VIRY.CZ

Dobrý den, před měsícem jsem dostal do pc škodlivý kód. Dostal jsem se do nouzáku, ale špatně se zobrazovala nabídka. Nebo patrné která možnost je zaškrtnutá. Oprava OS byla provedena. Ale po instalaci programu na údržbu. Brzdilo chod počítače. Otestoval jsem GK ale kousl se mi program a hlásilo chybu u ATI. Stáhl nejnovější SW, ale zapomněl jsem odinstalovat ty předešlé. Ale novější verze nevyřešil problém s GK. DX běží OK ale v zátěžovém testu se při přetížení cpu a gpu restartoval. Přepsal atioglxx.dll ale nelze spustit test pod OGL 2.0. RAM ok, CPU Ok, v jiném programu se jeví ok. Sken v rootkit ok, spybot ok, adware ok, mwav ok, spyware ok.

pokusil jsem se nainstaloval os na nový disk ale grafika stejně blbla? Nevím nejlepší bude format c,d ale nevím jestli se mi nedostal škodlivý program někam kde mi uniká. Protože novější CCC Ati pořád hlásí chybu. Program na monitor teplot padá pod vlivem ATiOglxx.dll. Prohlížeč se přestavuje podle svého. ActiveX a obrázky se vypínají v IE, Program na zvýšení otáček GK nejde zvýšit, protože program hlásí chybu kernelu. Pravděpodobně to chce přeinstalovat systém, ale přesto tam nebude nějaký problém v havěti nebo v biosu? Podobný problém je i u druhého pc, ale tam přeinstalace vyřešila vše. Ovšem MB asi dosloužívá, tak moje je novější přesto blbne. Našel jsem u rodiče v pc dva rootkity! Děkuji


Logfile of random's system information tool 1.09 (written by random/random)
Run by Hans Peter Geerdes at 2012-09-07 21:24:19
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 47 GB (31%) free of 153 GB
Total RAM: 3582 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:27:21, on 7.9.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Hans Peter Geerdes\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Hans Peter Geerdes.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wchoppers.com/index.php?nv=d ... 1329174160
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: &Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{255349B3-9540-411C-94D9-1CDEDD200EED}: NameServer = 10.0.0.138
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Google Update Service (gupdate1ca6c77910a2670) (gupdate1ca6c77910a2670) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7517 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-1647877149-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-1647877149-725345543-1003.job
C:\WINDOWS\tasks\SmartDefrag.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Hans Peter Geerdes\Data aplikací\Mozilla\Firefox\Profiles\7lrfbsbf.default

prefs.js - "browser.startup.homepage" - "http://www.arccosine.com/"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.4.2&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.271 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandasecurity.com/activescan]
"Description"=Panda ActiveScan 2.0
"Path"=C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.709]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709]
"Description"=6.0.12.709
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
linkfilter@kaspersky.ru
{58018443-644d-0bb0-9b4f-4c48d704ded6}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
npwachk.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npdjvu.dll
nppdf32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll
npwachk.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
arccosine.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Hans Peter Geerdes\Data aplikací\Mozilla\Firefox\Profiles\7lrfbsbf.default\extensions\
staged
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}
{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

C:\Documents and Settings\Hans Peter Geerdes\Data aplikací\Mozilla\Firefox\Profiles\7lrfbsbf.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin.xml
Search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-06 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-06 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-01-03 13508608]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-01-03 86016]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"avp"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2012-03-08 340520]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-12 417792]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-02-07 40960]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-10-04 28672]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-03 98304]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-07-04 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-10-20 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\PC Oscilloscope\pcscope.exe"="C:\Program Files\PC Oscilloscope\pcscope.exe:*:Enabled:PC Oscilloscope"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.FPS1"=frapsvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=ctwdm32.dll

======List of files/folders created in the last 1 month======

2012-09-07 21:24:27 ----D---- C:\Program Files\trend micro
2012-09-07 21:24:19 ----D---- C:\rsit
2012-09-07 14:58:00 ----ASH---- C:\pagefile.sys
2012-09-07 13:43:49 ----D---- C:\WINDOWS\Prefetch
2012-09-07 13:24:13 ----A---- C:\WINDOWS\pnplog.txt
2012-09-07 13:07:57 ----A---- C:\WINDOWS\system32\spxcoins.dll
2012-09-07 13:07:57 ----A---- C:\WINDOWS\system32\irclass.dll
2012-09-07 13:07:37 ----RA---- C:\WINDOWS\SET55.tmp
2012-09-07 13:07:34 ----RA---- C:\WINDOWS\SET49.tmp
2012-09-07 13:07:32 ----RA---- C:\WINDOWS\SET46.tmp
2012-09-06 20:14:29 ----A---- C:\WINDOWS\system32\drivers\AvgArCln.sys
2012-09-06 19:04:14 ----D---- C:\0a109e3b06f8f61f6c914b
2012-09-06 18:58:11 ----D---- C:\6c98aff78ab5def6d47d037bf3
2012-09-06 18:46:39 ----D---- C:\4ce403cfa0aa6609d6c34047ba
2012-09-04 21:18:19 ----A---- C:\WINDOWS\003220_.tmp
2012-09-04 19:04:34 ----A---- C:\WINDOWS\OEWABLog.txt
2012-09-04 18:55:03 ----A---- C:\WINDOWS\system32\drivers\ctlface.sys
2012-09-04 18:28:39 ----A---- C:\WINDOWS\imsins.BAK
2012-09-04 18:28:00 ----RA---- C:\WINDOWS\SET6D.tmp
2012-09-04 18:27:56 ----RA---- C:\WINDOWS\SET61.tmp
2012-09-04 18:27:53 ----RA---- C:\WINDOWS\SET5E.tmp
2012-09-04 18:26:57 ----A---- C:\WINDOWS\setuplog.txt
2012-09-04 17:56:08 ----D---- C:\Program Files\Driver Sweeper
2012-09-04 15:23:04 ----D---- C:\Documents and Settings\Hans Peter Geerdes\Data aplikací\GlarySoft
2012-09-03 20:06:09 ----D---- C:\Samsung
2012-09-03 19:05:26 ----D---- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2012-09-03 14:00:25 ----D---- C:\Program Files\ATITool
2012-09-02 21:08:45 ----D---- C:\Program Files\SpeedFan
2012-09-02 16:00:01 ----D---- C:\Documents and Settings\Hans Peter Geerdes\Data aplikací\atitray
2012-09-01 20:38:18 ----A---- C:\Program Files\ERRORLOG.TXT
2012-09-01 20:11:13 ----D---- C:\Program Files\AMD APP
2012-09-01 19:34:17 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ATI
2012-09-01 19:17:43 ----A---- C:\WINDOWS\system32\ativva6x.dat
2012-09-01 19:17:43 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2012-09-01 19:17:41 ----A---- C:\WINDOWS\system32\atioglxx.dll
2012-09-01 19:17:40 ----A---- C:\WINDOWS\system32\ativva5x.dat
2012-09-01 19:17:40 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2012-09-01 19:17:40 ----A---- C:\WINDOWS\system32\atiicdxx.dat
2012-09-01 19:15:24 ----D---- C:\Program Files\ATI
2012-09-01 19:14:19 ----D---- C:\Program Files\ATI Technologies
2012-09-01 19:09:18 ----D---- C:\AMD
2012-09-01 13:27:33 ----A---- C:\WINDOWS\system32\Nucleus.dll
2012-09-01 13:27:33 ----A---- C:\WINDOWS\system32\dxgi.dll
2012-09-01 13:27:33 ----A---- C:\WINDOWS\system32\d3dx10d_33.dll
2012-09-01 13:23:19 ----D---- C:\WINDOWS\system32\zálohadx
2012-09-01 13:22:47 ----A---- C:\WINDOWS\system32\d3dx10.dll
2012-09-01 13:22:47 ----A---- C:\WINDOWS\system32\d3d10.dll
2012-08-31 22:16:47 ----A---- C:\WINDOWS\dxsdkuninst.exe
2012-08-31 15:02:19 ----D---- C:\Documents and Settings\Hans Peter Geerdes\Data aplikací\FreeStone Group
2012-08-12 15:34:47 ----A---- C:\WINDOWS\system32\lsdelete.exe
2012-08-12 14:25:01 ----A---- C:\WINDOWS\system32\drivers\Lbd.sys
2012-08-12 09:58:15 ----AD---- C:\WINDOWS\rundll16.exe
2012-08-12 09:58:15 ----AD---- C:\WINDOWS\logo1_.exe
2012-08-09 19:16:14 ----RA---- C:\WINDOWS\system32\tmp1FA.tmp
2012-08-09 19:16:14 ----RA---- C:\WINDOWS\system32\tmp1F9.tmp

======List of files/folders modified in the last 1 month======

2012-09-07 21:24:27 ----RD---- C:\Program Files
2012-09-07 21:09:55 ----D---- C:\WINDOWS\Temp
2012-09-07 17:05:30 ----A---- C:\WINDOWS\WINCMD.INI
2012-09-07 15:19:18 ----D---- C:\WINDOWS\system32\CatRoot2
2012-09-07 15:03:56 ----D---- C:\WINDOWS\system32\Setup
2012-09-07 15:03:47 ----D---- C:\WINDOWS\system32\usmt
2012-09-07 15:03:37 ----D---- C:\WINDOWS\AppPatch
2012-09-07 15:03:36 ----D---- C:\WINDOWS\ehome
2012-09-07 15:03:35 ----D---- C:\WINDOWS\ime
2012-09-07 15:03:34 ----RSD---- C:\WINDOWS\Fonts
2012-09-07 15:03:33 ----D---- C:\WINDOWS\Media
2012-09-07 15:03:20 ----D---- C:\WINDOWS\PeerNet
2012-09-07 15:03:04 ----D---- C:\WINDOWS\system32\npp
2012-09-07 15:02:57 ----D---- C:\WINDOWS\msagent
2012-09-07 15:00:51 ----D---- C:\WINDOWS\system32\1029
2012-09-07 15:00:42 ----D---- C:\WINDOWS\twain_32
2012-09-07 15:00:27 ----D---- C:\WINDOWS\system32\icsxml
2012-09-07 14:59:49 ----D---- C:\WINDOWS\system32\1033
2012-09-07 14:58:00 ----D---- C:\WINDOWS\Driver Cache
2012-09-07 14:32:30 ----SHD---- C:\WINDOWS\Installer
2012-09-07 13:55:12 ----D---- C:\WINDOWS
2012-09-07 13:54:58 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Kaspersky Lab
2012-09-07 13:51:08 ----D---- C:\WINDOWS\security
2012-09-07 13:51:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-09-07 13:47:51 ----D---- C:\WINDOWS\Registration
2012-09-07 13:47:46 ----D---- C:\WINDOWS\system32
2012-09-07 13:47:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-09-07 13:47:04 ----HD---- C:\WINDOWS\inf
2012-09-07 13:45:13 ----SHD---- C:\System Volume Information
2012-09-07 13:45:13 ----D---- C:\WINDOWS\system32\Restore
2012-09-07 13:42:54 ----D---- C:\WINDOWS\system32\inetsrv
2012-09-07 13:42:54 ----D---- C:\WINDOWS\system32\drivers
2012-09-07 13:42:54 ----D---- C:\WINDOWS\system32\config
2012-09-07 13:39:57 ----D---- C:\WINDOWS\repair
2012-09-07 13:38:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-09-07 13:34:48 ----D---- C:\Program Files\Windows Media Player
2012-09-07 13:34:45 ----D---- C:\WINDOWS\Help
2012-09-07 13:33:55 ----A---- C:\WINDOWS\ODBCINST.INI
2012-09-07 13:33:40 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2012-09-07 13:33:36 ----D---- C:\WINDOWS\system32\ias
2012-09-07 13:33:04 ----RD---- C:\WINDOWS\Web
2012-09-07 13:32:53 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2012-09-07 13:32:40 ----A---- C:\WINDOWS\win.ini
2012-09-07 13:32:34 ----D---- C:\WINDOWS\system32\oobe
2012-09-07 13:32:33 ----D---- C:\WINDOWS\srchasst
2012-09-07 13:32:25 ----D---- C:\Program Files\Movie Maker
2012-09-07 13:32:14 ----D---- C:\Program Files\NetMeeting
2012-09-07 13:32:11 ----D---- C:\Program Files\Outlook Express
2012-09-07 13:32:10 ----D---- C:\Program Files\Common Files\System
2012-09-07 13:31:57 ----D---- C:\Program Files\Internet Explorer
2012-09-07 13:30:52 ----D---- C:\WINDOWS\system32\Com
2012-09-07 13:30:21 ----D---- C:\WINDOWS\system32\wbem
2012-09-07 13:30:18 ----D---- C:\Program Files\Windows NT
2012-09-07 13:28:33 ----SH---- C:\boot.ini
2012-09-07 13:09:09 ----D---- C:\WINDOWS\system32\CatRoot
2012-09-07 13:08:09 ----A---- C:\WINDOWS\system.ini
2012-09-07 13:07:57 ----D---- C:\WINDOWS\system
2012-09-07 13:07:47 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\desktop.ini
2012-09-06 21:53:27 ----D---- C:\Program Files\Mozilla Firefox
2012-09-04 21:51:45 ----A---- C:\Program Files\GPU-Z Sensor Log.txt
2012-09-04 21:18:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-09-04 20:08:56 ----D---- C:\Program Files\HijackThis
2012-09-04 19:04:27 ----D---- C:\WINDOWS\Debug
2012-09-04 16:16:25 ----AD---- C:\Program Files\Guru3D.com
2012-09-03 14:53:28 ----D---- C:\WINDOWS\system32\drivers\etc
2012-09-03 14:14:31 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2012-09-01 20:53:55 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-09-01 20:23:11 ----D---- C:\Program Files\Common Files\InstallShield
2012-09-01 20:20:56 ----D---- C:\WINDOWS\system32\DirectX
2012-08-31 22:24:03 ----D---- C:\WINDOWS\WinSxS
2012-08-31 22:19:48 ----RSD---- C:\WINDOWS\assembly
2012-08-30 22:12:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\BOINC
2012-08-27 22:51:35 ----HD---- C:\WINDOWS\system32\GroupPolicy
2012-08-27 22:15:41 ----D---- C:\Program Files\Common Files\Adobe AIR
2012-08-27 22:05:43 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-08-27 21:52:39 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Adobe
2012-08-27 21:52:31 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-08-23 10:54:05 ----SD---- C:\WINDOWS\Tasks
2012-08-22 12:19:32 ----D---- C:\Documents and Settings\Hans Peter Geerdes\Data aplikací\vlc
2012-08-19 21:21:44 ----D---- C:\Program Files\3DSimED_v.1.14b+Trk_Maker_v.1.07
2012-08-19 21:21:44 ----A---- C:\WINDOWS\3DSIMED.INI
2012-08-18 15:27:51 ----D---- C:\Documents and Settings\Hans Peter Geerdes\Data aplikací\ICQ
2012-08-18 15:27:45 ----D---- C:\Documents and Settings\Hans Peter Geerdes\Data aplikací\Skype
2012-08-13 21:04:57 ----D---- C:\WINDOWS\pss
2012-08-12 18:20:00 ----D---- C:\WINDOWS\SxsCaPendDel
2012-08-12 14:21:28 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Lavasoft
2012-08-09 19:16:14 ----D---- C:\Program Files\OpenAL
2012-08-09 19:16:14 ----A---- C:\WINDOWS\system32\OpenAL32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
R0 AVG Anti-Rootkit;AVG Anti-Rootkit; C:\WINDOWS\System32\DRIVERS\avgarkt.sys [2007-01-31 5632]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 klbg;Kaspersky Lab Boot Guard Driver; C:\WINDOWS\system32\drivers\klbg.sys [2009-10-14 36880]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2011-10-28 64512]
R0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2009-06-30 28552]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2011-03-18 25240]
R0 Vax347b;Vax347b; C:\WINDOWS\system32\DRIVERS\Vax347b.sys [2005-04-25 159616]
R0 Vax347s;Vax347s; C:\WINDOWS\System32\Drivers\Vax347s.sys [2004-04-30 5248]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-11-11 315408]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 cpuz134;cpuz134; \??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-07-04 7874560]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-10-28 130048]
R3 emu10k;Creative SB Live! Value (WDM); C:\WINDOWS\system32\drivers\emu10k1f.sys [2001-08-14 775296]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlface.sys [1999-09-01 9612]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfman.sys [2001-08-31 36992]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-03-22 114944]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-03-22 835636]
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-03-22 11068]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-03-22 211724]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-03-22 156604]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-03-22 991656]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-10-25 8576]
S3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-03-22 195432]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-07-04 643072]
R2 avp;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2012-03-08 340520]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 250568]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdate1ca6c77910a2670;Google Update Service (gupdate1ca6c77910a2670); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-06 153376]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
S3 NetSvc;Intel NCS NetService; c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-10-30 143360]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 Apache2.2;Apache2.2; C:\Program Files\xampp\apache\bin\httpd.exe [2009-12-20 29416]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; E:\Lavasoft\Ad-Aware\AAWService.exe [2012-08-12 2152720]
S4 MySQL;MySQL; C:\Program Files\xampp\mysql\bin\mysqld.exe [2009-12-20 6095504]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-01-03 155716]

-----------------EOF-----------------

Zdravím!
Poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ComboFix 12-09-06.01 - Administrator 08.09.2012 14:50:12.1.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3582.3183 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Kaspersky Internet Security *Enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Hans Peter Geerdes\binXml.exe
c:\documents and settings\Hans Peter Geerdes\WINDOWS
c:\program files\AutocompletePro
c:\program files\AutocompletePro\64\AutocompletePro64.dll
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
C:\Strana 28_7.zip
c:\windows\$NT0234Uninstall$
c:\windows\COM+.log
c:\windows\msmqinst.log
c:\windows\regopt.log
c:\windows\system32\16A9FAB276.dll
c:\windows\system32\GhKW8aHRRo.exe.mwt
c:\windows\system32\tmp1F9.tmp
c:\windows\system32\tmp1FA.tmp
c:\windows\system32\tmp274.tmp
c:\windows\system32\tmp275.tmp
D:\autorun.inf
E:\Autorun.inf
E:\Setup.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-08 do 2012-09-08 )))))))))))))))))))))))))))))))
.
.
2012-09-07 19:24 . 2012-09-07 19:27 -------- d-----w- c:\program files\trend micro
2012-09-07 19:24 . 2012-09-07 19:27 -------- d-----w- C:\rsit
2012-09-07 11:37 . 2001-10-24 10:25 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2012-09-07 11:37 . 2001-10-24 10:25 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2012-09-07 11:37 . 2001-10-24 10:25 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2012-09-07 11:37 . 2001-10-24 10:25 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2012-09-07 11:37 . 2001-10-24 10:25 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2012-09-07 11:37 . 2001-10-24 10:24 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2012-09-07 11:35 . 2004-08-17 13:49 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
2012-09-07 11:34 . 2004-08-17 13:49 46592 -c--a-w- c:\windows\system32\dllcache\coadmin.dll
2012-09-07 11:34 . 2003-03-24 13:52 188480 -c--a-w- c:\windows\system32\dllcache\cfgwiz.exe
2012-09-07 11:34 . 2003-03-24 13:52 16439 -c--a-w- c:\windows\system32\dllcache\author.exe
2012-09-07 11:34 . 2004-08-17 13:49 43520 -c--a-w- c:\windows\system32\dllcache\admwprox.dll
2012-09-07 11:34 . 2004-08-17 13:49 290816 -c--a-w- c:\windows\system32\dllcache\adsiis51.dll
2012-09-07 11:34 . 2003-03-24 13:52 20540 -c--a-w- c:\windows\system32\dllcache\author.dll
2012-09-07 11:34 . 2003-03-24 13:52 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
2012-09-07 11:34 . 2003-03-24 13:52 16439 -c--a-w- c:\windows\system32\dllcache\admin.exe
2012-09-07 11:32 . 2001-10-25 14:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-09-07 11:32 . 2001-10-25 14:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-09-07 11:07 . 2001-10-25 14:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-09-07 11:07 . 2001-10-25 14:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-09-07 11:07 . 2001-10-25 14:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-09-07 11:07 . 2004-08-17 14:46 14043 ----a-r- c:\windows\SET55.tmp
2012-09-07 11:07 . 2004-08-17 14:46 1086058 ----a-r- c:\windows\SET49.tmp
2012-09-07 11:07 . 2004-08-17 14:50 1014483 ----a-r- c:\windows\SET46.tmp
2012-09-06 18:14 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2012-09-06 17:04 . 2012-09-06 17:04 -------- d-----w- C:\0a109e3b06f8f61f6c914b
2012-09-06 16:58 . 2012-09-06 17:09 -------- d-----w- C:\6c98aff78ab5def6d47d037bf3
2012-09-06 16:46 . 2012-09-06 16:47 -------- d-----w- C:\4ce403cfa0aa6609d6c34047ba
2012-09-04 19:18 . 2006-12-28 22:31 19569 ----a-w- c:\windows\003220_.tmp
2012-09-04 16:55 . 1999-09-01 13:45 9612 ----a-w- c:\windows\system32\drivers\ctlface.sys
2012-09-04 16:28 . 2004-08-17 14:46 14043 ----a-r- c:\windows\SET6D.tmp
2012-09-04 16:27 . 2004-08-17 14:46 1086058 ----a-r- c:\windows\SET61.tmp
2012-09-04 16:27 . 2004-08-17 14:50 1014483 ----a-r- c:\windows\SET5E.tmp
2012-09-04 15:56 . 2012-09-04 15:58 -------- d-----w- c:\program files\Driver Sweeper
2012-09-03 18:06 . 2012-09-03 18:06 -------- d-----w- C:\Samsung
2012-09-03 17:05 . 2012-09-03 17:05 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2012-09-02 19:08 . 2012-09-07 22:00 -------- d-----w- c:\program files\SpeedFan
2012-09-01 18:11 . 2012-09-01 18:11 -------- d-----w- c:\program files\AMD APP
2012-09-01 17:34 . 2012-09-01 17:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\ATI
2012-09-01 17:17 . 2012-07-04 04:38 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-09-01 17:17 . 2012-07-04 04:35 19603456 ----a-w- c:\windows\system32\atioglxx.dll
2012-09-01 17:17 . 2012-07-04 04:36 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2012-09-01 17:15 . 2012-09-01 17:15 -------- d-----w- c:\program files\ATI
2012-09-01 17:14 . 2012-09-01 18:03 -------- d-----w- c:\program files\ATI Technologies
2012-09-01 17:09 . 2012-09-01 17:09 -------- d-----w- C:\AMD
2012-09-01 11:27 . 2012-08-31 20:28 519912 ----a-w- c:\windows\system32\d3dx10d_33.dll
2012-09-01 11:27 . 2008-02-21 22:10 25037 ----a-w- c:\windows\system32\Nucleus.dll
2012-09-01 11:27 . 2008-02-21 21:18 494557 ----a-w- c:\windows\system32\dxgi.dll
2012-09-01 11:23 . 2012-09-01 13:09 -------- d-----w- c:\windows\system32\zálohadx
2012-09-01 11:22 . 2008-02-21 21:18 566624 ----a-w- c:\windows\system32\d3d10.dll
2012-09-01 11:22 . 2008-02-21 21:18 519912 ----a-w- c:\windows\system32\d3dx10.dll
2012-08-31 20:16 . 2012-08-31 20:16 111960 ----a-w- c:\windows\dxsdkuninst.exe
2012-08-12 13:50 . 2012-08-12 13:50 143872 ----a-w- c:\program files\Common Files\System\Mapi\1029\NT\CNFNOT32.EXE
2012-08-12 13:34 . 2012-08-12 13:11 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-08-12 12:25 . 2011-10-28 17:35 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-08-12 07:58 . 2012-08-12 07:58 -------- d---a-w- c:\windows\rundll16.exe
2012-08-12 07:58 . 2012-08-12 07:58 -------- d---a-w- c:\windows\logo1_.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-27 19:52 . 2012-04-04 11:34 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-27 19:52 . 2011-05-20 08:58 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-11 19:38 . 2012-08-11 19:38 7312422 ----a-w- c:\windows\REGBK14.ZIP
2012-08-09 17:16 . 2012-08-07 09:33 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2012-08-05 16:28 . 2009-08-18 09:30 564632 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2012-08-05 16:28 . 2009-08-18 09:24 19720 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-21 07:11 . 2012-07-21 07:11 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-07-04 06:54 . 2012-07-26 19:43 7874560 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2012-07-04 04:37 . 2006-11-22 03:25 306176 ----a-w- c:\windows\system32\ati2dvag.dll
2012-07-04 04:32 . 2006-11-22 03:12 5335616 ----a-w- c:\windows\system32\ati3duag.dll
2012-07-04 04:22 . 2012-07-26 19:43 938368 ----a-w- c:\windows\system32\ativvamv.dll
2012-07-04 04:12 . 2012-07-26 19:43 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2012-07-04 04:12 . 2012-07-26 19:43 163840 ----a-w- c:\windows\system32\Oemdspif.dll
2012-07-04 04:12 . 2012-07-26 19:43 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2012-07-04 04:12 . 2012-07-26 19:43 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-07-04 04:12 . 2012-07-26 19:43 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2012-07-04 04:10 . 2012-07-26 19:43 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2012-07-04 04:09 . 2012-07-26 19:43 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2012-07-04 04:08 . 2006-11-22 03:08 3586816 ----a-w- c:\windows\system32\ativvaxx.dll
2012-07-04 04:05 . 2012-07-26 19:43 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-04 04:01 . 2012-07-26 19:43 835584 ----a-w- c:\windows\system32\atikvmag.dll
2012-07-04 03:56 . 2012-07-26 19:43 634880 ----a-w- c:\windows\system32\atiok3x2.dll
2012-07-04 03:56 . 2012-07-26 19:43 233472 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-04 03:56 . 2012-07-26 19:43 17408 ----a-w- c:\windows\system32\atitvo32.dll
2012-07-04 03:50 . 2006-11-22 02:51 909312 ----a-w- c:\windows\system32\ati2cqag.dll
2012-07-04 03:48 . 2012-07-26 19:43 65024 ----a-w- c:\windows\system32\atimpc32.dll
2012-07-04 03:48 . 2012-07-26 19:43 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2012-07-04 03:47 . 2012-07-26 19:43 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-12-21 20:36 . 2003-08-06 10:24 130048 ----a-w- c:\program files\DDScv.exe
2011-12-21 20:36 . 2002-01-05 04:37 344064 ----a-w- c:\program files\msvcr70.dll
2011-12-21 20:36 . 2002-07-19 15:06 27648 ----a-w- c:\program files\ilu.dll
2011-12-21 20:36 . 2002-07-19 15:05 269312 ----a-w- c:\program files\devil.dll
2011-01-18 17:02 . 2011-01-18 17:21 904544 ----a-w- c:\program files\GPU-Z.0.4.9.exe
2009-03-08 14:38 . 2009-05-10 10:47 373760 ----a-w- c:\program files\rF_AIW_CAM_362.exe
2006-07-27 00:30 . 2009-05-10 10:47 24576 ----a-w- c:\program files\MTS_UNLOCKAR.exe
2004-05-08 23:28 . 2009-05-10 10:47 1870336 ----a-w- c:\program files\F1AIW-program-40.exe
2002-10-27 19:25 . 2009-05-10 10:47 1559040 ----a-w- c:\program files\xb.dll
2012-02-20 16:34 . 2011-06-24 10:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2006-07-05 60416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-03 13508608]
"nwiz"="nwiz.exe" [2008-01-03 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-03 86016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-12 417792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 40960]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-10-03 28672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2012-03-08 340520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PC Oscilloscope\\pcscope.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.1.2008 17:29 36880]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12.8.2012 14:25 64512]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [8.11.2009 15:22 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [8.11.2009 15:22 5248]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [16.4.2011 18:07 28552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26.5.2009 10:05 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26.5.2009 10:05 72944]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [18.1.2011 21:03 20328]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4.4.2012 13:34 250568]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [30.10.2009 19:56 96256]
S3 gupdate1ca6c77910a2670;Google Update Service (gupdate1ca6c77910a2670);c:\program files\Google\Update\GoogleUpdate.exe [10.5.2009 23:07 133104]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10.5.2009 23:07 133104]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.3.2008 18:02 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.5.2009 18:46 32272]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.10.2009 19:39 19472]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26.5.2009 10:05 7408]
S4 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\httpd.exe [2.7.2010 19:53 29416]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\lavasoft\Ad-Aware\AAWService.exe [28.10.2011 19:35 2152720]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-28 17:35]
.
2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:52]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 18:02]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 18:02]
.
2012-09-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-1647877149-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
2012-09-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-1647877149-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
2012-09-02 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-02-04 14:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.wchoppers.com/index.php?nv=d4d1a3b1 ... 1329174160
TCP: Interfaces\{255349B3-9540-411C-94D9-1CDEDD200EED}: NameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Hans Peter Geerdes\Data aplikací\Mozilla\Firefox\Profiles\7lrfbsbf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.arccosine.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.2&q=
pref('extensions.autoDisableScopes',0);
pref('extensions.shownSelectionUI',true);
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-08 15:10
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\devldr32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\logon.scr
.
**************************************************************************
.
Celkový čas: 2012-09-08 15:55:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-08 13:53
.
Před spuštěním: Volných bajtů: 48 825 036 800
Po spuštění: Volných bajtů: 48 875 069 440
.
- - End Of File - - B78383E43900063C5BD299A5FE95EE80

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\SET55.tmp
c:\windows\SET49.tmp
c:\windows\SET46.tmp
c:\windows\003220_.tmp
c:\windows\SET6D.tmp
c:\windows\SET5E.tmp
c:\windows\SET61.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Firefox::
FF - ProfilePath - c:\documents and settings\Hans Peter Geerdes\Data aplikací\Mozilla\Firefox\Profiles\7lrfbsbf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.arccosine.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.4.2&q=
pref('extensions.autoDisableScopes',0);
pref('extensions.shownSelectionUI',true);
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

A myslíš jsi, že preventivně je CF lepší než-li smitfrau SDfxit nebo roguefix? Stejně to není optimální.

Toto nebyla prevence, ale odstranění šmejdů. Vámi navrhované utility patří pouze do rukou odborníků (některé, třeba SmitfraudFix, jsou již zastaralé). Pro laiky je především aktuální antivirus, případně různé skenery (AVPTool, apod).

Tak pořád jsou ve win set5.tmp. Nevím aby to nebyla součást boinicu který používám. Obrazovka pořád blbne.

[img]

http://imageshack.us/photo/my-images/542/pict03461.jpg/
[/img]

Tohle vám dělá i v plném chodu Windows?

Docela to otravuje když nevím co je zvýrazněno. Ale nevím jak mám odstranit ten zbytek. Nouzový režimu to blbne. Jinak v normálním maximálně splyne ten druhý Os s kurzorem.

Jinak jiný problém je s tím druhým. Není možné pomocí Combofixu opravit pc, protože nelze se příhlásit se stavu nouze s práci s síti. A při skenování vyjela BSOD machine check exception. Jinak nakažené soubory vidím jsou ve windows/system. Podobný problém jako u toho mého pc. Navíc jsou nakažené registry jistým xp corrupt files antispyware

Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

Tak nene možné provést. Pád vždy do BSOD. Nic jiného to nedělá než skenování. Vše pstaní s výjimkou IE. Prscuje dobře a grafikou. Bude něco v boot. Protože na jiném desku spuštěném OS to nechrastí. Na disku C když otevře otec soubory zmízí a potom se oběví. Udělá to zvuk v pc. A potom se soubory objeví. Není možné kompletně nechad dojet skan. Kaspersky nechce otestovat disk kompletně. Antivirus jede 3 min a konec. Kompletní skan nemůže tak krátkou dobu běžet. Utilita KAV jde skoro do konce ale potom modrá smrt. Do nouzového režimu se kombofixu neche, není schopný stáhnout aktualizace. Nenačte se ovladač na sítovou kartu. V nouzovém režimu zase BSOD. Napadá mě nějaký program na rootkita od symantec nebo online scaner.


Jsem na místním disku D! Vir je na C. Přikládám co jsem stihl projet. Zároveň se dostal na i druhý disk tj D!

AV Rootkit : C :win/sys32 aceb99ae.sys !!!

V registrech mwav hlásí malware a je to pod ATI. CCC

2012-09-09 12:05:14 . 2012-09-09 12:05:14 1,656 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-2kv4.8.442.reg.dat
2012-09-09 12:04:39 . 2012-09-09 12:04:39 276 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-AtiExtEvent.reg.dat
2009-11-14 17:41:39 . 2004-08-17 13:49:28 137,216 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\taskmgr.com.vir
2009-11-04 13:39:51 . 2004-08-17 13:49:28 147,968 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\regedit.com.vir
2009-11-03 18:53:13 . 2009-11-03 18:53:13 670 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-HijackThis.reg.dat
2009-11-03 10:29:02 . 2009-11-03 10:29:02 19,286 ----a-w- C:\Qoobox\Quarantine\C\cleanup.exe.vir
2009-11-03 10:29:02 . 2009-11-03 10:29:02 135,168 ----a-w- C:\Qoobox\Quarantine\C\zip.exe.vir
2009-07-05 11:20:39 . 2008-10-09 15:52:13 4,744,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files\daemon4301-lite.exe.vir
2009-06-03 17:48:34 . 2009-06-03 17:48:34 562 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-procexp90.Sys.reg.dat
2009-06-03 17:40:24 . 2012-09-09 11:46:23 7,160 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-06-03 17:33:55 . 2012-09-09 11:37:45 337 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-06-03 06:41:53 . 2009-06-03 07:54:03 32 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\2352562428.dat.vir
2009-05-22 09:51:05 . 2009-05-22 09:51:05 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir
2009-05-22 09:51:05 . 2003-02-21 02:42:22 348,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir
2009-05-22 09:51:05 . 2003-02-20 17:09:18 77,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir
2009-05-22 09:51:05 . 2003-02-20 17:08:32 2,482,176 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir
2009-05-22 09:51:05 . 2003-02-20 17:06:20 282,624 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir
2009-05-22 09:51:05 . 2003-02-20 17:06:24 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir
2004-08-17 13:45:58 . 2004-08-17 13:45:58 46,266 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ieuinit.inf.vir
2003-02-21 03:16:08 . 2003-02-21 03:16:08 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\regtlib.exe.vir


omboFix 12-09-05.02 - Administrator 09.09.2012 13:38:56.4.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1751 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\daemon4301-lite.exe
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
C:\zip.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-09 do 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 08:43 . 2012-09-09 08:43 -------- d---a-w- c:\windows\rundll16.exe
2012-09-09 08:43 . 2012-09-09 08:43 -------- d---a-w- c:\windows\logo1_.exe
2012-09-06 11:54 . 2012-09-06 11:54 -------- d-----w- C:\RTLwdm_A373a
2012-09-06 10:09 . 2012-09-06 10:09 -------- d-----w- c:\program files\MultiRes
2012-09-06 10:08 . 2012-09-06 10:08 472576 ----a-w- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2012-09-06 10:08 . 2012-09-06 10:08 -------- d-----w- c:\program files\Radeon Omega Drivers
2012-09-05 15:26 . 2012-09-05 15:36 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-09-05 15:25 . 2012-09-05 15:54 -------- d-----w- c:\program files\ATI Technologies
2012-09-05 14:47 . 2012-09-05 13:23 18849057 ----a-w- C:\ati_omega_xp2k_48442.exe
2012-09-05 14:47 . 2012-09-05 13:57 16016472 ----a-w- C:\xp32_8.451.4_57941.exe
2012-09-05 14:47 . 2012-09-05 13:35 1943040 ----a-w- C:\DriverTool.exe
2012-09-05 14:06 . 2012-09-05 14:43 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\ATI
2012-09-05 14:06 . 2012-09-05 14:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2012-09-05 14:06 . 2012-09-05 14:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\ATI
2012-09-05 13:00 . 2012-09-05 13:00 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\TuneUp Software
2012-09-05 12:58 . 2012-09-05 12:59 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Registry Cleaner
2012-09-05 12:55 . 2012-09-05 12:55 -------- d-----w- c:\program files\Driver Sweeper
2012-09-05 12:32 . 2012-09-05 12:32 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\GlarySoft
2012-09-05 11:33 . 2012-09-05 11:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\GHISLER
2012-09-05 11:32 . 2010-02-11 04:45 325120 ----a-w- C:\ati2dvag.dll
2012-09-04 13:47 . 2012-09-04 13:47 -------- d-----w- c:\program files\Glary Registry Repair
2012-09-04 12:28 . 2012-09-04 13:49 -------- d-----w- c:\documents and settings\Pavel Sovák\Data aplikací\GlarySoft
2012-09-04 12:23 . 2012-09-04 13:46 -------- d-----w- c:\program files\Glarysoft
2012-09-01 09:49 . 2012-09-01 09:49 -------- d-----w- c:\documents and settings\Pavel Sovák\Data aplikací\FreeStone Group
2012-09-01 09:49 . 2012-09-01 09:49 -------- d-----w- C:\Video Card Stability Test
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-05 16:11 . 2009-11-01 16:57 118784 ----a-w- c:\windows\DUMP8627.tmp
2012-09-05 12:27 . 2009-11-01 16:57 126976 ----a-w- c:\windows\DUMP85d9.tmp
2012-09-05 11:16 . 2009-11-01 16:57 110592 ----a-w- c:\windows\DUMP6810.tmp
2012-09-05 11:11 . 2009-11-01 16:57 110592 ----a-w- c:\windows\DUMP66d8.tmp
2012-07-18 09:29 . 2012-07-18 09:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-18 09:29 . 2011-06-28 16:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-19 18:52 . 2011-11-19 18:51 939360 ----a-w- c:\program files\GPU-Z.0.5.3.exe
2009-11-04 15:11 . 2009-11-04 15:10 642632 ----a-w- c:\program files\hdtune_255.exe
2009-11-04 15:10 . 2009-11-04 15:10 1358662 ----a-w- c:\program files\hdtunepro_350_trial.exe
2009-11-04 15:08 . 2009-11-04 15:08 4590184 ----a-w- c:\program files\DiscWizardSetup.cs.exe
2009-11-03 18:17 . 2009-11-03 18:17 2572176 ----a-w- c:\program files\CrossloopSetup.exe
2009-11-03 18:15 . 2009-11-03 18:15 2363360 ----a-w- c:\program files\SysInspector.exe
2009-11-03 18:15 . 2009-11-03 18:15 1002814 ----a-w- c:\program files\upmsfx.exe
2009-07-20 15:18 . 2009-07-20 15:17 714136 ----a-w- c:\program files\jre-6u14-windows-i586-iftw.exe
2009-05-16 12:17 . 2009-05-20 19:13 718912 ----a-w- c:\program files\whocrashedSetup.exe
2008-08-30 20:58 . 2009-05-20 19:13 14968808 ----a-w- c:\program files\spybotsd160.exe
2008-02-23 00:09 . 2009-05-20 19:13 4002464 ----a-w- c:\program files\WebSecurityGuardSetup.exe
2008-02-09 13:04 . 2009-05-20 19:13 4830808 ----a-w- c:\program files\hslab-sys-monitor-lite.exe
2008-02-09 12:43 . 2009-05-20 19:13 1564439 ----a-w- c:\program files\SensorsViewPro31Setup.exe
2008-01-14 19:58 . 2009-05-20 19:13 1759261 ----a-w- c:\program files\putty-0.60-installer.exe
2007-06-21 05:54 . 2009-11-07 16:37 309858 ----a-w- c:\program files\xBBrowser.exe
2007-05-19 11:51 . 2009-05-20 19:13 1308216 ----a-w- c:\program files\HiJackThis_v2.exe
2007-05-19 11:09 . 2009-05-20 19:13 2855080 ----a-w- c:\program files\aawsepersonal.exe
2007-05-19 10:44 . 2009-05-20 19:13 14891096 ----a-w- c:\program files\setupcze.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2001-10-25 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
.
c:\windows\System32\drivers\beep.sys ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gStart"="c:\mapsource\gStart.exe" [2008-08-13 1891416]
"ANT Agent"="c:\garmin\ANT Agent\ANT Agent.exe" [2008-09-02 8203352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 77824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2012-05-05 340520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2009-5-20 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PC Oscilloscope\\pcscope.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.1.2008 17:29 36880]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.11.2010 13:55 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [14.5.2009 14:22 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [14.5.2009 14:22 72944]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.3.2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.5.2009 17:46 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.10.2009 18:39 19472]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c9daca63d984;Služba Google Update (gupdate1c9daca63d984);c:\program files\Google\Update\GoogleUpdate.exe [22.5.2009 12:42 133104]
S3 AtiDCM;AtiDCM;\??\c:\documents and settings\Administrator\Local Settings\temp\atidcmxx.sys --> c:\documents and settings\Administrator\Local Settings\temp\atidcmxx.sys [?]
S3 f391B;f391B;\??\c:\docume~1\PAVELS~1\LOCALS~1\Temp\f391B.sys --> c:\docume~1\PAVELS~1\LOCALS~1\Temp\f391B.sys [?]
S3 GIYJHAQGIRALIJ;GIYJHAQGIRALIJ;c:\docume~1\ADMINI~1\LOCALS~1\Temp\GIYJHAQGIRALIJ.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\GIYJHAQGIRALIJ.exe [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22.5.2009 12:42 133104]
S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [27.12.2009 20:33 135680]
S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [27.12.2009 20:33 8320]
S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [27.12.2009 20:33 12288]
S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [27.12.2009 20:33 12288]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [14.5.2009 14:22 7408]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56b6ff35-6832-11e1-be96-000129d2fb42}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://connect.garmin.com/transfer/upload
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 15:48]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 10:42]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 10:42]
.
2012-09-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1644491937-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2012-09-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1644491937-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2012-09-08 c:\windows\Tasks\User_Feed_Synchronization-{99D30C80-E376-455F-819C-08D9D1364624}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Přidat do Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
TCP: DhcpNameServer = 10.0.0.138
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Notify-AtiExtEvent - (no file)
AddRemove-2kv4.8.442 - c:\windows\Radeon Omega Drivers v4.8.442
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-09 13:59
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2992)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Celkový čas: 2012-09-09 14:10:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-09 12:10
ComboFix2.txt 2009-11-03 18:53
ComboFix3.txt 2009-07-06 08:02
ComboFix4.txt 2009-06-03 17:49
.
Před spuštěním: Volných bajtů: 24 250 454 016
Po spuštění: Volných bajtů: 26 069 872 640
.
- - End Of File - - 255CADA3CB80AB1D464762F9BB210AED



Gathering system information: completed 1 day ago (events: 282, time: 00:02:31)
10.9.2012 11:41:10 dop. Task started Gathering system information
10.9.2012 11:41:11 dop. Main script of analysis
10.9.2012 11:41:11 dop. Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2"
10.9.2012 11:41:11 dop. System Restore: enabled
10.9.2012 11:41:13 dop. 1.1 Searching for user-mode API hooks
10.9.2012 11:41:13 dop. Analysis: kernel32.dll, export table found in section .text
10.9.2012 11:41:13 dop. IAT modification detected: CreateProcessA - 00CD0010<>7C802367
10.9.2012 11:41:13 dop. IAT modification detected: GetModuleFileNameA - 00CD0080<>7C80B357
10.9.2012 11:41:13 dop. IAT modification detected: FreeLibrary - 00CD00F0<>7C80AA66
10.9.2012 11:41:13 dop. IAT modification detected: GetModuleFileNameW - 00CD0160<>7C80B25D
10.9.2012 11:41:13 dop. IAT modification detected: CreateProcessW - 00CD01D0<>7C802332
10.9.2012 11:41:13 dop. IAT modification detected: LoadLibraryW - 00CD02B0<>7C80ACD3
10.9.2012 11:41:13 dop. IAT modification detected: LoadLibraryA - 00CD0320<>7C801D77
10.9.2012 11:41:13 dop. IAT modification detected: GetProcAddress - 00CD0390<>7C80AC28
10.9.2012 11:41:13 dop. Analysis: ntdll.dll, export table found in section .text
10.9.2012 11:41:13 dop. Analysis: user32.dll, export table found in section .text
10.9.2012 11:41:13 dop. Analysis: advapi32.dll, export table found in section .text
10.9.2012 11:41:13 dop. Analysis: ws2_32.dll, export table found in section .text
10.9.2012 11:41:13 dop. Analysis: wininet.dll, export table found in section .text
10.9.2012 11:41:13 dop. Analysis: rasapi32.dll, export table found in section .text
10.9.2012 11:41:13 dop. Analysis: urlmon.dll, export table found in section .text
10.9.2012 11:41:13 dop. Analysis: netapi32.dll, export table found in section .text
10.9.2012 11:41:14 dop. 1.2 Searching for kernel-mode API hooks
10.9.2012 11:41:15 dop. Driver loaded successfully
10.9.2012 11:41:15 dop. SDT found (RVA=07B180)
10.9.2012 11:41:15 dop. Kernel ntkrnlpa.exe found in memory at address 804D7000
10.9.2012 11:41:15 dop. SDT = 80552180
10.9.2012 11:41:15 dop. KiST = 80501030 (284)
10.9.2012 11:41:15 dop. Function NtAdjustPrivilegesToken (0B) intercepted (805E0660->AB117690), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:15 dop. >>> Function restored successfully !
10.9.2012 11:41:15 dop. >>> Hook code blocked
10.9.2012 11:41:15 dop. Function NtClose (19) intercepted (805B0714->AB117F94), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:15 dop. >>> Function restored successfully !
10.9.2012 11:41:15 dop. >>> Hook code blocked
10.9.2012 11:41:15 dop. Function NtConnectPort (1F) intercepted (8059843A->AB118DC8), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:15 dop. >>> Function restored successfully !
10.9.2012 11:41:15 dop. >>> Hook code blocked
10.9.2012 11:41:15 dop. Function NtCreateEvent (23) intercepted (8060393A->AB119312), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:15 dop. >>> Function restored successfully !
10.9.2012 11:41:15 dop. >>> Hook code blocked
10.9.2012 11:41:15 dop. Function NtCreateFile (25) intercepted (8056D14C->AB118270), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:15 dop. >>> Function restored successfully !
10.9.2012 11:41:15 dop. >>> Hook code blocked
10.9.2012 11:41:15 dop. Function NtCreateKey (29) intercepted (80618BD2->AB116500), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:15 dop. >>> Function restored successfully !
10.9.2012 11:41:15 dop. >>> Hook code blocked
10.9.2012 11:41:15 dop. Function NtCreateMutant (2B) intercepted (8060BF8C->AB1191F8), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:15 dop. >>> Function restored successfully !
10.9.2012 11:41:15 dop. >>> Hook code blocked
10.9.2012 11:41:15 dop. Function NtCreateNamedPipeFile (2C) intercepted (8056D186->AB11727E), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:15 dop. >>> Function restored successfully !
10.9.2012 11:41:15 dop. >>> Hook code blocked
10.9.2012 11:41:15 dop. Function NtCreatePort (2E) intercepted (80598F56->AB1190CC), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:15 dop. >>> Function restored successfully !
10.9.2012 11:41:15 dop. >>> Hook code blocked
10.9.2012 11:41:15 dop. Function NtCreateSection (32) intercepted (8059F23E->AB117426), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:15 dop. >>> Function restored successfully !
10.9.2012 11:41:15 dop. >>> Hook code blocked
10.9.2012 11:41:15 dop. Function NtCreateSemaphore (33) intercepted (80609936->AB119432), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:15 dop. >>> Function restored successfully !
10.9.2012 11:41:15 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtCreateSymbolicLinkObject (34) intercepted (805B9410->B0DD7C08), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtCreateThread (35) intercepted (805C5AD0->AB117C1C), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtCreateWaitablePort (38) intercepted (80598F7A->AB119162), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtDebugActiveProcess (39) intercepted (80637AC4->AB11AB1A), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtDeleteKey (3F) intercepted (80619062->AB116B0A), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtDeleteValueKey (41) intercepted (80619232->AB116EBE), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtDeviceIoControlFile (42) intercepted (8056D312->AB1186F2), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtDuplicateObject (44) intercepted (805B21F0->AB11BD26), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtEnumerateKey (47) intercepted (80619412->AB11700A), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtEnumerateValueKey (49) intercepted (8061967C->AB1170A2), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtFsControlFile (54) intercepted (8056D346->AB118500), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtLoadDriver (61) intercepted (8057832A->AB11AC0C), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtLoadKey (62) intercepted (8061A902->AB1164DC), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtLoadKey2 (63) intercepted (8061A54C->AB1164EE), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtMapViewOfSection (6C) intercepted (805A5F5A->AB11B374), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtNotifyChangeKey (6F) intercepted (8061A8CC->AB1171CE), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtOpenEvent (72) intercepted (80603A3A->AB1193A8), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtOpenFile (74) intercepted (8056E26A->AB118016), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:16 dop. Function NtOpenKey (77) intercepted (80619F68->AB1166C0), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:16 dop. >>> Function restored successfully !
10.9.2012 11:41:16 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtOpenMutant (78) intercepted (8060C064->AB119288), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtOpenProcess (7A) intercepted (805BFB78->AB1178CC), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtOpenSection (7D) intercepted (8059E274->AB11B10E), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtOpenSemaphore (7E) intercepted (80609A30->AB1194C8), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtOpenThread (80) intercepted (805BFE04->AB1177BE), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtQueryKey (A0) intercepted (8061A28C->AB11713A), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtQueryMultipleValueKey (A1) intercepted (80617DA0->AB116D72), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtQuerySection (A7) intercepted (805AC6A4->AB11B6AE), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtQueryValueKey (B1) intercepted (80616C8C->AB11699C), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtQueueApcThread (B4) intercepted (805C5D2E->AB11AFA0), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtRenameKey (C0) intercepted (806185F8->AB116C2C), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtReplaceKey (C1) intercepted (8061A7B2->AB115F16), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtReplyPort (C2) intercepted (80599356->AB11982C), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtReplyWaitReceivePort (C3) intercepted (8059A31E->AB1196F2), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtRequestWaitReplyPort (C8) intercepted (80596BE0->AB11A8B4), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtRestoreKey (CC) intercepted (80616FDA->AB11628E), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtResumeThread (CE) intercepted (805C94C0->AB11BBC8), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtSaveKey (CF) intercepted (8061707C->AB115EAE), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtSecureConnectPort (D2) intercepted (80597BCE->AB118B0E), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtSetContextThread (D5) intercepted (805C61F2->AB117E38), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtSetInformationToken (E6) intercepted (805EEA12->AB11A154), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtSetSecurityObject (ED) intercepted (805B4390->AB11ADAA), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtSetSystemInformation (F0) intercepted (8060468C->AB11B7FE), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtSetValueKey (F7) intercepted (80617292->AB116816), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtSuspendProcess (FD) intercepted (805C9588->AB11B8F0), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtSuspendThread (FE) intercepted (805C93FA->AB11BA2A), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtSystemDebugControl (FF) intercepted (8060C9A8->AB11AA3E), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtTerminateProcess (101) intercepted (805C74C8->AB117A68), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtTerminateThread (102) intercepted (805C76C2->AB1179C8), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtUnmapViewOfSection (10B) intercepted (805A6D70->AB11B552), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function NtWriteVirtualMemory (115) intercepted (805A82F6->AB117B52), hook C:\WINDOWS\system32\DRIVERS\3673467drv.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. >>> Hook code blocked
10.9.2012 11:41:17 dop. Function FsRtlCheckLockForReadAccess (804E9E14) - machine code modification Method of JmpTo. jmp B0DC94DC \SystemRoot\system32\DRIVERS\klif.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. Function IoIsOperationSynchronous (804EE54E) - machine code modification Method of JmpTo. jmp B0DC98B6 \SystemRoot\system32\DRIVERS\klif.sys, driver recognized as trusted
10.9.2012 11:41:17 dop. >>> Function restored successfully !
10.9.2012 11:41:17 dop. Functions checked: 284, intercepted: 61, restored: 63
10.9.2012 11:41:17 dop. 1.3 Checking IDT and SYSENTER
10.9.2012 11:41:17 dop. Analysis for CPU 1
10.9.2012 11:41:17 dop. CmpCallCallBacks = 0008802E
10.9.2012 11:41:17 dop. Disable callback OK
10.9.2012 11:41:17 dop. Checking IDT and SYSENTER - complete
10.9.2012 11:41:19 dop. 1.4 Searching for masking processes and drivers
10.9.2012 11:41:19 dop. Checking not performed: extended monitoring driver (AVZPM) is not installed
10.9.2012 11:41:19 dop. 1.5 Checking of IRP handlers
10.9.2012 11:41:19 dop. Driver loaded successfully
10.9.2012 11:41:19 dop. \FileSystem\ntfs[IRP_MJ_CREATE] = 89DE61F8 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\ntfs[IRP_MJ_CLOSE] = 89DE61F8 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\ntfs[IRP_MJ_WRITE] = 89DE61F8 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 89DE61F8 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 89DE61F8 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\ntfs[IRP_MJ_QUERY_EA] = 89DE61F8 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\ntfs[IRP_MJ_SET_EA] = 89DE61F8 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 89DE61F8 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 89DE61F8 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 89DE61F8 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 89DE61F8 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 89DE61F8 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 89DE61F8 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 89DE61F8 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 89DE61F8 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\ntfs[IRP_MJ_PNP] = 89DE61F8 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\FastFat[IRP_MJ_CREATE] = 89A45500 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\FastFat[IRP_MJ_CLOSE] = 89A45500 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\FastFat[IRP_MJ_WRITE] = 89A45500 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\FastFat[IRP_MJ_QUERY_INFORMATION] = 89A45500 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\FastFat[IRP_MJ_SET_INFORMATION] = 89A45500 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\FastFat[IRP_MJ_QUERY_EA] = 89A45500 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\FastFat[IRP_MJ_SET_EA] = 89A45500 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\FastFat[IRP_MJ_QUERY_VOLUME_INFORMATION] = 89A45500 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\FastFat[IRP_MJ_SET_VOLUME_INFORMATION] = 89A45500 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\FastFat[IRP_MJ_DIRECTORY_CONTROL] = 89A45500 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\FastFat[IRP_MJ_FILE_SYSTEM_CONTROL] = 89A45500 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\FastFat[IRP_MJ_DEVICE_CONTROL] = 89A45500 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\FastFat[IRP_MJ_LOCK_CONTROL] = 89A45500 -> hook not defined
10.9.2012 11:41:19 dop. \FileSystem\FastFat[IRP_MJ_PNP] = 89A45500 -> hook not defined
10.9.2012 11:41:19 dop. Checking - complete
10.9.2012 11:41:29 dop. Latent loading of libraries through AppInit_DLLs suspected: "C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll"
10.9.2012 11:41:53 dop. >> Services: potentially dangerous service allowed: TermService (Terminálová služba)
10.9.2012 11:41:53 dop. >> Services: potentially dangerous service allowed: SSDPSRV (Služba rozpoznávání pomocí protokolu SSDP)
10.9.2012 11:41:53 dop. >> Services: potentially dangerous service allowed: TlntSvr (Telnet)
10.9.2012 11:41:53 dop. >> Services: potentially dangerous service allowed: Schedule (Plánovač úloh)
10.9.2012 11:41:53 dop. > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
10.9.2012 11:41:53 dop. >> Security: disk drives' autorun is enabled
10.9.2012 11:41:53 dop. >> Security: administrative shares (C$, D$ ...) are enabled
10.9.2012 11:41:53 dop. >> Security: anonymous user access is enabled
10.9.2012 11:41:53 dop. >> Security: sending Remote Assistant queries is enabled
10.9.2012 11:41:56 dop. >> Process termination timeout is out of admissible values
10.9.2012 11:41:56 dop. >> Service termination timeout is out of admissible values
10.9.2012 11:41:56 dop. >> Disable HDD autorun
10.9.2012 11:41:56 dop. >> Disable autorun from network drives
10.9.2012 11:41:56 dop. >> Disable CD/DVD autorun
10.9.2012 11:41:56 dop. >> Disable removable media autorun
10.9.2012 11:41:57 dop. >> Windows Explorer - show extensions of known file types
10.9.2012 11:41:58 dop. >> [?? - AVZ1789]
10.9.2012 11:41:58 dop. System Analysis in progress
10.9.2012 11:43:41 dop. System Analysis - complete
10.9.2012 11:43:41 dop. Deleting service/driver: uti3otqy
10.9.2012 11:43:41 dop. [microprogram of healing]> registry key deleted HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uti3otqy
10.9.2012 11:43:41 dop. Delete file:C:\WINDOWS\system32\Drivers\uti3otqy.sys
10.9.2012 11:43:41 dop. Deleting service/driver: uji3otqy
10.9.2012 11:43:41 dop. Main script of analysis
10.9.2012 11:43:41 dop. Task completed Gathering system information
Gathering system information: completed 1 day ago (events: 95, time: 00:01:29)
10.9.2012 11:45:16 dop. Task completed Gathering system information
10.9.2012 11:45:16 dop. Main script of analysis
10.9.2012 11:45:16 dop. Deleting service/driver: uji3otqy
10.9.2012 11:45:16 dop. Delete file:C:\WINDOWS\system32\Drivers\uti3otqy.sys
10.9.2012 11:45:16 dop. [microprogram of healing]> registry key deleted HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uti3otqy
10.9.2012 11:45:16 dop. Deleting service/driver: uti3otqy
10.9.2012 11:45:16 dop. System Analysis - complete
10.9.2012 11:44:30 dop. System Analysis in progress
10.9.2012 11:44:30 dop. >> [?? - AVZ1789]
10.9.2012 11:44:29 dop. >> Windows Explorer - show extensions of known file types
10.9.2012 11:44:28 dop. >> Disable removable media autorun
10.9.2012 11:44:28 dop. >> Disable CD/DVD autorun
10.9.2012 11:44:28 dop. >> Disable autorun from network drives
10.9.2012 11:44:28 dop. >> Disable HDD autorun
10.9.2012 11:44:28 dop. >> Service termination timeout is out of admissible values
10.9.2012 11:44:28 dop. >> Process termination timeout is out of admissible values
10.9.2012 11:44:25 dop. >> Security: sending Remote Assistant queries is enabled
10.9.2012 11:44:25 dop. >> Security: anonymous user access is enabled
10.9.2012 11:44:25 dop. >> Security: administrative shares (C$, D$ ...) are enabled
10.9.2012 11:44:25 dop. >> Security: disk drives' autorun is enabled
10.9.2012 11:44:25 dop. > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
10.9.2012 11:44:25 dop. >> Services: potentially dangerous service allowed: Schedule (Plánovač úloh)
10.9.2012 11:44:25 dop. >> Services: potentially dangerous service allowed: TlntSvr (Telnet)
10.9.2012 11:44:25 dop. >> Services: potentially dangerous service allowed: SSDPSRV (Služba rozpoznávání pomocí protokolu SSDP)
10.9.2012 11:44:25 dop. >> Services: potentially dangerous service allowed: TermService (Terminálová služba)
10.9.2012 11:44:00 dop. Latent loading of libraries through AppInit_DLLs suspected: "C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll"
10.9.2012 11:43:52 dop. Checking - complete
10.9.2012 11:43:52 dop. \FileSystem\FastFat[IRP_MJ_PNP] = 89A45500 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\FastFat[IRP_MJ_LOCK_CONTROL] = 89A45500 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\FastFat[IRP_MJ_DEVICE_CONTROL] = 89A45500 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\FastFat[IRP_MJ_FILE_SYSTEM_CONTROL] = 89A45500 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\FastFat[IRP_MJ_DIRECTORY_CONTROL] = 89A45500 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\FastFat[IRP_MJ_SET_VOLUME_INFORMATION] = 89A45500 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\FastFat[IRP_MJ_QUERY_VOLUME_INFORMATION] = 89A45500 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\FastFat[IRP_MJ_SET_EA] = 89A45500 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\FastFat[IRP_MJ_QUERY_EA] = 89A45500 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\FastFat[IRP_MJ_SET_INFORMATION] = 89A45500 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\FastFat[IRP_MJ_QUERY_INFORMATION] = 89A45500 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\FastFat[IRP_MJ_WRITE] = 89A45500 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\FastFat[IRP_MJ_CLOSE] = 89A45500 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\FastFat[IRP_MJ_CREATE] = 89A45500 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\ntfs[IRP_MJ_PNP] = 89DE61F8 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 89DE61F8 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 89DE61F8 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 89DE61F8 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 89DE61F8 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 89DE61F8 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 89DE61F8 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 89DE61F8 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 89DE61F8 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\ntfs[IRP_MJ_SET_EA] = 89DE61F8 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\ntfs[IRP_MJ_QUERY_EA] = 89DE61F8 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 89DE61F8 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 89DE61F8 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\ntfs[IRP_MJ_WRITE] = 89DE61F8 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\ntfs[IRP_MJ_CLOSE] = 89DE61F8 -> hook not defined
10.9.2012 11:43:52 dop. \FileSystem\ntfs[IRP_MJ_CREATE] = 89DE61F8 -> hook not defined
10.9.2012 11:43:52 dop. Driver loaded successfully
10.9.2012 11:43:52 dop. 1.5 Checking of IRP handlers
10.9.2012 11:43:52 dop. Checking not performed: extended monitoring driver (AVZPM) is not installed
10.9.2012 11:43:52 dop. 1.4 Searching for masking processes and drivers
10.9.2012 11:43:51 dop. Checking IDT and SYSENTER - complete
10.9.2012 11:43:51 dop. Disable callback - óćĺ íĺéňčđŕëčçîâŕíű
10.9.2012 11:43:51 dop. CmpCallCallBacks = 0008802E
10.9.2012 11:43:51 dop. Analysis for CPU 1
10.9.2012 11:43:51 dop. 1.3 Checking IDT and SYSENTER
10.9.2012 11:43:51 dop. Functions checked: 284, intercepted: 0, restored: 0
10.9.2012 11:43:50 dop. KiST = 80501030 (284)
10.9.2012 11:43:50 dop. SDT = 80552180
10.9.2012 11:43:50 dop. Kernel ntkrnlpa.exe found in memory at address 804D7000
10.9.2012 11:43:50 dop. SDT found (RVA=07B180)
10.9.2012 11:43:50 dop. Driver loaded successfully
10.9.2012 11:43:50 dop. 1.2 Searching for kernel-mode API hooks
10.9.2012 11:43:49 dop. Analysis: netapi32.dll, export table found in section .text
10.9.2012 11:43:49 dop. Analysis: urlmon.dll, export table found in section .text
10.9.2012 11:43:49 dop. Analysis: rasapi32.dll, export table found in section .text
10.9.2012 11:43:49 dop. Analysis: wininet.dll, export table found in section .text
10.9.2012 11:43:49 dop. Analysis: ws2_32.dll, export table found in section .text
10.9.2012 11:43:49 dop. Analysis: advapi32.dll, export table found in section .text
10.9.2012 11:43:49 dop. Analysis: user32.dll, export table found in section .text
10.9.2012 11:43:49 dop. Analysis: ntdll.dll, export table found in section .text
10.9.2012 11:43:49 dop. IAT modification detected: GetProcAddress - 00CD0390<>7C80AC28
10.9.2012 11:43:49 dop. IAT modification detected: LoadLibraryA - 00CD0320<>7C801D77
10.9.2012 11:43:49 dop. IAT modification detected: LoadLibraryW - 00CD02B0<>7C80ACD3
10.9.2012 11:43:49 dop. IAT modification detected: CreateProcessW - 00CD01D0<>7C802332
10.9.2012 11:43:49 dop. IAT modification detected: GetModuleFileNameW - 00CD0160<>7C80B25D
10.9.2012 11:43:49 dop. IAT modification detected: FreeLibrary - 00CD00F0<>7C80AA66
10.9.2012 11:43:49 dop. IAT modification detected: GetModuleFileNameA - 00CD0080<>7C80B357
10.9.2012 11:43:49 dop. IAT modification detected: CreateProcessA - 00CD0010<>7C802367
10.9.2012 11:43:49 dop. Analysis: kernel32.dll, export table found in section .text
10.9.2012 11:43:49 dop. 1.1 Searching for user-mode API hooks
10.9.2012 11:43:48 dop. System Restore: enabled
10.9.2012 11:43:48 dop. Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2"
10.9.2012 11:43:48 dop. Main script of analysis
10.9.2012 11:43:47 dop. Task started Gathering system information
Gathering system information: completed 1 minute ago (events: 56, time: 00:01:44)
11.9.2012 2:33:30 odp. Task completed Gathering system information
11.9.2012 2:33:30 odp. Main script of analysis
11.9.2012 2:33:30 odp. Deleting service/driver: uji3otqy
11.9.2012 2:33:30 odp. Delete file:C:\WINDOWS\system32\Drivers\uti3otqy.sys
11.9.2012 2:33:30 odp. [microprogram of healing]> registry key deleted HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uti3otqy
11.9.2012 2:33:30 odp. Deleting service/driver: uti3otqy
11.9.2012 2:33:30 odp. System Analysis - complete
11.9.2012 2:32:29 odp. System Analysis in progress
11.9.2012 2:32:29 odp. >> [?? - AVZ1789]
11.9.2012 2:32:28 odp. >> Windows Explorer - show extensions of known file types
11.9.2012 2:32:27 odp. >> Disable removable media autorun
11.9.2012 2:32:27 odp. >> Disable CD/DVD autorun
11.9.2012 2:32:27 odp. >> Disable autorun from network drives
11.9.2012 2:32:27 odp. >> Disable HDD autorun
11.9.2012 2:32:27 odp. >> Service termination timeout is out of admissible values
11.9.2012 2:32:24 odp. >> Security: sending Remote Assistant queries is enabled
11.9.2012 2:32:24 odp. >> Security: anonymous user access is enabled
11.9.2012 2:32:24 odp. >> Security: administrative shares (C$, D$ ...) are enabled
11.9.2012 2:32:23 odp. >> Security: disk drives' autorun is enabled
11.9.2012 2:32:23 odp. > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
11.9.2012 2:32:23 odp. >> Services: potentially dangerous service allowed: Schedule (Plánovač úloh)
11.9.2012 2:32:23 odp. >> Services: potentially dangerous service allowed: TlntSvr (Telnet)
11.9.2012 2:32:23 odp. >> Services: potentially dangerous service allowed: SSDPSRV (Služba rozpoznávání pomocí protokolu SSDP)
11.9.2012 2:32:23 odp. >> Services: potentially dangerous service allowed: TermService (Terminálová služba)
11.9.2012 2:31:59 odp. Latent loading of libraries through AppInit_DLLs suspected: "C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll"
11.9.2012 2:31:50 odp. Driver communication failure [00000002] - [1]
11.9.2012 2:31:50 odp. Driver loaded successfully
11.9.2012 2:31:50 odp. 1.5 Checking of IRP handlers
11.9.2012 2:31:50 odp. Checking not performed: extended monitoring driver (AVZPM) is not installed
11.9.2012 2:31:50 odp. 1.4 Searching for masking processes and drivers
11.9.2012 2:31:48 odp. Driver communication failure [00000002] - [1]
11.9.2012 2:31:48 odp. Driver loaded successfully
11.9.2012 2:31:48 odp. 1.2 Searching for kernel-mode API hooks
11.9.2012 2:31:48 odp. Analysis: netapi32.dll, export table found in section .text
11.9.2012 2:31:48 odp. Analysis: urlmon.dll, export table found in section .text
11.9.2012 2:31:48 odp. Analysis: rasapi32.dll, export table found in section .text
11.9.2012 2:31:48 odp. Analysis: wininet.dll, export table found in section .text
11.9.2012 2:31:48 odp. Analysis: ws2_32.dll, export table found in section .text
11.9.2012 2:31:48 odp. Analysis: advapi32.dll, export table found in section .text
11.9.2012 2:31:48 odp. Analysis: user32.dll, export table found in section .text
11.9.2012 2:31:48 odp. Analysis: ntdll.dll, export table found in section .text
11.9.2012 2:31:48 odp. IAT modification detected: GetProcAddress - 00C80390<>7C80AC28
11.9.2012 2:31:48 odp. IAT modification detected: LoadLibraryA - 00C80320<>7C801D77
11.9.2012 2:31:48 odp. IAT modification detected: LoadLibraryW - 00C802B0<>7C80ACD3
11.9.2012 2:31:48 odp. IAT modification detected: CreateProcessW - 00C801D0<>7C802332
11.9.2012 2:31:48 odp. IAT modification detected: GetModuleFileNameW - 00C80160<>7C80B25D
11.9.2012 2:31:48 odp. IAT modification detected: FreeLibrary - 00C800F0<>7C80AA66
11.9.2012 2:31:48 odp. IAT modification detected: GetModuleFileNameA - 00C80080<>7C80B357
11.9.2012 2:31:48 odp. IAT modification detected: CreateProcessA - 00C80010<>7C802367
11.9.2012 2:31:48 odp. Analysis: kernel32.dll, export table found in section .text
11.9.2012 2:31:48 odp. 1.1 Searching for user-mode API hooks
11.9.2012 2:31:47 odp. System booted in Safe Mode with Networking
11.9.2012 2:31:47 odp. System Restore: enabled
11.9.2012 2:31:47 odp. Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2"
11.9.2012 2:31:47 odp. Main script of analysis
11.9.2012 2:31:46 odp. Task started Gathering system information

Stáhněte, rozbalte a spusťte TDSSKiller: http://support.kaspersky.com/downloads/ ... killer.zip . Nechte pracovat a po akci sem dejte log.

Kernel Driver boot- spdt.sys. Zjistil jsem že je to součást nestabilní verze DT. Ovšem donedávna jsem o tom nevěděl, Nastavení při spouštění Win. Ale podle AVG anti-rootkit free je tam skrytý driver, který se pořád jmenuje jinak.SPDT.sys ke dát do karantény

Jak se ten driver jmenuje?

Omlpuvám se za pozdí odezvu, ale jinak to nešlo. Odstraní Deamonu mělo negativní následky. Po odstranění přebytečného sw to odnesly i instalátory mb a chipsetu ale i zvukoivky. Win nenaběhl- chyběl boot.ini
instalace se sekla. A nešlo to spusit znovu. Při poslední známé konfig to začalo instalovat a opravovat. Ale ve win na disku c nefunguje myš.Klavesnice je zapojená na usb jezdá se o bezdrátovou. Ovšem myš jiná na usb nejde. Ostatní zařízení taky hlasí chybu. Zařízení nebude správně fungovat. Konfigurace myši s klávesnici na bezdrát nejde. Druhý win na disku d jsem naintaloval.

Ale při pokusu o přetažení programů ze zálohy z registrů a obnovení prográmu ze zálohy způsobilo, že druhý win XP nešel zpusiti. NAvíc při skenování pc ten druhý disk spadl do bsod. Vše bylo jinak ok. Viry na c nenašlo. Dojelko to na d a konec. Při použití hd tune to lehlo. Uděla jsem format d win ok. Formát D nešel v nouzáku provést - rychle ok , při plné smrt, uděla jsem rychlý formát a následně plný a disk nehlásil chybu!

Nyní cokoliv udělám přetáhnu z prvního win xp a zálohu tak to bortní ten druhý win xp. Pravděpodobně bude chyba v tom systému kde je pozůstatek po viru. Nevím co s tím. Asi to přepsalo nebo poškodilo nějaou číst disku. Protože z nějaké příčiny systému právě mizí soubory z toho prvního disku c



15:15:48.0609 4064 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:15:49.0062 4064 ============================================================
15:15:49.0062 4064 Current date / time: 2012/09/12 15:15:49.0062
15:15:49.0062 4064 SystemInfo:
15:15:49.0062 4064
15:15:49.0062 4064 OS Version: 5.1.2600 ServicePack: 2.0
15:15:49.0062 4064 Product type: Workstation
15:15:49.0062 4064 ComputerName: SPR-BEC0AF05DD9
15:15:49.0062 4064 UserName: Pavel Sovák
15:15:49.0062 4064 Windows directory: C:\WINDOWS
15:15:49.0062 4064 System windows directory: C:\WINDOWS
15:15:49.0062 4064 Processor architecture: Intel x86
15:15:49.0062 4064 Number of processors: 1
15:15:49.0062 4064 Page size: 0x1000
15:15:49.0062 4064 Boot type: Normal boot
15:15:49.0062 4064 ============================================================
15:15:49.0984 4064 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:15:50.0015 4064 Drive \Device\Harddisk1\DR1 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:15:50.0015 4064 Drive \Device\Harddisk2\DR4 - Size: 0x7D00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:15:50.0015 4064 ============================================================
15:15:50.0015 4064 \Device\Harddisk0\DR0:
15:15:50.0031 4064 MBR partitions:
15:15:50.0031 4064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
15:15:50.0031 4064 \Device\Harddisk1\DR1:
15:15:50.0031 4064 MBR partitions:
15:15:50.0031 4064 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A89182
15:15:50.0031 4064 \Device\Harddisk2\DR4:
15:15:50.0031 4064 MBR partitions:
15:15:50.0031 4064 \Device\Harddisk2\DR4\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x3E7DF
15:15:50.0031 4064 ============================================================
15:15:50.0203 4064 C: <-> \Device\Harddisk0\DR0\Partition1
15:15:50.0265 4064 G: <-> \Device\Harddisk1\DR1\Partition1
15:15:50.0265 4064 ============================================================
15:15:50.0265 4064 Initialize success
15:15:50.0265 4064 ============================================================
15:15:51.0859 2376 ============================================================
15:15:51.0859 2376 Scan started
15:15:51.0859 2376 Mode: Manual;
15:15:51.0859 2376 ============================================================
15:15:53.0281 2376 ================ Scan system memory ========================
15:15:53.0281 2376 System memory - ok
15:15:53.0281 2376 ================ Scan services =============================
15:15:53.0765 2376 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] 83175456 C:\WINDOWS\system32\DRIVERS\83175456.sys
15:15:53.0765 2376 83175456 - ok
15:15:53.0765 2376 Abiosdsk - ok
15:15:53.0781 2376 abp480n5 - ok
15:15:53.0875 2376 [ FA2FBCDA96D2385F773B059FE5A125A6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:15:53.0875 2376 ACPI - ok
15:15:53.0921 2376 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:15:53.0921 2376 ACPIEC - ok
15:15:53.0937 2376 adpu160m - ok
15:15:54.0046 2376 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:15:54.0046 2376 aec - ok
15:15:54.0109 2376 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:15:54.0109 2376 AFD - ok
15:15:54.0125 2376 Aha154x - ok
15:15:54.0125 2376 aic78u2 - ok
15:15:54.0140 2376 aic78xx - ok
15:15:54.0468 2376 [ BEA942FF21154FEE4F71DDD477621C70 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
15:15:54.0828 2376 ALCXWDM - ok
15:15:54.0875 2376 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:15:54.0875 2376 Alerter - ok
15:15:54.0921 2376 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG C:\WINDOWS\System32\alg.exe
15:15:54.0921 2376 ALG - ok
15:15:54.0921 2376 AliIde - ok
15:15:54.0937 2376 amsint - ok
15:15:55.0000 2376 [ 421184F91EAE5C6E78E653C6B32AAE84 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:15:55.0000 2376 AppMgmt - ok
15:15:55.0031 2376 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:15:55.0031 2376 Arp1394 - ok
15:15:55.0046 2376 asc - ok
15:15:55.0046 2376 asc3350p - ok
15:15:55.0062 2376 asc3550 - ok
15:15:55.0296 2376 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:15:55.0328 2376 aspnet_state - ok
15:15:55.0359 2376 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:15:55.0375 2376 AsyncMac - ok
15:15:55.0437 2376 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:15:55.0437 2376 atapi - ok
15:15:55.0453 2376 Atdisk - ok
15:15:55.0593 2376 [ E02ABC15C3428809F7BCB82571633575 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
15:15:55.0593 2376 Ati HotKey Poller - ok
15:15:55.0765 2376 [ 3AE69EA1AF3D65C362869D6DEC0CFA52 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
15:15:55.0765 2376 ATI Smart - ok
15:15:56.0281 2376 [ EC2743BF722D4356375A0A01B69A81E0 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:15:56.0312 2376 ati2mtag - ok
15:15:56.0375 2376 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:15:56.0375 2376 Atmarpc - ok
15:15:56.0437 2376 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:15:56.0453 2376 AudioSrv - ok
15:15:56.0515 2376 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:15:56.0515 2376 audstub - ok
15:15:56.0578 2376 [ E8054A423E5D2BDAE6062BAB6DA159C4 ] AVG Anti-Rootkit C:\WINDOWS\system32\DRIVERS\avgarkt.sys
15:15:56.0593 2376 AVG Anti-Rootkit - ok
15:15:56.0625 2376 [ EC08D1625F5C6CF2A57B79EB35186F8C ] AvgArCln C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
15:15:56.0625 2376 AvgArCln - ok
15:15:56.0984 2376 [ DF9586377384DF3808D42090242CC23B ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
15:15:56.0984 2376 AVP - ok
15:15:57.0000 2376 Beep - ok
15:15:57.0109 2376 [ E774A26610EC92674273486612C11CFC ] BITS C:\WINDOWS\system32\qmgr.dll
15:15:57.0203 2376 BITS - ok
15:15:57.0281 2376 [ F219E27E88107A50544153898DD8178E ] Browser C:\WINDOWS\System32\browser.dll
15:15:57.0281 2376 Browser - ok
15:15:57.0328 2376 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:15:57.0343 2376 cbidf2k - ok
15:15:57.0343 2376 cd20xrnt - ok
15:15:57.0390 2376 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:15:57.0390 2376 Cdaudio - ok
15:15:57.0453 2376 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:15:57.0453 2376 Cdfs - ok
15:15:57.0500 2376 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:15:57.0500 2376 Cdrom - ok
15:15:57.0515 2376 Changer - ok
15:15:57.0562 2376 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:15:57.0593 2376 CiSvc - ok
15:15:57.0625 2376 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:15:57.0640 2376 ClipSrv - ok
15:15:57.0703 2376 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:15:57.0703 2376 clr_optimization_v2.0.50727_32 - ok
15:15:57.0718 2376 CmdIde - ok
15:15:57.0718 2376 COMSysApp - ok
15:15:57.0734 2376 Cpqarray - ok
15:15:57.0796 2376 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:15:57.0812 2376 CryptSvc - ok
15:15:57.0812 2376 dac2w2k - ok
15:15:57.0828 2376 dac960nt - ok
15:15:57.0859 2376 [ C72C15EE57E248C66E57C76CAB086CF2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:15:57.0890 2376 DcomLaunch - ok
15:15:57.0937 2376 [ 562830EFB7CF367FB773FEA5256E67C8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:15:57.0984 2376 Dhcp - ok
15:15:58.0031 2376 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:15:58.0031 2376 Disk - ok
15:15:58.0046 2376 dmadmin - ok
15:15:58.0250 2376 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:15:58.0375 2376 dmboot - ok
15:15:58.0390 2376 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
15:15:58.0390 2376 dmio - ok
15:15:58.0453 2376 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:15:58.0453 2376 dmload - ok
15:15:58.0500 2376 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:15:58.0640 2376 dmserver - ok
15:15:58.0687 2376 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:15:58.0703 2376 DMusic - ok
15:15:58.0765 2376 [ F605B3F5674D67587C4B6C9E92A3E025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:15:58.0765 2376 Dnscache - ok
15:15:58.0781 2376 dpti2o - ok
15:15:58.0828 2376 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:15:58.0828 2376 drmkaud - ok
15:15:58.0875 2376 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:15:58.0906 2376 ERSvc - ok
15:15:58.0968 2376 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] Eventlog C:\WINDOWS\system32\services.exe
15:15:58.0968 2376 Eventlog - ok
15:15:58.0984 2376 [ 972378B907070F64932A87C90A035487 ] EventSystem C:\WINDOWS\system32\es.dll
15:15:59.0046 2376 EventSystem - ok
15:15:59.0140 2376 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:15:59.0156 2376 Fastfat - ok
15:15:59.0234 2376 [ 8BA76BD2A943F642F267A296A15776D2 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:15:59.0265 2376 FastUserSwitchingCompatibility - ok
15:15:59.0328 2376 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:15:59.0328 2376 Fdc - ok
15:15:59.0375 2376 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:15:59.0390 2376 Fips - ok
15:15:59.0437 2376 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:15:59.0437 2376 Flpydisk - ok
15:15:59.0484 2376 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:15:59.0500 2376 FltMgr - ok
15:15:59.0562 2376 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:15:59.0578 2376 FontCache3.0.0.0 - ok
15:15:59.0609 2376 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:15:59.0609 2376 Fs_Rec - ok
15:15:59.0671 2376 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:15:59.0703 2376 Ftdisk - ok
15:15:59.0718 2376 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:15:59.0718 2376 Gpc - ok
15:15:59.0781 2376 [ D956358054E99E6FFAC69CD87E893A89 ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
15:15:59.0781 2376 grmnusb - ok
15:15:59.0937 2376 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9daca63d984 C:\Program Files\Google\Update\GoogleUpdate.exe
15:15:59.0937 2376 gupdate1c9daca63d984 - ok
15:15:59.0984 2376 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:15:59.0984 2376 gupdatem - ok
15:16:00.0031 2376 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:16:00.0046 2376 gusvc - ok
15:16:00.0171 2376 [ F59152272782FED8A8197FA788287F68 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:16:00.0171 2376 helpsvc - ok
15:16:00.0218 2376 [ D2DCF769E5A70027058AD5BE1F9B55BF ] HidServ C:\WINDOWS\System32\hidserv.dll
15:16:00.0234 2376 HidServ - ok
15:16:00.0296 2376 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:16:00.0296 2376 hidusb - ok
15:16:00.0296 2376 hpn - ok
15:16:00.0421 2376 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:16:00.0421 2376 HTTP - ok
15:16:00.0468 2376 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:16:00.0484 2376 HTTPFilter - ok
15:16:00.0500 2376 i2omgmt - ok
15:16:00.0500 2376 i2omp - ok
15:16:00.0562 2376 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:16:00.0562 2376 i8042prt - ok
15:16:00.0859 2376 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:16:01.0187 2376 idsvc - ok
15:16:01.0234 2376 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:16:01.0234 2376 Imapi - ok
15:16:01.0375 2376 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:16:01.0375 2376 ImapiService - ok
15:16:01.0390 2376 ini910u - ok
15:16:01.0390 2376 IntelIde - ok
15:16:01.0437 2376 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:16:01.0437 2376 Ip6Fw - ok
15:16:01.0484 2376 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:16:01.0500 2376 IpFilterDriver - ok
15:16:01.0546 2376 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:16:01.0546 2376 IpInIp - ok
15:16:01.0578 2376 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:16:01.0609 2376 IpNat - ok
15:16:01.0671 2376 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:16:01.0687 2376 IPSec - ok
15:16:01.0734 2376 [ 86C204836FEEC22510D434982D4221B8 ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
15:16:01.0750 2376 irda - ok
15:16:01.0812 2376 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:16:01.0812 2376 IRENUM - ok
15:16:01.0843 2376 [ E16AC23F81CFE1223AB470F9982DE89D ] Irmon C:\WINDOWS\System32\irmon.dll
15:16:01.0859 2376 Irmon - ok
15:16:01.0906 2376 [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir C:\WINDOWS\system32\DRIVERS\irsir.sys
15:16:01.0906 2376 irsir - ok
15:16:01.0921 2376 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:16:01.0921 2376 isapnp - ok
15:16:02.0218 2376 [ 44FFBA62F0F426B581759C49AAFEC2E2 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
15:16:02.0296 2376 JavaQuickStarterService - ok
15:16:02.0328 2376 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:16:02.0328 2376 Kbdclass - ok
15:16:02.0375 2376 [ 065B5A83AA78C0C7047BF22E0AB5C821 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:16:02.0375 2376 kbdhid - ok
15:16:02.0468 2376 [ CE3958F58547454884E97BDA78CD7040 ] kl1 C:\WINDOWS\system32\drivers\kl1.sys
15:16:02.0468 2376 kl1 - ok
15:16:02.0484 2376 [ 53EEDAB3F0511321AC3AE8BC968B158C ] klbg C:\WINDOWS\system32\drivers\klbg.sys
15:16:02.0500 2376 klbg - ok
15:16:02.0546 2376 [ 73EB94AD1C85B4A3C5A8B4D879F668B9 ] KLFLTDEV C:\WINDOWS\system32\DRIVERS\klfltdev.sys
15:16:02.0546 2376 KLFLTDEV - ok
15:16:02.0656 2376 [ 439C778700FCE23F2852535D6FA5996D ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
15:16:02.0656 2376 KLIF - ok
15:16:02.0734 2376 [ FBDC2034B58D2135D25FE99EB8B747C3 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
15:16:02.0765 2376 klim5 - ok
15:16:02.0812 2376 [ 1F351C4BA53BFE58A1CA5FCDD11E1F81 ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
15:16:02.0812 2376 klmouflt - ok
15:16:02.0875 2376 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:16:02.0906 2376 kmixer - ok
15:16:02.0937 2376 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:16:02.0968 2376 KSecDD - ok
15:16:03.0000 2376 [ 6D6BDD68B775986577C48A8DF961A05C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:16:03.0031 2376 lanmanserver - ok
15:16:03.0062 2376 [ 69B0569AAE33F0D5057CA0E8577AAF07 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:16:03.0062 2376 lanmanworkstation - ok
15:16:03.0078 2376 Lbd - ok
15:16:03.0078 2376 lbrtfdc - ok
15:16:03.0109 2376 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:16:03.0125 2376 LmHosts - ok
15:16:03.0156 2376 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:16:03.0156 2376 Messenger - ok
15:16:03.0187 2376 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:16:03.0187 2376 mnmdd - ok
15:16:03.0250 2376 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:16:03.0250 2376 mnmsrvc - ok
15:16:03.0312 2376 [ 60210DEB037846AFE521EBF349964F6B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:16:03.0312 2376 Modem - ok
15:16:03.0343 2376 [ B160EC94114715675509115986400FD9 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:16:03.0343 2376 Mouclass - ok
15:16:03.0390 2376 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:16:03.0406 2376 mouhid - ok
15:16:03.0437 2376 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:16:03.0437 2376 MountMgr - ok
15:16:03.0453 2376 mraid35x - ok
15:16:03.0531 2376 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:16:03.0531 2376 MRxDAV - ok
15:16:03.0734 2376 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:16:03.0781 2376 MRxSmb - ok
15:16:03.0828 2376 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:16:03.0843 2376 MSDTC - ok
15:16:03.0906 2376 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:16:03.0906 2376 Msfs - ok
15:16:03.0906 2376 MSIServer - ok
15:16:03.0968 2376 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:16:03.0968 2376 MSKSSRV - ok
15:16:04.0015 2376 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:16:04.0015 2376 MSPCLOCK - ok
15:16:04.0015 2376 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:16:04.0015 2376 MSPQM - ok
15:16:04.0062 2376 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:16:04.0062 2376 mssmbios - ok
15:16:04.0093 2376 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:16:04.0109 2376 Mup - ok
15:16:04.0203 2376 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:16:04.0234 2376 NDIS - ok
15:16:04.0281 2376 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:16:04.0281 2376 NdisTapi - ok
15:16:04.0328 2376 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:16:04.0328 2376 Ndisuio - ok
15:16:04.0375 2376 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:16:04.0390 2376 NdisWan - ok
15:16:04.0421 2376 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:16:04.0421 2376 NDProxy - ok
15:16:04.0468 2376 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:16:04.0484 2376 NetBIOS - ok
15:16:04.0515 2376 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:16:04.0531 2376 NetBT - ok
15:16:04.0562 2376 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE C:\WINDOWS\system32\netdde.exe
15:16:04.0593 2376 NetDDE - ok
15:16:04.0593 2376 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:16:04.0593 2376 NetDDEdsdm - ok
15:16:04.0640 2376 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:16:04.0656 2376 Netlogon - ok
15:16:04.0703 2376 [ AF342D2781225A8769686E0D47E3123E ] Netman C:\WINDOWS\System32\netman.dll
15:16:04.0718 2376 Netman - ok
15:16:04.0781 2376 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:16:04.0781 2376 NetTcpPortSharing - ok
15:16:04.0828 2376 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:16:04.0828 2376 NIC1394 - ok
15:16:04.0859 2376 [ 64C078BD4EFD441C3F159EDC5EA4420A ] Nla C:\WINDOWS\System32\mswsock.dll
15:16:05.0000 2376 Nla - ok
15:16:05.0062 2376 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:16:05.0062 2376 Npfs - ok
15:16:05.0187 2376 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:16:05.0343 2376 Ntfs - ok
15:16:05.0375 2376 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:16:05.0375 2376 NtLmSsp - ok
15:16:05.0468 2376 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:16:05.0562 2376 NtmsSvc - ok
15:16:05.0609 2376 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:16:05.0609 2376 Null - ok
15:16:05.0828 2376 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:16:05.0890 2376 nv - ok
15:16:05.0953 2376 [ E4F1F95A6BBBFBBFF9A713C6063AA2CB ] nvatabus C:\WINDOWS\system32\DRIVERS\nvatabus.sys
15:16:05.0953 2376 nvatabus - ok
15:16:06.0015 2376 [ 720CC533EECB65553BD86B139CA04433 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:16:06.0015 2376 NVENETFD - ok
15:16:06.0046 2376 [ 5F9F545CC5904DD8765F84EE1D056406 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:16:06.0046 2376 nvnetbus - ok
15:16:06.0109 2376 [ 3194E2F6C9000C39DCF9D0580754F714 ] nv_agp C:\WINDOWS\system32\DRIVERS\nv_agp.sys
15:16:06.0109 2376 nv_agp - ok
15:16:06.0171 2376 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:16:06.0171 2376 NwlnkFlt - ok
15:16:06.0187 2376 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:16:06.0187 2376 NwlnkFwd - ok
15:16:06.0250 2376 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:16:06.0250 2376 ohci1394 - ok
15:16:06.0281 2376 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:16:06.0281 2376 Parport - ok
15:16:06.0296 2376 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:16:06.0296 2376 PartMgr - ok
15:16:06.0343 2376 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:16:06.0343 2376 ParVdm - ok
15:16:06.0390 2376 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
15:16:06.0390 2376 pccsmcfd - ok
15:16:06.0437 2376 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:16:06.0437 2376 PCI - ok
15:16:06.0453 2376 PCIDump - ok
15:16:06.0468 2376 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
15:16:06.0468 2376 PCIIde - ok
15:16:06.0500 2376 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:16:06.0500 2376 Pcmcia - ok
15:16:06.0500 2376 PDCOMP - ok
15:16:06.0515 2376 PDFRAME - ok
15:16:06.0515 2376 PDRELI - ok
15:16:06.0531 2376 PDRFRAME - ok
15:16:06.0531 2376 perc2 - ok
15:16:06.0546 2376 perc2hib - ok
15:16:06.0593 2376 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] PlugPlay C:\WINDOWS\system32\services.exe
15:16:06.0609 2376 PlugPlay - ok
15:16:06.0625 2376 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:16:06.0625 2376 PolicyAgent - ok
15:16:06.0656 2376 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:16:06.0671 2376 PptpMiniport - ok
15:16:06.0734 2376 [ 9A10E4FD13824823DA50D4758BD0A645 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
15:16:06.0734 2376 Processor - ok
15:16:06.0765 2376 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:16:06.0765 2376 ProtectedStorage - ok
15:16:06.0796 2376 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:16:06.0812 2376 PSched - ok
15:16:06.0859 2376 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:16:06.0859 2376 Ptilink - ok
15:16:06.0859 2376 ql1080 - ok
15:16:06.0875 2376 Ql10wnt - ok
15:16:06.0875 2376 ql12160 - ok
15:16:06.0875 2376 ql1240 - ok
15:16:06.0890 2376 ql1280 - ok
15:16:06.0921 2376 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:16:06.0921 2376 RasAcd - ok
15:16:06.0953 2376 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:16:07.0000 2376 RasAuto - ok
15:16:07.0078 2376 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
15:16:07.0078 2376 Rasirda - ok
15:16:07.0109 2376 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:16:07.0109 2376 Rasl2tp - ok
15:16:07.0156 2376 [ 6E519D777C91E90592403C9F981FDF03 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:16:07.0171 2376 RasMan - ok
15:16:07.0203 2376 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:16:07.0203 2376 RasPppoe - ok
15:16:07.0234 2376 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:16:07.0234 2376 Raspti - ok
15:16:07.0296 2376 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:16:07.0312 2376 Rdbss - ok
15:16:07.0328 2376 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:16:07.0328 2376 RDPCDD - ok
15:16:07.0359 2376 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:16:07.0375 2376 rdpdr - ok
15:16:07.0421 2376 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:16:07.0421 2376 RDPWD - ok
15:16:07.0500 2376 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:16:07.0531 2376 RDSessMgr - ok
15:16:07.0593 2376 [ ABA13D33E1F888C9A68599A48A8840D6 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:16:07.0593 2376 redbook - ok
15:16:07.0625 2376 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:16:07.0640 2376 RemoteAccess - ok
15:16:07.0671 2376 [ 5B21208FCF8970BB61FE98E19D828714 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:16:07.0671 2376 RemoteRegistry - ok
15:16:07.0750 2376 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:16:07.0750 2376 RpcLocator - ok
15:16:07.0796 2376 [ C72C15EE57E248C66E57C76CAB086CF2 ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:16:07.0812 2376 RpcSs - ok
15:16:07.0921 2376 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:16:07.0968 2376 RSVP - ok
15:16:08.0000 2376 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs C:\WINDOWS\system32\lsass.exe
15:16:08.0000 2376 SamSs - ok
15:16:08.0046 2376 [ 5BF35C4EA3F00FA8D3F1E5BF03D24584 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:16:08.0046 2376 SASDIFSV - ok
15:16:08.0109 2376 [ A22F08C98AC2F44587BF3A1FB52BF8CD ] sasenum C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
15:16:08.0109 2376 sasenum - ok
15:16:08.0156 2376 [ 81C02EA5F88CA4125E579384DFD75E3A ] saskutil C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
15:16:08.0156 2376 saskutil - ok
15:16:08.0203 2376 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:16:08.0203 2376 SCardSvr - ok
15:16:08.0328 2376 [ 29AC93307C6182DBE336BCA314947F28 ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:16:08.0343 2376 Schedule - ok
15:16:08.0406 2376 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:16:08.0406 2376 Secdrv - ok
15:16:08.0421 2376 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:16:08.0437 2376 seclogon - ok
15:16:08.0468 2376 [ 220AD85BA9C5B3011296354011B901CC ] SENS C:\WINDOWS\system32\sens.dll
15:16:08.0484 2376 SENS - ok
15:16:08.0515 2376 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:16:08.0515 2376 serenum - ok
15:16:08.0531 2376 [ C1DDBC85251551A840212999DA3D95F3 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:16:08.0531 2376 Serial - ok
15:16:08.0734 2376 [ 3EC8DE67B1C78C31E54C0F030E6BD7D5 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
15:16:08.0781 2376 ServiceLayer - ok
15:16:08.0843 2376 [ 4D0CE0FADCA29E7DA68CE597AC9010BD ] sfdrv01a C:\WINDOWS\system32\drivers\sfdrv01a.sys
15:16:08.0843 2376 sfdrv01a - ok
15:16:08.0859 2376 [ DAAD4C099EBF5094D32C373AC1AC0F3C ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
15:16:08.0859 2376 sfhlp02 - ok
15:16:08.0890 2376 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:16:08.0890 2376 Sfloppy - ok
15:16:08.0906 2376 [ C526AD307FF1900BC4C864F74553F762 ] sfsync04 C:\WINDOWS\system32\drivers\sfsync04.sys
15:16:08.0906 2376 sfsync04 - ok
15:16:08.0921 2376 [ 5DC0D3978B2C98F370BD8A5C9FD86092 ] sfvfs02 C:\WINDOWS\system32\drivers\sfvfs02.sys
15:16:08.0921 2376 sfvfs02 - ok
15:16:09.0031 2376 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:16:09.0203 2376 SharedAccess - ok
15:16:09.0265 2376 [ 8BA76BD2A943F642F267A296A15776D2 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:16:09.0281 2376 ShellHWDetection - ok
15:16:09.0281 2376 Simbad - ok
15:16:09.0296 2376 Sparrow - ok
15:16:09.0328 2376 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:16:09.0328 2376 splitter - ok
15:16:09.0375 2376 [ 21B6FAA88044A41640E03EBB68BE93E8 ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:16:09.0375 2376 Spooler - ok
15:16:09.0515 2376 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
15:16:09.0515 2376 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
15:16:09.0515 2376 sptd ( LockedFile.Multi.Generic ) - warning
15:16:09.0515 2376 sptd - detected LockedFile.Multi.Generic (1)
15:16:09.0562 2376 [ A74035EA526DB97D9D50D2143A55F5CF ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:16:09.0578 2376 sr - ok
15:16:09.0609 2376 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice C:\WINDOWS\system32\srsvc.dll
15:16:09.0640 2376 srservice - ok
15:16:09.0687 2376 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:16:09.0687 2376 Srv - ok
15:16:09.0750 2376 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:16:09.0781 2376 SSDPSRV - ok
15:16:09.0828 2376 [ 0645CCDDDD27F96EEA3534C1DEF736D9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:16:09.0953 2376 stisvc - ok
15:16:09.0968 2376 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:16:09.0968 2376 swenum - ok
15:16:10.0015 2376 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:16:10.0015 2376 swmidi - ok
15:16:10.0031 2376 SwPrv - ok
15:16:10.0031 2376 symc810 - ok
15:16:10.0046 2376 symc8xx - ok
15:16:10.0046 2376 sym_hi - ok
15:16:10.0062 2376 sym_u3 - ok
15:16:10.0109 2376 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:16:10.0109 2376 sysaudio - ok
15:16:10.0156 2376 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:16:10.0171 2376 SysmonLog - ok
15:16:10.0234 2376 [ 37162D29CD61519E6F5EA0DE99786FF6 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:16:10.0250 2376 TapiSrv - ok
15:16:10.0312 2376 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:16:10.0375 2376 Tcpip - ok
15:16:10.0406 2376 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:16:10.0406 2376 TDPIPE - ok
15:16:10.0437 2376 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:16:10.0437 2376 TDTCP - ok
15:16:10.0468 2376 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:16:10.0468 2376 TermDD - ok
15:16:10.0484 2376 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService C:\WINDOWS\System32\termsrv.dll
15:16:10.0500 2376 TermService - ok
15:16:10.0515 2376 [ 8BA76BD2A943F642F267A296A15776D2 ] Themes C:\WINDOWS\System32\shsvcs.dll
15:16:10.0531 2376 Themes - ok
15:16:10.0578 2376 [ 535C2FB97336BAFA509F4783DD1E5746 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:16:10.0578 2376 TlntSvr - ok
15:16:10.0593 2376 TosIde - ok
15:16:10.0625 2376 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:16:10.0640 2376 TrkWks - ok
15:16:10.0671 2376 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:16:10.0671 2376 Udfs - ok
15:16:10.0687 2376 ultra - ok
15:16:10.0765 2376 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:16:10.0765 2376 Update - ok
15:16:10.0812 2376 [ 984FC1518B0D5B31D76F0E63608E0500 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:16:10.0875 2376 upnphost - ok
15:16:10.0906 2376 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS C:\WINDOWS\System32\ups.exe
15:16:10.0906 2376 UPS - ok
15:16:10.0953 2376 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:16:10.0953 2376 usbccgp - ok
15:16:11.0000 2376 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:16:11.0000 2376 usbehci - ok
15:16:11.0015 2376 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:16:11.0015 2376 usbhub - ok
15:16:11.0046 2376 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:16:11.0046 2376 usbohci - ok
15:16:11.0078 2376 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:16:11.0093 2376 usbscan - ok
15:16:11.0125 2376 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:16:11.0125 2376 usbstor - ok
15:16:11.0171 2376 [ D81CD7E761C1A52DEC20F0D4EAEA3259 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
15:16:11.0187 2376 UxTuneUp - ok
15:16:11.0203 2376 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:16:11.0203 2376 VgaSave - ok
15:16:11.0218 2376 ViaIde - ok
15:16:11.0218 2376 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:16:11.0218 2376 VolSnap - ok
15:16:11.0281 2376 [ 043539881667BB37B07524032D6FFC3E ] VSS C:\WINDOWS\System32\vssvc.exe
15:16:11.0343 2376 VSS - ok
15:16:11.0437 2376 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time C:\WINDOWS\system32\w32time.dll
15:16:11.0484 2376 W32Time - ok
15:16:11.0515 2376 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:16:11.0515 2376 Wanarp - ok
15:16:11.0531 2376 WDICA - ok
15:16:11.0546 2376 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:16:11.0546 2376 wdmaud - ok
15:16:11.0562 2376 [ 3791ADF1D3466AC6B4B662D3F79CBFEC ] WebClient C:\WINDOWS\System32\webclnt.dll
15:16:11.0562 2376 WebClient - ok
15:16:11.0734 2376 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:16:11.0828 2376 winmgmt - ok
15:16:11.0906 2376 [ E02E913B3841717A890A644EE167B9A5 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
15:16:11.0921 2376 WmdmPmSN - ok
15:16:12.0078 2376 [ 0CDC4A0C6B820FAD99FB4CA74CD0C476 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:16:12.0375 2376 Wmi - ok
15:16:12.0421 2376 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:16:12.0468 2376 WmiApSrv - ok
15:16:12.0515 2376 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:16:12.0515 2376 WS2IFSL - ok
15:16:12.0578 2376 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:16:12.0609 2376 wscsvc - ok
15:16:12.0640 2376 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:16:12.0656 2376 wuauserv - ok
15:16:12.0828 2376 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:16:13.0078 2376 WZCSVC - ok
15:16:13.0109 2376 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:16:13.0125 2376 xmlprov - ok
15:16:13.0140 2376 ================ Scan global ===============================
15:16:13.0171 2376 [ F642F3368D2839798DA79E7BA9218481 ] C:\WINDOWS\system32\basesrv.dll
15:16:13.0281 2376 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
15:16:13.0578 2376 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
15:16:13.0609 2376 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] C:\WINDOWS\system32\services.exe
15:16:13.0640 2376 [Global] - ok
15:16:13.0640 2376 ================ Scan MBR ==================================
15:16:13.0656 2376 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
15:16:13.0984 2376 \Device\Harddisk0\DR0 - ok
15:16:14.0000 2376 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk1\DR1
15:16:14.0250 2376 \Device\Harddisk1\DR1 - ok
15:16:14.0250 2376 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk2\DR4
15:16:17.0109 2376 \Device\Harddisk2\DR4 - ok
15:16:17.0109 2376 ================ Scan VBR ==================================
15:16:17.0109 2376 [ F89D0FCCF293287EDDE16231A84F02B4 ] \Device\Harddisk0\DR0\Partition1
15:16:17.0109 2376 \Device\Harddisk0\DR0\Partition1 - ok
15:16:17.0125 2376 [ B0B7EE10E5672CE1F45A28424898EF3A ] \Device\Harddisk1\DR1\Partition1
15:16:17.0125 2376 \Device\Harddisk1\DR1\Partition1 - ok
15:16:17.0125 2376 [ 690B5A047883C8CD008C8E02B6D10A6B ] \Device\Harddisk2\DR4\Partition1
15:16:17.0125 2376 \Device\Harddisk2\DR4\Partition1 - ok
15:16:17.0125 2376 ============================================================
15:16:17.0125 2376 Scan finished
15:16:17.0125 2376 ============================================================
15:16:17.0140 0612 Detected object count: 1
15:16:17.0140 0612 Actual detected object count: 1
15:16:33.0140 0612 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:16:33.0140 0612 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:32:39.0593 1812 Deinitialize success