Obsah fóra
PravidláRegistrovaťPrihlásenie




Odpovedať na tému [ Príspevkov: 28 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.12
Prihlásený: 14.02.13
Príspevky: 21
Témy: 2
Príspevok NapísalOffline : 22.01.2013 17:05

Včera mi kamarat na fb poslal virus ,alebo skor nejaky h@cker s jeho fb sprava obsahovala link na subor s nazvom IMG2853272-JPG.scr , a ja sprostý som to ešte aj otvorel ....hneď potom sa mi to nezdalo lebo som mislel že je to obrazok ale otvoril sa nejaky program ktory sa hneď aj zavrel ....tak som s eset nod32 6 preskenoval cely pc a naslo mi 2 virusi v ramke (myslim že jeden je na jednej a druhý na druhej ramke)
v protokole mi naskocilo toto

Kód:
Protokol o kontrole
Verzia vírusovej databázy: 7901 (20130116)
Dátum: 22. 1. 2013  Čas: 16:27:59
Testované disky, adresáre a súbory: Pamäť
Operačná pamäť » C:\Users\Daniel\76968780866536342\winsvc.exe - variant infiltrácie Win32/Phorpiex.A červ - nemožno liečiť
Operačná pamäť » C:\Users\Daniel\75439967573920484\winsvr.exe - pravdepodobne variant infiltrácie Win32/Phorpiex.A červ - nemožno liečiť
Počet diagnostikovaných objektov: 172
Počet nájdených vírusov: 2
Počet vyliečených objektov: 0
Čas ukončenia: 16:28:04  Celkový čas diagnostiky: 5 sek (00:00:05)


virus nejde zmazať .....
v taskmanageri bezia ako winsvc.exe*32
keď v taskmanageri ho ukoncim a dam zoskenovať tak už nič nenajde ale ked som restartoval pc tak opať vyskocil...čital som že virus ked sa pc vypne tak sa presunie na hdd a ked zapne tak zas z hdd na ram.....
mam v plane zajtra preinstalovať win takže ked formatujem hdd či sa zmaže ,alebo ostane na ram...
za každu odpoveď vopred ďakujem







_________________
Windows 8 Pro 64bit
Processor: AMD FX-6300
Grafika: HD 7770 1GB
Základná doska: GIGABYTE GA-970A-DS3
RAM: 16GB (2X8 1333mhz)
HDD: 1TB
Skrinka: EVOLVE K4
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 17:27

ahoj Stiahni si RSIT z http://images.malwareremoval.com/random/RSIT.exe pre 64 bit verzie http://images.malwareremoval.com/random/RSITx64.exe spusť daj continue chvíľu počkaj dokým sa vygeneruje log keď ho vygeneruje nájdeš ho na C:\rsit\log.txt log vlož sem


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.12
Prihlásený: 14.02.13
Príspevky: 21
Témy: 2
Príspevok Napísal autor témyOffline : 22.01.2013 17:42

nevoslo tu vsetko takze dufam ze som dal spravne
a este jedna vec ...tento program som spustil ale predtym som vypol tie vyrusi v taskmanageri,tak neviem ci som to dobre spravel

Logfile of random's system information tool 1.09 (written by random/random)
Run by Daniel at 2013-01-22 17:36:58
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 345 GB (76%) free of 454 GB
Total RAM: 16365 MB (88% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:37:02, on 22. 1. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\CNABCSWK.EXE
C:\Program Files\trend micro\Daniel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe
O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7617 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1640
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE"
"C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe"
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\CNABCSWK.EXE !hide Canon LBP6000/LBP6018
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 129127CE-D55D-2005-D3EA-1FEFF92A7740 -Reinvoke
"C:\Users\Daniel\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-10-17 13307496]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-11-26 6325936]
"CNAP2 Launcher"=C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [2010-01-11 226784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"=C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2012-04-26 3111744]
"RGSC"=C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-13 306088]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-09-28 642728]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"GBTUpd"=C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe [2008-04-03 297480]
"EasyTuneVI"=C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [2012-02-01 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll







_________________
Windows 8 Pro 64bit
Processor: AMD FX-6300
Grafika: HD 7770 1GB
Základná doska: GIGABYTE GA-970A-DS3
RAM: 16GB (2X8 1333mhz)
HDD: 1TB
Skrinka: EVOLVE K4
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 17:49

dobre a druha časť


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.12
Prihlásený: 14.02.13
Príspevky: 21
Témy: 2
Príspevok Napísal autor témyOffline : 22.01.2013 17:53

maš na mysli info v tej zlozke?







_________________
Windows 8 Pro 64bit
Processor: AMD FX-6300
Grafika: HD 7770 1GB
Základná doska: GIGABYTE GA-970A-DS3
RAM: 16GB (2X8 1333mhz)
HDD: 1TB
Skrinka: EVOLVE K4
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 17:57

nie log neni cely


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.12
Prihlásený: 14.02.13
Príspevky: 21
Témy: 2
Príspevok Napísal autor témyOffline : 22.01.2013 18:02

obsahuje to prilis vela znakov ,tak to tu dam takto
Kód:
http://uloz.to/xpq9P62/log-txt







_________________
Windows 8 Pro 64bit
Processor: AMD FX-6300
Grafika: HD 7770 1GB
Základná doska: GIGABYTE GA-970A-DS3
RAM: 16GB (2X8 1333mhz)
HDD: 1TB
Skrinka: EVOLVE K4
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 18:04

Stiahni si tdsskiller http://support.kaspersky.com/downloads/ ... killer.exe na plochu
Spusť daj scan
C:\TDSSKiller.2.8.15.0._datum_log.txt , vlož sem celý log


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.12
Prihlásený: 14.02.13
Príspevky: 21
Témy: 2
Príspevok Napísal autor témyOffline : 22.01.2013 18:11

18:05:26.0353 3972 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:05:26.0518 3972 ============================================================
18:05:26.0518 3972 Current date / time: 2013/01/22 18:05:26.0518
18:05:26.0518 3972 SystemInfo:
18:05:26.0518 3972
18:05:26.0518 3972 OS Version: 6.1.7601 ServicePack: 1.0
18:05:26.0518 3972 Product type: Workstation
18:05:26.0518 3972 ComputerName: DANIEL-PC
18:05:26.0518 3972 UserName: Daniel
18:05:26.0518 3972 Windows directory: C:\Windows
18:05:26.0518 3972 System windows directory: C:\Windows
18:05:26.0518 3972 Running under WOW64
18:05:26.0518 3972 Processor architecture: Intel x64
18:05:26.0518 3972 Number of processors: 6
18:05:26.0518 3972 Page size: 0x1000
18:05:26.0518 3972 Boot type: Normal boot
18:05:26.0518 3972 ============================================================
18:05:27.0336 3972 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:05:27.0341 3972 ============================================================
18:05:27.0341 3972 \Device\Harddisk0\DR0:
18:05:27.0341 3972 MBR partitions:
18:05:27.0341 3972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
18:05:27.0341 3972 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x375C7000
18:05:27.0341 3972 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37676800, BlocksNum 0x3D08F800
18:05:27.0341 3972 ============================================================
18:05:27.0382 3972 C: <-> \Device\Harddisk0\DR0\Partition2
18:05:27.0411 3972 D: <-> \Device\Harddisk0\DR0\Partition3
18:05:27.0411 3972 ============================================================
18:05:27.0411 3972 Initialize success
18:05:27.0411 3972 ============================================================
18:05:32.0362 1392 ============================================================
18:05:32.0362 1392 Scan started
18:05:32.0362 1392 Mode: Manual;
18:05:32.0362 1392 ============================================================
18:05:33.0211 1392 ================ Scan system memory ========================
18:05:33.0211 1392 System memory - ok
18:05:33.0212 1392 ================ Scan services =============================
18:05:33.0334 1392 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:05:33.0338 1392 1394ohci - ok
18:05:33.0352 1392 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:05:33.0356 1392 ACPI - ok
18:05:33.0369 1392 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:05:33.0370 1392 AcpiPmi - ok
18:05:33.0396 1392 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:05:33.0403 1392 adp94xx - ok
18:05:33.0412 1392 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:05:33.0417 1392 adpahci - ok
18:05:33.0423 1392 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:05:33.0426 1392 adpu320 - ok
18:05:33.0440 1392 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:05:33.0441 1392 AeLookupSvc - ok
18:05:33.0469 1392 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:05:33.0478 1392 AFD - ok
18:05:33.0494 1392 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:05:33.0496 1392 agp440 - ok
18:05:33.0503 1392 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:05:33.0513 1392 ALG - ok
18:05:33.0535 1392 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:05:33.0537 1392 aliide - ok
18:05:33.0576 1392 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:05:33.0581 1392 AMD External Events Utility - ok
18:05:33.0624 1392 AMD FUEL Service - ok
18:05:33.0635 1392 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:05:33.0636 1392 amdide - ok
18:05:33.0657 1392 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
18:05:33.0659 1392 amdiox64 - ok
18:05:33.0663 1392 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:05:33.0681 1392 AmdK8 - ok
18:05:33.0859 1392 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:05:33.0991 1392 amdkmdag - ok
18:05:34.0011 1392 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:05:34.0013 1392 amdkmdap - ok
18:05:34.0016 1392 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:05:34.0017 1392 AmdPPM - ok
18:05:34.0027 1392 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:05:34.0028 1392 amdsata - ok
18:05:34.0032 1392 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:05:34.0034 1392 amdsbs - ok
18:05:34.0044 1392 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:05:34.0045 1392 amdxata - ok
18:05:34.0112 1392 [ B934322C68C30DCECA96C0274A51F7B0 ] AODDriver C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys
18:05:34.0113 1392 AODDriver - ok
18:05:34.0125 1392 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:05:34.0126 1392 AODDriver4.01 - ok
18:05:34.0138 1392 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:05:34.0140 1392 AODDriver4.2 - ok
18:05:34.0166 1392 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:05:34.0168 1392 AppID - ok
18:05:34.0183 1392 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:05:34.0185 1392 AppIDSvc - ok
18:05:34.0211 1392 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:05:34.0213 1392 Appinfo - ok
18:05:34.0259 1392 [ BA957E7ACD2B44FA3B01FAA64F6A9060 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
18:05:34.0260 1392 AppleCharger - ok
18:05:34.0266 1392 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
18:05:34.0270 1392 AppleChargerSrv - ok
18:05:34.0298 1392 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:05:34.0303 1392 AppMgmt - ok
18:05:34.0313 1392 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:05:34.0331 1392 arc - ok
18:05:34.0338 1392 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:05:34.0340 1392 arcsas - ok
18:05:34.0346 1392 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:05:34.0348 1392 AsyncMac - ok
18:05:34.0363 1392 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:05:34.0363 1392 atapi - ok
18:05:34.0399 1392 [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:05:34.0401 1392 AtiHDAudioService - ok
18:05:34.0435 1392 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:05:34.0449 1392 AudioEndpointBuilder - ok
18:05:34.0457 1392 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:05:34.0461 1392 AudioSrv - ok
18:05:34.0476 1392 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:05:34.0478 1392 AxInstSV - ok
18:05:34.0492 1392 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:05:34.0504 1392 b06bdrv - ok
18:05:34.0525 1392 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:05:34.0528 1392 b57nd60a - ok
18:05:34.0541 1392 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:05:34.0543 1392 BDESVC - ok
18:05:34.0545 1392 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:05:34.0546 1392 Beep - ok
18:05:34.0571 1392 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:05:34.0577 1392 BFE - ok
18:05:34.0595 1392 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:05:34.0602 1392 BITS - ok
18:05:34.0610 1392 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:05:34.0611 1392 blbdrive - ok
18:05:34.0636 1392 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:05:34.0637 1392 bowser - ok
18:05:34.0640 1392 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:05:34.0641 1392 BrFiltLo - ok
18:05:34.0643 1392 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:05:34.0644 1392 BrFiltUp - ok
18:05:34.0662 1392 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:05:34.0664 1392 Browser - ok
18:05:34.0668 1392 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:05:34.0671 1392 Brserid - ok
18:05:34.0674 1392 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:05:34.0675 1392 BrSerWdm - ok
18:05:34.0677 1392 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:05:34.0678 1392 BrUsbMdm - ok
18:05:34.0680 1392 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:05:34.0681 1392 BrUsbSer - ok
18:05:34.0684 1392 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:05:34.0685 1392 BTHMODEM - ok
18:05:34.0699 1392 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:05:34.0700 1392 bthserv - ok
18:05:34.0703 1392 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:05:34.0704 1392 cdfs - ok
18:05:34.0714 1392 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:05:34.0715 1392 cdrom - ok
18:05:34.0727 1392 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:05:34.0729 1392 CertPropSvc - ok
18:05:34.0731 1392 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:05:34.0732 1392 circlass - ok
18:05:34.0749 1392 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:05:34.0752 1392 CLFS - ok
18:05:34.0802 1392 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:05:34.0804 1392 clr_optimization_v2.0.50727_32 - ok
18:05:34.0845 1392 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:05:34.0847 1392 clr_optimization_v2.0.50727_64 - ok
18:05:34.0891 1392 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:05:34.0894 1392 clr_optimization_v4.0.30319_32 - ok
18:05:34.0921 1392 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:05:34.0923 1392 clr_optimization_v4.0.30319_64 - ok
18:05:34.0930 1392 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:05:34.0931 1392 CmBatt - ok
18:05:34.0950 1392 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:05:34.0951 1392 cmdide - ok
18:05:34.0974 1392 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
18:05:34.0980 1392 CNG - ok
18:05:34.0985 1392 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:05:34.0986 1392 Compbatt - ok
18:05:34.0999 1392 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:05:35.0000 1392 CompositeBus - ok
18:05:35.0004 1392 COMSysApp - ok
18:05:35.0010 1392 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:05:35.0011 1392 crcdisk - ok
18:05:35.0058 1392 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:05:35.0062 1392 CryptSvc - ok
18:05:35.0080 1392 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:05:35.0087 1392 CSC - ok
18:05:35.0119 1392 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:05:35.0128 1392 CscService - ok
18:05:35.0156 1392 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:05:35.0163 1392 DcomLaunch - ok
18:05:35.0182 1392 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:05:35.0186 1392 defragsvc - ok
18:05:35.0203 1392 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:05:35.0205 1392 DfsC - ok
18:05:35.0223 1392 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:05:35.0228 1392 Dhcp - ok
18:05:35.0232 1392 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:05:35.0233 1392 discache - ok
18:05:35.0246 1392 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:05:35.0248 1392 Disk - ok
18:05:35.0269 1392 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:05:35.0272 1392 Dnscache - ok
18:05:35.0294 1392 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:05:35.0299 1392 dot3svc - ok
18:05:35.0327 1392 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:05:35.0330 1392 DPS - ok
18:05:35.0353 1392 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:05:35.0354 1392 drmkaud - ok
18:05:35.0384 1392 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:05:35.0387 1392 dtsoftbus01 - ok
18:05:35.0414 1392 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:05:35.0422 1392 DXGKrnl - ok
18:05:35.0459 1392 [ 4337B4BF0F65B12A67D15CE868125B8F ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
18:05:35.0470 1392 eamonm - ok
18:05:35.0488 1392 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:05:35.0490 1392 EapHost - ok
18:05:35.0547 1392 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:05:35.0596 1392 ebdrv - ok
18:05:35.0617 1392 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:05:35.0618 1392 EFS - ok
18:05:35.0653 1392 [ EAD87F4C50ACFC045C56E035C7BF01F9 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
18:05:35.0654 1392 ehdrv - ok
18:05:35.0692 1392 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:05:35.0703 1392 ehRecvr - ok
18:05:35.0727 1392 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:05:35.0729 1392 ehSched - ok
18:05:35.0876 1392 [ E95AB781773870BD68ABE1AE1B57A8AC ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
18:05:35.0892 1392 ekrn - ok
18:05:35.0917 1392 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:05:35.0922 1392 elxstor - ok
18:05:35.0948 1392 [ 41A98830691AB0319357AEA95394F46A ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
18:05:35.0949 1392 epfwwfpr - ok
18:05:35.0969 1392 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:05:35.0970 1392 ErrDev - ok
18:05:36.0025 1392 [ 84486624268E078255BC7AA47F0960BC ] etdrv C:\Windows\etdrv.sys
18:05:36.0026 1392 etdrv - ok
18:05:36.0061 1392 [ DB6AEC32FAF5BD002D9ED6C38692D42B ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
18:05:36.0062 1392 EtronHub3 - ok
18:05:36.0073 1392 [ 9CC2F24274741E12F9DF92125EA6D6D8 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
18:05:36.0075 1392 EtronXHCI - ok
18:05:36.0088 1392 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:05:36.0092 1392 EventSystem - ok
18:05:36.0097 1392 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:05:36.0099 1392 exfat - ok
18:05:36.0104 1392 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:05:36.0106 1392 fastfat - ok
18:05:36.0130 1392 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:05:36.0137 1392 Fax - ok
18:05:36.0140 1392 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:05:36.0141 1392 fdc - ok
18:05:36.0168 1392 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:05:36.0168 1392 fdPHost - ok
18:05:36.0176 1392 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:05:36.0177 1392 FDResPub - ok
18:05:36.0180 1392 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:05:36.0181 1392 FileInfo - ok
18:05:36.0184 1392 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:05:36.0185 1392 Filetrace - ok
18:05:36.0188 1392 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:05:36.0189 1392 flpydisk - ok
18:05:36.0216 1392 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:05:36.0219 1392 FltMgr - ok
18:05:36.0246 1392 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:05:36.0257 1392 FontCache - ok
18:05:36.0292 1392 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:05:36.0292 1392 FontCache3.0.0.0 - ok
18:05:36.0295 1392 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:05:36.0297 1392 FsDepends - ok
18:05:36.0323 1392 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
18:05:36.0324 1392 fssfltr - ok
18:05:36.0397 1392 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:05:36.0424 1392 fsssvc - ok
18:05:36.0453 1392 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:05:36.0453 1392 Fs_Rec - ok
18:05:36.0474 1392 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:05:36.0476 1392 fvevol - ok
18:05:36.0488 1392 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:05:36.0490 1392 gagp30kx - ok
18:05:36.0523 1392 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
18:05:36.0523 1392 gdrv - ok
18:05:36.0546 1392 [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
18:05:36.0548 1392 ggflt - ok
18:05:36.0577 1392 [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
18:05:36.0578 1392 ggsemc - ok
18:05:36.0611 1392 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:05:36.0621 1392 gpsvc - ok
18:05:36.0648 1392 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:05:36.0650 1392 gupdate - ok
18:05:36.0654 1392 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:05:36.0655 1392 gupdatem - ok
18:05:36.0681 1392 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys
18:05:36.0682 1392 GVTDrv64 - ok
18:05:36.0699 1392 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:05:36.0700 1392 hcw85cir - ok
18:05:36.0743 1392 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:05:36.0762 1392 HdAudAddService - ok
18:05:36.0782 1392 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:05:36.0785 1392 HDAudBus - ok
18:05:36.0791 1392 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:05:36.0792 1392 HidBatt - ok
18:05:36.0811 1392 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:05:36.0813 1392 HidBth - ok
18:05:36.0817 1392 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:05:36.0819 1392 HidIr - ok
18:05:36.0833 1392 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:05:36.0834 1392 hidserv - ok
18:05:36.0859 1392 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
18:05:36.0860 1392 HidUsb - ok
18:05:36.0878 1392 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:05:36.0881 1392 hkmsvc - ok
18:05:36.0910 1392 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:05:36.0914 1392 HomeGroupListener - ok
18:05:36.0925 1392 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:05:36.0928 1392 HomeGroupProvider - ok
18:05:36.0941 1392 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:05:36.0943 1392 HpSAMD - ok
18:05:36.0977 1392 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:05:36.0986 1392 HTTP - ok
18:05:36.0996 1392 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:05:36.0996 1392 hwpolicy - ok
18:05:37.0018 1392 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:05:37.0020 1392 i8042prt - ok
18:05:37.0036 1392 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:05:37.0044 1392 iaStorV - ok
18:05:37.0075 1392 [ 33D4D4A24791587E83F7EE05A446FB7E ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
18:05:37.0078 1392 ICCS - ok
18:05:37.0119 1392 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:05:37.0121 1392 IDriverT - ok
18:05:37.0196 1392 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:05:37.0212 1392 idsvc - ok
18:05:37.0223 1392 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:05:37.0224 1392 iirsp - ok
18:05:37.0244 1392 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:05:37.0254 1392 IKEEXT - ok
18:05:37.0306 1392 [ F2744FD54BE1580BE05916D1C755C92A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:05:37.0320 1392 IntcAzAudAddService - ok
18:05:37.0337 1392 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:05:37.0338 1392 intelide - ok
18:05:37.0341 1392 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:05:37.0342 1392 intelppm - ok
18:05:37.0351 1392 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:05:37.0353 1392 IPBusEnum - ok
18:05:37.0369 1392 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:05:37.0380 1392 IpFilterDriver - ok
18:05:37.0407 1392 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:05:37.0412 1392 iphlpsvc - ok
18:05:37.0421 1392 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:05:37.0423 1392 IPMIDRV - ok
18:05:37.0426 1392 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:05:37.0427 1392 IPNAT - ok
18:05:37.0429 1392 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:05:37.0430 1392 IRENUM - ok
18:05:37.0438 1392 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:05:37.0439 1392 isapnp - ok
18:05:37.0459 1392 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:05:37.0472 1392 iScsiPrt - ok
18:05:37.0493 1392 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:05:37.0494 1392 kbdclass - ok
18:05:37.0503 1392 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:05:37.0504 1392 kbdhid - ok
18:05:37.0513 1392 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:05:37.0516 1392 KeyIso - ok
18:05:37.0526 1392 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:05:37.0527 1392 KSecDD - ok
18:05:37.0541 1392 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:05:37.0542 1392 KSecPkg - ok
18:05:37.0556 1392 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:05:37.0557 1392 ksthunk - ok
18:05:37.0571 1392 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:05:37.0576 1392 KtmRm - ok
18:05:37.0619 1392 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:05:37.0645 1392 LanmanServer - ok
18:05:37.0657 1392 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:05:37.0660 1392 LanmanWorkstation - ok
18:05:37.0667 1392 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:05:37.0668 1392 lltdio - ok
18:05:37.0684 1392 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:05:37.0687 1392 lltdsvc - ok
18:05:37.0690 1392 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:05:37.0691 1392 lmhosts - ok
18:05:37.0700 1392 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:05:37.0707 1392 LSI_FC - ok
18:05:37.0710 1392 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:05:37.0711 1392 LSI_SAS - ok
18:05:37.0714 1392 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:05:37.0715 1392 LSI_SAS2 - ok
18:05:37.0718 1392 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:05:37.0720 1392 LSI_SCSI - ok
18:05:37.0735 1392 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:05:37.0736 1392 luafv - ok
18:05:37.0756 1392 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:05:37.0760 1392 Mcx2Svc - ok
18:05:37.0766 1392 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:05:37.0767 1392 megasas - ok
18:05:37.0785 1392 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:05:37.0791 1392 MegaSR - ok
18:05:37.0813 1392 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:05:37.0816 1392 MMCSS - ok
18:05:37.0822 1392 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:05:37.0824 1392 Modem - ok
18:05:37.0845 1392 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:05:37.0846 1392 monitor - ok
18:05:37.0863 1392 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
18:05:37.0865 1392 mouclass - ok
18:05:37.0873 1392 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:05:37.0874 1392 mouhid - ok
18:05:37.0901 1392 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:05:37.0903 1392 mountmgr - ok
18:05:37.0913 1392 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:05:37.0916 1392 mpio - ok
18:05:37.0933 1392 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:05:37.0935 1392 mpsdrv - ok
18:05:37.0975 1392 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:05:37.0985 1392 MpsSvc - ok
18:05:38.0010 1392 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:05:38.0013 1392 MRxDAV - ok
18:05:38.0038 1392 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:05:38.0041 1392 mrxsmb - ok
18:05:38.0048 1392 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:05:38.0052 1392 mrxsmb10 - ok
18:05:38.0077 1392 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:05:38.0079 1392 mrxsmb20 - ok
18:05:38.0089 1392 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:05:38.0102 1392 msahci - ok
18:05:38.0121 1392 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:05:38.0123 1392 msdsm - ok
18:05:38.0142 1392 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:05:38.0146 1392 MSDTC - ok
18:05:38.0161 1392 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:05:38.0171 1392 Msfs - ok
18:05:38.0175 1392 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:05:38.0176 1392 mshidkmdf - ok
18:05:38.0187 1392 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:05:38.0188 1392 msisadrv - ok
18:05:38.0204 1392 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:05:38.0207 1392 MSiSCSI - ok
18:05:38.0211 1392 msiserver - ok
18:05:38.0231 1392 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:05:38.0232 1392 MSKSSRV - ok
18:05:38.0236 1392 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:05:38.0237 1392 MSPCLOCK - ok
18:05:38.0246 1392 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:05:38.0247 1392 MSPQM - ok
18:05:38.0264 1392 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:05:38.0277 1392 MsRPC - ok
18:05:38.0298 1392 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:05:38.0298 1392 mssmbios - ok
18:05:38.0302 1392 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:05:38.0304 1392 MSTEE - ok
18:05:38.0308 1392 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:05:38.0309 1392 MTConfig - ok
18:05:38.0313 1392 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:05:38.0315 1392 Mup - ok
18:05:38.0337 1392 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:05:38.0342 1392 napagent - ok
18:05:38.0357 1392 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:05:38.0360 1392 NativeWifiP - ok
18:05:38.0393 1392 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:05:38.0400 1392 NDIS - ok
18:05:38.0412 1392 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:05:38.0413 1392 NdisCap - ok
18:05:38.0416 1392 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:05:38.0417 1392 NdisTapi - ok
18:05:38.0439 1392 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:05:38.0440 1392 Ndisuio - ok
18:05:38.0463 1392 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:05:38.0465 1392 NdisWan - ok
18:05:38.0494 1392 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:05:38.0496 1392 NDProxy - ok
18:05:38.0512 1392 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:05:38.0514 1392 NetBIOS - ok
18:05:38.0535 1392 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:05:38.0539 1392 NetBT - ok
18:05:38.0557 1392 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:05:38.0559 1392 Netlogon - ok
18:05:38.0577 1392 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:05:38.0583 1392 Netman - ok
18:05:38.0593 1392 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:05:38.0600 1392 netprofm - ok
18:05:38.0615 1392 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:05:38.0617 1392 NetTcpPortSharing - ok
18:05:38.0640 1392 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:05:38.0641 1392 nfrd960 - ok
18:05:38.0672 1392 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:05:38.0678 1392 NlaSvc - ok
18:05:38.0682 1392 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:05:38.0684 1392 Npfs - ok
18:05:38.0697 1392 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:05:38.0699 1392 nsi - ok
18:05:38.0703 1392 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:05:38.0704 1392 nsiproxy - ok
18:05:38.0745 1392 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:05:38.0772 1392 Ntfs - ok
18:05:38.0782 1392 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:05:38.0796 1392 Null - ok
18:05:38.0818 1392 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:05:38.0820 1392 nvraid - ok
18:05:38.0828 1392 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:05:38.0842 1392 nvstor - ok
18:05:38.0855 1392 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:05:38.0856 1392 nv_agp - ok
18:05:38.0873 1392 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:05:38.0874 1392 ohci1394 - ok
18:05:38.0883 1392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:05:38.0887 1392 p2pimsvc - ok
18:05:38.0897 1392 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:05:38.0901 1392 p2psvc - ok
18:05:38.0904 1392 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:05:38.0906 1392 Parport - ok
18:05:38.0933 1392 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:05:38.0934 1392 partmgr - ok
18:05:38.0938 1392 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:05:38.0940 1392 PcaSvc - ok
18:05:38.0949 1392 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:05:38.0950 1392 pci - ok
18:05:38.0968 1392 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:05:38.0969 1392 pciide - ok
18:05:38.0982 1392 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:05:38.0984 1392 pcmcia - ok
18:05:38.0987 1392 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:05:38.0988 1392 pcw - ok
18:05:39.0004 1392 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:05:39.0009 1392 PEAUTH - ok
18:05:39.0031 1392 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:05:39.0045 1392 PeerDistSvc - ok
18:05:39.0110 1392 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:05:39.0112 1392 PerfHost - ok
18:05:39.0176 1392 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:05:39.0197 1392 pla - ok
18:05:39.0244 1392 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:05:39.0249 1392 PlugPlay - ok
18:05:39.0252 1392 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:05:39.0254 1392 PNRPAutoReg - ok
18:05:39.0259 1392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:05:39.0262 1392 PNRPsvc - ok
18:05:39.0283 1392 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:05:39.0288 1392 PolicyAgent - ok
18:05:39.0305 1392 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:05:39.0308 1392 Power - ok
18:05:39.0348 1392 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:05:39.0351 1392 PptpMiniport - ok
18:05:39.0357 1392 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:05:39.0360 1392 Processor - ok
18:05:39.0390 1392 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:05:39.0393 1392 ProfSvc - ok
18:05:39.0399 1392 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:05:39.0400 1392 ProtectedStorage - ok
18:05:39.0433 1392 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:05:39.0436 1392 Psched - ok
18:05:39.0475 1392 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:05:39.0519 1392 ql2300 - ok
18:05:39.0525 1392 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:05:39.0527 1392 ql40xx - ok
18:05:39.0549 1392 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:05:39.0553 1392 QWAVE - ok
18:05:39.0557 1392 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:05:39.0559 1392 QWAVEdrv - ok
18:05:39.0562 1392 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:05:39.0563 1392 RasAcd - ok
18:05:39.0589 1392 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:05:39.0599 1392 RasAgileVpn - ok
18:05:39.0613 1392 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:05:39.0618 1392 RasAuto - ok
18:05:39.0637 1392 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:05:39.0641 1392 Rasl2tp - ok
18:05:39.0663 1392 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:05:39.0668 1392 RasMan - ok
18:05:39.0672 1392 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:05:39.0674 1392 RasPppoe - ok
18:05:39.0683 1392 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:05:39.0684 1392 RasSstp - ok
18:05:39.0700 1392 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:05:39.0704 1392 rdbss - ok
18:05:39.0708 1392 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:05:39.0709 1392 rdpbus - ok
18:05:39.0712 1392 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:05:39.0712 1392 RDPCDD - ok
18:05:39.0732 1392 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:05:39.0735 1392 RDPDR - ok
18:05:39.0738 1392 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:05:39.0739 1392 RDPENCDD - ok
18:05:39.0744 1392 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:05:39.0744 1392 RDPREFMP - ok
18:05:39.0786 1392 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:05:39.0788 1392 RdpVideoMiniport - ok
18:05:39.0822 1392 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:05:39.0827 1392 RDPWD - ok
18:05:39.0902 1392 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:05:39.0927 1392 rdyboost - ok
18:05:39.0968 1392 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:05:39.0972 1392 RemoteAccess - ok
18:05:39.0986 1392 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:05:39.0992 1392 RemoteRegistry - ok
18:05:40.0000 1392 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:05:40.0004 1392 RpcEptMapper - ok
18:05:40.0015 1392 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:05:40.0018 1392 RpcLocator - ok
18:05:40.0039 1392 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:05:40.0047 1392 RpcSs - ok
18:05:40.0067 1392 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:05:40.0070 1392 rspndr - ok
18:05:40.0115 1392 [ 2E7D1CA91D62501713C9D6E6704395C6 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
18:05:40.0119 1392 RTHDMIAzAudService - ok
18:05:40.0143 1392 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:05:40.0148 1392 RTL8167 - ok
18:05:40.0169 1392 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:05:40.0171 1392 s3cap - ok
18:05:40.0182 1392 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:05:40.0184 1392 SamSs - ok
18:05:40.0202 1392 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:05:40.0205 1392 sbp2port - ok
18:05:40.0218 1392 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:05:40.0223 1392 SCardSvr - ok
18:05:40.0240 1392 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:05:40.0241 1392 scfilter - ok
18:05:40.0272 1392 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:05:40.0290 1392 Schedule - ok
18:05:40.0318 1392 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:05:40.0319 1392 SCPolicySvc - ok
18:05:40.0343 1392 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:05:40.0347 1392 SDRSVC - ok
18:05:40.0352 1392 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:05:40.0353 1392 secdrv - ok
18:05:40.0379 1392 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:05:40.0382 1392 seclogon - ok
18:05:40.0406 1392 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
18:05:40.0407 1392 seehcri - ok
18:05:40.0417 1392 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:05:40.0418 1392 SENS - ok
18:05:40.0422 1392 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:05:40.0425 1392 SensrSvc - ok
18:05:40.0428 1392 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:05:40.0429 1392 Serenum - ok
18:05:40.0433 1392 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:05:40.0435 1392 Serial - ok
18:05:40.0451 1392 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:05:40.0452 1392 sermouse - ok
18:05:40.0478 1392 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:05:40.0481 1392 SessionEnv - ok
18:05:40.0502 1392 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:05:40.0503 1392 sffdisk - ok
18:05:40.0510 1392 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:05:40.0511 1392 sffp_mmc - ok
18:05:40.0513 1392 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:05:40.0514 1392 sffp_sd - ok
18:05:40.0524 1392 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:05:40.0531 1392 sfloppy - ok
18:05:40.0540 1392 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:05:40.0544 1392 SharedAccess - ok
18:05:40.0563 1392 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:05:40.0567 1392 ShellHWDetection - ok
18:05:40.0583 1392 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:05:40.0595 1392 SiSRaid2 - ok
18:05:40.0599 1392 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:05:40.0610 1392 SiSRaid4 - ok
18:05:40.0622 1392 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:05:40.0623 1392 Smb - ok
18:05:40.0637 1392 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:05:40.0640 1392 SNMPTRAP - ok
18:05:40.0643 1392 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:05:40.0643 1392 spldr - ok
18:05:40.0666 1392 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:05:40.0671 1392 Spooler - ok
18:05:40.0728 1392 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:05:40.0760 1392 sppsvc - ok
18:05:40.0772 1392 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:05:40.0774 1392 sppuinotify - ok
18:05:40.0788 1392 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:05:40.0793 1392 srv - ok
18:05:40.0815 1392 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:05:40.0819 1392 srv2 - ok
18:05:40.0836 1392 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:05:40.0838 1392 srvnet - ok
18:05:40.0851 1392 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:05:40.0854 1392 SSDPSRV - ok
18:05:40.0857 1392 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:05:40.0859 1392 SstpSvc - ok
18:05:40.0868 1392 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:05:40.0869 1392 stexstor - ok
18:05:40.0887 1392 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:05:40.0892 1392 stisvc - ok
18:05:40.0901 1392 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:05:40.0901 1392 storflt - ok
18:05:40.0907 1392 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:05:40.0908 1392 storvsc - ok
18:05:40.0920 1392 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:05:40.0920 1392 swenum - ok
18:05:40.0941 1392 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:05:40.0946 1392 swprv - ok
18:05:40.0961 1392 Synth3dVsc - ok
18:05:41.0018 1392 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:05:41.0053 1392 SysMain - ok
18:05:41.0081 1392 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:05:41.0083 1392 TabletInputService - ok
18:05:41.0096 1392 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:05:41.0101 1392 TapiSrv - ok
18:05:41.0111 1392 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:05:41.0113 1392 TBS - ok
18:05:41.0153 1392 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:05:41.0179 1392 Tcpip - ok
18:05:41.0220 1392 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:05:41.0231 1392 TCPIP6 - ok
18:05:41.0244 1392 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:05:41.0245 1392 tcpipreg - ok
18:05:41.0257 1392 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:05:41.0258 1392 TDPIPE - ok
18:05:41.0271 1392 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:05:41.0272 1392 TDTCP - ok
18:05:41.0290 1392 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:05:41.0293 1392 tdx - ok
18:05:41.0305 1392 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:05:41.0306 1392 TermDD - ok
18:05:41.0330 1392 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:05:41.0348 1392 TermService - ok
18:05:41.0365 1392 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:05:41.0368 1392 Themes - ok
18:05:41.0379 1392 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:05:41.0381 1392 THREADORDER - ok
18:05:41.0390 1392 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:05:41.0393 1392 TrkWks - ok
18:05:41.0420 1392 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:05:41.0422 1392 TrustedInstaller - ok
18:05:41.0453 1392 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:05:41.0454 1392 tssecsrv - ok
18:05:41.0471 1392 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:05:41.0474 1392 TsUsbFlt - ok
18:05:41.0479 1392 tsusbhub - ok
18:05:41.0508 1392 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:05:41.0511 1392 tunnel - ok
18:05:41.0527 1392 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:05:41.0530 1392 uagp35 - ok
18:05:41.0551 1392 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:05:41.0557 1392 udfs - ok
18:05:41.0578 1392 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:05:41.0582 1392 UI0Detect - ok
18:05:41.0600 1392 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:05:41.0602 1392 uliagpkx - ok
18:05:41.0633 1392 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:05:41.0635 1392 umbus - ok
18:05:41.0641 1392 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:05:41.0643 1392 UmPass - ok
18:05:41.0662 1392 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:05:41.0668 1392 UmRdpService - ok
18:05:41.0686 1392 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:05:41.0694 1392 upnphost - ok
18:05:41.0719 1392 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:05:41.0722 1392 usbccgp - ok
18:05:41.0744 1392 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:05:41.0747 1392 usbcir - ok
18:05:41.0760 1392 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:05:41.0762 1392 usbehci - ok
18:05:41.0783 1392 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:05:41.0789 1392 usbhub - ok
18:05:41.0801 1392 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:05:41.0803 1392 usbohci - ok
18:05:41.0818 1392 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:05:41.0820 1392 usbprint - ok
18:05:41.0827 1392 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
18:05:41.0829 1392 USBSTOR - ok
18:05:41.0839 1392 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:05:41.0840 1392 usbuhci - ok
18:05:41.0846 1392 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:05:41.0848 1392 UxSms - ok
18:05:41.0857 1392 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:05:41.0858 1392 VaultSvc - ok
18:05:41.0872 1392 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:05:41.0885 1392 vdrvroot - ok
18:05:41.0901 1392 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:05:41.0908 1392 vds - ok
18:05:41.0912 1392 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:05:41.0913 1392 vga - ok
18:05:41.0916 1392 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:05:41.0917 1392 VgaSave - ok
18:05:41.0920 1392 VGPU - ok
18:05:41.0940 1392 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:05:41.0943 1392 vhdmp - ok
18:05:41.0959 1392 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:05:41.0960 1392 viaide - ok
18:05:41.0970 1392 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:05:41.0972 1392 vmbus - ok
18:05:41.0982 1392 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:05:41.0983 1392 VMBusHID - ok
18:05:41.0992 1392 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:05:41.0993 1392 volmgr - ok
18:05:42.0012 1392 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:05:42.0015 1392 volmgrx - ok
18:05:42.0027 1392 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:05:42.0030 1392 volsnap - ok
18:05:42.0052 1392 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:05:42.0053 1392 vsmraid - ok
18:05:42.0080 1392 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:05:42.0096 1392 VSS - ok
18:05:42.0099 1392 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:05:42.0106 1392 vwifibus - ok
18:05:42.0125 1392 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:05:42.0129 1392 W32Time - ok
18:05:42.0133 1392 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:05:42.0134 1392 WacomPen - ok
18:05:42.0154 1392 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:05:42.0155 1392 WANARP - ok
18:05:42.0164 1392 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:05:42.0165 1392 Wanarpv6 - ok
18:05:42.0213 1392 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:05:42.0227 1392 Suspicious file (NoAccess): C:\Windows\system32\Wat\WatAdminSvc.exe. md5: 3CEC96DE223E49EAAE3651FCF8FAEA6C
18:05:42.0240 1392 WatAdminSvc ( LockedFile.Multi.Generic ) - warning
18:05:42.0241 1392 WatAdminSvc - detected LockedFile.Multi.Generic (1)
18:05:42.0281 1392 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:05:42.0324 1392 wbengine - ok
18:05:42.0341 1392 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:05:42.0346 1392 WbioSrvc - ok
18:05:42.0361 1392 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:05:42.0367 1392 wcncsvc - ok
18:05:42.0372 1392 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:05:42.0374 1392 WcsPlugInService - ok
18:05:42.0376 1392 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:05:42.0377 1392 Wd - ok
18:05:42.0407 1392 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:05:42.0413 1392 Wdf01000 - ok
18:05:42.0424 1392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:05:42.0426 1392 WdiServiceHost - ok
18:05:42.0428 1392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:05:42.0430 1392 WdiSystemHost - ok
18:05:42.0450 1392 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:05:42.0453 1392 WebClient - ok
18:05:42.0465 1392 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:05:42.0469 1392 Wecsvc - ok
18:05:42.0479 1392 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:05:42.0481 1392 wercplsupport - ok
18:05:42.0507 1392 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll







_________________
Windows 8 Pro 64bit
Processor: AMD FX-6300
Grafika: HD 7770 1GB
Základná doska: GIGABYTE GA-970A-DS3
RAM: 16GB (2X8 1333mhz)
HDD: 1TB
Skrinka: EVOLVE K4
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.12
Prihlásený: 14.02.13
Príspevky: 21
Témy: 2
Príspevok Napísal autor témyOffline : 22.01.2013 18:11

18:05:42.0509 1392 WerSvc - ok
18:05:42.0511 1392 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:05:42.0512 1392 WfpLwf - ok
18:05:42.0515 1392 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:05:42.0515 1392 WIMMount - ok
18:05:42.0536 1392 WinDefend - ok
18:05:42.0539 1392 WinHttpAutoProxySvc - ok
18:05:42.0575 1392 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:05:42.0577 1392 Winmgmt - ok
18:05:42.0607 1392 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:05:42.0634 1392 WinRM - ok
18:05:42.0663 1392 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:05:42.0664 1392 WinUsb - ok
18:05:42.0686 1392 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:05:42.0695 1392 Wlansvc - ok
18:05:42.0744 1392 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:05:42.0746 1392 wlcrasvc - ok
18:05:42.0843 1392 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:05:42.0883 1392 wlidsvc - ok
18:05:42.0906 1392 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:05:42.0907 1392 WmiAcpi - ok
18:05:42.0937 1392 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:05:42.0940 1392 wmiApSrv - ok
18:05:42.0943 1392 WMPNetworkSvc - ok
18:05:42.0959 1392 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:05:42.0963 1392 WPCSvc - ok
18:05:42.0978 1392 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:05:42.0981 1392 WPDBusEnum - ok
18:05:42.0985 1392 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:05:42.0996 1392 ws2ifsl - ok
18:05:43.0014 1392 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:05:43.0017 1392 wscsvc - ok
18:05:43.0020 1392 WSearch - ok
18:05:43.0071 1392 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:05:43.0107 1392 wuauserv - ok
18:05:43.0136 1392 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:05:43.0137 1392 WudfPf - ok
18:05:43.0141 1392 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:05:43.0143 1392 WUDFRd - ok
18:05:43.0165 1392 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:05:43.0168 1392 wudfsvc - ok
18:05:43.0180 1392 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:05:43.0184 1392 WwanSvc - ok
18:05:43.0186 1392 ================ Scan global ===============================
18:05:43.0203 1392 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:05:43.0216 1392 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
18:05:43.0222 1392 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
18:05:43.0243 1392 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:05:43.0268 1392 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:05:43.0272 1392 [Global] - ok
18:05:43.0272 1392 ================ Scan MBR ==================================
18:05:43.0301 1392 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:05:43.0422 1392 \Device\Harddisk0\DR0 - ok
18:05:43.0423 1392 ================ Scan VBR ==================================
18:05:43.0424 1392 [ 826BCFFA3B7057AE53FC13FF1A7D6F76 ] \Device\Harddisk0\DR0\Partition1
18:05:43.0425 1392 \Device\Harddisk0\DR0\Partition1 - ok
18:05:43.0435 1392 [ 0D5B77E45FCC7448D878772C07D58B2A ] \Device\Harddisk0\DR0\Partition2
18:05:43.0436 1392 \Device\Harddisk0\DR0\Partition2 - ok
18:05:43.0458 1392 [ DC79EDA74EB9CFA7367A02F0338B5BB6 ] \Device\Harddisk0\DR0\Partition3
18:05:43.0460 1392 \Device\Harddisk0\DR0\Partition3 - ok
18:05:43.0460 1392 ============================================================
18:05:43.0460 1392 Scan finished
18:05:43.0460 1392 ============================================================
18:05:43.0466 4024 Detected object count: 1
18:05:43.0466 4024 Actual detected object count: 1
18:06:00.0061 4024 C:\Windows\system32\Wat\WatAdminSvc.exe - copied to quarantine
18:06:00.0138 4024 HKLM\SYSTEM\ControlSet001\services\WatAdminSvc - will be deleted on reboot
18:06:00.0157 4024 HKLM\SYSTEM\ControlSet002\services\WatAdminSvc - will be deleted on reboot
18:06:00.0292 4024 C:\Windows\system32\Wat\WatAdminSvc.exe - will be deleted on reboot
18:06:00.0292 4024 WatAdminSvc ( LockedFile.Multi.Generic ) - User select action: Delete
18:07:05.0283 1864 Deinitialize success







_________________
Windows 8 Pro 64bit
Processor: AMD FX-6300
Grafika: HD 7770 1GB
Základná doska: GIGABYTE GA-970A-DS3
RAM: 16GB (2X8 1333mhz)
HDD: 1TB
Skrinka: EVOLVE K4
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 18:16

no ale ja som ty mazať nevravel
Stiahni si RKill z http://download.bleepingcomputer.com/grinler/rkill.com
ulož ho na plochu Spusť Rkill
program ukonči všetky procesi teda aj malware
Na ploche sa vytvori rkill.txt vlož ho sem
Teraz nereštartuj PC
Aplikuj hneď combofix


Stihni si combofix z http://download.bleepingcomputer.com/sUBs/ComboFix.exe ulož ho na plochu
Vypni všetky rezidentné štíty antiviru a antyspyware
Pre WIN XP spuštaj pod administrátorom
Pre WIN Vista a WIN 7 klikny na combofix pravým tlačidlom daj spustiť ako správca
Hneď po zapnutý okno z licečnimi podmienkami stlač tlačidlo áno
Keď ty combofix ponúkne inštalovať konzolu pre zotavenie odsúhlas inštaláciu tlačidlom ANO
Behom scanu nechaj combofix pracovať nerob nič na PC
Scan môže trvať cca 10 min všetko zaleží od toho v akom stave je PC môže sa to predlžiť o dvojnásobok
Po dokončení skenovanie combofix reštartuje PC a zobrazí sa log budeš ho mať na C:\ComboFix.txt vlož ho sem
Nože sa stať že systém nenabehne v tom prípade použi poslednú známu konfiguráciu http://support.microsoft.com/kb/307852/sk


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.12
Prihlásený: 14.02.13
Príspevky: 21
Témy: 2
Príspevok Napísal autor témyOffline : 22.01.2013 18:25

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/22/2013 06:23:29 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\atiesrxx.exe (PID: 928) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Daniel\Desktop\rkill\rkill-01-22-2013-06-23-32.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\drivers\beep.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys : 6 656 : 07/14/2009 00:00 AM : 16a47ce2decc9b099349a5f840654746 [Pos Repl]

* C:\Windows\System32\drivers\ws2ifsl.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys : 21 504 : 07/14/2009 00:10 AM : 6bcc1d7d2fd2453957c5479a32364e52 [Pos Repl]

* C:\Windows\System32\hid.dll [NoSig]
+-> C:\Windows\SysWOW64\hid.dll : 22 016 : 07/14/2009 00:15 AM : 63df770df74acb370ef5a16727069aaf [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_32a13a14a11faede\hid.dll : 30 208 : 07/14/2009 00:41 AM : 896f15a6434d93edb42519d5e18e6b50 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_3cf5e466d58070d9\hid.dll : 22 016 : 07/14/2009 00:15 AM : 63df770df74acb370ef5a16727069aaf [Pos Repl]

* C:\Windows\System32\imm32.dll [NoSig]
+-> C:\Windows\SysWOW64\imm32.dll : 119 808 : 11/20/2010 01:08 PM : a6f09e5669d9a19035f6d942caa15882 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll : 167 424 : 07/14/2009 00:41 AM : aa2c08ce85653b1a0d2e4ab407fa176c [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_c29fba0fc87cc5a4\imm32.dll : 119 808 : 07/14/2009 00:11 AM : 0de3069d6e09ba262856ef31c941befe [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_c4d0cdd7c56b493e\imm32.dll : 119 808 : 11/20/2010 01:08 PM : a6f09e5669d9a19035f6d942caa15882 [Pos Repl]

* C:\Windows\System32\user32.dll [NoSig]
+-> C:\Windows\SysWOW64\user32.dll : 833 024 : 01/20/2013 01:18 AM : 861c4346f9281dc0380de72c8d55d6be [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll : 1 008 640 : 07/14/2009 01:41 AM : 72d7b3ea16946e8f0cf7458150031cc6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1 008 128 : 11/20/2010 02:27 PM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll : 833 024 : 07/14/2009 02:11 AM : e8b0ffc209e504cb7e79fc24e6c085f0 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833 024 : 11/20/2010 01:08 PM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]

Checking HOSTS File:

* No issues found.

Program finished at: 01/22/2013 06:24:22 PM
Execution time: 0 hours(s), 0 minute(s), and 52 seconds(s)



____________________________________________________
a pod tym Vypni všetky rezidentné štíty antiviru a antyspyware myslis vypnuť cely antivirus?







_________________
Windows 8 Pro 64bit
Processor: AMD FX-6300
Grafika: HD 7770 1GB
Základná doska: GIGABYTE GA-970A-DS3
RAM: 16GB (2X8 1333mhz)
HDD: 1TB
Skrinka: EVOLVE K4
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.12
Prihlásený: 14.02.13
Príspevky: 21
Témy: 2
Príspevok Napísal autor témyOffline : 22.01.2013 18:42

ale problem je v tom este ze pc sa po skonceni ombofixu nerestartoval , iba mi vyhodilo log

ComboFix 13-01-22.01 - Daniel . 01. 2013 18:33:17.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1033.18.16365.14375 [GMT 1:00]
Running from: c:\users\Daniel\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Daniel\75439967573920484
c:\users\Daniel\76968780866536342
c:\users\Daniel\AppData\Roaming\f4f4f4f4f.txt
c:\windows\SysWow64\tmp58AA.tmp
c:\windows\SysWow64\tmp58AB.tmp
c:\windows\SysWow64\tmpC091.tmp
c:\windows\SysWow64\tmpC092.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-12-22 to 2013-01-22 )))))))))))))))))))))))))))))))
.
.
2013-01-22 17:37 . 2013-01-22 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-22 17:06 . 2013-01-22 17:06 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-22 16:36 . 2013-01-22 16:37 -------- d-----w- C:\rsit
2013-01-22 16:36 . 2013-01-22 16:37 -------- d-----w- c:\program files\trend micro
2013-01-22 15:04 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24566050-E3F1-4FAA-9797-247DDCCEF169}\mpengine.dll
2013-01-21 16:35 . 2010-03-07 15:00 622080 ----a-w- c:\windows\system32\CNABCEMD.DLL
2013-01-21 16:35 . 2010-03-07 15:00 318976 ----a-w- c:\windows\system32\CNAP2LMD.DLL
2013-01-21 16:35 . 2013-01-21 16:36 -------- d-----w- c:\program files\Canon
2013-01-20 19:46 . 2013-01-20 19:51 -------- d-----w- C:\Flashtool
2013-01-20 18:54 . 2013-01-20 18:54 34032 ----a-w- c:\windows\system32\drivers\seehcri.sys
2013-01-20 18:53 . 2013-01-20 18:53 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2013-01-20 18:53 . 2013-01-20 18:53 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2013-01-20 18:52 . 2013-01-20 18:52 -------- d-----w- c:\program files (x86)\Sony Mobile
2013-01-17 13:26 . 2013-01-17 13:26 -------- d-----w- c:\windows\system32\appmgmt
2013-01-16 19:34 . 2013-01-16 19:34 -------- d-----w- c:\program files\ESET
2013-01-16 19:11 . 2013-01-16 19:11 -------- d-----w- c:\program files (x86)\GPU-Z
2013-01-16 16:19 . 2013-01-17 15:49 25640 ----a-w- c:\windows\etdrv.sys
2013-01-16 16:18 . 2013-01-22 17:09 25640 ----a-w- c:\windows\gdrv.sys
2013-01-16 16:15 . 2013-01-16 16:15 -------- d-----w- C:\Intel
2013-01-16 16:15 . 2013-01-16 16:15 -------- d-----w- c:\program files (x86)\AMD
2013-01-15 18:35 . 2007-10-22 02:40 411656 ----a-w- c:\windows\system32\xactengine2_10.dll
2013-01-15 15:22 . 2013-01-15 15:23 -------- d-----w- C:\Fraps
2013-01-14 18:38 . 2013-01-14 18:38 -------- d-----w- c:\programdata\Electronic Arts
2013-01-14 18:25 . 2010-02-04 09:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2013-01-14 14:24 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-14 14:23 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-01-14 14:23 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-01-14 14:23 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-01-14 14:23 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-14 14:00 . 2013-01-14 14:00 -------- d-----w- c:\windows\system32\SPReview
2013-01-14 13:56 . 2013-01-14 13:56 -------- d-----w- c:\windows\en
2013-01-14 13:50 . 2013-01-14 13:50 -------- d-----w- c:\windows\sk
2013-01-14 13:47 . 2013-01-14 13:47 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-01-14 13:39 . 2013-01-14 13:53 -------- d-----w- c:\program files (x86)\Windows Live
2013-01-14 13:39 . 2013-01-14 13:39 -------- dc----w- c:\windows\system32\DRVSTORE
2013-01-14 13:39 . 2012-03-08 17:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2013-01-14 13:38 . 2013-01-14 13:38 -------- d-----w- c:\windows\PCHEALTH
2013-01-14 13:38 . 2013-01-14 13:39 -------- d-----w- c:\program files\Windows Live
2013-01-14 13:37 . 2013-01-17 13:26 -------- d-----w- c:\program files (x86)\Microsoft
2013-01-14 13:36 . 2009-09-04 16:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2013-01-14 13:36 . 2009-09-04 16:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2013-01-14 13:36 . 2009-09-04 16:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-01-14 13:36 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-01-14 13:36 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-01-14 13:35 . 2013-01-14 13:35 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2013-01-14 13:33 . 2010-11-20 13:26 3205120 ----a-w- c:\windows\system32\mmcndmgr.dll
2013-01-14 13:32 . 2010-11-20 13:27 73216 ----a-w- c:\windows\system32\unimdmat.dll
2013-01-14 13:30 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-01-13 20:00 . 2013-01-13 20:00 -------- d-sh--w- c:\programdata\DSS
2013-01-13 20:00 . 2013-01-13 20:00 -------- d-----w- c:\programdata\Codemasters
2013-01-13 19:33 . 2013-01-13 19:33 -------- d-----w- c:\program files\Microsoft Silverlight
2013-01-13 19:33 . 2013-01-13 19:33 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-01-13 17:56 . 2013-01-13 17:56 -------- d-sh--w- c:\programdata\SecuROM
2013-01-13 17:55 . 2013-01-13 17:55 -------- d-----w- c:\windows\system32\EventProviders
2013-01-13 17:36 . 2013-01-13 08:42 -------- d-----w- c:\windows\Panther
2013-01-13 17:15 . 2013-01-13 17:15 -------- d-----w- c:\windows\SysWow64\xlive
2013-01-13 17:15 . 2013-01-13 17:15 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-01-13 13:21 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 13:21 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 13:21 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 12:38 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2013-01-13 12:38 . 2009-03-16 13:18 517448 ----a-w- c:\windows\SysWow64\XAudio2_4.dll
2013-01-13 12:38 . 2009-03-16 13:18 235352 ----a-w- c:\windows\SysWow64\xactengine3_4.dll
2013-01-13 12:38 . 2009-03-16 13:18 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_6.dll
2013-01-13 12:22 . 2009-09-04 16:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-01-13 12:22 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2013-01-13 11:35 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-13 11:35 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-13 11:35 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-01-13 11:35 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-13 11:23 . 2013-01-19 14:32 -------- d-----w- c:\program files (x86)\Rockstar Games
2013-01-13 11:16 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-13 11:16 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-01-13 11:13 . 2012-11-30 04:45 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-13 11:09 . 2013-01-13 11:09 -------- d-----w- c:\programdata\ATI
2013-01-13 11:06 . 2013-01-22 17:08 -------- d-----w- c:\windows\system32\Wat
2013-01-13 11:06 . 2013-01-13 11:06 -------- d-----w- c:\windows\SysWow64\Wat
2013-01-13 11:06 . 2013-01-14 14:09 -------- d-----w- c:\windows\SysWow64\wbem\sk-SK
2013-01-13 11:06 . 2013-01-13 11:06 -------- d-----w- c:\windows\SysWow64\drivers\sk-SK
2013-01-13 11:06 . 2013-01-13 11:06 -------- d-----w- c:\windows\sk-SK
2013-01-13 11:06 . 2013-01-14 14:09 -------- d-----w- c:\windows\system32\wbem\sk-SK
2013-01-13 11:06 . 2013-01-13 11:06 -------- d-----w- c:\windows\system32\drivers\sk-SK
2013-01-13 10:28 . 2012-12-16 16:31 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-13 10:23 . 2013-01-13 10:23 -------- d-----w- c:\program files (x86)\AMD AVT
2013-01-13 10:23 . 2013-01-13 10:23 -------- d-----w- c:\program files (x86)\AMD APP
2013-01-13 10:14 . 2013-01-13 10:14 -------- d-----w- C:\AMD
2013-01-13 10:13 . 2013-01-13 10:13 -------- d-----w- c:\program files (x86)\uTorrent
2013-01-13 10:05 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-01-13 09:58 . 2011-03-19 14:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2013-01-13 09:50 . 2013-01-13 09:50 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-01-13 09:50 . 2013-01-15 14:06 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2013-01-13 09:49 . 2013-01-13 09:52 -------- d-----w- c:\programdata\DAEMON Tools Pro
2013-01-13 09:48 . 2013-01-13 09:49 -------- d-----w- c:\program files\WinRAR
2013-01-13 09:45 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-01-13 09:45 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-01-13 09:45 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-01-13 09:45 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-01-13 09:45 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-01-13 09:45 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-01-13 09:44 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-13 09:44 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-13 09:44 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-13 09:44 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-13 09:44 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-13 09:44 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-13 09:44 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-13 09:37 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-01-13 09:37 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-01-13 09:37 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-01-13 09:37 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-01-13 09:37 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-01-13 09:23 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 09:22 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2013-01-13 09:21 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 09:20 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2013-01-13 09:16 . 2013-01-22 17:09 30528 ----a-w- c:\windows\GVTDrv64.sys
2013-01-13 09:10 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-01-13 09:10 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-01-13 09:10 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-01-13 09:09 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-01-13 09:09 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-01-13 09:05 . 2013-01-13 09:19 -------- d-----w- c:\program files (x86)\Google
2013-01-13 09:04 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-01-13 09:04 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2013-01-13 09:04 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-14 14:05 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-01-14 14:05 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-01-14 13:38 . 2011-03-28 17:36 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-01-13 10:00 . 2013-01-13 10:00 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-01-13 10:00 . 2013-01-13 10:00 203776 ----a-w- c:\windows\SysWow64\webcheck.dll
2012-11-30 04:45 . 2013-01-13 11:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll
[-] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-01-20 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\SysWOW64\es.dll
[-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll
.
[-] 2013-01-20 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[-] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
[-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\SysWOW64\upnphost.dll
[-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnphost.dll
.
[-] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ddraw.dll
[-] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll
.
[-] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\SysWOW64\WSHTCPIP.DLL
[-] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\WSHTCPIP.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
"RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-13 306088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GBTUpd"="c:\program files (x86)\GIGABYTE\UpdManager\PreRun.exe" [2008-04-03 297480]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2012-02-01 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2013-01-17 25640]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2013-01-20 14448]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-01-22 30528]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-13 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-11-26 1329304]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-10-08 138744]
S3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-03-12 52280]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2013-01-20 34032]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 19594104
*NewlyCreated* - 97699342
*Deregistered* - 19594104
*Deregistered* - 97699342
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-13 09:19 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-13 09:05]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-13 09:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-26 6325936]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2010-01-11 226784]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-19594104.sys
AddRemove-FarmingSimulator2013INT_is1 - c:\program files (x86)\Farming Simulator 2013\unins000.exe
AddRemove-MX vs ATV Reflex_is1 - c:\program files (x86)\THQ\MX vs ATV Reflex\unins000.exe
AddRemove-Need for Speed The Run_is1 - c:\program files (x86)\EA Games\Need for Speed The Run\unins000.exe
AddRemove-{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1 - c:\program files (x86)\Electronic Arts\Need For Speed World\unins000.exe
AddRemove-{B5A6AB16-42E1-4727-8D05-DA91A333981D}_is1 - c:\program files (x86)\Rockstar Games\Grand Theft Auto IV\Uninstall\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3839439807-2204759076-3435500553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3839439807-2204759076-3435500553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-22 18:39:13
ComboFix-quarantined-files.txt 2013-01-22 17:39
.
Pre-Run: 361 805 111 296 bytes free
Post-Run: 361 883 176 960 bytes free
.
- - End Of File - - 0DDE78C9A51B0C3F249C889314B28601







_________________
Windows 8 Pro 64bit
Processor: AMD FX-6300
Grafika: HD 7770 1GB
Základná doska: GIGABYTE GA-970A-DS3
RAM: 16GB (2X8 1333mhz)
HDD: 1TB
Skrinka: EVOLVE K4
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 19:18

Otestuj na virustotal vysledky pošli
c:\windows\system32\imm32.dll
c:\windows\SysWOW64\user32.dll
c:\windows\SysWOW64\es.dll
c:\windows\SysWOW64\upnphost.dll
c:\windows\SysWOW64\ddraw.dll
c:\windows\SysWOW64\WSHTCPIP.DLL


stiahni si TDSSQlook http://www.malwareinfo.nl/tools/TDSSQlook.exe
daj uložiť na plochu
Zobrazia sa možnosti zvoľ možnosť A
zobrazi sa log vlož ho sem

stiahni si Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe
ulož ho na plochu
zaškrtny všetky položky pre skenovanie a nasledne klikny na scan
Po naslednom dokončeni skenu sa objavi log FFS.txt vlož ho sem


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.12
Prihlásený: 14.02.13
Príspevky: 21
Témy: 2
Príspevok Napísal autor témyOffline : 22.01.2013 19:59

TDSSKiller Quarantine Information log
TDSS Qlook Version 1.0.0.5 - Daniel - ut 22. 01. 2013 - 19:58:59,42.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1
***** START SCAN ut 22. 01. 2013 19:58:59,63 *****

---------- TDSSKiller logs ----------

TDSSKiller.2.8.15.0_22.01.2013_18.05.26_log.txt
TDSSKiller.2.8.15.0_22.01.2013_18.09.10_log.txt
TDSSKiller.2.8.15.0_22.01.2013_18.42.59_log.txt

---------- TDSSStarter logs ----------


---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\22.01.2013_18.05.26
C:\TDSSKiller_Quarantine\22.01.2013_18.05.26\susp0000
C:\TDSSKiller_Quarantine\22.01.2013_18.05.26\susp0000\object.ini
C:\TDSSKiller_Quarantine\22.01.2013_18.05.26\susp0000\svc0000
C:\TDSSKiller_Quarantine\22.01.2013_18.05.26\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\22.01.2013_18.05.26\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\22.01.2013_18.05.26\susp0000\svc0000\tsk0000.dta

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\22.01.2013_18.05.26\susp0000\object.ini

[InfectedObject]
Verdict: LockedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\22.01.2013_18.05.26\susp0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: WatAdminSvc
Type: n/a (0x10)
Start: Demand (0x3)
ImagePath: %SystemRoot%\system32\Wat\WatAdminSvc.exe
Suspicious states: Locked file;


=== C:\TDSSKiller_Quarantine\22.01.2013_18.05.26\susp0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\Wat\WatAdminSvc.exe
md5: 3CEC96DE223E49EAAE3651FCF8FAEA6C


***** END SCAN ut 22. 01. 2013 19:58:59,75 *****







_________________
Windows 8 Pro 64bit
Processor: AMD FX-6300
Grafika: HD 7770 1GB
Základná doska: GIGABYTE GA-970A-DS3
RAM: 16GB (2X8 1333mhz)
HDD: 1TB
Skrinka: EVOLVE K4
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.12
Prihlásený: 14.02.13
Príspevky: 21
Témy: 2
Príspevok Napísal autor témyOffline : 22.01.2013 20:00

ale inak eset mi uz vyrus nenajde







_________________
Windows 8 Pro 64bit
Processor: AMD FX-6300
Grafika: HD 7770 1GB
Základná doska: GIGABYTE GA-970A-DS3
RAM: 16GB (2X8 1333mhz)
HDD: 1TB
Skrinka: EVOLVE K4
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.12
Prihlásený: 14.02.13
Príspevky: 21
Témy: 2
Príspevok Napísal autor témyOffline : 22.01.2013 20:02

Farbar Service Scanner Version: 16-01-2013
Ran by Daniel (administrator) on 22-01-2013 at 20:00:05
Running from "C:\Users\Daniel\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****







_________________
Windows 8 Pro 64bit
Processor: AMD FX-6300
Grafika: HD 7770 1GB
Základná doska: GIGABYTE GA-970A-DS3
RAM: 16GB (2X8 1333mhz)
HDD: 1TB
Skrinka: EVOLVE K4
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 20:09

Ako misliš nenájde
otestuj https://www.virustotal.com/
c:\windows\system32\imm32.dll
c:\windows\SysWOW64\user32.dll
c:\windows\SysWOW64\es.dll
c:\windows\SysWOW64\upnphost.dll
c:\windows\SysWOW64\ddraw.dll
c:\windows\SysWOW64\WSHTCPIP.DLL


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.12
Prihlásený: 14.02.13
Príspevky: 21
Témy: 2
Príspevok Napísal autor témyOffline : 22.01.2013 20:11

na virus total mi u vsetkych ukazalo Detection ratio: 0/XX
to xx je cislo ale pri kazdom ine







_________________
Windows 8 Pro 64bit
Processor: AMD FX-6300
Grafika: HD 7770 1GB
Základná doska: GIGABYTE GA-970A-DS3
RAM: 16GB (2X8 1333mhz)
HDD: 1TB
Skrinka: EVOLVE K4
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.12
Prihlásený: 14.02.13
Príspevky: 21
Témy: 2
Príspevok Napísal autor témyOffline : 22.01.2013 20:15

tušim že sa zmazal keď som to zoskenoval s tdsskillerom .....aj som skusil reštart a už mi nič neukazuje v esete a ani v taskmanageri už nič neni







_________________
Windows 8 Pro 64bit
Processor: AMD FX-6300
Grafika: HD 7770 1GB
Základná doska: GIGABYTE GA-970A-DS3
RAM: 16GB (2X8 1333mhz)
HDD: 1TB
Skrinka: EVOLVE K4
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 20:26

Oplakujem nič si nemal mazať nevravel som ty mazať v TDSkilleri


Keď nemáš combofix tak ho presuň na plochu
Spusť poznámkový blok
skopíruj script do poznámkového bloku

Kód:
killall::

registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"=-
"RGSC"=-


file::
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

clearjavacache::
reboot::
 


Ulož vytvorený TXT súbor ako CFScript
Pretiahni cfscript cez combofix aplikuje sa script
Po aplikovaný scriptu a možnom reštarte pc vlož log sem


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.12
Prihlásený: 14.02.13
Príspevky: 21
Témy: 2
Príspevok Napísal autor témyOffline : 22.01.2013 20:43

ok....a mam otazku...zejtra idem preinstalovat win.....spoluziak mi ma doniest original.....a nezmaze sa ten vir ked formatujem hdd?







_________________
Windows 8 Pro 64bit
Processor: AMD FX-6300
Grafika: HD 7770 1GB
Základná doska: GIGABYTE GA-970A-DS3
RAM: 16GB (2X8 1333mhz)
HDD: 1TB
Skrinka: EVOLVE K4
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 20:52

a to akože načo ideš preinštalovať ono to je už zmazane

spusť znovu TDSS Qlook
zvoľ možnosť B
Otvori sa poznámkový blok
vlož nasledujúce

Kód:
REN "C:\TDSSKiller_Quarantine\22.01.2013_18.05.26\susp0000\svc0000\tsk0000.dta" WatAdminSvc.exe
COPY "C:\TDSSKiller_Quarantine\22.01.2013_18.05.26\susp0000\svc0000\WatAdminSvc.exe" C:\Windows\System32\Drivers\


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.12
Prihlásený: 14.02.13
Príspevky: 21
Témy: 2
Príspevok Napísal autor témyOffline : 22.01.2013 21:01

tu je ten combofix



ComboFix 13-01-22.01 - Daniel . 01. 2013 20:51:10.2.6 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1033.18.16365.14251 [GMT 1:00]
Running from: c:\users\Daniel\Desktop\ComboFix.exe
Command switches used :: c:\users\Daniel\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-12-22 to 2013-01-22 )))))))))))))))))))))))))))))))
.
.
2013-01-22 17:06 . 2013-01-22 17:06 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-22 16:36 . 2013-01-22 16:37 -------- d-----w- C:\rsit
2013-01-22 16:36 . 2013-01-22 16:37 -------- d-----w- c:\program files\trend micro
2013-01-22 15:04 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24566050-E3F1-4FAA-9797-247DDCCEF169}\mpengine.dll
2013-01-21 16:35 . 2010-03-07 15:00 622080 ----a-w- c:\windows\system32\CNABCEMD.DLL
2013-01-21 16:35 . 2010-03-07 15:00 318976 ----a-w- c:\windows\system32\CNAP2LMD.DLL
2013-01-21 16:35 . 2013-01-21 16:36 -------- d-----w- c:\program files\Canon
2013-01-20 19:46 . 2013-01-20 19:51 -------- d-----w- C:\Flashtool
2013-01-20 18:54 . 2013-01-20 18:54 34032 ----a-w- c:\windows\system32\drivers\seehcri.sys
2013-01-20 18:53 . 2013-01-20 18:53 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2013-01-20 18:53 . 2013-01-20 18:53 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2013-01-20 18:52 . 2013-01-20 18:52 -------- d-----w- c:\program files (x86)\Sony Mobile
2013-01-17 13:26 . 2013-01-17 13:26 -------- d-----w- c:\windows\system32\appmgmt
2013-01-16 19:34 . 2013-01-16 19:34 -------- d-----w- c:\program files\ESET
2013-01-16 19:11 . 2013-01-16 19:11 -------- d-----w- c:\program files (x86)\GPU-Z
2013-01-16 16:19 . 2013-01-17 15:49 25640 ----a-w- c:\windows\etdrv.sys
2013-01-16 16:18 . 2013-01-22 19:29 25640 ----a-w- c:\windows\gdrv.sys
2013-01-16 16:15 . 2013-01-16 16:15 -------- d-----w- C:\Intel
2013-01-16 16:15 . 2013-01-16 16:15 -------- d-----w- c:\program files (x86)\AMD
2013-01-15 18:35 . 2007-10-22 02:40 411656 ----a-w- c:\windows\system32\xactengine2_10.dll
2013-01-15 15:22 . 2013-01-15 15:23 -------- d-----w- C:\Fraps
2013-01-14 18:38 . 2013-01-14 18:38 -------- d-----w- c:\programdata\Electronic Arts
2013-01-14 18:25 . 2010-02-04 09:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2013-01-14 14:24 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-14 14:23 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-01-14 14:23 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-01-14 14:23 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-01-14 14:23 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-14 14:00 . 2013-01-14 14:00 -------- d-----w- c:\windows\system32\SPReview
2013-01-14 13:56 . 2013-01-14 13:56 -------- d-----w- c:\windows\en
2013-01-14 13:50 . 2013-01-14 13:50 -------- d-----w- c:\windows\sk
2013-01-14 13:47 . 2013-01-14 13:47 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-01-14 13:39 . 2013-01-14 13:53 -------- d-----w- c:\program files (x86)\Windows Live
2013-01-14 13:39 . 2013-01-14 13:39 -------- dc----w- c:\windows\system32\DRVSTORE
2013-01-14 13:39 . 2012-03-08 17:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2013-01-14 13:38 . 2013-01-14 13:38 -------- d-----w- c:\windows\PCHEALTH
2013-01-14 13:38 . 2013-01-14 13:39 -------- d-----w- c:\program files\Windows Live
2013-01-14 13:37 . 2013-01-17 13:26 -------- d-----w- c:\program files (x86)\Microsoft
2013-01-14 13:36 . 2009-09-04 16:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2013-01-14 13:36 . 2009-09-04 16:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2013-01-14 13:36 . 2009-09-04 16:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-01-14 13:36 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-01-14 13:36 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-01-14 13:35 . 2013-01-14 13:35 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2013-01-14 13:33 . 2010-11-20 13:26 3205120 ----a-w- c:\windows\system32\mmcndmgr.dll
2013-01-14 13:32 . 2010-11-20 13:27 73216 ----a-w- c:\windows\system32\unimdmat.dll
2013-01-14 13:30 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-01-13 20:00 . 2013-01-13 20:00 -------- d-sh--w- c:\programdata\DSS
2013-01-13 20:00 . 2013-01-13 20:00 -------- d-----w- c:\programdata\Codemasters
2013-01-13 19:33 . 2013-01-13 19:33 -------- d-----w- c:\program files\Microsoft Silverlight
2013-01-13 19:33 . 2013-01-13 19:33 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-01-13 17:56 . 2013-01-13 17:56 -------- d-sh--w- c:\programdata\SecuROM
2013-01-13 17:55 . 2013-01-13 17:55 -------- d-----w- c:\windows\system32\EventProviders
2013-01-13 17:36 . 2013-01-13 08:42 -------- d-----w- c:\windows\Panther
2013-01-13 17:15 . 2013-01-13 17:15 -------- d-----w- c:\windows\SysWow64\xlive
2013-01-13 17:15 . 2013-01-13 17:15 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-01-13 13:21 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 13:21 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 13:21 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 12:38 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2013-01-13 12:38 . 2009-03-16 13:18 517448 ----a-w- c:\windows\SysWow64\XAudio2_4.dll
2013-01-13 12:38 . 2009-03-16 13:18 235352 ----a-w- c:\windows\SysWow64\xactengine3_4.dll
2013-01-13 12:38 . 2009-03-16 13:18 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_6.dll
2013-01-13 12:22 . 2009-09-04 16:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-01-13 12:22 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2013-01-13 11:35 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-13 11:35 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-13 11:35 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-01-13 11:35 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-13 11:23 . 2013-01-19 14:32 -------- d-----w- c:\program files (x86)\Rockstar Games
2013-01-13 11:16 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-13 11:16 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-01-13 11:13 . 2012-11-30 04:45 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-13 11:09 . 2013-01-13 11:09 -------- d-----w- c:\programdata\ATI
2013-01-13 11:06 . 2013-01-22 17:08 -------- d-----w- c:\windows\system32\Wat
2013-01-13 11:06 . 2013-01-13 11:06 -------- d-----w- c:\windows\SysWow64\Wat
2013-01-13 11:06 . 2013-01-14 14:09 -------- d-----w- c:\windows\SysWow64\wbem\sk-SK
2013-01-13 11:06 . 2013-01-13 11:06 -------- d-----w- c:\windows\SysWow64\drivers\sk-SK
2013-01-13 11:06 . 2013-01-13 11:06 -------- d-----w- c:\windows\sk-SK
2013-01-13 11:06 . 2013-01-14 14:09 -------- d-----w- c:\windows\system32\wbem\sk-SK
2013-01-13 11:06 . 2013-01-13 11:06 -------- d-----w- c:\windows\system32\drivers\sk-SK
2013-01-13 10:28 . 2012-12-16 16:31 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-13 10:23 . 2013-01-13 10:23 -------- d-----w- c:\program files (x86)\AMD AVT
2013-01-13 10:23 . 2013-01-13 10:23 -------- d-----w- c:\program files (x86)\AMD APP
2013-01-13 10:14 . 2013-01-13 10:14 -------- d-----w- C:\AMD
2013-01-13 10:13 . 2013-01-13 10:13 -------- d-----w- c:\program files (x86)\uTorrent
2013-01-13 10:05 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-01-13 09:58 . 2011-03-19 14:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2013-01-13 09:50 . 2013-01-13 09:50 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-01-13 09:50 . 2013-01-15 14:06 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2013-01-13 09:49 . 2013-01-13 09:52 -------- d-----w- c:\programdata\DAEMON Tools Pro
2013-01-13 09:48 . 2013-01-13 09:49 -------- d-----w- c:\program files\WinRAR
2013-01-13 09:45 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-01-13 09:45 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-01-13 09:45 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-01-13 09:45 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-01-13 09:45 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-01-13 09:45 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-01-13 09:44 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-13 09:44 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-13 09:44 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-13 09:44 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-13 09:44 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-13 09:44 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-13 09:44 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-13 09:37 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-01-13 09:37 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-01-13 09:37 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-01-13 09:37 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-01-13 09:37 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-01-13 09:23 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 09:22 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2013-01-13 09:21 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 09:20 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2013-01-13 09:16 . 2013-01-22 19:30 30528 ----a-w- c:\windows\GVTDrv64.sys
2013-01-13 09:10 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-01-13 09:10 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-01-13 09:10 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-01-13 09:09 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-01-13 09:09 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-01-13 09:05 . 2013-01-22 19:32 -------- d-----w- c:\program files (x86)\Google
2013-01-13 09:04 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-01-13 09:04 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2013-01-13 09:04 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-01-13 09:04 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-14 14:05 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-01-14 14:05 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-01-14 13:38 . 2011-03-28 17:36 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-01-13 10:00 . 2013-01-13 10:00 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-01-13 10:00 . 2013-01-13 10:00 203776 ----a-w- c:\windows\SysWow64\webcheck.dll
2012-11-30 04:45 . 2013-01-13 11:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll
[-] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-01-20 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\SysWOW64\es.dll
[-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll
.
[-] 2013-01-20 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[-] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
[-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\SysWOW64\upnphost.dll
[-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnphost.dll
.
[-] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ddraw.dll
[-] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll
.
[-] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\SysWOW64\WSHTCPIP.DLL
[-] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\WSHTCPIP.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GBTUpd"="c:\program files (x86)\GIGABYTE\UpdManager\PreRun.exe" [2008-04-03 297480]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2012-02-01 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2013-01-17 25640]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2013-01-20 14448]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-13 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-11-26 1329304]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-10-08 138744]
S3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-03-12 52280]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-01-22 30528]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2013-01-20 34032]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AODDRIVER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-22 19:32 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-26 6325936]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2010-01-11 226784]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-FarmingSimulator2013INT_is1 - c:\program files (x86)\Farming Simulator 2013\unins000.exe
AddRemove-MX vs ATV Reflex_is1 - c:\program files (x86)\THQ\MX vs ATV Reflex\unins000.exe
AddRemove-Need for Speed The Run_is1 - c:\program files (x86)\EA Games\Need for Speed The Run\unins000.exe
AddRemove-{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1 - c:\program files (x86)\Electronic Arts\Need For Speed World\unins000.exe
AddRemove-{B5A6AB16-42E1-4727-8D05-DA91A333981D}_is1 - c:\program files (x86)\Rockstar Games\Grand Theft Auto IV\Uninstall\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3839439807-2204759076-3435500553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3839439807-2204759076-3435500553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\GIGABYTE\ET6\GUI.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
c:\windows\system32\spool\DRIVERS\x64\3\CNABCSWK.EXE
.
**************************************************************************
.
Completion time: 2013-01-22 20:59:37 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-22 19:59
ComboFix2.txt 2013-01-22 17:39
.
Pre-Run: 361 617 887 232 bytes free
Post-Run: 361 304 899 584 bytes free
.
- - End Of File - - 24DA828967C1FBA57B126F9C12DA9328



___________________________________________________________________________
musim preinstalovat lebo za 22 dni mi skonci







_________________
Windows 8 Pro 64bit
Processor: AMD FX-6300
Grafika: HD 7770 1GB
Základná doska: GIGABYTE GA-970A-DS3
RAM: 16GB (2X8 1333mhz)
HDD: 1TB
Skrinka: EVOLVE K4
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 21:04

To si mohol povedať rovno že strácam čas prvky warezu nepodporujem


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.12
Prihlásený: 14.02.13
Príspevky: 21
Témy: 2
Príspevok Napísal autor témyOffline : 22.01.2013 21:07

dakujem ti aj tak teda moc....ale na prvej strane som pisal ze sa chystam preinstalovat,,,len som potreboval vediet ze ci teda nezostane ten virus na ramke aj po preinstalovani







_________________
Windows 8 Pro 64bit
Processor: AMD FX-6300
Grafika: HD 7770 1GB
Základná doska: GIGABYTE GA-970A-DS3
RAM: 16GB (2X8 1333mhz)
HDD: 1TB
Skrinka: EVOLVE K4
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 21:08

To není v MBR


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.12
Prihlásený: 14.02.13
Príspevky: 21
Témy: 2
Príspevok Napísal autor témyOffline : 22.01.2013 21:11

aha....ja som bol celu dobu presvedceny ze je :D dakujem ti ze si mi to pomohol vyriesit a sory ze si stracal cas :)







_________________
Windows 8 Pro 64bit
Processor: AMD FX-6300
Grafika: HD 7770 1GB
Základná doska: GIGABYTE GA-970A-DS3
RAM: 16GB (2X8 1333mhz)
HDD: 1TB
Skrinka: EVOLVE K4
Odpovedať na tému [ Príspevkov: 28 ] 


Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy. Virus ? pomoc !

v Antivíry a antispywary

12

1031

16.11.2011 21:47

simonka Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Virus !! pomoc!!

v Antivíry a antispywary

14

1290

10.11.2011 10:50

Reverser Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Virus?! Prosim pomoc..

v Ostatné

5

655

21.06.2009 13:24

Tominator Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. virus help_decrypt.....pomoc prosim

v Antivíry a antispywary

16

926

03.04.2015 13:12

tatko Tom Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. policajny virus...prosim pomoc

v Antivíry a antispywary

15

3884

01.12.2012 16:59

Mushuu Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. USB vírus?! prosím pomoc

[ Choď na stránku:Choď na stránku: 1, 2 ]

v Antivíry a antispywary

30

6032

25.12.2013 22:49

tatko Tom Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Virus- Win32. Prosim pomoc!

v Antivíry a antispywary

20

1550

07.03.2010 17:14

Pistuk_14 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. PROSÍM O POMOC - VÍRUS

v Antivíry a antispywary

11

1105

15.03.2008 19:03

huncut99 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Spyware alebo virus?? prosim pomoc :(

v Antivíry a antispywary

11

1986

02.03.2006 23:16

Carlos Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Virus Help Your files pomoc

v Bezpečnosť a firewally

18

833

06.01.2016 21:53

tatko Tom Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. LNK:FakeFolder-B Virus pomoc

v Antivíry a antispywary

12

594

26.01.2013 17:57

personal compuper Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Pomoc.(Asi) mám vírus v pc.

v Antivíry a antispywary

6

525

06.01.2013 19:01

personal compuper Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Chladenie na RAMke (?)

v Pamäte

8

1185

28.02.2019 21:42

patro16 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Kvôli ramke nejde pc

v Pamäte

6

631

25.02.2015 15:36

shiro Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Bude to v Ramke?

v Pamäte

4

582

01.10.2007 18:01

creative Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Virtualna pamat v ramke

v Ostatné programy

4

514

16.05.2010 18:41

Brusska Zobrazenie posledných príspevkov


Nemôžete zakladať nové témy v tomto fóre
Nemôžete odpovedať na témy v tomto fóre
Nemôžete upravovať svoje príspevky v tomto fóre
Nemôžete mazať svoje príspevky v tomto fóre

Skočiť na:  

Powered by phpBB Jarvis © 2005 - 2024 PCforum, webhosting by WebSupport, secured by GeoTrust, edited by JanoF
Ako väčšina webových stránok aj my používame cookies. Zotrvaním na webovej stránke súhlasíte, že ich môžeme používať.
Všeobecné podmienky, spracovanie osobných údajov a pravidlá fóra