"midi1"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
======List of files/folders created in the last 1 month======
2012-06-09 14:06:46 ----D---- C:\rsit
2012-06-09 13:57:05 ----SD---- C:\ComboFix
2012-06-09 13:42:28 ----D---- C:\Qoobox
2012-06-09 13:40:05 ----D---- C:\TDSSKiller_Quarantine
2012-06-09 13:40:02 ----A---- C:\TDSSKiller.2.7.36.0_09.06.2012_13.40.02_log.txt
2012-06-09 13:06:23 ----A---- C:\TDSSKiller.2.7.36.0_09.06.2012_13.06.23_log.txt
2012-06-09 13:05:23 ----A---- C:\tdsskiller.exe
2012-06-09 10:32:17 ----A---- C:\mbr.exe
2012-06-09 10:26:08 ----A---- C:\MbrScan.exe
2012-06-09 10:14:47 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2012-06-08 22:05:02 ----ASH---- C:\pagefile.sys
2012-06-08 18:50:56 ----ASH---- C:\hiberfil.sys
2012-06-08 18:38:20 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2012-06-08 16:32:25 ----A---- C:\WINDOWS\MBR.exe
2012-06-08 16:05:25 ----D---- C:\Program Files\CCleaner
======List of files/folders modified in the last 1 month======
2012-06-09 13:57:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-06-09 13:57:00 ----D---- C:\WINDOWS\system32\drivers
2012-06-09 13:56:35 ----D---- C:\WINDOWS\temp
2012-06-09 13:48:30 ----D---- C:\WINDOWS\Registration
2012-06-09 13:48:26 ----D---- C:\WINDOWS\system32\CatRoot2
2012-06-09 13:48:20 ----D---- C:\WINDOWS
2012-06-09 13:45:20 ----D---- C:\WINDOWS\system32
2012-06-09 13:43:29 ----SHD---- C:\System Volume Information
2012-06-09 13:43:13 ----D---- C:\WINDOWS\Prefetch
2012-06-09 00:12:48 ----RD---- C:\Program Files
2012-06-08 23:15:20 ----D---- C:\Program Files\Mozilla Firefox
2012-06-08 23:15:19 ----D---- C:\Documents and Settings\Admin\Application Data\Mozilla
2012-06-08 22:55:30 ----A---- C:\WINDOWS\NeroDigital.ini
2012-06-08 22:47:50 ----D---- C:\Documents and Settings
2012-06-08 22:40:45 ----D---- C:\WINDOWS\pss
2012-06-08 22:39:31 ----D---- C:\WINDOWS\system32\Restore
2012-06-08 22:38:58 ----ASH---- C:\boot.ini
2012-06-08 22:38:58 ----A---- C:\WINDOWS\win.ini
2012-06-08 22:38:58 ----A---- C:\WINDOWS\system.ini
2012-06-08 22:36:44 ----D---- C:\Documents and Settings\Admin\Application Data\Skype
2012-06-08 22:36:38 ----D---- C:\WINDOWS\Minidump
2012-06-08 22:36:38 ----D---- C:\WINDOWS\Logs
2012-06-08 22:36:38 ----D---- C:\WINDOWS\Debug
2012-06-08 17:47:08 ----HD---- C:\WINDOWS\inf
2012-06-08 16:09:25 ----SHD---- C:\WINDOWS\Installer
2012-06-04 13:35:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-05-31 15:22:09 ----A---- C:\WINDOWS\system32\crypt32.dll
2012-05-23 07:17:25 ----D---- C:\WINDOWS\Microsoft.NET
2012-05-22 07:35:20 ----D---- C:\WINDOWS\WinSxS
2012-05-12 18:49:17 ----RSD---- C:\WINDOWS\assembly
2012-05-10 15:40:06 ----D---- C:\WINDOWS\system32\XPSViewer
2012-05-10 15:36:51 ----A---- C:\WINDOWS\system32\MRT.exe
2012-05-10 15:36:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-05-12 20576]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-03-07 24920]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-03-07 35672]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-15 12032]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-03-07 95704]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-01-18 165760]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-18 1181824]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-04-10 1271032]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-17 4262912]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-08-22 97152]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2010-05-20 1961072]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\pev.3XE [2011-06-26 256000]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2010-05-20 139632]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-08 208896]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
S4 STacSV;Audio Service; C:\WINDOWS\system32\STacSV.exe [2008-04-10 212992]
-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-06-09 14:06:46
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 104 GB (71%) free of 148 GB
Total RAM: 1013 MB (62% free)
HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-04-17 16143872]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"VX1000"=C:\WINDOWS\vVX1000.exe [2010-05-20 762736]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2010-05-20 119152]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-01-18 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2007-01-18 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2007-01-18 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\sttray.exe [2007-01-18 303104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2
"ose"=3
"NBService"=3
"avast! Mail Scanner"=3
"aawservice"=2
"STacSV"=2
"MSCamSvc"=2
"idsvc"=3
"wuauserv"=2
"EapHostEventSystem"=2
"BITS"=3
"AlerterALG"=2
"PEVSystemStart"=2
"MozillaMaintenance"=3
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-18 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92869651.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\92869651.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"LegalNoticeTextCAutoLog"=
"LegalNoticeCaptionCAutoLog"=
"LogonType"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoSecurityTab"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe"="C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Microsoft LifeCam\LifeTray.exe"="C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv
"midi1"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
======List of files/folders created in the last 1 month======
2012-06-09 14:06:46 ----D---- C:\rsit
2012-06-09 13:57:05 ----SD---- C:\ComboFix
2012-06-09 13:42:28 ----D---- C:\Qoobox
2012-06-09 13:40:05 ----D---- C:\TDSSKiller_Quarantine
2012-06-09 13:40:02 ----A---- C:\TDSSKiller.2.7.36.0_09.06.2012_13.40.02_log.txt
2012-06-09 13:06:23 ----A---- C:\TDSSKiller.2.7.36.0_09.06.2012_13.06.23_log.txt
2012-06-09 13:05:23 ----A---- C:\tdsskiller.exe
2012-06-09 10:32:17 ----A---- C:\mbr.exe
2012-06-09 10:26:08 ----A---- C:\MbrScan.exe
2012-06-09 10:14:47 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2012-06-08 22:05:02 ----ASH---- C:\pagefile.sys
2012-06-08 18:50:56 ----ASH---- C:\hiberfil.sys
2012-06-08 18:38:20 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2012-06-08 16:32:25 ----A---- C:\WINDOWS\MBR.exe
2012-06-08 16:05:25 ----D---- C:\Program Files\CCleaner
======List of files/folders modified in the last 1 month======
2012-06-09 13:57:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-06-09 13:57:00 ----D---- C:\WINDOWS\system32\drivers
2012-06-09 13:56:35 ----D---- C:\WINDOWS\temp
2012-06-09 13:48:30 ----D---- C:\WINDOWS\Registration
2012-06-09 13:48:26 ----D---- C:\WINDOWS\system32\CatRoot2
2012-06-09 13:48:20 ----D---- C:\WINDOWS
2012-06-09 13:45:20 ----D---- C:\WINDOWS\system32
2012-06-09 13:43:29 ----SHD---- C:\System Volume Information
2012-06-09 13:43:13 ----D---- C:\WINDOWS\Prefetch
2012-06-09 00:12:48 ----RD---- C:\Program Files
2012-06-08 23:15:20 ----D---- C:\Program Files\Mozilla Firefox
2012-06-08 23:15:19 ----D---- C:\Documents and Settings\Admin\Application Data\Mozilla
2012-06-08 22:55:30 ----A---- C:\WINDOWS\NeroDigital.ini
2012-06-08 22:47:50 ----D---- C:\Documents and Settings
2012-06-08 22:40:45 ----D---- C:\WINDOWS\pss
2012-06-08 22:39:31 ----D---- C:\WINDOWS\system32\Restore
2012-06-08 22:38:58 ----ASH---- C:\boot.ini
2012-06-08 22:38:58 ----A---- C:\WINDOWS\win.ini
2012-06-08 22:38:58 ----A---- C:\WINDOWS\system.ini
2012-06-08 22:36:44 ----D---- C:\Documents and Settings\Admin\Application Data\Skype
2012-06-08 22:36:38 ----D---- C:\WINDOWS\Minidump
2012-06-08 22:36:38 ----D---- C:\WINDOWS\Logs
2012-06-08 22:36:38 ----D---- C:\WINDOWS\Debug
2012-06-08 17:47:08 ----HD---- C:\WINDOWS\inf
2012-06-08 16:09:25 ----SHD---- C:\WINDOWS\Installer
2012-06-04 13:35:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-05-31 15:22:09 ----A---- C:\WINDOWS\system32\crypt32.dll
2012-05-23 07:17:25 ----D---- C:\WINDOWS\Microsoft.NET
2012-05-22 07:35:20 ----D---- C:\WINDOWS\WinSxS
2012-05-12 18:49:17 ----RSD---- C:\WINDOWS\assembly
2012-05-10 15:40:06 ----D---- C:\WINDOWS\system32\XPSViewer
2012-05-10 15:36:51 ----A---- C:\WINDOWS\system32\MRT.exe
2012-05-10 15:36:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-05-12 20576]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-03-07 24920]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-03-07 35672]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-15 12032]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-03-07 95704]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-01-18 165760]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-18 1181824]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-04-10 1271032]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-17 4262912]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-08-22 97152]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2010-05-20 1961072]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\pev.3XE [2011-06-26 256000]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2010-05-20 139632]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-08 208896]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
S4 STacSV;Audio Service; C:\WINDOWS\system32\STacSV.exe [2008-04-10 212992]
-----------------EOF-----------------
Re: Problém asi s MBR
s parametrem /NoMbr už se to neseklo, se /SkipFix zase seknuty stejně jak předtím (seklo se to na při "Připravuji log report")
ComboFix 12-06-09.01 - Admin 09.06.2012 19:42:09.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1013.533 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: /NoMbr
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Application Data\TMInc
c:\documents and settings\Admin\Application Data\TMInc\game.cfg
c:\documents and settings\Admin\Application Data\TMInc\user1.sav
c:\documents and settings\Admin\Puzzle pro hru Medvěd Míša Ostrovy pokladů 1.exe
c:\documents and settings\Admin\Puzzle pro hru Medvěd Míša Ostrovy pokladů 2.exe
c:\documents and settings\Admin\Puzzle pro hru Medvěd Míša Ostrovy pokladů 3.exe
c:\documents and settings\Admin\Puzzle pro hru Medvěd Míša Ostrovy pokladů 4.exe
c:\documents and settings\Admin\Puzzle pro hru Medvěd Míša Ostrovy pokladů 5.exe
c:\documents and settings\Admin\Puzzle pro hru Medvěd Míša Ostrovy pokladů 6.exe
c:\documents and settings\Admin\Puzzle pro hru Medvěd Míša Ostrovy pokladů 7.exe
c:\program files\Common Files\SecurePCCleaner
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\2427586045.dat
c:\windows\system32\acbbbea_s.dll
c:\windows\system32\MUI\0405\tourstart.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-09 do 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-09 16:51 . 2012-06-09 16:51 17113192 ----a-w- C:\firefox_setup_13.0.exe
2012-06-09 12:06 . 2012-06-09 12:06 -------- d-----w- C:\rsit
2012-06-09 11:40 . 2012-06-09 11:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-09 11:05 . 2012-06-09 11:05 2127960 ----a-w- C:\tdsskiller.exe
2012-06-09 08:32 . 2012-06-09 08:32 89088 ----a-w- C:\mbr.exe
2012-06-09 08:26 . 2012-06-09 08:26 147456 ----a-w- C:\MbrScan.exe
2012-06-08 14:05 . 2012-06-08 14:05 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 1980-01-01 00:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-04-11 13:14 . 2004-08-03 23:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 1980-01-01 00:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-18 10:39 114688 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-18 10:39 98304 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-01-18 10:39 94208 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-01-18 10:37 303104 ----a-r- c:\windows\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"aawservice"=2 (0x2)
"STacSV"=2 (0x2)
"MSCamSvc"=2 (0x2)
"idsvc"=3 (0x3)
"wuauserv"=2 (0x2)
"EapHostEventSystem"=2 (0x2)
"BITS"=3 (0x3)
"AlerterALG"=2 (0x2)
"PEVSystemStart"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.2.2011 16:46 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31.8.2008 15:10 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.8.2008 15:10 20696]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [2.9.2005 15:43 1121536]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-92869651.sys
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-09 19:49
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Celkový čas: 2012-06-09 19:52:22
ComboFix-quarantined-files.txt 2012-06-09 17:52
.
Před spuštěním: 109 359 034 368 bytes free
Po spuštění: Volných bajtů: 109 550 247 936
.
- - End Of File - - 0E3915E5ABD4F41D2F41089E1C3A5BA5
ComboFix 12-06-09.01 - Admin 09.06.2012 19:42:09.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1013.533 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: /NoMbr
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Application Data\TMInc
c:\documents and settings\Admin\Application Data\TMInc\game.cfg
c:\documents and settings\Admin\Application Data\TMInc\user1.sav
c:\documents and settings\Admin\Puzzle pro hru Medvěd Míša Ostrovy pokladů 1.exe
c:\documents and settings\Admin\Puzzle pro hru Medvěd Míša Ostrovy pokladů 2.exe
c:\documents and settings\Admin\Puzzle pro hru Medvěd Míša Ostrovy pokladů 3.exe
c:\documents and settings\Admin\Puzzle pro hru Medvěd Míša Ostrovy pokladů 4.exe
c:\documents and settings\Admin\Puzzle pro hru Medvěd Míša Ostrovy pokladů 5.exe
c:\documents and settings\Admin\Puzzle pro hru Medvěd Míša Ostrovy pokladů 6.exe
c:\documents and settings\Admin\Puzzle pro hru Medvěd Míša Ostrovy pokladů 7.exe
c:\program files\Common Files\SecurePCCleaner
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\2427586045.dat
c:\windows\system32\acbbbea_s.dll
c:\windows\system32\MUI\0405\tourstart.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-09 do 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-09 16:51 . 2012-06-09 16:51 17113192 ----a-w- C:\firefox_setup_13.0.exe
2012-06-09 12:06 . 2012-06-09 12:06 -------- d-----w- C:\rsit
2012-06-09 11:40 . 2012-06-09 11:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-09 11:05 . 2012-06-09 11:05 2127960 ----a-w- C:\tdsskiller.exe
2012-06-09 08:32 . 2012-06-09 08:32 89088 ----a-w- C:\mbr.exe
2012-06-09 08:26 . 2012-06-09 08:26 147456 ----a-w- C:\MbrScan.exe
2012-06-08 14:05 . 2012-06-08 14:05 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 1980-01-01 00:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-04-11 13:14 . 2004-08-03 23:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 1980-01-01 00:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-18 10:39 114688 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-18 10:39 98304 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-01-18 10:39 94208 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-01-18 10:37 303104 ----a-r- c:\windows\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"aawservice"=2 (0x2)
"STacSV"=2 (0x2)
"MSCamSvc"=2 (0x2)
"idsvc"=3 (0x3)
"wuauserv"=2 (0x2)
"EapHostEventSystem"=2 (0x2)
"BITS"=3 (0x3)
"AlerterALG"=2 (0x2)
"PEVSystemStart"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.2.2011 16:46 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31.8.2008 15:10 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.8.2008 15:10 20696]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [2.9.2005 15:43 1121536]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-92869651.sys
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-09 19:49
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Celkový čas: 2012-06-09 19:52:22
ComboFix-quarantined-files.txt 2012-06-09 17:52
.
Před spuštěním: 109 359 034 368 bytes free
Po spuštění: Volných bajtů: 109 550 247 936
.
- - End Of File - - 0E3915E5ABD4F41D2F41089E1C3A5BA5
Re: Problém asi s MBR
"fce pc" jako otestovat pc jak funguje nebo co přesne to znamená?
Re: Problém asi s MBR
Firefox vypada ze funguje dobre, IE se sice jednou necekane ukoncilo, ale ten firefox predtim praktcky nefungoval vubec. Vypada to, ze i rychlost je dobra. Takže MBR už nijak neřešit?
Re: Problém asi s MBR
No hlavně to, že combofix se kousne, když jde o MBR a to samy MBR rootkit detector, na jinym pc to nedělá, tak jedině tohle s tím mám,a le pokud to je v pořádku, tak už s tím nemá nic.Naughty píše:Co s něm pořád máš?
Přispějete na provoz fóra?