Prosím o kontrolu logu

Zpráva

Galder · #1 Příspěvek od **Galder** » 01 lis 2013 17:08

Ahoj, potřeboval bych zkontrolovat log. PC je od kamaráda a chtěl bych zkusit ještě poslední záchranu před total reinstalem. Na PC nelze ovládat Firewall a nelze se připojit k netu, dále není přístup k uživateli Pepek, i když jsem admin. Díky moc za ochotu. Přikládám log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Familie at 2013-11-01 16:58:27
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 105 GB (92%) free of 114 GB
Total RAM: 511 MB (58% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1290973706.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-05 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2008-10-31 54576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2008-10-31 95536]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Ralink\Common\RaMediaServer.exe"="C:\Program Files\Ralink\Common\RaMediaServer.exe:*:Enabled:Ralink UPnP Media Server"
"C:\Program Files\Ralink\Common\RaUI.exe"="C:\Program Files\Ralink\Common\RaUI.exe:*:Enabled:Ralink Utility"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69c0d990-5186-11e2-8701-001966ed9a34}]
shell\AutoRun\command - G:\setupSNK.exe

======List of files/folders created in the last 1 months======

2013-11-01 16:58:27 ----D---- C:\rsit
2013-11-01 16:58:27 ----D---- C:\Program Files\trend micro
2013-11-01 11:40:36 ----SHD---- C:\$RECYCLE.BIN
2013-11-01 10:34:24 ----D---- C:\WINDOWS\pss
2013-10-30 20:45:05 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2013-11-01 16:58:27 ----RD---- C:\Program Files
2013-11-01 16:54:40 ----D---- C:\WINDOWS\Prefetch
2013-11-01 16:36:30 ----D---- C:\WINDOWS\system32\CatRoot2
2013-11-01 16:34:55 ----D---- C:\WINDOWS\Temp
2013-11-01 16:24:14 ----SHD---- C:\System Volume Information
2013-11-01 13:06:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-11-01 11:08:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-11-01 10:34:24 ----D---- C:\WINDOWS
2013-11-01 09:37:08 ----HD---- C:\WINDOWS\inf
2013-11-01 09:23:27 ----D---- C:\WINDOWS\system32\drivers
2013-11-01 09:23:27 ----D---- C:\WINDOWS\system32
2013-11-01 09:22:53 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-10-30 21:23:48 ----HD---- C:\Program Files\InstallShield Installation Information
2013-10-30 21:18:38 ----SHD---- C:\WINDOWS\Installer
2013-10-30 20:59:28 ----D---- C:\WINDOWS\system32\CatRoot
2013-10-30 20:31:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-16 16:13:13 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2010-11-27 82380]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-03 163584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S2 Scutum50;Scutum50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\Scutum50.sys []
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S3 autorun;autorun; \??\C:\huadio.tmp []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys []
S3 RT-USB;Ross-Tech USB driver; C:\WINDOWS\system32\drivers\RT-USB.SYS [2010-06-16 59464]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-17 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-27 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-27 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-07-03 117144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 01 lis 2013 19:04

Zdravím!
Nejprve zkuste obnovu systému k datu, kdy korektně fungoval. PC je nechráněn, neboť nemá všechny aktualizace. Chybí především SP3 a všechny následující aktualizace.

Galder · #3 Příspěvek od **Galder** » 01 lis 2013 19:14

Ahoj Rudy, to jsem už vyzkoušel, ale bez úspěchu. Jinak jsem zkoušel vyresetovat firewall a winsock a stále nic. Jinak PC je úplně mrtvé, co se týče netu. Nefunguje protokol TCP/IP. Jinak jsem měl ten disk ve svém PC a Norton tam našel vir. Tak nevím jestli to nemám celé přeinstalovat. Díky.

#4 Příspěvek od **Rudy** » 01 lis 2013 20:16

Zatím neházejme flintu do žita. Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Galder · #5 Příspěvek od **Galder** » 01 lis 2013 20:55

Tak tady je log z ComboFixu

ComboFix 13-11-01.03 - Familie 01.11.2013 20:42:01.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.336 [GMT 1:00]
Spuštěný z: c:\documents and settings\Familie\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
c:\windows\system32\drivers\tcpip.sys chyběl.
Obnovena kopie z - c:\windows\system32\dllcache\tcpip.sys
.
c:\windows\system32\drivers\ipsec.sys chyběl.
Obnovena kopie z - c:\windows\system32\dllcache\ipsec.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-01 do 2013-11-01 )))))))))))))))))))))))))))))))
.
.
2013-11-01 19:46 . 2004-08-03 23:14 359040 -c--a-w- c:\windows\system32\dllcache\tcpip.sys
2013-11-01 19:46 . 2004-08-03 23:14 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-11-01 19:46 . 2004-08-03 23:14 74752 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2013-11-01 19:46 . 2004-08-03 23:14 74752 ----a-w- c:\windows\system32\drivers\ipsec.sys
2013-11-01 18:54 . 2001-08-17 19:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2013-11-01 18:53 . 2001-08-17 20:53 10880 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2013-11-01 18:52 . 2001-10-24 10:44 9472 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2013-11-01 18:51 . 2001-10-24 11:24 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2013-11-01 18:50 . 2004-08-03 21:41 685056 -c--a-w- c:\windows\system32\dllcache\hsfcxts2.sys
2013-11-01 18:49 . 2001-08-17 19:20 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2013-11-01 18:48 . 2001-10-24 10:49 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2013-11-01 18:47 . 2001-08-17 20:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2013-11-01 15:58 . 2013-11-01 15:58 -------- d-----w- C:\rsit
2013-11-01 15:58 . 2013-11-01 15:58 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 21:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-10-31 95536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-10-31 54576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [18.12.2010 8:16 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [18.12.2010 8:16 5248]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\Drivers\Scutum50.sys --> c:\windows\system32\Drivers\Scutum50.sys [?]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [29.1.2013 15:06 59464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-14 08:48 1173456 -c--a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-24 17:51]
.
2011-03-10 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8290973706.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
2013-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 18:31]
.
2013-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 18:31]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:prodej@golc.cz
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Familie\Data aplikací\Mozilla\Firefox\Profiles\eak2exc5.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-01 20:49
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun]
"ImagePath"="\??\C:\huadio.tmp"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDll32.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
.
**************************************************************************
.
Celkový čas: 2013-11-01 20:52:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-01 19:52
.
Před spuštěním: Volných bajtů: 110 064 603 136
Po spuštění: Volných bajtů: 111 807 148 032
.
- - End Of File - - D5F296C4F5858C84560BEC06E9AB3BBE
413FC2A0C716421B3158746D63736515

#6 Příspěvek od **Rudy** » 01 lis 2013 21:15

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

FCopy::
c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys

Collect::
c:\huadio.tmp

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
autorun

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spistí a vykoná příkazy ze skriptu.

Obrázek

Galder · #7 Příspěvek od **Galder** » 01 lis 2013 21:36

Log z Comba:
ComboFix 13-11-01.03 - Familie 01.11.2013 21:24:44.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.161 [GMT 1:00]
Spuštěný z: c:\documents and settings\Familie\Plocha\ComboFix.exe
Použité ovládací přepínače :: H:\CFScript.txt
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AUTORUN
-------\Service_autorun
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-01 do 2013-11-01 )))))))))))))))))))))))))))))))
.
.
2013-11-01 20:00 . 2011-09-06 08:33 1209408 ----a-w- c:\windows\system32\drivers\rt2870.sys
2013-11-01 20:00 . 2011-09-06 08:30 238944 ----a-w- c:\windows\system32\RaCoInst.dll
2013-11-01 20:00 . 2013-11-01 20:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ralink Driver
2013-11-01 20:00 . 2013-11-01 20:00 -------- d-----w- c:\documents and settings\Familie\Data aplikací\InstallShield
2013-11-01 19:46 . 2004-08-03 23:14 359040 -c--a-w- c:\windows\system32\dllcache\tcpip.sys
2013-11-01 19:46 . 2004-08-03 23:14 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-11-01 19:46 . 2004-08-03 23:14 74752 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2013-11-01 19:46 . 2004-08-03 23:14 74752 ----a-w- c:\windows\system32\drivers\ipsec.sys
2013-11-01 18:54 . 2001-08-17 19:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2013-11-01 18:53 . 2001-08-17 20:53 10880 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2013-11-01 18:52 . 2001-10-24 10:44 9472 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2013-11-01 18:51 . 2001-10-24 11:24 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2013-11-01 18:50 . 2004-08-03 21:41 685056 -c--a-w- c:\windows\system32\dllcache\hsfcxts2.sys
2013-11-01 18:49 . 2001-08-17 19:20 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2013-11-01 18:48 . 2001-10-24 10:49 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2013-11-01 18:47 . 2001-08-17 20:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2013-11-01 15:58 . 2013-11-01 15:58 -------- d-----w- C:\rsit
2013-11-01 15:58 . 2013-11-01 15:58 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 21:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-10-31 95536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-10-31 54576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [18.12.2010 8:16 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [18.12.2010 8:16 5248]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\Drivers\Scutum50.sys --> c:\windows\system32\Drivers\Scutum50.sys [?]
S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [29.1.2013 15:06 59464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-14 08:48 1173456 -c--a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-24 17:51]
.
2011-03-10 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8290973706.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
2013-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 18:31]
.
2013-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 18:31]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:prodej@golc.cz
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Familie\Data aplikací\Mozilla\Firefox\Profiles\eak2exc5.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-01 21:31
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-11-01 21:33:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-01 20:33
ComboFix2.txt 2013-11-01 19:52
.
Před spuštěním: Volných bajtů: 111 766 462 464
Po spuštění: Volných bajtů: 111 709 876 224
.
- - End Of File - - DA79D893F1FEA5804E18BE2A78B9AB67
413FC2A0C716421B3158746D63736515

Galder · #8 Příspěvek od **Galder** » 01 lis 2013 21:38

Rudy, firewall už funguje, nicméně síťovky jsou stále mrtvé. Ve správci zařízení mi to u nich píše chybu kód 37. Pokud je chci odebrat, tak to nejde a widle píšou, že tento hardware je potřeba pro spuštění PC:). Dá se s tím něco ještě dělat? jinak díky moc.

#9 Příspěvek od **Rudy** » 01 lis 2013 22:00

Zkuste přeinstalovat ovladače těch síť. karet.

Galder · #10 Příspěvek od **Galder** » 01 lis 2013 22:42

JJ, to jsem zkoušel, ale nic. Jinak ta chyba je u zařízení, které jsou označované jako Packet Scheduler Miniport. V kompu jsou dvě síťovky jedna integrovaná a druhá PCI a je to u obou. Nejde to odebrat a reinstal nic nevyřešil. Pls help:)

#11 Příspěvek od **Rudy** » 01 lis 2013 22:56

Stáhněte a spusťte TDSSKiller: http://www.stahuj.centrum.cz/utility_a_ ... dsskiller/ . Nechte pracovat a po ukončení akce sem dejte log.

Galder · #12 Příspěvek od **Galder** » 01 lis 2013 23:09

Výpis:
23:06:16.0250 0x0178 TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
23:06:16.0296 0x0178 ============================================================
23:06:16.0296 0x0178 Current date / time: 2013/11/01 23:06:16.0296
23:06:16.0296 0x0178 SystemInfo:
23:06:16.0296 0x0178
23:06:16.0296 0x0178 OS Version: 5.1.2600 ServicePack: 2.0
23:06:16.0296 0x0178 Product type: Workstation
23:06:16.0296 0x0178 ComputerName: PEPEK-C289F6C16
23:06:16.0296 0x0178 UserName: Familie
23:06:16.0296 0x0178 Windows directory: C:\WINDOWS
23:06:16.0296 0x0178 System windows directory: C:\WINDOWS
23:06:16.0296 0x0178 Processor architecture: Intel x86
23:06:16.0296 0x0178 Number of processors: 2
23:06:16.0296 0x0178 Page size: 0x1000
23:06:16.0296 0x0178 Boot type: Normal boot
23:06:16.0296 0x0178 ============================================================
23:06:16.0296 0x0178 BG loaded
23:06:17.0656 0x0178 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x000000A4
23:06:17.0781 0x0178 Drive \Device\Harddisk1\DR2 - Size: 0xF400000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:06:17.0781 0x0178 ============================================================
23:06:17.0781 0x0178 \Device\Harddisk0\DR0:
23:06:17.0796 0x0178 MBR partitions:
23:06:17.0796 0x0178 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
23:06:17.0796 0x0178 \Device\Harddisk1\DR2:
23:06:17.0796 0x0178 MBR partitions:
23:06:17.0796 0x0178 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x79FE0
23:06:17.0796 0x0178 ============================================================
23:06:17.0968 0x0178 C: <-> \Device\Harddisk0\DR0\Partition1
23:06:17.0968 0x0178 ============================================================
23:06:17.0968 0x0178 Initialize success
23:06:17.0968 0x0178 ============================================================
23:07:31.0187 0x07d0 ============================================================
23:07:31.0187 0x07d0 Scan started
23:07:31.0187 0x07d0 Mode: Manual;
23:07:31.0187 0x07d0 ============================================================
23:07:31.0468 0x07d0 ================ Scan system memory ========================
23:07:31.0468 0x07d0 System memory - ok
23:07:31.0468 0x07d0 ================ Scan services =============================
23:07:31.0625 0x07d0 [ 1F61CACACB521215F39061789147968C ] a347bus C:\WINDOWS\system32\DRIVERS\a347bus.sys
23:07:31.0625 0x07d0 a347bus - ok
23:07:31.0640 0x07d0 [ 113E4B318BBAA7483CA4E582A4D63F49 ] a347scsi C:\WINDOWS\system32\Drivers\a347scsi.sys
23:07:31.0640 0x07d0 a347scsi - ok
23:07:31.0640 0x07d0 Abiosdsk - ok
23:07:31.0656 0x07d0 abp480n5 - ok
23:07:31.0718 0x07d0 [ FA2FBCDA96D2385F773B059FE5A125A6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:07:31.0718 0x07d0 ACPI - ok
23:07:31.0765 0x07d0 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:07:31.0765 0x07d0 ACPIEC - ok
23:07:31.0843 0x07d0 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:07:31.0859 0x07d0 AdobeFlashPlayerUpdateSvc - ok
23:07:31.0859 0x07d0 adpu160m - ok
23:07:31.0921 0x07d0 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:07:31.0921 0x07d0 aec - ok
23:07:31.0968 0x07d0 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:07:31.0968 0x07d0 AFD - ok
23:07:32.0015 0x07d0 [ B34B1AB0A7690A0E2301FEC6D17B2FC1 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
23:07:32.0015 0x07d0 AFS2K - ok
23:07:32.0031 0x07d0 Aha154x - ok
23:07:32.0031 0x07d0 aic78u2 - ok
23:07:32.0046 0x07d0 aic78xx - ok
23:07:32.0062 0x07d0 ALCXSENS - ok
23:07:32.0078 0x07d0 ALCXWDM - ok
23:07:32.0140 0x07d0 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:07:32.0140 0x07d0 Alerter - ok
23:07:32.0156 0x07d0 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG C:\WINDOWS\System32\alg.exe
23:07:32.0156 0x07d0 ALG - ok
23:07:32.0171 0x07d0 AliIde - ok
23:07:32.0171 0x07d0 amsint - ok
23:07:32.0203 0x07d0 [ 421184F91EAE5C6E78E653C6B32AAE84 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:07:32.0203 0x07d0 AppMgmt - ok
23:07:32.0203 0x07d0 asc - ok
23:07:32.0218 0x07d0 asc3350p - ok
23:07:32.0234 0x07d0 asc3550 - ok
23:07:32.0265 0x07d0 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:07:32.0265 0x07d0 AsyncMac - ok
23:07:32.0312 0x07d0 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:07:32.0312 0x07d0 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: CDFE4411A69C224BD1D11B2DA92DAC51
23:07:32.0312 0x07d0 atapi ( LockedFile.Multi.Generic ) - warning
23:07:32.0312 0x07d0 atapi - detected LockedFile.Multi.Generic (1)
23:07:32.0328 0x07d0 Atdisk - ok
23:07:32.0359 0x07d0 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:07:32.0359 0x07d0 Atmarpc - ok
23:07:32.0375 0x07d0 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:07:32.0375 0x07d0 AudioSrv - ok
23:07:32.0421 0x07d0 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:07:32.0421 0x07d0 audstub - ok
23:07:32.0468 0x07d0 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:07:32.0468 0x07d0 Beep - ok
23:07:32.0531 0x07d0 [ E774A26610EC92674273486612C11CFC ] BITS C:\WINDOWS\system32\qmgr.dll
23:07:32.0546 0x07d0 BITS - ok
23:07:32.0578 0x07d0 [ F219E27E88107A50544153898DD8178E ] Browser C:\WINDOWS\System32\browser.dll
23:07:32.0593 0x07d0 Browser - ok
23:07:32.0593 0x07d0 catchme - ok
23:07:32.0640 0x07d0 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:07:32.0640 0x07d0 cbidf2k - ok
23:07:32.0656 0x07d0 cd20xrnt - ok
23:07:32.0656 0x07d0 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:07:32.0671 0x07d0 Cdaudio - ok
23:07:32.0703 0x07d0 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:07:32.0703 0x07d0 Cdfs - ok
23:07:32.0750 0x07d0 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:07:32.0750 0x07d0 Cdrom - ok
23:07:32.0765 0x07d0 Changer - ok
23:07:32.0796 0x07d0 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:07:32.0796 0x07d0 CiSvc - ok
23:07:32.0828 0x07d0 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:07:32.0828 0x07d0 ClipSrv - ok
23:07:32.0828 0x07d0 CmdIde - ok
23:07:32.0906 0x07d0 [ 924AB66E831E9CF3E20DBC6B63103516 ] cmuda C:\WINDOWS\system32\drivers\cmuda.sys
23:07:32.0906 0x07d0 cmuda - ok
23:07:32.0921 0x07d0 COMSysApp - ok
23:07:32.0937 0x07d0 Cpqarray - ok
23:07:32.0968 0x07d0 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:07:32.0968 0x07d0 CryptSvc - ok
23:07:32.0984 0x07d0 dac2w2k - ok
23:07:33.0000 0x07d0 dac960nt - ok
23:07:33.0031 0x07d0 [ C72C15EE57E248C66E57C76CAB086CF2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:07:33.0046 0x07d0 DcomLaunch - ok
23:07:33.0062 0x07d0 [ 562830EFB7CF367FB773FEA5256E67C8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:07:33.0062 0x07d0 Dhcp - ok
23:07:33.0078 0x07d0 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:07:33.0078 0x07d0 Disk - ok
23:07:33.0093 0x07d0 dmadmin - ok
23:07:33.0171 0x07d0 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:07:33.0203 0x07d0 dmboot - ok
23:07:33.0218 0x07d0 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:07:33.0218 0x07d0 dmio - ok
23:07:33.0265 0x07d0 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:07:33.0265 0x07d0 dmload - ok
23:07:33.0281 0x07d0 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:07:33.0281 0x07d0 dmserver - ok
23:07:33.0343 0x07d0 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:07:33.0359 0x07d0 DMusic - ok
23:07:33.0390 0x07d0 [ F605B3F5674D67587C4B6C9E92A3E025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:07:33.0390 0x07d0 Dnscache - ok
23:07:33.0390 0x07d0 dpti2o - ok
23:07:33.0421 0x07d0 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:07:33.0421 0x07d0 drmkaud - ok
23:07:33.0437 0x07d0 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:07:33.0437 0x07d0 ERSvc - ok
23:07:33.0484 0x07d0 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] Eventlog C:\WINDOWS\system32\services.exe
23:07:33.0484 0x07d0 Eventlog - ok
23:07:33.0531 0x07d0 [ 972378B907070F64932A87C90A035487 ] EventSystem C:\WINDOWS\system32\es.dll
23:07:33.0531 0x07d0 EventSystem - ok
23:07:33.0609 0x07d0 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:07:33.0609 0x07d0 Fastfat - ok
23:07:33.0656 0x07d0 [ 8BA76BD2A943F642F267A296A15776D2 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:07:33.0656 0x07d0 FastUserSwitchingCompatibility - ok
23:07:33.0687 0x07d0 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
23:07:33.0687 0x07d0 Fdc - ok
23:07:33.0718 0x07d0 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:07:33.0718 0x07d0 Fips - ok
23:07:33.0750 0x07d0 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:07:33.0750 0x07d0 Flpydisk - ok
23:07:33.0796 0x07d0 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:07:33.0812 0x07d0 FltMgr - ok
23:07:33.0843 0x07d0 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:07:33.0843 0x07d0 Fs_Rec - ok
23:07:33.0875 0x07d0 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:07:33.0906 0x07d0 Ftdisk - ok
23:07:33.0906 0x07d0 Gpc - ok
23:07:34.0015 0x07d0 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:07:34.0015 0x07d0 gupdate - ok
23:07:34.0031 0x07d0 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:07:34.0031 0x07d0 gupdatem - ok
23:07:34.0171 0x07d0 [ F59152272782FED8A8197FA788287F68 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:07:34.0171 0x07d0 helpsvc - ok
23:07:34.0171 0x07d0 HidServ - ok
23:07:34.0187 0x07d0 hpn - ok
23:07:34.0234 0x07d0 [ 863CC3A82C63C9F60ACF2E85D5310620 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:07:34.0250 0x07d0 HPZid412 - ok
23:07:34.0281 0x07d0 [ 08CB72E95DD75B61F2966B311D0E4366 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:07:34.0281 0x07d0 HPZipr12 - ok
23:07:34.0328 0x07d0 [ CA990306ED4EF732AF9695BFF24FC96F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:07:34.0343 0x07d0 HPZius12 - ok
23:07:34.0375 0x07d0 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:07:34.0390 0x07d0 HTTP - ok
23:07:34.0421 0x07d0 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:07:34.0437 0x07d0 HTTPFilter - ok
23:07:34.0453 0x07d0 i2omgmt - ok
23:07:34.0453 0x07d0 i2omp - ok
23:07:34.0500 0x07d0 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:07:34.0500 0x07d0 i8042prt - ok
23:07:34.0546 0x07d0 [ 0294A30B302CA71A2C26E582DDA93486 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:07:34.0562 0x07d0 ialm - ok
23:07:34.0609 0x07d0 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:07:34.0609 0x07d0 Imapi - ok
23:07:34.0703 0x07d0 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:07:34.0703 0x07d0 ImapiService - ok
23:07:34.0703 0x07d0 ini910u - ok
23:07:34.0750 0x07d0 [ EF4FDA4841001A4B98C411797DB8894A ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
23:07:34.0750 0x07d0 IntelIde - ok
23:07:34.0796 0x07d0 [ 10A3AC0F0DF720AD3C3FD13861D50EB9 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:07:34.0796 0x07d0 intelppm - ok
23:07:34.0828 0x07d0 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:07:34.0828 0x07d0 Ip6Fw - ok
23:07:34.0859 0x07d0 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:07:34.0859 0x07d0 IpFilterDriver - ok
23:07:34.0875 0x07d0 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:07:34.0875 0x07d0 IpInIp - ok
23:07:34.0921 0x07d0 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:07:34.0921 0x07d0 IpNat - ok
23:07:34.0968 0x07d0 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:07:34.0968 0x07d0 IPSec - ok
23:07:35.0000 0x07d0 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:07:35.0000 0x07d0 IRENUM - ok
23:07:35.0046 0x07d0 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:07:35.0046 0x07d0 isapnp - ok
23:07:35.0078 0x07d0 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:07:35.0078 0x07d0 Kbdclass - ok
23:07:35.0109 0x07d0 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:07:35.0109 0x07d0 kmixer - ok
23:07:35.0125 0x07d0 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:07:35.0125 0x07d0 KSecDD - ok
23:07:35.0171 0x07d0 [ 6D6BDD68B775986577C48A8DF961A05C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:07:35.0171 0x07d0 lanmanserver - ok
23:07:35.0187 0x07d0 [ 69B0569AAE33F0D5057CA0E8577AAF07 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:07:35.0187 0x07d0 lanmanworkstation - ok
23:07:35.0203 0x07d0 lbrtfdc - ok
23:07:35.0234 0x07d0 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:07:35.0234 0x07d0 LmHosts - ok
23:07:35.0250 0x07d0 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:07:35.0250 0x07d0 Messenger - ok
23:07:35.0296 0x07d0 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:07:35.0296 0x07d0 mnmdd - ok
23:07:35.0328 0x07d0 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:07:35.0328 0x07d0 mnmsrvc - ok
23:07:35.0359 0x07d0 [ 60210DEB037846AFE521EBF349964F6B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:07:35.0359 0x07d0 Modem - ok
23:07:35.0359 0x07d0 [ B160EC94114715675509115986400FD9 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:07:35.0359 0x07d0 Mouclass - ok
23:07:35.0390 0x07d0 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:07:35.0390 0x07d0 MountMgr - ok
23:07:35.0484 0x07d0 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:07:35.0484 0x07d0 MozillaMaintenance - ok
23:07:35.0484 0x07d0 mraid35x - ok
23:07:35.0531 0x07d0 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:07:35.0531 0x07d0 MRxDAV - ok
23:07:35.0546 0x07d0 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:07:35.0546 0x07d0 MRxSmb - ok
23:07:35.0593 0x07d0 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:07:35.0593 0x07d0 MSDTC - ok
23:07:35.0609 0x07d0 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:07:35.0609 0x07d0 Msfs - ok
23:07:35.0625 0x07d0 MSIServer - ok
23:07:35.0671 0x07d0 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:07:35.0671 0x07d0 MSKSSRV - ok
23:07:35.0687 0x07d0 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:07:35.0687 0x07d0 MSPCLOCK - ok
23:07:35.0703 0x07d0 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:07:35.0703 0x07d0 MSPQM - ok
23:07:35.0750 0x07d0 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:07:35.0750 0x07d0 mssmbios - ok
23:07:35.0765 0x07d0 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:07:35.0765 0x07d0 Mup - ok
23:07:35.0781 0x07d0 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:07:35.0796 0x07d0 NDIS - ok
23:07:35.0828 0x07d0 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:07:35.0828 0x07d0 NdisTapi - ok
23:07:35.0875 0x07d0 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:07:35.0875 0x07d0 Ndisuio - ok
23:07:35.0890 0x07d0 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:07:35.0890 0x07d0 NdisWan - ok
23:07:35.0921 0x07d0 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:07:35.0921 0x07d0 NDProxy - ok
23:07:35.0921 0x07d0 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:07:35.0921 0x07d0 NetBIOS - ok
23:07:35.0953 0x07d0 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:07:35.0968 0x07d0 NetBT - ok
23:07:36.0000 0x07d0 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE C:\WINDOWS\system32\netdde.exe
23:07:36.0015 0x07d0 NetDDE - ok
23:07:36.0015 0x07d0 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:07:36.0015 0x07d0 NetDDEdsdm - ok
23:07:36.0046 0x07d0 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:07:36.0046 0x07d0 Netlogon - ok
23:07:36.0062 0x07d0 [ AF342D2781225A8769686E0D47E3123E ] Netman C:\WINDOWS\System32\netman.dll
23:07:36.0062 0x07d0 Netman - ok
23:07:36.0093 0x07d0 [ 64C078BD4EFD441C3F159EDC5EA4420A ] Nla C:\WINDOWS\System32\mswsock.dll
23:07:36.0093 0x07d0 Nla - ok
23:07:36.0109 0x07d0 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:07:36.0109 0x07d0 Npfs - ok
23:07:36.0140 0x07d0 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:07:36.0171 0x07d0 Ntfs - ok
23:07:36.0171 0x07d0 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:07:36.0171 0x07d0 NtLmSsp - ok
23:07:36.0234 0x07d0 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:07:36.0250 0x07d0 NtmsSvc - ok
23:07:36.0265 0x07d0 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:07:36.0265 0x07d0 Null - ok
23:07:36.0375 0x07d0 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:07:36.0390 0x07d0 nv - ok
23:07:36.0406 0x07d0 [ 0FB63C64AFD9DFCC6131E02227443C15 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
23:07:36.0406 0x07d0 NWCWorkstation - ok
23:07:36.0437 0x07d0 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:07:36.0437 0x07d0 NwlnkFlt - ok
23:07:36.0453 0x07d0 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:07:36.0453 0x07d0 NwlnkFwd - ok
23:07:36.0484 0x07d0 [ 79EA3FCDA7067977625B3363A2657C80 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
23:07:36.0484 0x07d0 NwlnkIpx - ok
23:07:36.0484 0x07d0 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
23:07:36.0484 0x07d0 NwlnkNb - ok
23:07:36.0515 0x07d0 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
23:07:36.0515 0x07d0 NwlnkSpx - ok
23:07:36.0531 0x07d0 [ 03373A79440473062C6F3AEDEC6A49C8 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
23:07:36.0531 0x07d0 NWRDR - ok
23:07:36.0578 0x07d0 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:07:36.0593 0x07d0 ose - ok
23:07:36.0609 0x07d0 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:07:36.0609 0x07d0 Parport - ok
23:07:36.0640 0x07d0 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:07:36.0640 0x07d0 PartMgr - ok
23:07:36.0671 0x07d0 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:07:36.0671 0x07d0 ParVdm - ok
23:07:36.0687 0x07d0 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:07:36.0687 0x07d0 PCI - ok
23:07:36.0703 0x07d0 PCIDump - ok
23:07:36.0734 0x07d0 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:07:36.0734 0x07d0 PCIIde - ok
23:07:36.0765 0x07d0 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:07:36.0765 0x07d0 Pcmcia - ok
23:07:36.0765 0x07d0 PDCOMP - ok
23:07:36.0781 0x07d0 PDFRAME - ok
23:07:36.0796 0x07d0 PDRELI - ok
23:07:36.0812 0x07d0 PDRFRAME - ok
23:07:36.0828 0x07d0 perc2 - ok
23:07:36.0843 0x07d0 perc2hib - ok
23:07:36.0921 0x07d0 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] PlugPlay C:\WINDOWS\system32\services.exe
23:07:36.0921 0x07d0 PlugPlay - ok
23:07:36.0953 0x07d0 [ FB03F341FF5380394BF2EE52F1979925 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
23:07:36.0953 0x07d0 Pml Driver HPZ12 - ok
23:07:36.0968 0x07d0 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:07:36.0968 0x07d0 PolicyAgent - ok
23:07:36.0984 0x07d0 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:07:36.0984 0x07d0 PptpMiniport - ok
23:07:37.0000 0x07d0 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:07:37.0000 0x07d0 ProtectedStorage - ok
23:07:37.0015 0x07d0 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:07:37.0015 0x07d0 PSched - ok
23:07:37.0015 0x07d0 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:07:37.0031 0x07d0 Ptilink - ok
23:07:37.0046 0x07d0 ql1080 - ok
23:07:37.0062 0x07d0 Ql10wnt - ok
23:07:37.0078 0x07d0 ql12160 - ok
23:07:37.0093 0x07d0 ql1240 - ok
23:07:37.0109 0x07d0 ql1280 - ok
23:07:37.0125 0x07d0 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:07:37.0125 0x07d0 RasAcd - ok
23:07:37.0156 0x07d0 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:07:37.0156 0x07d0 RasAuto - ok
23:07:37.0187 0x07d0 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:07:37.0187 0x07d0 Rasl2tp - ok
23:07:37.0218 0x07d0 [ 6E519D777C91E90592403C9F981FDF03 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:07:37.0218 0x07d0 RasMan - ok
23:07:37.0250 0x07d0 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:07:37.0250 0x07d0 RasPppoe - ok
23:07:37.0250 0x07d0 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:07:37.0250 0x07d0 Raspti - ok
23:07:37.0281 0x07d0 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:07:37.0281 0x07d0 Rdbss - ok
23:07:37.0281 0x07d0 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:07:37.0296 0x07d0 RDPCDD - ok
23:07:37.0328 0x07d0 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:07:37.0328 0x07d0 rdpdr - ok
23:07:37.0359 0x07d0 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:07:37.0359 0x07d0 RDPWD - ok
23:07:37.0390 0x07d0 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:07:37.0390 0x07d0 RDSessMgr - ok
23:07:37.0421 0x07d0 [ ABA13D33E1F888C9A68599A48A8840D6 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:07:37.0421 0x07d0 redbook - ok
23:07:37.0453 0x07d0 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:07:37.0453 0x07d0 RemoteAccess - ok
23:07:37.0484 0x07d0 [ 5B21208FCF8970BB61FE98E19D828714 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:07:37.0484 0x07d0 RemoteRegistry - ok
23:07:37.0515 0x07d0 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator C:\WINDOWS\system32\locator.exe
23:07:37.0515 0x07d0 RpcLocator - ok
23:07:37.0546 0x07d0 [ C72C15EE57E248C66E57C76CAB086CF2 ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:07:37.0546 0x07d0 RpcSs - ok
23:07:37.0609 0x07d0 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:07:37.0609 0x07d0 RSVP - ok
23:07:37.0656 0x07d0 [ F1813D9E031B0E2E090AC6489FFD1007 ] RT-USB C:\WINDOWS\system32\drivers\RT-USB.SYS
23:07:37.0656 0x07d0 RT-USB - ok
23:07:37.0718 0x07d0 [ EB9ACD258C991CB0E65DF64B97683DC7 ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
23:07:37.0734 0x07d0 rt2870 - ok
23:07:37.0765 0x07d0 [ CF84B1F0E8B14D4120AAF9CF35CBB265 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
23:07:37.0765 0x07d0 RTL8023xp - ok
23:07:37.0796 0x07d0 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:07:37.0796 0x07d0 rtl8139 - ok
23:07:37.0828 0x07d0 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs C:\WINDOWS\system32\lsass.exe
23:07:37.0828 0x07d0 SamSs - ok
23:07:37.0843 0x07d0 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:07:37.0843 0x07d0 SCardSvr - ok
23:07:37.0890 0x07d0 [ 29AC93307C6182DBE336BCA314947F28 ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:07:37.0890 0x07d0 Schedule - ok
23:07:37.0906 0x07d0 Scutum50 - ok
23:07:37.0937 0x07d0 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:07:37.0937 0x07d0 Secdrv - ok
23:07:37.0953 0x07d0 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:07:37.0953 0x07d0 seclogon - ok
23:07:37.0968 0x07d0 [ 220AD85BA9C5B3011296354011B901CC ] SENS C:\WINDOWS\system32\sens.dll
23:07:37.0968 0x07d0 SENS - ok
23:07:38.0000 0x07d0 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:07:38.0000 0x07d0 serenum - ok
23:07:38.0000 0x07d0 [ C1DDBC85251551A840212999DA3D95F3 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:07:38.0000 0x07d0 Serial - ok
23:07:38.0046 0x07d0 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:07:38.0046 0x07d0 Sfloppy - ok
23:07:38.0093 0x07d0 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:07:38.0093 0x07d0 SharedAccess - ok
23:07:38.0125 0x07d0 [ 8BA76BD2A943F642F267A296A15776D2 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:07:38.0125 0x07d0 ShellHWDetection - ok
23:07:38.0125 0x07d0 Simbad - ok
23:07:38.0140 0x07d0 Sparrow - ok
23:07:38.0187 0x07d0 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:07:38.0203 0x07d0 splitter - ok
23:07:38.0203 0x07d0 [ 21B6FAA88044A41640E03EBB68BE93E8 ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:07:38.0203 0x07d0 Spooler - ok
23:07:38.0265 0x07d0 [ A74035EA526DB97D9D50D2143A55F5CF ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:07:38.0265 0x07d0 sr - ok
23:07:38.0296 0x07d0 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice C:\WINDOWS\system32\srsvc.dll
23:07:38.0296 0x07d0 srservice - ok
23:07:38.0328 0x07d0 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:07:38.0328 0x07d0 Srv - ok
23:07:38.0359 0x07d0 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:07:38.0359 0x07d0 SSDPSRV - ok
23:07:38.0421 0x07d0 [ 0645CCDDDD27F96EEA3534C1DEF736D9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:07:38.0421 0x07d0 stisvc - ok
23:07:38.0437 0x07d0 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:07:38.0437 0x07d0 swenum - ok
23:07:38.0453 0x07d0 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:07:38.0453 0x07d0 swmidi - ok
23:07:38.0453 0x07d0 SwPrv - ok
23:07:38.0468 0x07d0 symc810 - ok
23:07:38.0484 0x07d0 symc8xx - ok
23:07:38.0500 0x07d0 sym_hi - ok
23:07:38.0515 0x07d0 sym_u3 - ok
23:07:38.0546 0x07d0 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:07:38.0546 0x07d0 sysaudio - ok
23:07:38.0593 0x07d0 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:07:38.0593 0x07d0 SysmonLog - ok
23:07:38.0625 0x07d0 [ 37162D29CD61519E6F5EA0DE99786FF6 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:07:38.0625 0x07d0 TapiSrv - ok
23:07:38.0671 0x07d0 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:07:38.0671 0x07d0 Tcpip - ok
23:07:38.0703 0x07d0 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:07:38.0703 0x07d0 TDPIPE - ok
23:07:38.0718 0x07d0 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:07:38.0718 0x07d0 TDTCP - ok
23:07:38.0734 0x07d0 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:07:38.0734 0x07d0 TermDD - ok
23:07:38.0781 0x07d0 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService C:\WINDOWS\System32\termsrv.dll
23:07:38.0781 0x07d0 TermService - ok
23:07:38.0796 0x07d0 [ 8BA76BD2A943F642F267A296A15776D2 ] Themes C:\WINDOWS\System32\shsvcs.dll
23:07:38.0812 0x07d0 Themes - ok
23:07:38.0812 0x07d0 [ 535C2FB97336BAFA509F4783DD1E5746 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:07:38.0828 0x07d0 TlntSvr - ok
23:07:38.0828 0x07d0 TosIde - ok
23:07:38.0859 0x07d0 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:07:38.0859 0x07d0 TrkWks - ok
23:07:38.0875 0x07d0 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:07:38.0875 0x07d0 Udfs - ok
23:07:38.0890 0x07d0 ultra - ok
23:07:38.0921 0x07d0 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:07:38.0921 0x07d0 Update - ok
23:07:38.0968 0x07d0 [ 984FC1518B0D5B31D76F0E63608E0500 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:07:38.0968 0x07d0 upnphost - ok
23:07:38.0984 0x07d0 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS C:\WINDOWS\System32\ups.exe
23:07:38.0984 0x07d0 UPS - ok
23:07:39.0031 0x07d0 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:07:39.0031 0x07d0 usbccgp - ok
23:07:39.0062 0x07d0 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:07:39.0062 0x07d0 usbehci - ok
23:07:39.0078 0x07d0 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:07:39.0078 0x07d0 usbhub - ok
23:07:39.0109 0x07d0 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:07:39.0109 0x07d0 usbprint - ok
23:07:39.0125 0x07d0 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:07:39.0125 0x07d0 usbscan - ok
23:07:39.0156 0x07d0 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:07:39.0156 0x07d0 USBSTOR - ok
23:07:39.0187 0x07d0 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:07:39.0187 0x07d0 usbuhci - ok
23:07:39.0187 0x07d0 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:07:39.0187 0x07d0 VgaSave - ok
23:07:39.0203 0x07d0 ViaIde - ok
23:07:39.0218 0x07d0 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:07:39.0218 0x07d0 VolSnap - ok
23:07:39.0250 0x07d0 [ 043539881667BB37B07524032D6FFC3E ] VSS C:\WINDOWS\System32\vssvc.exe
23:07:39.0265 0x07d0 VSS - ok
23:07:39.0312 0x07d0 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time C:\WINDOWS\system32\w32time.dll
23:07:39.0328 0x07d0 W32Time - ok
23:07:39.0343 0x07d0 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:07:39.0343 0x07d0 Wanarp - ok
23:07:39.0359 0x07d0 WDICA - ok
23:07:39.0375 0x07d0 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:07:39.0375 0x07d0 wdmaud - ok
23:07:39.0390 0x07d0 [ 3791ADF1D3466AC6B4B662D3F79CBFEC ] WebClient C:\WINDOWS\System32\webclnt.dll
23:07:39.0406 0x07d0 WebClient - ok
23:07:39.0484 0x07d0 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:07:39.0484 0x07d0 winmgmt - ok
23:07:39.0546 0x07d0 [ E02E913B3841717A890A644EE167B9A5 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
23:07:39.0546 0x07d0 WmdmPmSN - ok
23:07:39.0593 0x07d0 [ 0CDC4A0C6B820FAD99FB4CA74CD0C476 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:07:39.0609 0x07d0 Wmi - ok
23:07:39.0625 0x07d0 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:07:39.0640 0x07d0 WmiApSrv - ok
23:07:39.0671 0x07d0 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:07:39.0671 0x07d0 WS2IFSL - ok
23:07:39.0687 0x07d0 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:07:39.0687 0x07d0 wscsvc - ok
23:07:39.0734 0x07d0 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:07:39.0734 0x07d0 wuauserv - ok
23:07:39.0765 0x07d0 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:07:39.0781 0x07d0 WZCSVC - ok
23:07:39.0781 0x07d0 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:07:39.0796 0x07d0 xmlprov - ok
23:07:39.0812 0x07d0 ================ Scan global ===============================
23:07:39.0828 0x07d0 [ F642F3368D2839798DA79E7BA9218481 ] C:\WINDOWS\system32\basesrv.dll
23:07:39.0843 0x07d0 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
23:07:39.0859 0x07d0 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
23:07:39.0875 0x07d0 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] C:\WINDOWS\system32\services.exe
23:07:39.0890 0x07d0 [Global] - ok
23:07:39.0890 0x07d0 ================ Scan MBR ==================================
23:07:39.0921 0x07d0 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
23:07:40.0078 0x07d0 \Device\Harddisk0\DR0 - ok
23:07:40.0078 0x07d0 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR2
23:07:43.0781 0x07d0 \Device\Harddisk1\DR2 - ok
23:07:43.0781 0x07d0 ================ Scan VBR ==================================
23:07:43.0796 0x07d0 [ C88C6B50A2551310D4B35011B5801A62 ] \Device\Harddisk0\DR0\Partition1
23:07:43.0796 0x07d0 \Device\Harddisk0\DR0\Partition1 - ok
23:07:43.0796 0x07d0 [ 2C2E76AB879E56F5A18F0C7BB70DE998 ] \Device\Harddisk1\DR2\Partition1
23:07:43.0796 0x07d0 \Device\Harddisk1\DR2\Partition1 - ok
23:07:43.0812 0x07d0 ============================================================
23:07:43.0812 0x07d0 Scan finished
23:07:43.0812 0x07d0 ============================================================
23:07:43.0828 0x0754 Detected object count: 1
23:07:43.0828 0x0754 Actual detected object count: 1
23:08:00.0359 0x0754 atapi ( LockedFile.Multi.Generic ) - skipped by user
23:08:00.0359 0x0754 atapi ( LockedFile.Multi.Generic ) - User select action: Skip

#13 Příspěvek od **Rudy** » 02 lis 2013 11:14

Nastala nějaká změna?

Galder · #14 Příspěvek od **Galder** » 02 lis 2013 17:07

Ahoj, byl jsem do teď pryč. Každopádně, chyba je pořád stejná a net zatím nefunguje. Rudy, u scanu jsem dal ale skip, protože jsem nevěděl jestli můžu rovnou dát smazat. Takže mám to dát odstranit?

#15 Příspěvek od **Rudy** » 02 lis 2013 18:30

Galder píše:Ahoj, byl jsem do teď pryč. Každopádně, chyba je pořád stejná a net zatím nefunguje. Rudy, u scanu jsem dal ale skip, protože jsem nevěděl jestli můžu rovnou dát smazat. Takže mám to dát odstranit?

Určitě odstraňte.

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu