Dobrý večer,
prosím o pomoc, Eset hlásí po zapnutí trojský kůň, po kontrole má v logu toto PC Operační paměť - Win32/Olmarik.TDL3 trojský kůň - nelze léčit
Prosím o pomoc, děkuji
Log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by User at 2013-10-09 21:56:35
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (9%) free of 20 GB
Total RAM: 1790 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:56:46, on 9.10.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET Endpoint Security\ekrn.exe
C:\Program Files\ESET\ESET Endpoint Security\egui.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
D:\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\User.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Endpoint Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Endpoint Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Endpoint Security\ekrn.exe
O23 - Service: ESET SHA Service (ESHASRV) - ESET - C:\Program Files\ESET\ESET Endpoint Security\EShaSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 5949 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-PC-200-User.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\v49npd7a.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
C:\Program Files\Mozilla Firefox\plugins\
npdeploytk.dll
nplv2010win32.dll
NPOFF12.DLL
nppdf32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
mall-cz.xml
yahoo.xml
C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\v49npd7a.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\v49npd7a.default\searchplugins\
OurBabyMaker_27.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-07 194640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-08-04 18702336]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"egui"=C:\Program Files\ESET\ESET Endpoint Security\egui.exe [2013-02-14 3158584]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Documents and Settings\User\Data aplikací\Seznam.cz\bin\wszndesktop.exe -q []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-04-29 2221352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-03-25 570664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\309042~1.318\SSSCHE~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^TMMonitor.lnk]
C:\PROGRA~1\ArcSoft\TOTALM~1.5\TMMONI~1.EXE []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Documents and Settings\All Users\Data aplikací\Electronic Arts\Need For Speed World\Data\nfsw.exe"="C:\Documents and Settings\All Users\Data aplikací\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
======File associations======
.txt - open - notepad.exe %1
======List of files/folders created in the last 1 month======
2013-10-09 21:56:37 ----D---- C:\Program Files\trend micro
2013-10-09 21:56:35 ----DC---- C:\rsit
2013-10-09 21:08:59 ----D---- C:\Documents and Settings\User\Data aplikací\ESET
2013-10-09 21:08:42 ----D---- C:\WINDOWS\LastGood
2013-10-09 20:55:34 ----SHDC---- C:\RECYCLER
2013-10-09 19:52:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-10-09 19:44:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Licenses
2013-10-09 19:44:23 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2013-10-09 19:44:20 ----D---- C:\Program Files\SpywareBlaster
2013-10-09 17:23:03 ----D---- C:\WINDOWS\temp
2013-10-09 16:13:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2884256$
2013-10-09 16:12:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2868038$
2013-10-09 16:12:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2862335$
2013-10-09 16:12:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2862330$
2013-10-09 16:12:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2847311$
2013-10-09 16:07:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2883150$
2013-10-09 15:49:18 ----A---- C:\Program Files\Uninstall OurBabymaker.dll
2013-10-09 15:47:52 ----D---- C:\Documents and Settings\User\Data aplikací\Apple Computer
2013-10-09 13:24:38 ----D---- C:\WINDOWS\pss
2013-10-09 13:10:54 ----DC---- C:\AdwCleaner
2013-10-09 13:04:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-10-05 10:48:11 ----D---- C:\Program Files\Mozilla Firefox
2013-09-11 22:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2876315$
2013-09-11 22:05:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$
2013-09-11 22:05:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$
======List of files/folders modified in the last 1 month======
2013-10-09 21:56:43 ----D---- C:\WINDOWS\Prefetch
2013-10-09 21:56:37 ----RD---- C:\Program Files
2013-10-09 21:16:52 ----D---- C:\WINDOWS\system32
2013-10-09 21:16:42 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 21:08:54 ----SHD---- C:\WINDOWS\Installer
2013-10-09 21:08:45 ----HD---- C:\WINDOWS\inf
2013-10-09 21:08:45 ----D---- C:\WINDOWS\system32\drivers
2013-10-09 21:08:42 ----D---- C:\WINDOWS
2013-10-09 21:08:41 ----D---- C:\WINDOWS\system32\CatRoot2
2013-10-09 21:06:44 ----SHD---- C:\System Volume Information
2013-10-09 21:06:44 ----D---- C:\WINDOWS\system32\Restore
2013-10-09 21:04:21 ----D---- C:\Program Files\ESET
2013-10-09 19:39:38 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-10-09 17:18:52 ----AC---- C:\WINDOWS\system.ini
2013-10-09 17:18:21 ----D---- C:\WINDOWS\system32\drivers\etc
2013-10-09 17:13:56 ----D---- C:\WINDOWS\AppPatch
2013-10-09 17:13:56 ----D---- C:\Program Files\Common Files
2013-10-09 17:13:44 ----D---- C:\WINDOWS\Microsoft.NET
2013-10-09 17:13:40 ----RSD---- C:\WINDOWS\assembly
2013-10-09 16:45:56 ----D---- C:\Documents and Settings\User\Data aplikací\Seznam.cz
2013-10-09 16:37:03 ----D---- C:\Program Files\Internet Explorer
2013-10-09 16:35:48 ----D---- C:\Program Files\OpenOffice.org 2.3
2013-10-09 16:33:49 ----RD---- C:\Program Files\Skype
2013-10-09 16:32:28 ----D---- C:\Program Files\PokerStars
2013-10-09 16:31:43 ----HD---- C:\Program Files\InstallShield Installation Information
2013-10-09 16:31:43 ----D---- C:\Program Files\IR
2013-10-09 16:29:16 ----D---- C:\Program Files\Common Files\ArcSoft
2013-10-09 16:22:18 ----D---- C:\Program Files\totalcmd
2013-10-09 16:13:55 ----A---- C:\WINDOWS\system32\MRT.exe
2013-10-09 16:13:07 ----RSHD---- C:\WINDOWS\system32\dllcache
2013-10-09 16:11:40 ----D---- C:\WINDOWS\ie8updates
2013-10-09 16:10:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-09 16:09:55 ----D---- C:\WINDOWS\WinSxS
2013-10-09 16:06:28 ----D---- C:\Program Files\Microsoft Silverlight
2013-10-09 16:06:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-10-09 15:50:49 ----D---- C:\Program Files\Messenger
2013-10-09 15:47:51 ----SD---- C:\WINDOWS\Tasks
2013-10-09 15:47:21 ----D---- C:\Documents and Settings\User\Data aplikací\uTorrent
2013-10-09 13:23:07 ----D---- C:\WINDOWS\Logs
2013-10-09 13:22:38 ----D---- C:\Program Files\CCleaner
2013-10-09 13:04:31 ----D---- C:\WINDOWS\Debug
2013-10-08 21:50:29 ----A---- C:\WINDOWS\NeroDigital.ini
2013-09-25 15:30:21 ----D---- C:\Documents and Settings\User\Data aplikací\OpenOffice.org2
2013-09-23 23:55:10 ----A---- C:\WINDOWS\system32\ieframe.dll
2013-09-23 20:25:11 ----A---- C:\WINDOWS\system32\wininet.dll
2013-09-23 20:25:11 ----A---- C:\WINDOWS\system32\urlmon.dll
2013-09-23 20:25:11 ----A---- C:\WINDOWS\system32\url.dll
2013-09-23 20:25:11 ----A---- C:\WINDOWS\system32\occache.dll
2013-09-23 20:25:11 ----A---- C:\WINDOWS\system32\mstime.dll
2013-09-23 20:25:10 ----A---- C:\WINDOWS\system32\mshtmled.dll
2013-09-23 20:25:10 ----A---- C:\WINDOWS\system32\mshtml.dll
2013-09-23 20:25:09 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2013-09-23 20:25:09 ----A---- C:\WINDOWS\system32\msfeeds.dll
2013-09-23 20:25:09 ----A---- C:\WINDOWS\system32\licmgr10.dll
2013-09-23 20:25:09 ----A---- C:\WINDOWS\system32\jsproxy.dll
2013-09-23 20:25:08 ----A---- C:\WINDOWS\system32\iertutil.dll
2013-09-23 20:25:08 ----A---- C:\WINDOWS\system32\iepeers.dll
2013-09-23 20:25:06 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2013-09-23 20:25:06 ----A---- C:\WINDOWS\system32\corpol.dll
2013-09-23 20:06:49 ----A---- C:\WINDOWS\system32\ie4uinit.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2008-08-18 145952]
R0 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-02-04 164488]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-02-04 124848]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2013-02-04 62512]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2008-04-07 4096]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2013-02-04 155224]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2013-02-04 40376]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-08-05 5874176]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2013-02-08 12648960]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-11-17 54016]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-11-17 22016]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S0 edevmon;edevmon; C:\WINDOWS\system32\DRIVERS\edevmon.sys [2013-04-09 171680]
S0 SYMMPI;SYMMPI; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2008-08-20 106880]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46592]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 IT9135BDA;IT9135 BDA Devices; C:\WINDOWS\System32\Drivers\IT9135BDA.sys [2011-09-02 145152]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 usbser;Nokia USB Serial Port Driver ; C:\WINDOWS\system32\drivers\usbser.sys [2013-08-29 26240]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2008-07-20 324120]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Endpoint Security\ekrn.exe [2013-02-14 1020304]
R2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2010-03-05 695136]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2010-06-16 45168]
R2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2010-06-16 55416]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-04-29 877864]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-17 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Endpoint Security\EHttpSrv.exe [2013-02-14 33136]
S3 ESHASRV;ESET SHA Service; C:\Program Files\ESET\ESET Endpoint Security\EShaSrv.exe [2013-02-14 183944]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-03 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-17 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-17 194032]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-05 118680]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 OpcEnum;OpcEnum; C:\WINDOWS\system32\OpcEnum.exe [2009-06-03 98304]
S4 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Eset hlásí Trojský kůň, nesmaže jej
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119379
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Eset hlásí Trojský kůň, nesmaže jej
Zdravím!
Dejte log ComboFix:
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Eset hlásí Trojský kůň, nesmaže jej
Combofix nešel spustit, přejmenoval jsme jej na fixik a pak šel, log je zde:
ComboFix 13-10-09.01 - User 09.10.2013 22:12:11.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1790.1192 [GMT 2:00]
Spuštěný z: c:\documents and settings\User\Plocha\fixik.exe
AV: ESET Endpoint Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-09 do 2013-10-09 )))))))))))))))))))))))))))))))
.
.
2013-10-09 19:56 . 2013-10-09 19:56 -------- d-----w- c:\program files\trend micro
2013-10-09 19:56 . 2013-10-09 19:56 -------- dc----w- C:\rsit
2013-10-09 19:08 . 2013-10-09 19:08 -------- d-----w- c:\documents and settings\User\Data aplikací\ESET
2013-10-09 19:08 . 2013-10-09 19:08 -------- d-----w- c:\windows\LastGood
2013-10-09 17:52 . 2013-10-09 17:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-10-09 17:44 . 2013-10-09 20:20 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2013-10-09 17:44 . 2013-10-09 17:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Licenses
2013-10-09 17:44 . 2013-10-09 17:44 -------- d-----w- c:\program files\SpywareBlaster
2013-10-09 14:01 . 2013-07-17 00:58 46848 ------w- c:\windows\system32\dllcache\irbus.sys
2013-10-09 14:01 . 2013-07-03 02:12 25088 ------w- c:\windows\system32\dllcache\hidparse.sys
2013-10-09 14:01 . 2013-08-09 00:55 144128 ------w- c:\windows\system32\dllcache\usbport.sys
2013-10-09 14:01 . 2013-08-09 00:55 5376 ------w- c:\windows\system32\dllcache\usbd.sys
2013-10-09 14:01 . 2009-03-18 11:02 30336 ------w- c:\windows\system32\dllcache\usbehci.sys
2013-10-09 13:49 . 2010-12-09 19:33 675840 ----a-w- c:\program files\Uninstall OurBabymaker.dll
2013-10-09 13:47 . 2013-10-09 13:47 -------- d-----w- c:\documents and settings\User\Data aplikací\Apple Computer
2013-10-09 11:10 . 2013-10-09 17:47 -------- dc----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 19:16 . 2013-04-08 12:14 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 19:16 . 2011-08-02 17:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:25 . 2009-03-20 17:52 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:25 . 2009-03-20 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:25 . 2009-03-20 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:25 . 2009-03-20 17:51 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2009-03-20 17:51 385024 ----a-w- c:\windows\system32\html.iec
2013-08-29 07:01 . 2009-03-20 17:52 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2012-05-07 21:43 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
2013-08-09 01:56 . 2009-03-20 17:51 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2008-04-14 00:15 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2010-02-16 11:52 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2001-08-17 22:03 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2009-03-20 17:51 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 19:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-18 23:18 . 2013-07-18 23:18 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-17 00:58 . 2010-02-16 11:52 123008 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-07-17 00:58 . 2010-02-16 11:52 60160 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2010-09-16 13:35 . 2010-09-16 13:35 158720 ----a-w- c:\program files\internet explorer\plugins\LV2010ActiveXControl.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-04 18702336]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"egui"="c:\program files\ESET\ESET Endpoint Security\egui.exe" [2013-02-14 3158584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^TMMonitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\TMMonitor.lnk
backup=c:\windows\pss\TMMonitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-04-29 08:36 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-03-25 11:33 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2013-05-16 13:25 1062472 ----a-w- c:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.2.2013 15:48 124848]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Endpoint Security\ekrn.exe [14.2.2013 13:42 1020304]
S0 edevmon;edevmon;c:\windows\system32\drivers\edevmon.sys [9.4.2013 15:16 171680]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16.2.2010 16:32 1684736]
S3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET Endpoint Security\EShaSrv.exe [14.2.2013 13:43 183944]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [20.4.2013 15:04 145152]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - EKRN
*NewlyCreated* - EPFW
*NewlyCreated* - EPFWTDI
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-03 21:39 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-08 19:16]
.
2013-10-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-200-User.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-02 20:39]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 19:06]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 19:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\User\Data aplikací\Mozilla\Firefox\Profiles\v49npd7a.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2010-02-18 23:27; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-cz.seznam.software - c:\documents and settings\User\Data aplikací\Seznam.cz\bin\wszndesktop.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-09 22:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 -> \Device\Scsi\nvgts1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4CDECC]<<
c:\docume~1\User\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x87e64879; SUB DWORD [EBP-0x4], 0x87e64135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 ntkrnlpa!IofCallDriver[0x804EF200] -> \Device\Harddisk0\DR0[0x8A5BCAB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF200] -> \Device\0000005b[0x8A5CE1F8]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF200] -> [0x8A57C940]
[0x8A480388] -> IRP_MJ_CREATE -> 0x8A4CDECC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Scsi\nvgts1Port0Path0Target0Lun0 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-07M0A&Rev_01.0#4&2ae96dbe&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1948)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2013-10-09 22:27:01
ComboFix-quarantined-files.txt 2013-10-09 20:26
.
Před spuštěním: 1 868 992 512
Po spuštění: 1 832 587 264
.
- - End Of File - - 16650F95CAD0A9928A57D6E2F75435B7
8F558EB6672622401DA993E1E865C861
ComboFix 13-10-09.01 - User 09.10.2013 22:12:11.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1790.1192 [GMT 2:00]
Spuštěný z: c:\documents and settings\User\Plocha\fixik.exe
AV: ESET Endpoint Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-09 do 2013-10-09 )))))))))))))))))))))))))))))))
.
.
2013-10-09 19:56 . 2013-10-09 19:56 -------- d-----w- c:\program files\trend micro
2013-10-09 19:56 . 2013-10-09 19:56 -------- dc----w- C:\rsit
2013-10-09 19:08 . 2013-10-09 19:08 -------- d-----w- c:\documents and settings\User\Data aplikací\ESET
2013-10-09 19:08 . 2013-10-09 19:08 -------- d-----w- c:\windows\LastGood
2013-10-09 17:52 . 2013-10-09 17:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-10-09 17:44 . 2013-10-09 20:20 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2013-10-09 17:44 . 2013-10-09 17:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Licenses
2013-10-09 17:44 . 2013-10-09 17:44 -------- d-----w- c:\program files\SpywareBlaster
2013-10-09 14:01 . 2013-07-17 00:58 46848 ------w- c:\windows\system32\dllcache\irbus.sys
2013-10-09 14:01 . 2013-07-03 02:12 25088 ------w- c:\windows\system32\dllcache\hidparse.sys
2013-10-09 14:01 . 2013-08-09 00:55 144128 ------w- c:\windows\system32\dllcache\usbport.sys
2013-10-09 14:01 . 2013-08-09 00:55 5376 ------w- c:\windows\system32\dllcache\usbd.sys
2013-10-09 14:01 . 2009-03-18 11:02 30336 ------w- c:\windows\system32\dllcache\usbehci.sys
2013-10-09 13:49 . 2010-12-09 19:33 675840 ----a-w- c:\program files\Uninstall OurBabymaker.dll
2013-10-09 13:47 . 2013-10-09 13:47 -------- d-----w- c:\documents and settings\User\Data aplikací\Apple Computer
2013-10-09 11:10 . 2013-10-09 17:47 -------- dc----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 19:16 . 2013-04-08 12:14 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 19:16 . 2011-08-02 17:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:25 . 2009-03-20 17:52 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:25 . 2009-03-20 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:25 . 2009-03-20 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:25 . 2009-03-20 17:51 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2009-03-20 17:51 385024 ----a-w- c:\windows\system32\html.iec
2013-08-29 07:01 . 2009-03-20 17:52 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2012-05-07 21:43 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
2013-08-09 01:56 . 2009-03-20 17:51 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2008-04-14 00:15 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2010-02-16 11:52 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2001-08-17 22:03 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2009-03-20 17:51 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 19:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-18 23:18 . 2013-07-18 23:18 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-17 00:58 . 2010-02-16 11:52 123008 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-07-17 00:58 . 2010-02-16 11:52 60160 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2010-09-16 13:35 . 2010-09-16 13:35 158720 ----a-w- c:\program files\internet explorer\plugins\LV2010ActiveXControl.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-04 18702336]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"egui"="c:\program files\ESET\ESET Endpoint Security\egui.exe" [2013-02-14 3158584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^TMMonitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\TMMonitor.lnk
backup=c:\windows\pss\TMMonitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-04-29 08:36 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-03-25 11:33 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2013-05-16 13:25 1062472 ----a-w- c:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.2.2013 15:48 124848]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Endpoint Security\ekrn.exe [14.2.2013 13:42 1020304]
S0 edevmon;edevmon;c:\windows\system32\drivers\edevmon.sys [9.4.2013 15:16 171680]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16.2.2010 16:32 1684736]
S3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET Endpoint Security\EShaSrv.exe [14.2.2013 13:43 183944]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [20.4.2013 15:04 145152]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - EKRN
*NewlyCreated* - EPFW
*NewlyCreated* - EPFWTDI
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-03 21:39 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-08 19:16]
.
2013-10-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-200-User.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-02 20:39]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 19:06]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 19:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\User\Data aplikací\Mozilla\Firefox\Profiles\v49npd7a.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2010-02-18 23:27; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-cz.seznam.software - c:\documents and settings\User\Data aplikací\Seznam.cz\bin\wszndesktop.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-09 22:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 -> \Device\Scsi\nvgts1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4CDECC]<<
c:\docume~1\User\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x87e64879; SUB DWORD [EBP-0x4], 0x87e64135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 ntkrnlpa!IofCallDriver[0x804EF200] -> \Device\Harddisk0\DR0[0x8A5BCAB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF200] -> \Device\0000005b[0x8A5CE1F8]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF200] -> [0x8A57C940]
[0x8A480388] -> IRP_MJ_CREATE -> 0x8A4CDECC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Scsi\nvgts1Port0Path0Target0Lun0 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-07M0A&Rev_01.0#4&2ae96dbe&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1948)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2013-10-09 22:27:01
ComboFix-quarantined-files.txt 2013-10-09 20:26
.
Před spuštěním: 1 868 992 512
Po spuštění: 1 832 587 264
.
- - End Of File - - 16650F95CAD0A9928A57D6E2F75435B7
8F558EB6672622401DA993E1E865C861
-
Rudy
- Site Admin
- Příspěvky: 119379
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Eset hlásí Trojský kůň, nesmaže jej
Toto je OK, ale je tam TDL rootkit: Spusťte TDSSKiller: http://www.stahuj.centrum.cz/utility_a_ ... dsskiller/ . Nechte pracovat. Po skončení skce sem zkopírujte log, který se otevře.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Eset hlásí Trojský kůň, nesmaže jej
Log:
22:52:25.0187 3060 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:52:25.0421 3060 ============================================================
22:52:25.0421 3060 Current date / time: 2013/10/09 22:52:25.0421
22:52:25.0421 3060 SystemInfo:
22:52:25.0421 3060
22:52:25.0421 3060 OS Version: 5.1.2600 ServicePack: 3.0
22:52:25.0421 3060 Product type: Workstation
22:52:25.0421 3060 ComputerName: PC-200
22:52:25.0421 3060 UserName: User
22:52:25.0421 3060 Windows directory: C:\WINDOWS
22:52:25.0421 3060 System windows directory: C:\WINDOWS
22:52:25.0421 3060 Processor architecture: Intel x86
22:52:25.0421 3060 Number of processors: 2
22:52:25.0421 3060 Page size: 0x1000
22:52:25.0421 3060 Boot type: Normal boot
22:52:25.0421 3060 ============================================================
22:52:25.0859 3060 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:52:25.0859 3060 Drive \Device\Harddisk1\DR3 - Size: 0x3D800000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:52:25.0859 3060 ============================================================
22:52:25.0859 3060 \Device\Harddisk0\DR0:
22:52:25.0859 3060 MBR partitions:
22:52:25.0859 3060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2800A34
22:52:25.0859 3060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2800A73, BlocksNum 0x22C2CC4E
22:52:25.0859 3060 \Device\Harddisk1\DR3:
22:52:25.0875 3060 MBR partitions:
22:52:25.0875 3060 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1EBFC1
22:52:25.0875 3060 ============================================================
22:52:25.0875 3060 C: <-> \Device\Harddisk0\DR0\Partition1
22:52:25.0953 3060 D: <-> \Device\Harddisk0\DR0\Partition2
22:52:25.0953 3060 ============================================================
22:52:25.0953 3060 Initialize success
22:52:25.0953 3060 ============================================================
22:52:29.0859 4008 ============================================================
22:52:29.0859 4008 Scan started
22:52:29.0859 4008 Mode: Manual;
22:52:29.0859 4008 ============================================================
22:52:30.0078 4008 ================ Scan system memory ========================
22:52:30.0078 4008 System memory - ok
22:52:30.0078 4008 ================ Scan services =============================
22:52:30.0171 4008 Abiosdsk - ok
22:52:30.0187 4008 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:52:30.0218 4008 abp480n5 - ok
22:52:30.0250 4008 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:52:30.0296 4008 ACPI - ok
22:52:30.0343 4008 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:52:30.0375 4008 ACPIEC - ok
22:52:30.0406 4008 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:52:30.0421 4008 AdobeFlashPlayerUpdateSvc - ok
22:52:30.0437 4008 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:52:30.0484 4008 adpu160m - ok
22:52:30.0500 4008 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:52:30.0531 4008 aec - ok
22:52:30.0562 4008 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
22:52:30.0593 4008 Afc - ok
22:52:30.0625 4008 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:52:30.0625 4008 AFD - ok
22:52:30.0656 4008 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
22:52:30.0687 4008 agp440 - ok
22:52:30.0703 4008 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:52:30.0734 4008 agpCPQ - ok
22:52:30.0750 4008 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:52:30.0781 4008 Aha154x - ok
22:52:30.0781 4008 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:52:30.0812 4008 aic78u2 - ok
22:52:30.0828 4008 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:52:30.0859 4008 aic78xx - ok
22:52:30.0875 4008 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:52:30.0890 4008 Alerter - ok
22:52:30.0890 4008 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
22:52:30.0906 4008 ALG - ok
22:52:30.0921 4008 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
22:52:30.0937 4008 AliIde - ok
22:52:30.0937 4008 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:52:30.0953 4008 alim1541 - ok
22:52:31.0000 4008 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
22:52:31.0015 4008 Ambfilt - ok
22:52:31.0015 4008 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:52:31.0031 4008 amdagp - ok
22:52:31.0031 4008 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
22:52:31.0046 4008 amsint - ok
22:52:31.0062 4008 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:52:31.0062 4008 AppMgmt - ok
22:52:31.0078 4008 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
22:52:31.0109 4008 asc - ok
22:52:31.0109 4008 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:52:31.0125 4008 asc3350p - ok
22:52:31.0140 4008 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:52:31.0156 4008 asc3550 - ok
22:52:31.0234 4008 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:52:31.0234 4008 aspnet_state - ok
22:52:31.0250 4008 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:52:31.0265 4008 AsyncMac - ok
22:52:31.0265 4008 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:52:31.0281 4008 atapi - ok
22:52:31.0281 4008 Atdisk - ok
22:52:31.0312 4008 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:52:31.0312 4008 Atmarpc - ok
22:52:31.0328 4008 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:52:31.0328 4008 AudioSrv - ok
22:52:31.0343 4008 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:52:31.0343 4008 audstub - ok
22:52:31.0359 4008 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:52:31.0375 4008 Beep - ok
22:52:31.0406 4008 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
22:52:31.0406 4008 BITS - ok
22:52:31.0437 4008 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:52:31.0437 4008 Bonjour Service - ok
22:52:31.0468 4008 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
22:52:31.0468 4008 Browser - ok
22:52:31.0515 4008 catchme - ok
22:52:31.0531 4008 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:52:31.0546 4008 cbidf - ok
22:52:31.0546 4008 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:52:31.0546 4008 cbidf2k - ok
22:52:31.0562 4008 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:52:31.0578 4008 CCDECODE - ok
22:52:31.0609 4008 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:52:31.0625 4008 cd20xrnt - ok
22:52:31.0640 4008 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:52:31.0656 4008 Cdaudio - ok
22:52:31.0671 4008 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:52:31.0671 4008 Cdfs - ok
22:52:31.0687 4008 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:52:31.0718 4008 Cdrom - ok
22:52:31.0718 4008 Changer - ok
22:52:31.0750 4008 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:52:31.0750 4008 CiSvc - ok
22:52:31.0765 4008 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:52:31.0765 4008 ClipSrv - ok
22:52:31.0796 4008 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:52:31.0796 4008 clr_optimization_v2.0.50727_32 - ok
22:52:31.0796 4008 [ 964D0F042ACA51D5644779EB9D9EE40F ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:52:31.0828 4008 CmdIde - ok
22:52:31.0828 4008 COMSysApp - ok
22:52:31.0843 4008 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:52:31.0875 4008 Cpqarray - ok
22:52:31.0875 4008 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:52:31.0875 4008 CryptSvc - ok
22:52:31.0906 4008 [ DBD89BC0DBE00DCD245BE8F61DBEE291 ] cvintdrv C:\WINDOWS\system32\drivers\cvintdrv.sys
22:52:31.0937 4008 cvintdrv - ok
22:52:31.0937 4008 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:52:31.0968 4008 dac2w2k - ok
22:52:31.0984 4008 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:52:32.0000 4008 dac960nt - ok
22:52:32.0031 4008 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:52:32.0031 4008 DcomLaunch - ok
22:52:32.0046 4008 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:52:32.0046 4008 Dhcp - ok
22:52:32.0062 4008 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:52:32.0078 4008 Disk - ok
22:52:32.0093 4008 dmadmin - ok
22:52:32.0109 4008 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:52:32.0140 4008 dmboot - ok
22:52:32.0156 4008 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:52:32.0187 4008 dmio - ok
22:52:32.0187 4008 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:52:32.0218 4008 dmload - ok
22:52:32.0218 4008 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:52:32.0218 4008 dmserver - ok
22:52:32.0234 4008 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:52:32.0250 4008 DMusic - ok
22:52:32.0265 4008 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:52:32.0265 4008 Dnscache - ok
22:52:32.0281 4008 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:52:32.0281 4008 Dot3svc - ok
22:52:32.0281 4008 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:52:32.0296 4008 dpti2o - ok
22:52:32.0328 4008 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:52:32.0328 4008 drmkaud - ok
22:52:32.0343 4008 [ 9DF7F41E5C76835DEE57619F1A30A348 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
22:52:32.0375 4008 eamon - ok
22:52:32.0375 4008 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:52:32.0375 4008 EapHost - ok
22:52:32.0390 4008 [ 0582FF929D7B95420503E002CB960F52 ] edevmon C:\WINDOWS\system32\DRIVERS\edevmon.sys
22:52:32.0406 4008 edevmon - ok
22:52:32.0421 4008 [ 7E99C361738F5AA67F18A68B9414867E ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
22:52:32.0421 4008 ehdrv - ok
22:52:32.0515 4008 [ 73E325D05E5AA5AF523FDDDA79ED04F8 ] EhttpSrv C:\Program Files\ESET\ESET Endpoint Security\EHttpSrv.exe
22:52:32.0515 4008 EhttpSrv - ok
22:52:32.0609 4008 [ A35C45EAFEA7AAB76F1D8AB74DBC5878 ] ekrn C:\Program Files\ESET\ESET Endpoint Security\ekrn.exe
22:52:32.0609 4008 ekrn - ok
22:52:32.0640 4008 [ B2DCF4FF99DA989DDC8705FA5D75A185 ] epfw C:\WINDOWS\system32\DRIVERS\epfw.sys
22:52:32.0656 4008 epfw - ok
22:52:32.0671 4008 [ BE6B887AD5C66245453F65C99F7B921F ] Epfwndis C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
22:52:32.0703 4008 Epfwndis - ok
22:52:32.0703 4008 [ 88EA6CF9BC60E7CBD89846A0BF8B8A2C ] epfwtdi C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
22:52:32.0718 4008 epfwtdi - ok
22:52:32.0750 4008 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:52:32.0750 4008 ERSvc - ok
22:52:32.0796 4008 [ 2AAFB491B703AA5CAE6F949BEC4A53A0 ] ESHASRV C:\Program Files\ESET\ESET Endpoint Security\EShaSrv.exe
22:52:32.0796 4008 ESHASRV - ok
22:52:32.0812 4008 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
22:52:32.0812 4008 Eventlog - ok
22:52:32.0843 4008 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
22:52:32.0843 4008 EventSystem - ok
22:52:32.0875 4008 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:52:32.0890 4008 Fastfat - ok
22:52:32.0906 4008 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:52:32.0906 4008 FastUserSwitchingCompatibility - ok
22:52:32.0921 4008 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:52:32.0937 4008 Fdc - ok
22:52:32.0937 4008 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:52:32.0953 4008 Fips - ok
22:52:33.0031 4008 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:52:33.0031 4008 FLEXnet Licensing Service - ok
22:52:33.0031 4008 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:52:33.0046 4008 Flpydisk - ok
22:52:33.0062 4008 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:52:33.0078 4008 FltMgr - ok
22:52:33.0125 4008 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:52:33.0125 4008 FontCache3.0.0.0 - ok
22:52:33.0140 4008 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:52:33.0140 4008 Fs_Rec - ok
22:52:33.0156 4008 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:52:33.0171 4008 Ftdisk - ok
22:52:33.0171 4008 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:52:33.0187 4008 Gpc - ok
22:52:33.0250 4008 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:52:33.0250 4008 gupdate - ok
22:52:33.0250 4008 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:52:33.0250 4008 gupdatem - ok
22:52:33.0281 4008 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:52:33.0296 4008 gusvc - ok
22:52:33.0312 4008 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:52:33.0328 4008 HDAudBus - ok
22:52:33.0343 4008 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:52:33.0343 4008 helpsvc - ok
22:52:33.0375 4008 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:52:33.0375 4008 HidServ - ok
22:52:33.0406 4008 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:52:33.0406 4008 HidUsb - ok
22:52:33.0437 4008 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:52:33.0437 4008 hkmsvc - ok
22:52:33.0453 4008 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
22:52:33.0468 4008 hpn - ok
22:52:33.0500 4008 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:52:33.0515 4008 HTTP - ok
22:52:33.0546 4008 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:52:33.0546 4008 HTTPFilter - ok
22:52:33.0562 4008 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
22:52:33.0578 4008 i2omgmt - ok
22:52:33.0593 4008 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:52:33.0609 4008 i2omp - ok
22:52:33.0609 4008 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:52:33.0625 4008 i8042prt - ok
22:52:33.0656 4008 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:52:33.0671 4008 iaStor - ok
22:52:33.0734 4008 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:52:33.0734 4008 idsvc - ok
22:52:33.0750 4008 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:52:33.0765 4008 Imapi - ok
22:52:33.0796 4008 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:52:33.0796 4008 ImapiService - ok
22:52:33.0812 4008 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:52:33.0828 4008 ini910u - ok
22:52:33.0937 4008 [ 0CE2EAB2FFB33B8B0EF2B8E0D8B3F026 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:52:34.0015 4008 IntcAzAudAddService - ok
22:52:34.0031 4008 [ 57D928E548B38502ABBA7A77A6EB7312 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
22:52:34.0046 4008 IntelIde - ok
22:52:34.0062 4008 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:52:34.0078 4008 intelppm - ok
22:52:34.0093 4008 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:52:34.0109 4008 Ip6Fw - ok
22:52:34.0125 4008 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:52:34.0156 4008 IpFilterDriver - ok
22:52:34.0171 4008 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:52:34.0187 4008 IpInIp - ok
22:52:34.0187 4008 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:52:34.0203 4008 IpNat - ok
22:52:34.0218 4008 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:52:34.0234 4008 IPSec - ok
22:52:34.0234 4008 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:52:34.0250 4008 IRENUM - ok
22:52:34.0265 4008 [ 8BDD3847E74D534B53584B1F97E80BED ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:52:34.0265 4008 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\isapnp.sys. Real md5: 8BDD3847E74D534B53584B1F97E80BED, Fake md5: CC9F8A2D60AED1A51A3AC34C59B987AE
22:52:34.0265 4008 isapnp ( Rootkit.Win32.TDSS.tdl3 ) - infected
22:52:34.0265 4008 isapnp - detected Rootkit.Win32.TDSS.tdl3 (0)
22:52:34.0281 4008 [ A930C69680D6A99FB10686FB25E7CFD4 ] IT9135BDA C:\WINDOWS\system32\Drivers\IT9135BDA.sys
22:52:34.0281 4008 IT9135BDA - ok
22:52:34.0296 4008 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:52:34.0312 4008 Kbdclass - ok
22:52:34.0328 4008 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:52:34.0343 4008 kbdhid - ok
22:52:34.0359 4008 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:52:34.0359 4008 kmixer - ok
22:52:34.0390 4008 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:52:34.0406 4008 KSecDD - ok
22:52:34.0421 4008 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
22:52:34.0437 4008 LanmanServer - ok
22:52:34.0453 4008 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:52:34.0453 4008 lanmanworkstation - ok
22:52:34.0453 4008 lbrtfdc - ok
22:52:34.0500 4008 [ 20CDB07017497C94A0BAD253C4BAFCBC ] LkCitadelServer C:\WINDOWS\system32\lkcitdl.exe
22:52:34.0500 4008 LkCitadelServer - ok
22:52:34.0515 4008 [ 4CF1212843E92442265E61F945FDD7BC ] lkClassAds C:\WINDOWS\system32\lkads.exe
22:52:34.0515 4008 lkClassAds - ok
22:52:34.0546 4008 [ 37F285D5645A4B01C2E2C98246436811 ] lkTimeSync C:\WINDOWS\system32\lktsrv.exe
22:52:34.0546 4008 lkTimeSync - ok
22:52:34.0562 4008 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:52:34.0562 4008 LmHosts - ok
22:52:34.0625 4008 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
22:52:34.0640 4008 MDM - ok
22:52:34.0656 4008 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:52:34.0656 4008 Messenger - ok
22:52:34.0718 4008 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:52:34.0718 4008 Microsoft Office Groove Audit Service - ok
22:52:34.0750 4008 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:52:34.0750 4008 mnmdd - ok
22:52:34.0765 4008 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:52:34.0765 4008 mnmsrvc - ok
22:52:34.0781 4008 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:52:34.0781 4008 Modem - ok
22:52:34.0828 4008 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
22:52:34.0843 4008 Monfilt - ok
22:52:34.0843 4008 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:52:34.0859 4008 Mouclass - ok
22:52:34.0875 4008 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:52:34.0875 4008 mouhid - ok
22:52:34.0890 4008 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:52:34.0906 4008 MountMgr - ok
22:52:34.0937 4008 [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:52:34.0937 4008 MozillaMaintenance - ok
22:52:34.0968 4008 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
22:52:34.0968 4008 MPE - ok
22:52:34.0984 4008 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:52:35.0000 4008 mraid35x - ok
22:52:35.0000 4008 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:52:35.0031 4008 MRxDAV - ok
22:52:35.0062 4008 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:52:35.0078 4008 MRxSmb - ok
22:52:35.0109 4008 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:52:35.0109 4008 MSDTC - ok
22:52:35.0109 4008 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:52:35.0125 4008 Msfs - ok
22:52:35.0125 4008 MSIServer - ok
22:52:35.0140 4008 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:52:35.0156 4008 MSKSSRV - ok
22:52:35.0171 4008 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:52:35.0187 4008 MSPCLOCK - ok
22:52:35.0187 4008 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:52:35.0203 4008 MSPQM - ok
22:52:35.0203 4008 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:52:35.0218 4008 mssmbios - ok
22:52:35.0234 4008 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:52:35.0250 4008 MSTEE - ok
22:52:35.0265 4008 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:52:35.0281 4008 Mup - ok
22:52:35.0281 4008 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:52:35.0296 4008 NABTSFEC - ok
22:52:35.0328 4008 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:52:35.0328 4008 napagent - ok
22:52:35.0328 4008 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:52:35.0328 4008 NDIS - ok
22:52:35.0343 4008 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:52:35.0359 4008 NdisIP - ok
22:52:35.0390 4008 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:52:35.0406 4008 NdisTapi - ok
22:52:35.0421 4008 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:52:35.0437 4008 Ndisuio - ok
22:52:35.0453 4008 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:52:35.0468 4008 NdisWan - ok
22:52:35.0484 4008 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:52:35.0500 4008 NDProxy - ok
22:52:35.0562 4008 [ B044BB341E164DA6750A9B8E6A5FF6A1 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
22:52:35.0562 4008 Nero BackItUp Scheduler 3 - ok
22:52:35.0593 4008 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:52:35.0609 4008 NetBIOS - ok
22:52:35.0625 4008 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:52:35.0640 4008 NetBT - ok
22:52:35.0656 4008 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
22:52:35.0671 4008 NetDDE - ok
22:52:35.0671 4008 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:52:35.0671 4008 NetDDEdsdm - ok
22:52:35.0703 4008 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:52:35.0703 4008 Netlogon - ok
22:52:35.0718 4008 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
22:52:35.0718 4008 Netman - ok
22:52:35.0734 4008 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:52:35.0734 4008 NetTcpPortSharing - ok
22:52:35.0765 4008 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
22:52:35.0765 4008 Nla - ok
22:52:35.0828 4008 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
22:52:35.0828 4008 NMIndexingService - ok
22:52:35.0843 4008 [ B0A67DE1A128389AEA4D42C5A56215FD ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
22:52:35.0859 4008 nmwcd - ok
22:52:35.0890 4008 [ 025C54F9F8C8BC1894EA38529C742C54 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
22:52:35.0890 4008 nmwcdc - ok
22:52:35.0906 4008 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:52:35.0921 4008 Npfs - ok
22:52:35.0937 4008 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:52:35.0968 4008 Ntfs - ok
22:52:35.0968 4008 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:52:35.0968 4008 NtLmSsp - ok
22:52:36.0000 4008 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:52:36.0000 4008 NtmsSvc - ok
22:52:36.0015 4008 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:52:36.0031 4008 Null - ok
22:52:37.0281 4008 [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:52:37.0406 4008 nv - ok
22:52:37.0437 4008 [ D314FE034D68C09D412727886E24F5FB ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
22:52:37.0437 4008 NVENETFD - ok
22:52:37.0468 4008 [ EA98BFE4931BD13D747D647C1859796E ] nvgts C:\WINDOWS\system32\DRIVERS\nvgts.sys
22:52:37.0468 4008 nvgts - ok
22:52:37.0484 4008 [ F99FBB623ED78367574EE461B5B32C2C ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22:52:37.0500 4008 nvnetbus - ok
22:52:37.0500 4008 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:52:37.0515 4008 NwlnkFlt - ok
22:52:37.0546 4008 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:52:37.0562 4008 NwlnkFwd - ok
22:52:37.0625 4008 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:52:37.0625 4008 odserv - ok
22:52:37.0656 4008 [ EAE6208900E2986F66F68B30AEF86E4D ] OpcEnum C:\WINDOWS\system32\OpcEnum.exe
22:52:37.0656 4008 OpcEnum - ok
22:52:37.0671 4008 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:52:37.0671 4008 ose - ok
22:52:37.0703 4008 [ 3FC38E7FBE91DB40C34731195F4116C2 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
22:52:37.0718 4008 P3 - ok
22:52:37.0734 4008 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:52:37.0750 4008 Parport - ok
22:52:37.0765 4008 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:52:37.0781 4008 PartMgr - ok
22:52:37.0796 4008 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:52:37.0812 4008 ParVdm - ok
22:52:37.0828 4008 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:52:37.0843 4008 PCI - ok
22:52:37.0843 4008 PCIDump - ok
22:52:37.0859 4008 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:52:37.0875 4008 PCIIde - ok
22:52:37.0890 4008 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:52:37.0921 4008 Pcmcia - ok
22:52:37.0921 4008 PDCOMP - ok
22:52:37.0921 4008 PDFRAME - ok
22:52:37.0937 4008 PDRELI - ok
22:52:37.0937 4008 PDRFRAME - ok
22:52:37.0953 4008 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
22:52:37.0968 4008 perc2 - ok
22:52:37.0968 4008 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:52:37.0984 4008 perc2hib - ok
22:52:38.0015 4008 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe
22:52:38.0015 4008 PLFlash DeviceIoControl Service - ok
22:52:38.0015 4008 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
22:52:38.0031 4008 PlugPlay - ok
22:52:38.0031 4008 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:52:38.0031 4008 PolicyAgent - ok
22:52:38.0046 4008 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:52:38.0078 4008 PptpMiniport - ok
22:52:38.0078 4008 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:52:38.0078 4008 ProtectedStorage - ok
22:52:38.0078 4008 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:52:38.0125 4008 PSched - ok
22:52:38.0140 4008 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:52:38.0156 4008 Ptilink - ok
22:52:38.0171 4008 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:52:38.0218 4008 ql1080 - ok
22:52:38.0218 4008 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:52:38.0234 4008 Ql10wnt - ok
22:52:38.0250 4008 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:52:38.0265 4008 ql12160 - ok
22:52:38.0265 4008 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:52:38.0296 4008 ql1240 - ok
22:52:38.0296 4008 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:52:38.0312 4008 ql1280 - ok
22:52:38.0328 4008 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:52:38.0328 4008 RasAcd - ok
22:52:38.0359 4008 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:52:38.0359 4008 RasAuto - ok
22:52:38.0375 4008 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:52:38.0390 4008 Rasl2tp - ok
22:52:38.0390 4008 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:52:38.0406 4008 RasMan - ok
22:52:38.0406 4008 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:52:38.0421 4008 RasPppoe - ok
22:52:38.0421 4008 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:52:38.0437 4008 Raspti - ok
22:52:38.0453 4008 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:52:38.0500 4008 Rdbss - ok
22:52:38.0515 4008 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:52:38.0531 4008 RDPCDD - ok
22:52:38.0546 4008 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:52:38.0562 4008 rdpdr - ok
22:52:38.0593 4008 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:52:38.0609 4008 RDPWD - ok
22:52:38.0625 4008 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:52:38.0640 4008 RDSessMgr - ok
22:52:38.0640 4008 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:52:38.0656 4008 redbook - ok
22:52:38.0671 4008 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:52:38.0687 4008 RemoteAccess - ok
22:52:38.0687 4008 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:52:38.0703 4008 RemoteRegistry - ok
22:52:38.0718 4008 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
22:52:38.0718 4008 RpcLocator - ok
22:52:38.0734 4008 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
22:52:38.0750 4008 RpcSs - ok
22:52:38.0750 4008 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:52:38.0765 4008 RSVP - ok
22:52:38.0765 4008 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
22:52:38.0765 4008 SamSs - ok
22:52:38.0796 4008 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:52:38.0796 4008 SCardSvr - ok
22:52:38.0812 4008 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:52:38.0812 4008 Schedule - ok
22:52:38.0843 4008 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:52:38.0859 4008 Secdrv - ok
22:52:38.0859 4008 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:52:38.0859 4008 seclogon - ok
22:52:38.0875 4008 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
22:52:38.0875 4008 SENS - ok
22:52:38.0890 4008 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:52:38.0906 4008 serenum - ok
22:52:38.0921 4008 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:52:38.0937 4008 Serial - ok
22:52:38.0953 4008 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:52:38.0968 4008 Sfloppy - ok
22:52:38.0984 4008 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:52:39.0000 4008 SharedAccess - ok
22:52:39.0000 4008 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:52:39.0015 4008 ShellHWDetection - ok
22:52:39.0015 4008 Simbad - ok
22:52:39.0031 4008 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:52:39.0046 4008 sisagp - ok
22:52:39.0078 4008 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:52:39.0093 4008 SkypeUpdate - ok
22:52:39.0125 4008 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:52:39.0140 4008 SLIP - ok
22:52:39.0156 4008 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:52:39.0187 4008 SONYPVU1 - ok
22:52:39.0187 4008 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:52:39.0203 4008 Sparrow - ok
22:52:39.0234 4008 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:52:39.0250 4008 splitter - ok
22:52:39.0281 4008 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:52:39.0281 4008 Spooler - ok
22:52:39.0281 4008 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:52:39.0312 4008 sr - ok
22:52:39.0328 4008 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
22:52:39.0343 4008 srservice - ok
22:52:39.0359 4008 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:52:39.0390 4008 Srv - ok
22:52:39.0390 4008 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:52:39.0406 4008 SSDPSRV - ok
22:52:39.0421 4008 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
22:52:39.0437 4008 StarOpen - ok
22:52:39.0468 4008 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:52:39.0468 4008 stisvc - ok
22:52:39.0484 4008 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:52:39.0500 4008 streamip - ok
22:52:39.0531 4008 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:52:39.0546 4008 swenum - ok
22:52:39.0625 4008 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:52:39.0625 4008 SwitchBoard - ok
22:52:39.0640 4008 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:52:39.0671 4008 swmidi - ok
22:52:39.0671 4008 SwPrv - ok
22:52:39.0687 4008 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
22:52:39.0703 4008 symc810 - ok
22:52:39.0718 4008 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:52:39.0734 4008 symc8xx - ok
22:52:39.0750 4008 [ 05CFC382170A709F931E41620677097A ] SYMMPI C:\WINDOWS\system32\DRIVERS\symmpi.sys
22:52:39.0765 4008 SYMMPI - ok
22:52:39.0765 4008 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:52:39.0781 4008 sym_hi - ok
22:52:39.0781 4008 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:52:39.0796 4008 sym_u3 - ok
22:52:39.0812 4008 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:52:39.0812 4008 sysaudio - ok
22:52:39.0843 4008 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:52:39.0843 4008 SysmonLog - ok
22:52:39.0875 4008 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:52:39.0875 4008 TapiSrv - ok
22:52:39.0906 4008 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:52:39.0921 4008 Tcpip - ok
22:52:39.0937 4008 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:52:39.0953 4008 TDPIPE - ok
22:52:39.0953 4008 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:52:39.0968 4008 TDTCP - ok
22:52:39.0984 4008 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:52:40.0015 4008 TermDD - ok
22:52:40.0031 4008 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
22:52:40.0031 4008 TermService - ok
22:52:40.0046 4008 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
22:52:40.0046 4008 Themes - ok
22:52:40.0062 4008 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:52:40.0062 4008 TlntSvr - ok
22:52:40.0062 4008 [ FD4FD7D6FDA5C019ED86025D7BE1510F ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
22:52:40.0078 4008 TosIde - ok
22:52:40.0093 4008 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:52:40.0093 4008 TrkWks - ok
22:52:40.0109 4008 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:52:40.0125 4008 Udfs - ok
22:52:40.0140 4008 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
22:52:40.0171 4008 ultra - ok
22:52:40.0187 4008 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:52:40.0218 4008 Update - ok
22:52:40.0234 4008 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
22:52:40.0234 4008 upnphost - ok
22:52:40.0250 4008 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
22:52:40.0250 4008 UPS - ok
22:52:40.0265 4008 [ 65898A183FBF1D1F7759D5CCB364DCD4 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:52:40.0281 4008 usbaudio - ok
22:52:40.0296 4008 [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:52:40.0312 4008 usbccgp - ok
22:52:40.0328 4008 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:52:40.0343 4008 usbehci - ok
22:52:40.0359 4008 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:52:40.0375 4008 usbhub - ok
22:52:40.0390 4008 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:52:40.0406 4008 usbohci - ok
22:52:40.0437 4008 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:52:40.0453 4008 usbprint - ok
22:52:40.0468 4008 [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:52:40.0484 4008 usbscan - ok
22:52:40.0515 4008 [ 84C44D720655A8AA475E57A9E764D675 ] usbser C:\WINDOWS\system32\drivers\usbser.sys
22:52:40.0515 4008 usbser - ok
22:52:40.0546 4008 [ 4F8FBC51A1C0A17310846B417A447F91 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
22:52:40.0546 4008 UsbserFilt - ok
22:52:40.0562 4008 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:52:40.0578 4008 USBSTOR - ok
22:52:40.0593 4008 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:52:40.0609 4008 usbuhci - ok
22:52:40.0640 4008 [ 813236B1183CFCF289E367BD5DE6E29E ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
22:52:40.0656 4008 usbvideo - ok
22:52:40.0656 4008 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:52:40.0671 4008 VgaSave - ok
22:52:40.0687 4008 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:52:40.0718 4008 viaagp - ok
22:52:40.0734 4008 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
22:52:40.0734 4008 ViaIde - ok
22:52:40.0750 4008 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:52:40.0781 4008 VolSnap - ok
22:52:40.0796 4008 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
22:52:40.0796 4008 VSS - ok
22:52:40.0812 4008 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
22:52:40.0812 4008 W32Time - ok
22:52:40.0828 4008 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:52:40.0843 4008 Wanarp - ok
22:52:40.0875 4008 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
22:52:40.0875 4008 Wdf01000 - ok
22:52:40.0890 4008 WDICA - ok
22:52:40.0890 4008 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:52:40.0906 4008 wdmaud - ok
22:52:40.0921 4008 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:52:40.0937 4008 WebClient - ok
22:52:40.0968 4008 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:52:40.0968 4008 winmgmt - ok
22:52:41.0015 4008 [ 4D34CEDD74BDBF2B6A935EAE3BF80543 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
22:52:41.0031 4008 WinRM - ok
22:52:41.0062 4008 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:52:41.0062 4008 WmdmPmSN - ok
22:52:41.0093 4008 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:52:41.0093 4008 Wmi - ok
22:52:41.0109 4008 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:52:41.0109 4008 WmiApSrv - ok
22:52:41.0171 4008 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
22:52:41.0171 4008 WMPNetworkSvc - ok
22:52:41.0187 4008 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:52:41.0187 4008 WpdUsb - ok
22:52:41.0203 4008 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:52:41.0218 4008 WS2IFSL - ok
22:52:41.0234 4008 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:52:41.0234 4008 wscsvc - ok
22:52:41.0250 4008 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:52:41.0265 4008 WSTCODEC - ok
22:52:41.0281 4008 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:52:41.0281 4008 wuauserv - ok
22:52:41.0296 4008 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:52:41.0312 4008 WudfPf - ok
22:52:41.0328 4008 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:52:41.0328 4008 WudfRd - ok
22:52:41.0359 4008 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:52:41.0359 4008 WudfSvc - ok
22:52:41.0375 4008 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:52:41.0375 4008 WZCSVC - ok
22:52:41.0406 4008 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:52:41.0406 4008 xmlprov - ok
22:52:41.0406 4008 ================ Scan global ===============================
22:52:41.0421 4008 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
22:52:41.0453 4008 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
22:52:41.0468 4008 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
22:52:41.0484 4008 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
22:52:41.0484 4008 [Global] - ok
22:52:41.0484 4008 ================ Scan MBR ==================================
22:52:41.0500 4008 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:52:41.0640 4008 \Device\Harddisk0\DR0 - ok
22:52:41.0656 4008 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR3
22:52:41.0687 4008 \Device\Harddisk1\DR3 - ok
22:52:41.0687 4008 ================ Scan VBR ==================================
22:52:41.0687 4008 [ BD930222C9E13D38D51B33D6748AF858 ] \Device\Harddisk0\DR0\Partition1
22:52:41.0687 4008 \Device\Harddisk0\DR0\Partition1 - ok
22:52:41.0703 4008 [ 2C7949259E15A8BF78B0180DE1C3DE3E ] \Device\Harddisk0\DR0\Partition2
22:52:41.0703 4008 \Device\Harddisk0\DR0\Partition2 - ok
22:52:41.0703 4008 [ 27080EA03CBE4DC5FAFDA3BB61A38AF1 ] \Device\Harddisk1\DR3\Partition1
22:52:41.0718 4008 \Device\Harddisk1\DR3\Partition1 - ok
22:52:41.0718 4008 ============================================================
22:52:41.0718 4008 Scan finished
22:52:41.0718 4008 ============================================================
22:52:41.0718 3148 Detected object count: 1
22:52:41.0718 3148 Actual detected object count: 1
22:53:35.0890 3148 C:\WINDOWS\system32\DRIVERS\isapnp.sys - copied to quarantine
22:53:36.0515 3148 Backup copy found, using it..
22:53:36.0546 3148 C:\WINDOWS\system32\DRIVERS\isapnp.sys - will be cured on reboot
22:53:36.0546 3148 isapnp ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
22:53:41.0421 3640 Deinitialize success
22:52:25.0187 3060 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:52:25.0421 3060 ============================================================
22:52:25.0421 3060 Current date / time: 2013/10/09 22:52:25.0421
22:52:25.0421 3060 SystemInfo:
22:52:25.0421 3060
22:52:25.0421 3060 OS Version: 5.1.2600 ServicePack: 3.0
22:52:25.0421 3060 Product type: Workstation
22:52:25.0421 3060 ComputerName: PC-200
22:52:25.0421 3060 UserName: User
22:52:25.0421 3060 Windows directory: C:\WINDOWS
22:52:25.0421 3060 System windows directory: C:\WINDOWS
22:52:25.0421 3060 Processor architecture: Intel x86
22:52:25.0421 3060 Number of processors: 2
22:52:25.0421 3060 Page size: 0x1000
22:52:25.0421 3060 Boot type: Normal boot
22:52:25.0421 3060 ============================================================
22:52:25.0859 3060 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:52:25.0859 3060 Drive \Device\Harddisk1\DR3 - Size: 0x3D800000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:52:25.0859 3060 ============================================================
22:52:25.0859 3060 \Device\Harddisk0\DR0:
22:52:25.0859 3060 MBR partitions:
22:52:25.0859 3060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2800A34
22:52:25.0859 3060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2800A73, BlocksNum 0x22C2CC4E
22:52:25.0859 3060 \Device\Harddisk1\DR3:
22:52:25.0875 3060 MBR partitions:
22:52:25.0875 3060 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1EBFC1
22:52:25.0875 3060 ============================================================
22:52:25.0875 3060 C: <-> \Device\Harddisk0\DR0\Partition1
22:52:25.0953 3060 D: <-> \Device\Harddisk0\DR0\Partition2
22:52:25.0953 3060 ============================================================
22:52:25.0953 3060 Initialize success
22:52:25.0953 3060 ============================================================
22:52:29.0859 4008 ============================================================
22:52:29.0859 4008 Scan started
22:52:29.0859 4008 Mode: Manual;
22:52:29.0859 4008 ============================================================
22:52:30.0078 4008 ================ Scan system memory ========================
22:52:30.0078 4008 System memory - ok
22:52:30.0078 4008 ================ Scan services =============================
22:52:30.0171 4008 Abiosdsk - ok
22:52:30.0187 4008 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:52:30.0218 4008 abp480n5 - ok
22:52:30.0250 4008 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:52:30.0296 4008 ACPI - ok
22:52:30.0343 4008 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:52:30.0375 4008 ACPIEC - ok
22:52:30.0406 4008 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:52:30.0421 4008 AdobeFlashPlayerUpdateSvc - ok
22:52:30.0437 4008 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:52:30.0484 4008 adpu160m - ok
22:52:30.0500 4008 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:52:30.0531 4008 aec - ok
22:52:30.0562 4008 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
22:52:30.0593 4008 Afc - ok
22:52:30.0625 4008 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:52:30.0625 4008 AFD - ok
22:52:30.0656 4008 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
22:52:30.0687 4008 agp440 - ok
22:52:30.0703 4008 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:52:30.0734 4008 agpCPQ - ok
22:52:30.0750 4008 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:52:30.0781 4008 Aha154x - ok
22:52:30.0781 4008 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:52:30.0812 4008 aic78u2 - ok
22:52:30.0828 4008 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:52:30.0859 4008 aic78xx - ok
22:52:30.0875 4008 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:52:30.0890 4008 Alerter - ok
22:52:30.0890 4008 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
22:52:30.0906 4008 ALG - ok
22:52:30.0921 4008 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
22:52:30.0937 4008 AliIde - ok
22:52:30.0937 4008 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:52:30.0953 4008 alim1541 - ok
22:52:31.0000 4008 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
22:52:31.0015 4008 Ambfilt - ok
22:52:31.0015 4008 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:52:31.0031 4008 amdagp - ok
22:52:31.0031 4008 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
22:52:31.0046 4008 amsint - ok
22:52:31.0062 4008 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:52:31.0062 4008 AppMgmt - ok
22:52:31.0078 4008 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
22:52:31.0109 4008 asc - ok
22:52:31.0109 4008 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:52:31.0125 4008 asc3350p - ok
22:52:31.0140 4008 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:52:31.0156 4008 asc3550 - ok
22:52:31.0234 4008 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:52:31.0234 4008 aspnet_state - ok
22:52:31.0250 4008 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:52:31.0265 4008 AsyncMac - ok
22:52:31.0265 4008 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:52:31.0281 4008 atapi - ok
22:52:31.0281 4008 Atdisk - ok
22:52:31.0312 4008 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:52:31.0312 4008 Atmarpc - ok
22:52:31.0328 4008 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:52:31.0328 4008 AudioSrv - ok
22:52:31.0343 4008 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:52:31.0343 4008 audstub - ok
22:52:31.0359 4008 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:52:31.0375 4008 Beep - ok
22:52:31.0406 4008 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
22:52:31.0406 4008 BITS - ok
22:52:31.0437 4008 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:52:31.0437 4008 Bonjour Service - ok
22:52:31.0468 4008 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
22:52:31.0468 4008 Browser - ok
22:52:31.0515 4008 catchme - ok
22:52:31.0531 4008 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:52:31.0546 4008 cbidf - ok
22:52:31.0546 4008 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:52:31.0546 4008 cbidf2k - ok
22:52:31.0562 4008 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:52:31.0578 4008 CCDECODE - ok
22:52:31.0609 4008 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:52:31.0625 4008 cd20xrnt - ok
22:52:31.0640 4008 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:52:31.0656 4008 Cdaudio - ok
22:52:31.0671 4008 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:52:31.0671 4008 Cdfs - ok
22:52:31.0687 4008 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:52:31.0718 4008 Cdrom - ok
22:52:31.0718 4008 Changer - ok
22:52:31.0750 4008 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:52:31.0750 4008 CiSvc - ok
22:52:31.0765 4008 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:52:31.0765 4008 ClipSrv - ok
22:52:31.0796 4008 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:52:31.0796 4008 clr_optimization_v2.0.50727_32 - ok
22:52:31.0796 4008 [ 964D0F042ACA51D5644779EB9D9EE40F ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:52:31.0828 4008 CmdIde - ok
22:52:31.0828 4008 COMSysApp - ok
22:52:31.0843 4008 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:52:31.0875 4008 Cpqarray - ok
22:52:31.0875 4008 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:52:31.0875 4008 CryptSvc - ok
22:52:31.0906 4008 [ DBD89BC0DBE00DCD245BE8F61DBEE291 ] cvintdrv C:\WINDOWS\system32\drivers\cvintdrv.sys
22:52:31.0937 4008 cvintdrv - ok
22:52:31.0937 4008 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:52:31.0968 4008 dac2w2k - ok
22:52:31.0984 4008 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:52:32.0000 4008 dac960nt - ok
22:52:32.0031 4008 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:52:32.0031 4008 DcomLaunch - ok
22:52:32.0046 4008 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:52:32.0046 4008 Dhcp - ok
22:52:32.0062 4008 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:52:32.0078 4008 Disk - ok
22:52:32.0093 4008 dmadmin - ok
22:52:32.0109 4008 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:52:32.0140 4008 dmboot - ok
22:52:32.0156 4008 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:52:32.0187 4008 dmio - ok
22:52:32.0187 4008 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:52:32.0218 4008 dmload - ok
22:52:32.0218 4008 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:52:32.0218 4008 dmserver - ok
22:52:32.0234 4008 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:52:32.0250 4008 DMusic - ok
22:52:32.0265 4008 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:52:32.0265 4008 Dnscache - ok
22:52:32.0281 4008 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:52:32.0281 4008 Dot3svc - ok
22:52:32.0281 4008 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:52:32.0296 4008 dpti2o - ok
22:52:32.0328 4008 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:52:32.0328 4008 drmkaud - ok
22:52:32.0343 4008 [ 9DF7F41E5C76835DEE57619F1A30A348 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
22:52:32.0375 4008 eamon - ok
22:52:32.0375 4008 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:52:32.0375 4008 EapHost - ok
22:52:32.0390 4008 [ 0582FF929D7B95420503E002CB960F52 ] edevmon C:\WINDOWS\system32\DRIVERS\edevmon.sys
22:52:32.0406 4008 edevmon - ok
22:52:32.0421 4008 [ 7E99C361738F5AA67F18A68B9414867E ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
22:52:32.0421 4008 ehdrv - ok
22:52:32.0515 4008 [ 73E325D05E5AA5AF523FDDDA79ED04F8 ] EhttpSrv C:\Program Files\ESET\ESET Endpoint Security\EHttpSrv.exe
22:52:32.0515 4008 EhttpSrv - ok
22:52:32.0609 4008 [ A35C45EAFEA7AAB76F1D8AB74DBC5878 ] ekrn C:\Program Files\ESET\ESET Endpoint Security\ekrn.exe
22:52:32.0609 4008 ekrn - ok
22:52:32.0640 4008 [ B2DCF4FF99DA989DDC8705FA5D75A185 ] epfw C:\WINDOWS\system32\DRIVERS\epfw.sys
22:52:32.0656 4008 epfw - ok
22:52:32.0671 4008 [ BE6B887AD5C66245453F65C99F7B921F ] Epfwndis C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
22:52:32.0703 4008 Epfwndis - ok
22:52:32.0703 4008 [ 88EA6CF9BC60E7CBD89846A0BF8B8A2C ] epfwtdi C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
22:52:32.0718 4008 epfwtdi - ok
22:52:32.0750 4008 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:52:32.0750 4008 ERSvc - ok
22:52:32.0796 4008 [ 2AAFB491B703AA5CAE6F949BEC4A53A0 ] ESHASRV C:\Program Files\ESET\ESET Endpoint Security\EShaSrv.exe
22:52:32.0796 4008 ESHASRV - ok
22:52:32.0812 4008 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
22:52:32.0812 4008 Eventlog - ok
22:52:32.0843 4008 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
22:52:32.0843 4008 EventSystem - ok
22:52:32.0875 4008 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:52:32.0890 4008 Fastfat - ok
22:52:32.0906 4008 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:52:32.0906 4008 FastUserSwitchingCompatibility - ok
22:52:32.0921 4008 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:52:32.0937 4008 Fdc - ok
22:52:32.0937 4008 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:52:32.0953 4008 Fips - ok
22:52:33.0031 4008 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:52:33.0031 4008 FLEXnet Licensing Service - ok
22:52:33.0031 4008 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:52:33.0046 4008 Flpydisk - ok
22:52:33.0062 4008 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:52:33.0078 4008 FltMgr - ok
22:52:33.0125 4008 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:52:33.0125 4008 FontCache3.0.0.0 - ok
22:52:33.0140 4008 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:52:33.0140 4008 Fs_Rec - ok
22:52:33.0156 4008 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:52:33.0171 4008 Ftdisk - ok
22:52:33.0171 4008 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:52:33.0187 4008 Gpc - ok
22:52:33.0250 4008 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:52:33.0250 4008 gupdate - ok
22:52:33.0250 4008 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:52:33.0250 4008 gupdatem - ok
22:52:33.0281 4008 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:52:33.0296 4008 gusvc - ok
22:52:33.0312 4008 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:52:33.0328 4008 HDAudBus - ok
22:52:33.0343 4008 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:52:33.0343 4008 helpsvc - ok
22:52:33.0375 4008 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:52:33.0375 4008 HidServ - ok
22:52:33.0406 4008 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:52:33.0406 4008 HidUsb - ok
22:52:33.0437 4008 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:52:33.0437 4008 hkmsvc - ok
22:52:33.0453 4008 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
22:52:33.0468 4008 hpn - ok
22:52:33.0500 4008 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:52:33.0515 4008 HTTP - ok
22:52:33.0546 4008 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:52:33.0546 4008 HTTPFilter - ok
22:52:33.0562 4008 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
22:52:33.0578 4008 i2omgmt - ok
22:52:33.0593 4008 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:52:33.0609 4008 i2omp - ok
22:52:33.0609 4008 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:52:33.0625 4008 i8042prt - ok
22:52:33.0656 4008 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:52:33.0671 4008 iaStor - ok
22:52:33.0734 4008 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:52:33.0734 4008 idsvc - ok
22:52:33.0750 4008 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:52:33.0765 4008 Imapi - ok
22:52:33.0796 4008 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:52:33.0796 4008 ImapiService - ok
22:52:33.0812 4008 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:52:33.0828 4008 ini910u - ok
22:52:33.0937 4008 [ 0CE2EAB2FFB33B8B0EF2B8E0D8B3F026 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:52:34.0015 4008 IntcAzAudAddService - ok
22:52:34.0031 4008 [ 57D928E548B38502ABBA7A77A6EB7312 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
22:52:34.0046 4008 IntelIde - ok
22:52:34.0062 4008 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:52:34.0078 4008 intelppm - ok
22:52:34.0093 4008 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:52:34.0109 4008 Ip6Fw - ok
22:52:34.0125 4008 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:52:34.0156 4008 IpFilterDriver - ok
22:52:34.0171 4008 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:52:34.0187 4008 IpInIp - ok
22:52:34.0187 4008 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:52:34.0203 4008 IpNat - ok
22:52:34.0218 4008 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:52:34.0234 4008 IPSec - ok
22:52:34.0234 4008 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:52:34.0250 4008 IRENUM - ok
22:52:34.0265 4008 [ 8BDD3847E74D534B53584B1F97E80BED ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:52:34.0265 4008 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\isapnp.sys. Real md5: 8BDD3847E74D534B53584B1F97E80BED, Fake md5: CC9F8A2D60AED1A51A3AC34C59B987AE
22:52:34.0265 4008 isapnp ( Rootkit.Win32.TDSS.tdl3 ) - infected
22:52:34.0265 4008 isapnp - detected Rootkit.Win32.TDSS.tdl3 (0)
22:52:34.0281 4008 [ A930C69680D6A99FB10686FB25E7CFD4 ] IT9135BDA C:\WINDOWS\system32\Drivers\IT9135BDA.sys
22:52:34.0281 4008 IT9135BDA - ok
22:52:34.0296 4008 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:52:34.0312 4008 Kbdclass - ok
22:52:34.0328 4008 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:52:34.0343 4008 kbdhid - ok
22:52:34.0359 4008 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:52:34.0359 4008 kmixer - ok
22:52:34.0390 4008 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:52:34.0406 4008 KSecDD - ok
22:52:34.0421 4008 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
22:52:34.0437 4008 LanmanServer - ok
22:52:34.0453 4008 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:52:34.0453 4008 lanmanworkstation - ok
22:52:34.0453 4008 lbrtfdc - ok
22:52:34.0500 4008 [ 20CDB07017497C94A0BAD253C4BAFCBC ] LkCitadelServer C:\WINDOWS\system32\lkcitdl.exe
22:52:34.0500 4008 LkCitadelServer - ok
22:52:34.0515 4008 [ 4CF1212843E92442265E61F945FDD7BC ] lkClassAds C:\WINDOWS\system32\lkads.exe
22:52:34.0515 4008 lkClassAds - ok
22:52:34.0546 4008 [ 37F285D5645A4B01C2E2C98246436811 ] lkTimeSync C:\WINDOWS\system32\lktsrv.exe
22:52:34.0546 4008 lkTimeSync - ok
22:52:34.0562 4008 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:52:34.0562 4008 LmHosts - ok
22:52:34.0625 4008 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
22:52:34.0640 4008 MDM - ok
22:52:34.0656 4008 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:52:34.0656 4008 Messenger - ok
22:52:34.0718 4008 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:52:34.0718 4008 Microsoft Office Groove Audit Service - ok
22:52:34.0750 4008 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:52:34.0750 4008 mnmdd - ok
22:52:34.0765 4008 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:52:34.0765 4008 mnmsrvc - ok
22:52:34.0781 4008 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:52:34.0781 4008 Modem - ok
22:52:34.0828 4008 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
22:52:34.0843 4008 Monfilt - ok
22:52:34.0843 4008 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:52:34.0859 4008 Mouclass - ok
22:52:34.0875 4008 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:52:34.0875 4008 mouhid - ok
22:52:34.0890 4008 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:52:34.0906 4008 MountMgr - ok
22:52:34.0937 4008 [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:52:34.0937 4008 MozillaMaintenance - ok
22:52:34.0968 4008 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
22:52:34.0968 4008 MPE - ok
22:52:34.0984 4008 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:52:35.0000 4008 mraid35x - ok
22:52:35.0000 4008 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:52:35.0031 4008 MRxDAV - ok
22:52:35.0062 4008 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:52:35.0078 4008 MRxSmb - ok
22:52:35.0109 4008 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:52:35.0109 4008 MSDTC - ok
22:52:35.0109 4008 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:52:35.0125 4008 Msfs - ok
22:52:35.0125 4008 MSIServer - ok
22:52:35.0140 4008 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:52:35.0156 4008 MSKSSRV - ok
22:52:35.0171 4008 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:52:35.0187 4008 MSPCLOCK - ok
22:52:35.0187 4008 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:52:35.0203 4008 MSPQM - ok
22:52:35.0203 4008 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:52:35.0218 4008 mssmbios - ok
22:52:35.0234 4008 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:52:35.0250 4008 MSTEE - ok
22:52:35.0265 4008 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:52:35.0281 4008 Mup - ok
22:52:35.0281 4008 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:52:35.0296 4008 NABTSFEC - ok
22:52:35.0328 4008 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:52:35.0328 4008 napagent - ok
22:52:35.0328 4008 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:52:35.0328 4008 NDIS - ok
22:52:35.0343 4008 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:52:35.0359 4008 NdisIP - ok
22:52:35.0390 4008 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:52:35.0406 4008 NdisTapi - ok
22:52:35.0421 4008 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:52:35.0437 4008 Ndisuio - ok
22:52:35.0453 4008 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:52:35.0468 4008 NdisWan - ok
22:52:35.0484 4008 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:52:35.0500 4008 NDProxy - ok
22:52:35.0562 4008 [ B044BB341E164DA6750A9B8E6A5FF6A1 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
22:52:35.0562 4008 Nero BackItUp Scheduler 3 - ok
22:52:35.0593 4008 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:52:35.0609 4008 NetBIOS - ok
22:52:35.0625 4008 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:52:35.0640 4008 NetBT - ok
22:52:35.0656 4008 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
22:52:35.0671 4008 NetDDE - ok
22:52:35.0671 4008 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:52:35.0671 4008 NetDDEdsdm - ok
22:52:35.0703 4008 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:52:35.0703 4008 Netlogon - ok
22:52:35.0718 4008 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
22:52:35.0718 4008 Netman - ok
22:52:35.0734 4008 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:52:35.0734 4008 NetTcpPortSharing - ok
22:52:35.0765 4008 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
22:52:35.0765 4008 Nla - ok
22:52:35.0828 4008 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
22:52:35.0828 4008 NMIndexingService - ok
22:52:35.0843 4008 [ B0A67DE1A128389AEA4D42C5A56215FD ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
22:52:35.0859 4008 nmwcd - ok
22:52:35.0890 4008 [ 025C54F9F8C8BC1894EA38529C742C54 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
22:52:35.0890 4008 nmwcdc - ok
22:52:35.0906 4008 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:52:35.0921 4008 Npfs - ok
22:52:35.0937 4008 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:52:35.0968 4008 Ntfs - ok
22:52:35.0968 4008 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:52:35.0968 4008 NtLmSsp - ok
22:52:36.0000 4008 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:52:36.0000 4008 NtmsSvc - ok
22:52:36.0015 4008 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:52:36.0031 4008 Null - ok
22:52:37.0281 4008 [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:52:37.0406 4008 nv - ok
22:52:37.0437 4008 [ D314FE034D68C09D412727886E24F5FB ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
22:52:37.0437 4008 NVENETFD - ok
22:52:37.0468 4008 [ EA98BFE4931BD13D747D647C1859796E ] nvgts C:\WINDOWS\system32\DRIVERS\nvgts.sys
22:52:37.0468 4008 nvgts - ok
22:52:37.0484 4008 [ F99FBB623ED78367574EE461B5B32C2C ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22:52:37.0500 4008 nvnetbus - ok
22:52:37.0500 4008 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:52:37.0515 4008 NwlnkFlt - ok
22:52:37.0546 4008 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:52:37.0562 4008 NwlnkFwd - ok
22:52:37.0625 4008 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:52:37.0625 4008 odserv - ok
22:52:37.0656 4008 [ EAE6208900E2986F66F68B30AEF86E4D ] OpcEnum C:\WINDOWS\system32\OpcEnum.exe
22:52:37.0656 4008 OpcEnum - ok
22:52:37.0671 4008 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:52:37.0671 4008 ose - ok
22:52:37.0703 4008 [ 3FC38E7FBE91DB40C34731195F4116C2 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
22:52:37.0718 4008 P3 - ok
22:52:37.0734 4008 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:52:37.0750 4008 Parport - ok
22:52:37.0765 4008 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:52:37.0781 4008 PartMgr - ok
22:52:37.0796 4008 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:52:37.0812 4008 ParVdm - ok
22:52:37.0828 4008 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:52:37.0843 4008 PCI - ok
22:52:37.0843 4008 PCIDump - ok
22:52:37.0859 4008 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:52:37.0875 4008 PCIIde - ok
22:52:37.0890 4008 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:52:37.0921 4008 Pcmcia - ok
22:52:37.0921 4008 PDCOMP - ok
22:52:37.0921 4008 PDFRAME - ok
22:52:37.0937 4008 PDRELI - ok
22:52:37.0937 4008 PDRFRAME - ok
22:52:37.0953 4008 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
22:52:37.0968 4008 perc2 - ok
22:52:37.0968 4008 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:52:37.0984 4008 perc2hib - ok
22:52:38.0015 4008 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe
22:52:38.0015 4008 PLFlash DeviceIoControl Service - ok
22:52:38.0015 4008 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
22:52:38.0031 4008 PlugPlay - ok
22:52:38.0031 4008 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:52:38.0031 4008 PolicyAgent - ok
22:52:38.0046 4008 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:52:38.0078 4008 PptpMiniport - ok
22:52:38.0078 4008 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:52:38.0078 4008 ProtectedStorage - ok
22:52:38.0078 4008 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:52:38.0125 4008 PSched - ok
22:52:38.0140 4008 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:52:38.0156 4008 Ptilink - ok
22:52:38.0171 4008 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:52:38.0218 4008 ql1080 - ok
22:52:38.0218 4008 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:52:38.0234 4008 Ql10wnt - ok
22:52:38.0250 4008 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:52:38.0265 4008 ql12160 - ok
22:52:38.0265 4008 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:52:38.0296 4008 ql1240 - ok
22:52:38.0296 4008 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:52:38.0312 4008 ql1280 - ok
22:52:38.0328 4008 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:52:38.0328 4008 RasAcd - ok
22:52:38.0359 4008 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:52:38.0359 4008 RasAuto - ok
22:52:38.0375 4008 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:52:38.0390 4008 Rasl2tp - ok
22:52:38.0390 4008 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:52:38.0406 4008 RasMan - ok
22:52:38.0406 4008 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:52:38.0421 4008 RasPppoe - ok
22:52:38.0421 4008 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:52:38.0437 4008 Raspti - ok
22:52:38.0453 4008 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:52:38.0500 4008 Rdbss - ok
22:52:38.0515 4008 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:52:38.0531 4008 RDPCDD - ok
22:52:38.0546 4008 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:52:38.0562 4008 rdpdr - ok
22:52:38.0593 4008 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:52:38.0609 4008 RDPWD - ok
22:52:38.0625 4008 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:52:38.0640 4008 RDSessMgr - ok
22:52:38.0640 4008 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:52:38.0656 4008 redbook - ok
22:52:38.0671 4008 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:52:38.0687 4008 RemoteAccess - ok
22:52:38.0687 4008 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:52:38.0703 4008 RemoteRegistry - ok
22:52:38.0718 4008 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
22:52:38.0718 4008 RpcLocator - ok
22:52:38.0734 4008 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
22:52:38.0750 4008 RpcSs - ok
22:52:38.0750 4008 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:52:38.0765 4008 RSVP - ok
22:52:38.0765 4008 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
22:52:38.0765 4008 SamSs - ok
22:52:38.0796 4008 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:52:38.0796 4008 SCardSvr - ok
22:52:38.0812 4008 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:52:38.0812 4008 Schedule - ok
22:52:38.0843 4008 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:52:38.0859 4008 Secdrv - ok
22:52:38.0859 4008 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:52:38.0859 4008 seclogon - ok
22:52:38.0875 4008 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
22:52:38.0875 4008 SENS - ok
22:52:38.0890 4008 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:52:38.0906 4008 serenum - ok
22:52:38.0921 4008 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:52:38.0937 4008 Serial - ok
22:52:38.0953 4008 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:52:38.0968 4008 Sfloppy - ok
22:52:38.0984 4008 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:52:39.0000 4008 SharedAccess - ok
22:52:39.0000 4008 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:52:39.0015 4008 ShellHWDetection - ok
22:52:39.0015 4008 Simbad - ok
22:52:39.0031 4008 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:52:39.0046 4008 sisagp - ok
22:52:39.0078 4008 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:52:39.0093 4008 SkypeUpdate - ok
22:52:39.0125 4008 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:52:39.0140 4008 SLIP - ok
22:52:39.0156 4008 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:52:39.0187 4008 SONYPVU1 - ok
22:52:39.0187 4008 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:52:39.0203 4008 Sparrow - ok
22:52:39.0234 4008 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:52:39.0250 4008 splitter - ok
22:52:39.0281 4008 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:52:39.0281 4008 Spooler - ok
22:52:39.0281 4008 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:52:39.0312 4008 sr - ok
22:52:39.0328 4008 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
22:52:39.0343 4008 srservice - ok
22:52:39.0359 4008 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:52:39.0390 4008 Srv - ok
22:52:39.0390 4008 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:52:39.0406 4008 SSDPSRV - ok
22:52:39.0421 4008 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
22:52:39.0437 4008 StarOpen - ok
22:52:39.0468 4008 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:52:39.0468 4008 stisvc - ok
22:52:39.0484 4008 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:52:39.0500 4008 streamip - ok
22:52:39.0531 4008 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:52:39.0546 4008 swenum - ok
22:52:39.0625 4008 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:52:39.0625 4008 SwitchBoard - ok
22:52:39.0640 4008 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:52:39.0671 4008 swmidi - ok
22:52:39.0671 4008 SwPrv - ok
22:52:39.0687 4008 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
22:52:39.0703 4008 symc810 - ok
22:52:39.0718 4008 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:52:39.0734 4008 symc8xx - ok
22:52:39.0750 4008 [ 05CFC382170A709F931E41620677097A ] SYMMPI C:\WINDOWS\system32\DRIVERS\symmpi.sys
22:52:39.0765 4008 SYMMPI - ok
22:52:39.0765 4008 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:52:39.0781 4008 sym_hi - ok
22:52:39.0781 4008 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:52:39.0796 4008 sym_u3 - ok
22:52:39.0812 4008 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:52:39.0812 4008 sysaudio - ok
22:52:39.0843 4008 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:52:39.0843 4008 SysmonLog - ok
22:52:39.0875 4008 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:52:39.0875 4008 TapiSrv - ok
22:52:39.0906 4008 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:52:39.0921 4008 Tcpip - ok
22:52:39.0937 4008 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:52:39.0953 4008 TDPIPE - ok
22:52:39.0953 4008 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:52:39.0968 4008 TDTCP - ok
22:52:39.0984 4008 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:52:40.0015 4008 TermDD - ok
22:52:40.0031 4008 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
22:52:40.0031 4008 TermService - ok
22:52:40.0046 4008 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
22:52:40.0046 4008 Themes - ok
22:52:40.0062 4008 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:52:40.0062 4008 TlntSvr - ok
22:52:40.0062 4008 [ FD4FD7D6FDA5C019ED86025D7BE1510F ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
22:52:40.0078 4008 TosIde - ok
22:52:40.0093 4008 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:52:40.0093 4008 TrkWks - ok
22:52:40.0109 4008 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:52:40.0125 4008 Udfs - ok
22:52:40.0140 4008 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
22:52:40.0171 4008 ultra - ok
22:52:40.0187 4008 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:52:40.0218 4008 Update - ok
22:52:40.0234 4008 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
22:52:40.0234 4008 upnphost - ok
22:52:40.0250 4008 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
22:52:40.0250 4008 UPS - ok
22:52:40.0265 4008 [ 65898A183FBF1D1F7759D5CCB364DCD4 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:52:40.0281 4008 usbaudio - ok
22:52:40.0296 4008 [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:52:40.0312 4008 usbccgp - ok
22:52:40.0328 4008 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:52:40.0343 4008 usbehci - ok
22:52:40.0359 4008 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:52:40.0375 4008 usbhub - ok
22:52:40.0390 4008 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:52:40.0406 4008 usbohci - ok
22:52:40.0437 4008 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:52:40.0453 4008 usbprint - ok
22:52:40.0468 4008 [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:52:40.0484 4008 usbscan - ok
22:52:40.0515 4008 [ 84C44D720655A8AA475E57A9E764D675 ] usbser C:\WINDOWS\system32\drivers\usbser.sys
22:52:40.0515 4008 usbser - ok
22:52:40.0546 4008 [ 4F8FBC51A1C0A17310846B417A447F91 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
22:52:40.0546 4008 UsbserFilt - ok
22:52:40.0562 4008 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:52:40.0578 4008 USBSTOR - ok
22:52:40.0593 4008 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:52:40.0609 4008 usbuhci - ok
22:52:40.0640 4008 [ 813236B1183CFCF289E367BD5DE6E29E ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
22:52:40.0656 4008 usbvideo - ok
22:52:40.0656 4008 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:52:40.0671 4008 VgaSave - ok
22:52:40.0687 4008 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:52:40.0718 4008 viaagp - ok
22:52:40.0734 4008 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
22:52:40.0734 4008 ViaIde - ok
22:52:40.0750 4008 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:52:40.0781 4008 VolSnap - ok
22:52:40.0796 4008 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
22:52:40.0796 4008 VSS - ok
22:52:40.0812 4008 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
22:52:40.0812 4008 W32Time - ok
22:52:40.0828 4008 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:52:40.0843 4008 Wanarp - ok
22:52:40.0875 4008 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
22:52:40.0875 4008 Wdf01000 - ok
22:52:40.0890 4008 WDICA - ok
22:52:40.0890 4008 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:52:40.0906 4008 wdmaud - ok
22:52:40.0921 4008 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:52:40.0937 4008 WebClient - ok
22:52:40.0968 4008 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:52:40.0968 4008 winmgmt - ok
22:52:41.0015 4008 [ 4D34CEDD74BDBF2B6A935EAE3BF80543 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
22:52:41.0031 4008 WinRM - ok
22:52:41.0062 4008 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:52:41.0062 4008 WmdmPmSN - ok
22:52:41.0093 4008 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:52:41.0093 4008 Wmi - ok
22:52:41.0109 4008 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:52:41.0109 4008 WmiApSrv - ok
22:52:41.0171 4008 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
22:52:41.0171 4008 WMPNetworkSvc - ok
22:52:41.0187 4008 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:52:41.0187 4008 WpdUsb - ok
22:52:41.0203 4008 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:52:41.0218 4008 WS2IFSL - ok
22:52:41.0234 4008 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:52:41.0234 4008 wscsvc - ok
22:52:41.0250 4008 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:52:41.0265 4008 WSTCODEC - ok
22:52:41.0281 4008 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:52:41.0281 4008 wuauserv - ok
22:52:41.0296 4008 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:52:41.0312 4008 WudfPf - ok
22:52:41.0328 4008 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:52:41.0328 4008 WudfRd - ok
22:52:41.0359 4008 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:52:41.0359 4008 WudfSvc - ok
22:52:41.0375 4008 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:52:41.0375 4008 WZCSVC - ok
22:52:41.0406 4008 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:52:41.0406 4008 xmlprov - ok
22:52:41.0406 4008 ================ Scan global ===============================
22:52:41.0421 4008 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
22:52:41.0453 4008 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
22:52:41.0468 4008 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
22:52:41.0484 4008 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
22:52:41.0484 4008 [Global] - ok
22:52:41.0484 4008 ================ Scan MBR ==================================
22:52:41.0500 4008 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:52:41.0640 4008 \Device\Harddisk0\DR0 - ok
22:52:41.0656 4008 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR3
22:52:41.0687 4008 \Device\Harddisk1\DR3 - ok
22:52:41.0687 4008 ================ Scan VBR ==================================
22:52:41.0687 4008 [ BD930222C9E13D38D51B33D6748AF858 ] \Device\Harddisk0\DR0\Partition1
22:52:41.0687 4008 \Device\Harddisk0\DR0\Partition1 - ok
22:52:41.0703 4008 [ 2C7949259E15A8BF78B0180DE1C3DE3E ] \Device\Harddisk0\DR0\Partition2
22:52:41.0703 4008 \Device\Harddisk0\DR0\Partition2 - ok
22:52:41.0703 4008 [ 27080EA03CBE4DC5FAFDA3BB61A38AF1 ] \Device\Harddisk1\DR3\Partition1
22:52:41.0718 4008 \Device\Harddisk1\DR3\Partition1 - ok
22:52:41.0718 4008 ============================================================
22:52:41.0718 4008 Scan finished
22:52:41.0718 4008 ============================================================
22:52:41.0718 3148 Detected object count: 1
22:52:41.0718 3148 Actual detected object count: 1
22:53:35.0890 3148 C:\WINDOWS\system32\DRIVERS\isapnp.sys - copied to quarantine
22:53:36.0515 3148 Backup copy found, using it..
22:53:36.0546 3148 C:\WINDOWS\system32\DRIVERS\isapnp.sys - will be cured on reboot
22:53:36.0546 3148 isapnp ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
22:53:41.0421 3640 Deinitialize success
Re: Eset hlásí Trojský kůň, nesmaže jej
Zkusil jsem pustit Eset , a porád nachází nějakou infiltraci
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Data aplikací\SwvUpdater\Updater.exe.vir - varianta infiltrace Win32/Amonetize.I potenciálně nechtěná aplikace - výběr akce byl odložen na konec skenování
C:\Program Files\Uninstall OurBabymaker.dll - varianta infiltrace Win32/Toolbar.MyWebSearch.W potenciálně nechtěná aplikace - výběr akce byl odložen na konec skenování
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Data aplikací\SwvUpdater\Updater.exe.vir - varianta infiltrace Win32/Amonetize.I potenciálně nechtěná aplikace - výběr akce byl odložen na konec skenování
C:\Program Files\Uninstall OurBabymaker.dll - varianta infiltrace Win32/Toolbar.MyWebSearch.W potenciálně nechtěná aplikace - výběr akce byl odložen na konec skenování
-
Rudy
- Site Admin
- Příspěvky: 119379
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Eset hlásí Trojský kůň, nesmaže jej
To je jednak karanténa ADWCleaneru (vir je zneškodněn přesunutím do karantény, odkud jej můžete smazat). MyWebSearch je AdWare, který zpmaluje PC, tohle je ale pouze zbytek. Rovněž smažte. Olmarik byl zlkvidován TDSSKillerem. PC by již měl být čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Eset hlásí Trojský kůň, nesmaže jej
Děkuji moc za pomoc 
-
Rudy
- Site Admin
- Příspěvky: 119379
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Eset hlásí Trojský kůň, nesmaže jej
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?