MBR sector of the 0. phzsical disk

MBR sector of the 0. phzsical disk

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 140
  • Gde živiš: SRBIJA

Pozdrav,
pokupio sam komsijin komp da sredim kaze neki problem sa virusom i iskoci mi ovo u naslovu.
Citao sam tj pokusavao da citam ali mi ne ide tj pola ne razumem pa reko da se obratim svojim starim dobrim ljudima da mi pomognu oko ovoga.
Internet je ADSL 4 Gb/s telekom.

DDS txt:
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.9.2
Run by Blue Devil at 18:41:14 on 2012-11-03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1157 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Instalirani Programi\DEMON\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\BrowserCompanion\BCHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Documents and Settings\Blue Devil\Application Data\eType\eType.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Blue Devil\Application Data\eType\eTypeUpdate.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://start.funmoods.com/results.php?f=4&a=fmtgl&q={searchTerms}
BHO: Chatvibes Browser Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files\browsercompanion\jsloader.dll
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - c:\program files\i want this\I Want This.dll
BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - c:\program files\funmoods\funmoods\1.5.11.16\bh\funmoods.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Chatvibes Browser Helper Verifier: {963B125B-8B21-49A2-A3A8-E37092276531} - c:\program files\browsercompanion\updatebhoWin32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - c:\program files\funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Facebook Update] "c:\documents and settings\blue devil\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [eType] c:\documents and settings\blue devil\application data\etype\eType.exe
uRun: [RDReminder] c:\program files\pc performer\PCPerformer.exe -rem
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [GEST] m‘|\ü
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [DAEMON Tools-1033] "d:\instalirani programi\demon\daemon.exe" -lang 1033
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [Browser companion helper] c:\program files\browsercompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
mRun: [TNOD UP] "c:\program files\eset\tnod user & password finder\TNODUP.exe" /i
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351964014640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{08EE12B8-95C0-43E5-A0FC-26FEA6267250} : DHCPNameServer = 192.168.1.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\blue devil\application data\mozilla\firefox\profiles\6a9xe02z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\blue devil\application data\mozilla\firefox\profiles\6a9xe02z.default\extensions\{7d2fb79e-e58c-4db5-a36f-ac1c73967f4d}\plugins\npqbc.dll
FF - plugin: c:\documents and settings\blue devil\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-11-03 18:19; {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}; c:\documents and settings\blue devil\application data\mozilla\firefox\profiles\6a9xe02z.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
FF - ExtSQL: 2012-11-03 18:32; {77b819fa-95ad-4f2c-ac7c-486b356188a9}; c:\documents and settings\blue devil\application data\mozilla\firefox\profiles\6a9xe02z.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - ExtSQL: !HIDDEN! 2011-04-23 00:13; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=fmtgl
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=fmtgl
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=fmtgl&q=
FF - user.js: extensions.funmoods_i.id - a40151ed000000000000001fd00ea1d1
FF - user.js: extensions.funmoods_i.instlDay - 15478
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1611:48:50
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - fmtgl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-5-24 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-5-24 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
R2 IBUpdaterService;Updater Service;c:\documents and settings\all users\application data\ibupdaterservice\ibsvc.exe [2012-5-17 398392]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-7-19 632792]
R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [2011-10-18 37560]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-11-3 250808]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-10-1 115168]
.
=============== Created Last 30 ================
.
2012-11-03 17:36:50 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-03 17:36:50 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-03 17:29:33 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-11-03 17:24:06 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-03 17:24:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-03 17:19:18 -------- d-----w- c:\documents and settings\blue devil\application data\Qualys
2012-11-03 17:15:44 -------- d-s---w- c:\documents and settings\blue devil\UserData
2012-11-03 16:46:11 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-11-03 16:46:11 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-10-27 17:29:07 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-10-27 17:29:07 19424 ----a-w- c:\program files\mozilla firefox\xpcom.dll
2012-10-27 17:29:07 14676448 ----a-w- c:\program files\mozilla firefox\xul.dll
2012-10-27 17:29:06 270816 ----a-w- c:\program files\mozilla firefox\updater.exe
2012-10-27 17:29:06 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-10-27 17:29:03 889848 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2012-10-27 17:29:02 91104 ----a-w- c:\program files\mozilla firefox\smime3.dll
2012-10-27 17:29:02 155104 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2012-10-27 17:29:02 145376 ----a-w- c:\program files\mozilla firefox\ssl3.dll
.
==================== Find3M ====================
.
2012-11-03 17:23:49 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-03 17:23:48 746984 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-18 08:53:32 2994688 ----a-w- c:\program files\openofficeorg33.msi
2011-01-18 08:52:10 475016 ----a-w- c:\program files\setup.exe
.
============= FINISH: 18:41:30.90 ===============

mycity.rs/must-login.png


mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Pozdrav,

U toku rešavanja slučaja, molio bih te da se pridržavas sledećeg:
Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamenjivati) i raditi isključivo po njima;
Ne tražiti istovremeno pomoć na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo;
Obavezno prijavi ukoliko neka od predloženih procedura nije protekla kako je navedeno.;
U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio;
Uvek kopiraj ceo izveštaj u poruku, bez da ga attach-uješ, ukoliko nije tako zatraženo;
Ukoliko ne odgovorim u roku od 24h, osveži temu novim post-om;
Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK



Korak 1.

Pokreni Control Panel --> Add or Remove Programs i obrisi sledece:
- BrowserCompanion
- Funmoods on IE and Chrome
- I Want This
- Java(TM) 6 Update 22

Restartuj racunar.



Korak 2.

Preuzmi TDSSKiller sa sljedeće adrese na Desktop:

TDSSKiller


Kad preuzimanje bude završeno:

Preimenuj TDSSKiller.exe u MyCity.exe

Pokreni MyCity.exe i klikni na Change parametres.

U dijelu Additional options štrikliraj opcije Verify driver signatures i Detect TDLFS file system, a zatim klikni na OK.

Klikni na Start scan.

Kad završi prikazaće ti rezultate skeniranja i tu nemoj ništa da mijenjaš već samo klikni na Continue.

Ukoliko program bude zatražio restart sistema dozvoli mu to.

Prikači uz poruku izvještaj koji se nalazi na sljedećoj lokaciji:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vrijeme kada je log napravljen)




Korak 3.

Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:provjeriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obilježeni tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 140
  • Gde živiš: SRBIJA

22:57:19.0921 3660 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:57:20.0421 3660 ============================================================
22:57:20.0421 3660 Current date / time: 2012/11/03 22:57:20.0421
22:57:20.0421 3660 SystemInfo:
22:57:20.0421 3660
22:57:20.0421 3660 OS Version: 5.1.2600 ServicePack: 2.0
22:57:20.0421 3660 Product type: Workstation
22:57:20.0421 3660 ComputerName: BLUE-168CC78D25
22:57:20.0421 3660 UserName: Blue Devil
22:57:20.0421 3660 Windows directory: C:\WINDOWS
22:57:20.0421 3660 System windows directory: C:\WINDOWS
22:57:20.0421 3660 Processor architecture: Intel x86
22:57:20.0421 3660 Number of processors: 2
22:57:20.0421 3660 Page size: 0x1000
22:57:20.0421 3660 Boot type: Normal boot
22:57:20.0421 3660 ============================================================
22:57:24.0578 3660 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:57:24.0593 3660 ============================================================
22:57:24.0593 3660 \Device\Harddisk0\DR0:
22:57:24.0593 3660 MBR partitions:
22:57:24.0593 3660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4B220E9
22:57:24.0609 3660 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4B22167, BlocksNum 0xC34F28D
22:57:24.0656 3660 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x10E71433, BlocksNum 0xC34F28D
22:57:24.0656 3660 ============================================================
22:57:24.0843 3660 D: <-> \Device\Harddisk0\DR0\Partition2
22:57:25.0156 3660 E: <-> \Device\Harddisk0\DR0\Partition3
22:57:25.0406 3660 C: <-> \Device\Harddisk0\DR0\Partition1
22:57:25.0406 3660 ============================================================
22:57:25.0406 3660 Initialize success
22:57:25.0406 3660 ============================================================
22:57:42.0562 3948 ============================================================
22:57:42.0578 3948 Scan started
22:57:42.0578 3948 Mode: Manual; SigCheck; TDLFS;
22:57:42.0578 3948 ============================================================
22:57:44.0531 3948 ================ Scan system memory ========================
22:57:44.0531 3948 System memory - ok
22:57:44.0531 3948 ================ Scan services =============================
22:57:46.0156 3948 Abiosdsk - ok
22:57:46.0187 3948 abp480n5 - ok
22:57:46.0234 3948 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:57:50.0593 3948 ACPI - ok
22:57:50.0609 3948 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:57:50.0750 3948 ACPIEC - ok
22:57:50.0843 3948 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:57:50.0906 3948 AdobeFlashPlayerUpdateSvc - ok
22:57:50.0906 3948 adpu160m - ok
22:57:50.0968 3948 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
22:57:51.0265 3948 aec - ok
22:57:51.0296 3948 [ 6A0397376853E604DE8E1E7A87FC08AC ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:57:51.0359 3948 AFD - ok
22:57:51.0359 3948 Aha154x - ok
22:57:51.0359 3948 aic78u2 - ok
22:57:51.0359 3948 aic78xx - ok
22:57:51.0406 3948 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:57:51.0500 3948 Alerter - ok
22:57:51.0515 3948 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
22:57:51.0593 3948 ALG - ok
22:57:51.0593 3948 AliIde - ok
22:57:51.0609 3948 amsint - ok
22:57:51.0640 3948 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:57:51.0718 3948 AppMgmt - ok
22:57:51.0734 3948 asc - ok
22:57:51.0734 3948 asc3350p - ok
22:57:51.0734 3948 asc3550 - ok
22:57:51.0875 3948 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:57:52.0031 3948 aspnet_state - ok
22:57:52.0062 3948 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:57:52.0187 3948 AsyncMac - ok
22:57:52.0234 3948 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:57:52.0328 3948 atapi - ok
22:57:52.0343 3948 Atdisk - ok
22:57:52.0421 3948 [ A29F2E883730A91965CE8BB6981D5B37 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
22:57:52.0546 3948 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning
22:57:52.0546 3948 Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)
22:57:52.0609 3948 [ 292CE38F68F98FC74FFCB3A7D39B1356 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
22:57:52.0812 3948 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
22:57:52.0812 3948 ATI Smart - detected UnsignedFile.Multi.Generic (1)
22:57:53.0031 3948 [ AF1F73B6C9816D1E6E111537D0B682E2 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:57:53.0218 3948 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
22:57:53.0218 3948 ati2mtag - detected UnsignedFile.Multi.Generic (1)
22:57:53.0265 3948 [ 591A9EABB5EF5168E435C2F18B05DD76 ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
22:57:53.0359 3948 AtiHdmiService - ok
22:57:53.0421 3948 [ 6E996CF8459A2594E0E9609D0E34D41F ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
22:57:53.0484 3948 atksgt ( UnsignedFile.Multi.Generic ) - warning
22:57:53.0484 3948 atksgt - detected UnsignedFile.Multi.Generic (1)
22:57:53.0546 3948 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:57:53.0671 3948 Atmarpc - ok
22:57:53.0687 3948 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:57:53.0781 3948 AudioSrv - ok
22:57:53.0796 3948 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:57:53.0906 3948 audstub - ok
22:57:53.0937 3948 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:57:54.0031 3948 Beep - ok
22:57:54.0062 3948 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
22:57:54.0171 3948 BITS - ok
22:57:54.0203 3948 [ 39128B5A743545BAEDD3984C210F00A8 ] Browser C:\WINDOWS\System32\browser.dll
22:57:54.0453 3948 Browser - ok
22:57:54.0484 3948 [ E292176878F933E6A3CC46D6109EF1BB ] CamSuiteVAC C:\WINDOWS\system32\DRIVERS\CamSuiteVAC.sys
22:57:54.0484 3948 CamSuiteVAC - ok
22:57:54.0515 3948 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:57:54.0609 3948 cbidf2k - ok
22:57:54.0640 3948 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:57:54.0750 3948 CCDECODE - ok
22:57:54.0750 3948 cd20xrnt - ok
22:57:54.0765 3948 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:57:54.0843 3948 Cdaudio - ok
22:57:54.0890 3948 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:57:54.0984 3948 Cdfs - ok
22:57:55.0015 3948 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:57:55.0140 3948 Cdrom - ok
22:57:55.0140 3948 Changer - ok
22:57:55.0156 3948 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:57:55.0250 3948 CiSvc - ok
22:57:55.0265 3948 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:57:55.0343 3948 ClipSrv - ok
22:57:55.0375 3948 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:57:55.0406 3948 clr_optimization_v2.0.50727_32 - ok
22:57:55.0421 3948 CmdIde - ok
22:57:55.0421 3948 COMSysApp - ok
22:57:55.0437 3948 Cpqarray - ok
22:57:55.0453 3948 [ 87F3E2D2A3231F820F9248DB90090F42 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:57:55.0703 3948 CryptSvc - ok
22:57:55.0734 3948 [ 5776322F93CDB91086111F5FFBFDA2A0 ] d347bus C:\WINDOWS\system32\DRIVERS\d347bus.sys
22:57:55.0750 3948 d347bus ( UnsignedFile.Multi.Generic ) - warning
22:57:55.0750 3948 d347bus - detected UnsignedFile.Multi.Generic (1)
22:57:55.0750 3948 [ B49F79ACE459763F4E0380071BE9CB45 ] d347prt C:\WINDOWS\system32\Drivers\d347prt.sys
22:57:55.0765 3948 d347prt ( UnsignedFile.Multi.Generic ) - warning
22:57:55.0765 3948 d347prt - detected UnsignedFile.Multi.Generic (1)
22:57:55.0781 3948 dac2w2k - ok
22:57:55.0781 3948 dac960nt - ok
22:57:55.0812 3948 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:57:55.0859 3948 DcomLaunch - ok
22:57:55.0890 3948 [ 3F15A1DBD86F7BDAF404648282D11ECE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:57:56.0140 3948 Dhcp - ok
22:57:56.0156 3948 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:57:56.0250 3948 Disk - ok
22:57:56.0250 3948 dmadmin - ok
22:57:56.0281 3948 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:57:56.0406 3948 dmboot - ok
22:57:56.0421 3948 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:57:56.0515 3948 dmio - ok
22:57:56.0531 3948 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:57:56.0625 3948 dmload - ok
22:57:56.0625 3948 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
22:57:56.0703 3948 dmserver - ok
22:57:56.0718 3948 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:57:56.0796 3948 DMusic - ok
22:57:56.0812 3948 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:57:56.0906 3948 Dnscache - ok
22:57:56.0906 3948 dpti2o - ok
22:57:56.0937 3948 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:57:57.0031 3948 drmkaud - ok
22:57:57.0062 3948 [ 59D9E5DBCFEF1E0E3DBAC1B55C718F2D ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
22:57:57.0109 3948 eamon - ok
22:57:57.0109 3948 [ 3BD67A869964BF57266CBBD1DCA38C6A ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
22:57:57.0140 3948 ehdrv - ok
22:57:57.0171 3948 [ 96FC9AD2C1B008424093F5367CA1AE3E ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
22:57:57.0187 3948 EhttpSrv - ok
22:57:57.0203 3948 [ D543E7E8BCAE3F5D256335EEE809ADF5 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
22:57:57.0218 3948 ekrn - ok
22:57:57.0250 3948 [ AA0AF2830FC14FFD7E80611614ECAC74 ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
22:57:57.0281 3948 epfwtdir - ok
22:57:57.0312 3948 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:57:57.0390 3948 ERSvc - ok
22:57:57.0421 3948 [ 4712531AB7A01B7EE059853CA17D39BD ] Eventlog C:\WINDOWS\system32\services.exe
22:57:57.0468 3948 Eventlog - ok
22:57:57.0500 3948 [ A4AB3DCA4A383F0DF4988ABDEB84F9A4 ] EventSystem C:\WINDOWS\system32\es.dll
22:57:57.0531 3948 EventSystem - ok
22:57:57.0562 3948 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:57:57.0671 3948 Fastfat - ok
22:57:57.0687 3948 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:57:57.0765 3948 FastUserSwitchingCompatibility - ok
22:57:57.0796 3948 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
22:57:57.0906 3948 Fdc - ok
22:57:57.0937 3948 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:57:58.0015 3948 Fips - ok
22:57:58.0015 3948 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:57:58.0109 3948 Flpydisk - ok
22:57:58.0125 3948 [ 5A85CD3D07273E3F6FE72EE9C6431632 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:57:58.0375 3948 FltMgr - ok
22:57:58.0437 3948 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:57:58.0453 3948 FontCache3.0.0.0 - ok
22:57:58.0468 3948 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:57:58.0734 3948 Fs_Rec - ok
22:57:58.0750 3948 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:57:58.0843 3948 Ftdisk - ok
22:57:58.0875 3948 [ 5C230948DD6652228F88CA7AE6CB276C ] gdrv C:\WINDOWS\gdrv.sys
22:57:59.0015 3948 gdrv - ok
22:57:59.0046 3948 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:57:59.0140 3948 Gpc - ok
22:57:59.0171 3948 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:57:59.0234 3948 HDAudBus - ok
22:57:59.0281 3948 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:57:59.0375 3948 helpsvc - ok
22:57:59.0375 3948 HidServ - ok
22:57:59.0406 3948 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:57:59.0500 3948 HidUsb - ok
22:57:59.0500 3948 hpn - ok
22:57:59.0531 3948 [ 970178E8E003EB1481293830069624B9 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
22:57:59.0609 3948 HSFHWBS2 - ok
22:57:59.0656 3948 [ EBB354438A4C5A3327FB97306260714A ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
22:57:59.0781 3948 HSF_DP - ok
22:57:59.0812 3948 [ 261BF53E1D1C21F04B4E748A6ED3D055 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:57:59.0859 3948 HTTP - ok
22:57:59.0890 3948 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:57:59.0968 3948 HTTPFilter - ok
22:57:59.0968 3948 i2omgmt - ok
22:57:59.0968 3948 i2omp - ok
22:57:59.0984 3948 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:58:00.0093 3948 i8042prt - ok
22:58:00.0156 3948 [ 9F0230B9EE5D5CF1863C08E46B152BFA ] IBUpdaterService C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
22:58:00.0171 3948 IBUpdaterService - ok
22:58:00.0250 3948 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:58:00.0265 3948 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:58:00.0265 3948 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:58:00.0312 3948 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:58:00.0328 3948 idsvc - ok
22:58:00.0375 3948 [ 12C59B8929121ACE2F55ACC86682CF12 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:58:00.0656 3948 Imapi - ok
22:58:00.0656 3948 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:58:00.0750 3948 ImapiService - ok
22:58:00.0750 3948 ini910u - ok
22:58:00.0875 3948 [ 08BAF30F6DE95814F58AF9CE7BBC5614 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:58:01.0031 3948 IntcAzAudAddService - ok
22:58:01.0031 3948 IntelIde - ok
22:58:01.0062 3948 [ DB8A1859CF9E48914DCC0A7206D87BE5 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:58:01.0343 3948 intelppm - ok
22:58:01.0359 3948 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:58:01.0468 3948 Ip6Fw - ok
22:58:01.0484 3948 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:58:01.0593 3948 IpFilterDriver - ok
22:58:01.0593 3948 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:58:01.0687 3948 IpInIp - ok
22:58:01.0703 3948 [ 472C75F85E631F8AA87D21C9FEE6238D ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:58:02.0000 3948 IpNat - ok
22:58:02.0015 3948 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:58:02.0125 3948 IPSec - ok
22:58:02.0140 3948 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:58:02.0218 3948 IRENUM - ok
22:58:02.0250 3948 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:58:02.0343 3948 isapnp - ok
22:58:02.0437 3948 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
22:58:02.0453 3948 JavaQuickStarterService - ok
22:58:02.0484 3948 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:58:02.0593 3948 Kbdclass - ok
22:58:02.0625 3948 [ 8531438246CE9474E41EE1599904C0C7 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:58:02.0921 3948 kmixer - ok
22:58:02.0937 3948 [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:58:02.0984 3948 KSecDD - ok
22:58:03.0000 3948 [ 76B15AC51A74BE936EA86EA6E08817CF ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:58:03.0281 3948 lanmanserver - ok
22:58:03.0296 3948 [ 4C79D9C38DC98CF1C035EC8470B7D1D5 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:58:03.0343 3948 lanmanworkstation - ok
22:58:03.0343 3948 lbrtfdc - ok
22:58:03.0359 3948 [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
22:58:03.0390 3948 lirsgt ( UnsignedFile.Multi.Generic ) - warning
22:58:03.0390 3948 lirsgt - detected UnsignedFile.Multi.Generic (1)
22:58:03.0406 3948 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:58:03.0484 3948 LmHosts - ok
22:58:03.0500 3948 [ 195741AEE20369980796B557358CD774 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:58:03.0609 3948 mdmxsdk - ok
22:58:03.0625 3948 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:58:03.0734 3948 Messenger - ok
22:58:03.0750 3948 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:58:03.0859 3948 mnmdd - ok
22:58:03.0875 3948 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:58:03.0968 3948 mnmsrvc - ok
22:58:03.0984 3948 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:58:04.0078 3948 Modem - ok
22:58:04.0109 3948 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:58:04.0203 3948 MODEMCSA - ok
22:58:04.0203 3948 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:58:04.0312 3948 Mouclass - ok
22:58:04.0343 3948 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:58:04.0437 3948 mouhid - ok
22:58:04.0468 3948 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:58:04.0562 3948 MountMgr - ok
22:58:04.0609 3948 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:58:04.0609 3948 MozillaMaintenance - ok
22:58:04.0625 3948 mraid35x - ok
22:58:04.0625 3948 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:58:04.0718 3948 MRxDAV - ok
22:58:04.0750 3948 [ 3500E756812E716351F2D341AE1D5623 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:58:04.0796 3948 MRxSmb - ok
22:58:04.0812 3948 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:58:04.0906 3948 MSDTC - ok
22:58:04.0906 3948 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:58:05.0000 3948 Msfs - ok
22:58:05.0015 3948 MSIServer - ok
22:58:05.0031 3948 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:58:05.0125 3948 MSKSSRV - ok
22:58:05.0140 3948 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:58:05.0218 3948 MSPCLOCK - ok
22:58:05.0234 3948 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:58:05.0328 3948 MSPQM - ok
22:58:05.0343 3948 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:58:05.0453 3948 mssmbios - ok
22:58:05.0468 3948 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:58:05.0562 3948 MSTEE - ok
22:58:05.0593 3948 [ 79A9C030299E8CC04F18D0765155D902 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:58:05.0890 3948 Mup - ok
22:58:05.0890 3948 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:58:06.0000 3948 NABTSFEC - ok
22:58:06.0031 3948 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:58:06.0109 3948 NDIS - ok
22:58:06.0125 3948 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:58:06.0218 3948 NdisIP - ok
22:58:06.0218 3948 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:58:06.0312 3948 NdisTapi - ok
22:58:06.0343 3948 [ 77D9BF86B912104C229D4F0D25BE3C12 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:58:06.0625 3948 Ndisuio - ok
22:58:06.0640 3948 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:58:06.0734 3948 NdisWan - ok
22:58:06.0734 3948 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:58:06.0843 3948 NDProxy - ok
22:58:06.0843 3948 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:58:06.0953 3948 NetBIOS - ok
22:58:06.0953 3948 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:58:07.0062 3948 NetBT - ok
22:58:07.0093 3948 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
22:58:07.0187 3948 NetDDE - ok
22:58:07.0187 3948 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:58:07.0265 3948 NetDDEdsdm - ok
22:58:07.0296 3948 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:58:07.0390 3948 Netlogon - ok
22:58:07.0406 3948 [ 3516D8A18B36784B1005B950B84232E1 ] Netman C:\WINDOWS\System32\netman.dll
22:58:07.0703 3948 Netman - ok
22:58:07.0750 3948 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:58:07.0750 3948 NetTcpPortSharing - ok
22:58:07.0781 3948 [ 1DFCA7713EA5A70D5D93B436AEA0317A ] Nla C:\WINDOWS\System32\mswsock.dll
22:58:07.0828 3948 Nla - ok
22:58:07.0843 3948 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:58:07.0953 3948 Npfs - ok
22:58:07.0984 3948 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:58:08.0093 3948 Ntfs - ok
22:58:08.0093 3948 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:58:08.0171 3948 NtLmSsp - ok
22:58:08.0203 3948 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:58:08.0296 3948 NtmsSvc - ok
22:58:08.0312 3948 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:58:08.0421 3948 Null - ok
22:58:08.0437 3948 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:58:08.0531 3948 NwlnkFlt - ok
22:58:08.0546 3948 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:58:08.0656 3948 NwlnkFwd - ok
22:58:08.0687 3948 [ AD66BC56DD6A030174C03395B3DC0720 ] PAC7302 C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
22:58:08.0718 3948 PAC7302 ( UnsignedFile.Multi.Generic ) - warning
22:58:08.0718 3948 PAC7302 - detected UnsignedFile.Multi.Generic (1)
22:58:08.0734 3948 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:58:08.0828 3948 Parport - ok
22:58:08.0843 3948 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:58:08.0937 3948 PartMgr - ok
22:58:08.0968 3948 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:58:09.0062 3948 ParVdm - ok
22:58:09.0093 3948 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:58:09.0125 3948 pccsmcfd - ok
22:58:09.0140 3948 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:58:09.0234 3948 PCI - ok
22:58:09.0234 3948 PCIDump - ok
22:58:09.0234 3948 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:58:09.0328 3948 PCIIde - ok
22:58:09.0359 3948 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:58:09.0453 3948 Pcmcia - ok
22:58:09.0500 3948 [ 984FCAF5834BDEA232822EF5CA20EC4E ] PCToolsSSDMonitorSvc C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
22:58:09.0515 3948 PCToolsSSDMonitorSvc - ok
22:58:09.0515 3948 PDCOMP - ok
22:58:09.0531 3948 PDFRAME - ok
22:58:09.0531 3948 PDRELI - ok
22:58:09.0531 3948 PDRFRAME - ok
22:58:09.0546 3948 perc2 - ok
22:58:09.0546 3948 perc2hib - ok
22:58:09.0578 3948 [ 4712531AB7A01B7EE059853CA17D39BD ] PlugPlay C:\WINDOWS\system32\services.exe
22:58:09.0640 3948 PlugPlay - ok
22:58:09.0656 3948 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:58:09.0734 3948 PolicyAgent - ok
22:58:09.0750 3948 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:58:09.0843 3948 PptpMiniport - ok
22:58:09.0843 3948 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:58:09.0921 3948 ProtectedStorage - ok
22:58:09.0937 3948 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:58:10.0031 3948 PSched - ok
22:58:10.0046 3948 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:58:10.0140 3948 Ptilink - ok
22:58:10.0187 3948 [ B572ED0C3E6165643FA116AF20425A54 ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
22:58:10.0203 3948 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
22:58:10.0203 3948 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
22:58:10.0203 3948 ql1080 - ok
22:58:10.0203 3948 Ql10wnt - ok
22:58:10.0218 3948 ql12160 - ok
22:58:10.0218 3948 ql1240 - ok
22:58:10.0218 3948 ql1280 - ok
22:58:10.0234 3948 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:58:10.0328 3948 RasAcd - ok
22:58:10.0359 3948 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:58:10.0453 3948 RasAuto - ok
22:58:10.0453 3948 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:58:10.0562 3948 Rasl2tp - ok
22:58:10.0578 3948 [ ED5E89DEDB0111E2869CB37D62B46C7A ] RasMan C:\WINDOWS\System32\rasmans.dll
22:58:10.0875 3948 RasMan - ok
22:58:10.0890 3948 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:58:10.0984 3948 RasPppoe - ok
22:58:10.0984 3948 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:58:11.0078 3948 Raspti - ok
22:58:11.0093 3948 [ B48441A6DC703EE4C36DB14EE51A189C ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:58:11.0390 3948 Rdbss - ok
22:58:11.0406 3948 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:58:11.0500 3948 RDPCDD - ok
22:58:11.0515 3948 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:58:11.0640 3948 rdpdr - ok
22:58:11.0656 3948 [ 047BEA21274C8A4A233674A76C958C2C ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:58:11.0953 3948 RDPWD - ok
22:58:11.0984 3948 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:58:12.0062 3948 RDSessMgr - ok
22:58:12.0078 3948 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:58:12.0171 3948 redbook - ok
22:58:12.0203 3948 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:58:12.0281 3948 RemoteAccess - ok
22:58:12.0312 3948 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:58:12.0390 3948 RemoteRegistry - ok
22:58:12.0406 3948 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
22:58:12.0500 3948 RpcLocator - ok
22:58:12.0515 3948 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:58:12.0578 3948 RpcSs - ok
22:58:12.0609 3948 [ 0E11B35E972796042044BC27CE13B065 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
22:58:12.0921 3948 rspndr - ok
22:58:12.0937 3948 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:58:13.0031 3948 RSVP - ok
22:58:13.0062 3948 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:58:13.0093 3948 RTLE8023xp - ok
22:58:13.0125 3948 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
22:58:13.0187 3948 SamSs - ok
22:58:13.0218 3948 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:58:13.0312 3948 SCardSvr - ok
22:58:13.0343 3948 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:58:13.0437 3948 Schedule - ok
22:58:13.0437 3948 [ 07F7F501AD50DE2BA2D5842D9B6D6155 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:58:13.0453 3948 Secdrv ( UnsignedFile.Multi.Generic ) - warning
22:58:13.0453 3948 Secdrv - detected UnsignedFile.Multi.Generic (1)
22:58:13.0484 3948 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
22:58:13.0562 3948 seclogon - ok
22:58:13.0578 3948 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
22:58:13.0656 3948 SENS - ok
22:58:13.0671 3948 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:58:13.0750 3948 serenum - ok
22:58:13.0765 3948 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:58:13.0843 3948 Serial - ok
22:58:13.0890 3948 [ 3EC8DE67B1C78C31E54C0F030E6BD7D5 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
22:58:13.0937 3948 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
22:58:13.0937 3948 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
22:58:13.0953 3948 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:58:14.0046 3948 Sfloppy - ok
22:58:14.0062 3948 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:58:14.0171 3948 SharedAccess - ok
22:58:14.0187 3948 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:58:14.0265 3948 ShellHWDetection - ok
22:58:14.0265 3948 Simbad - ok
22:58:14.0296 3948 [ C70AEBD3608ED9FCEA2A1BAE83567FFC ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:58:14.0312 3948 SkypeUpdate - ok
22:58:14.0328 3948 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:58:14.0421 3948 SLIP - ok
22:58:14.0437 3948 Sparrow - ok
22:58:14.0453 3948 [ 9BB1DD670CB7505A90FC4E61D4AA8227 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:58:14.0750 3948 splitter - ok
22:58:14.0765 3948 [ AD3D9D191AEA7B5445FE1D82FFBB4788 ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:58:15.0046 3948 Spooler - ok
22:58:15.0078 3948 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:58:15.0140 3948 sr - ok
22:58:15.0156 3948 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
22:58:15.0203 3948 srservice - ok
22:58:15.0218 3948 [ D4AF9861C3B6A2163D26DC6B9CF05E2A ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:58:15.0265 3948 Srv - ok
22:58:15.0296 3948 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:58:15.0343 3948 SSDPSRV - ok
22:58:15.0390 3948 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:58:15.0484 3948 stisvc - ok
22:58:15.0500 3948 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:58:15.0593 3948 streamip - ok
22:58:15.0609 3948 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:58:15.0703 3948 swenum - ok
22:58:15.0718 3948 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:58:15.0812 3948 swmidi - ok
22:58:15.0828 3948 SwPrv - ok
22:58:15.0828 3948 symc810 - ok
22:58:15.0828 3948 symc8xx - ok
22:58:15.0843 3948 sym_hi - ok
22:58:15.0843 3948 sym_u3 - ok
22:58:15.0859 3948 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:58:15.0937 3948 sysaudio - ok
22:58:15.0968 3948 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:58:16.0062 3948 SysmonLog - ok
22:58:16.0078 3948 [ 1418A3A6E76E5A2E3F5E43866E793A8B ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:58:16.0359 3948 TapiSrv - ok
22:58:16.0390 3948 [ 744E57C99232201AE98C49168B918F48 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:58:16.0453 3948 Tcpip - ok
22:58:16.0484 3948 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:58:16.0562 3948 TDPIPE - ok
22:58:16.0578 3948 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:58:16.0687 3948 TDTCP - ok
22:58:16.0703 3948 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:58:16.0796 3948 TermDD - ok
22:58:16.0843 3948 [ C29A5286E64D97385178452D5F307B98 ] TermService C:\WINDOWS\System32\termsrv.dll
22:58:17.0125 3948 TermService - ok
22:58:17.0140 3948 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
22:58:17.0218 3948 Themes - ok
22:58:17.0234 3948 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:58:17.0296 3948 TlntSvr - ok
22:58:17.0296 3948 TosIde - ok
22:58:17.0312 3948 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:58:17.0390 3948 TrkWks - ok
22:58:17.0421 3948 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:58:17.0500 3948 Udfs - ok
22:58:17.0500 3948 ultra - ok
22:58:17.0531 3948 [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
22:58:17.0593 3948 UMWdf - ok
22:58:17.0625 3948 [ A4815A4884898F355A3513E60843A4FD ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:58:17.0921 3948 Update - ok
22:58:17.0937 3948 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
22:58:18.0000 3948 upnphost - ok
22:58:18.0031 3948 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
22:58:18.0109 3948 UPS - ok
22:58:18.0156 3948 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:58:18.0250 3948 usbaudio - ok
22:58:18.0281 3948 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:58:18.0375 3948 usbccgp - ok
22:58:18.0390 3948 [ A45EA1550EA4B368C4FBA7CA9D056BC9 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:58:18.0703 3948 usbehci - ok
22:58:18.0703 3948 [ 6D46B1F89134892A862AC56B00AC11FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:58:19.0000 3948 usbhub - ok
22:58:19.0031 3948 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:58:19.0125 3948 usbscan - ok
22:58:19.0156 3948 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:58:19.0234 3948 usbstor - ok
22:58:19.0250 3948 [ 0EE1925590BA1ABEC14254D54D9870F4 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:58:19.0562 3948 usbuhci - ok
22:58:19.0578 3948 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:58:19.0687 3948 VgaSave - ok
22:58:19.0687 3948 ViaIde - ok
22:58:19.0718 3948 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:58:19.0812 3948 VolSnap - ok
22:58:19.0843 3948 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
22:58:19.0906 3948 VSS - ok
22:58:19.0921 3948 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
22:58:20.0015 3948 W32Time - ok
22:58:20.0031 3948 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:58:20.0125 3948 Wanarp - ok
22:58:20.0125 3948 WDICA - ok
22:58:20.0140 3948 [ 0BFA8203B8148FB4E54BC212C41CE497 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:58:20.0421 3948 wdmaud - ok
22:58:20.0437 3948 [ 346E7D636ADFE4E3B1B32AF8326220FF ] WebClient C:\WINDOWS\System32\webclnt.dll
22:58:20.0734 3948 WebClient - ok
22:58:20.0765 3948 [ 1225EBEA76AAC3C84DF6C54FE5E5D8BE ] winachsf C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
22:58:20.0890 3948 winachsf - ok
22:58:20.0953 3948 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:58:21.0031 3948 winmgmt - ok
22:58:21.0093 3948 [ CD99C9FEAE87C1963273F6B150251E33 ] WMConnectCDS C:\Program Files\Windows Media Connect 2\wmccds.exe
22:58:21.0156 3948 WMConnectCDS ( UnsignedFile.Multi.Generic ) - warning
22:58:21.0156 3948 WMConnectCDS - detected UnsignedFile.Multi.Generic (1)
22:58:21.0171 3948 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
22:58:21.0203 3948 WmdmPmSN - ok
22:58:21.0218 3948 [ E8E57B0F9EB03D1AABEC28D550C75116 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:58:21.0281 3948 Wmi - ok
22:58:21.0328 3948 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:58:21.0406 3948 WmiApSrv - ok
22:58:21.0437 3948 [ 478995B4555958E52388496618D9C678 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:58:21.0718 3948 wscsvc - ok
22:58:21.0734 3948 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:58:21.0843 3948 WSTCODEC - ok
22:58:21.0875 3948 [ B72508649DAD03BCB5D708EDB1E3E57E ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:58:21.0875 3948 wuauserv - ok
22:58:21.0921 3948 [ B1F190A2BF52B8F4601C677F475CE5E5 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:58:22.0187 3948 WZCSVC - ok
22:58:22.0218 3948 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:58:22.0312 3948 xmlprov - ok
22:58:22.0312 3948 ================ Scan global ===============================
22:58:22.0343 3948 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
22:58:22.0359 3948 [ B5F602D0341ED1D35AF82BA25BA3EC7F ] C:\WINDOWS\system32\winsrv.dll
22:58:22.0359 3948 [ B5F602D0341ED1D35AF82BA25BA3EC7F ] C:\WINDOWS\system32\winsrv.dll
22:58:22.0375 3948 [ 4712531AB7A01B7EE059853CA17D39BD ] C:\WINDOWS\system32\services.exe
22:58:22.0375 3948 [Global] - ok
22:58:22.0375 3948 ================ Scan MBR ==================================
22:58:22.0390 3948 [ 9C603BC3977968C891DE319283E1E7AF ] \Device\Harddisk0\DR0
22:58:22.0421 3948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
22:58:22.0421 3948 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
22:58:22.0500 3948 ================ Scan VBR ==================================
22:58:22.0500 3948 [ B3164052E8C31188F8E88CF16E312056 ] \Device\Harddisk0\DR0\Partition1
22:58:22.0500 3948 \Device\Harddisk0\DR0\Partition1 - ok
22:58:22.0531 3948 [ 65EC9CEFFA2B29171B4A6550A9FB51B5 ] \Device\Harddisk0\DR0\Partition2
22:58:22.0531 3948 \Device\Harddisk0\DR0\Partition2 - ok
22:58:22.0546 3948 [ 99DA785445343763E6A06618A76EE4D0 ] \Device\Harddisk0\DR0\Partition3
22:58:22.0562 3948 \Device\Harddisk0\DR0\Partition3 - ok
22:58:22.0562 3948 ============================================================
22:58:22.0562 3948 Scan finished
22:58:22.0562 3948 ============================================================
22:58:22.0687 1988 Detected object count: 14
22:58:22.0687 1988 Actual detected object count: 14
22:58:44.0468 1988 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0468 1988 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0468 1988 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0468 1988 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0484 1988 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0484 1988 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0484 1988 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0484 1988 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0484 1988 d347bus ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0484 1988 d347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0484 1988 d347prt ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0484 1988 d347prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0484 1988 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0484 1988 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0484 1988 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0484 1988 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0484 1988 PAC7302 ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0484 1988 PAC7302 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0484 1988 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0484 1988 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0484 1988 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0484 1988 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0484 1988 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0484 1988 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0500 1988 WMConnectCDS ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0500 1988 WMConnectCDS ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0828 1988 \Device\Harddisk0\DR0\# - copied to quarantine
22:58:44.0828 1988 \Device\Harddisk0\DR0 - copied to quarantine
22:58:44.0843 1988 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot
22:58:44.0843 1988 \Device\Harddisk0\DR0 - ok
22:58:44.0843 1988 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
22:58:57.0140 2508 Deinitialize success




mycity.rs/must-login.png



ComboFix 12-11-03.02 - Blue Devil 03-Nov-12 23:08:54.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1337 [GMT 1:00]
Running from: c:\documents and settings\Blue Devil\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\D1B5B4F1.TMP
c:\documents and settings\Blue Devil\WINDOWS
c:\program files\BrowserCompanion
c:\program files\BrowserCompanion\blabbers-ch.crx
c:\program files\BrowserCompanion\logo.ico
c:\program files\BrowserCompanion\updatebhoWin32.dll_1
c:\program files\Setup.exe
c:\windows\daemon.dll
c:\windows\system32\CddbCdda.dll
c:\windows\system32\roboot.exe
c:\windows\system32\SET1AD2.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-03 to 2012-11-03 )))))))))))))))))))))))))))))))
.
.
2012-11-03 21:59 . 2012-11-03 21:59 -------- d-----w- c:\windows\system32\LogFiles
2012-11-03 21:58 . 2012-11-03 21:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-03 21:45 . 2012-11-03 21:45 -------- d-----w- c:\program files\CCleaner
2012-11-03 20:30 . 2012-11-03 20:30 -------- d-----w- c:\documents and settings\Blue Devil\Local Settings\Application Data\Sun
2012-11-03 18:45 . 2012-11-03 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\MCShield
2012-11-03 18:45 . 2012-11-03 18:45 -------- d-----w- c:\program files\MCShield
2012-11-03 17:55 . 2012-11-03 17:55 -------- d-----w- c:\program files\uTorrent
2012-11-03 17:55 . 2012-11-03 22:12 -------- d-----w- c:\documents and settings\Blue Devil\Application Data\uTorrent
2012-11-03 17:36 . 2012-11-03 17:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-03 17:36 . 2012-11-03 17:36 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-03 17:29 . 2012-11-03 17:29 -------- d-----w- c:\program files\Common Files\Java
2012-11-03 17:24 . 2012-11-03 17:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-03 17:24 . 2012-11-03 17:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-03 17:19 . 2012-11-03 17:19 -------- d-----w- c:\documents and settings\Blue Devil\Application Data\Qualys
2012-11-03 17:15 . 2012-11-03 21:50 -------- d-s---w- c:\documents and settings\Blue Devil\UserData
2012-11-03 16:46 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-11-03 16:46 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-03 17:23 . 2011-05-20 16:16 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-03 17:23 . 2011-05-20 16:16 746984 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-18 08:53 . 2011-01-18 08:53 2994688 ----a-w- c:\program files\openofficeorg33.msi
2012-10-24 17:50 . 2012-11-03 17:29 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"Facebook Update"="c:\documents and settings\Blue Devil\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"eType"="c:\documents and settings\Blue Devil\Application Data\eType\eType.exe" [2012-07-24 2917272]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-11-03 963984]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-10-23 605184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m‘|\ü" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"DAEMON Tools-1033"="d:\instalirani programi\DEMON\daemon.exe" [2004-08-22 81920]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"TNOD UP"="c:\program files\ESET\TNod User & Password Finder\TNODUP.exe" [2012-07-05 1028800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2007-01-16 53760]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Blue Devil\\Desktop\\PES2008.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Blue Devil\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [24-May-09 15:02 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [24-May-09 15:02 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06-Feb-09 13:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06-Feb-09 13:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06-Feb-09 13:23 727720]
R2 IBUpdaterService;Updater Service;c:\documents and settings\All Users\Application Data\IBUpdaterService\ibsvc.exe [17-May-12 19:33 398392]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [19-Jul-10 15:23 632792]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [05-Jun-12 14:17 160944]
R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [18-Oct-11 19:36 37560]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-03 17:36]
.
2012-10-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1229272821-1303643608-682003330-1003Core.job
- c:\documents and settings\Blue Devil\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-12-14 10:14]
.
2012-11-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1229272821-1303643608-682003330-1003UA.job
- c:\documents and settings\Blue Devil\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-12-14 10:14]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Blue Devil\Application Data\Mozilla\Firefox\Profiles\6a9xe02z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-03 18:19; {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}; c:\documents and settings\Blue Devil\Application Data\Mozilla\Firefox\Profiles\6a9xe02z.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
FF - ExtSQL: 2012-11-03 18:32; {77b819fa-95ad-4f2c-ac7c-486b356188a9}; c:\documents and settings\Blue Devil\Application Data\Mozilla\Firefox\Profiles\6a9xe02z.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - ExtSQL: !HIDDEN! 2011-04-23 00:13; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=fmtgl
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=fmtgl
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=fmtgl&q=
FF - user.js: extensions.funmoods_i.id - a40151ed000000000000001fd00ea1d1
FF - user.js: extensions.funmoods_i.instlDay - 15478
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1611:48
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - fmtgl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-RegistryMechanic - c:\program files\Registry Mechanic\RegMech.exe
HKCU-Run-RDReminder - c:\program files\PC Performer\PCPerformer.exe
SafeBoot-13777162.sys
AddRemove-Counter Strike 1.6 FULL v44 - c:\games\CS1.6v44\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2012-11-03 23:12
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
eType = c:\documents and settings\Blue Devil\Application Data\eType\eType.exe?????????????????`???]????????M????????????????`???]??M?????M???????????????O???A?????T?????A???K?T?F?????S?F???????W???????T???????????????????????????????????????S?????????????@?????S??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-1303643608-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:81,0f,14,ba,d2,74,65,6c,15,e3,2c,7e,6e,3e,ef,b4,c9,26,a0,ec,3c,8a,a0,
67,87,57,96,96,1f,3e,a0,c5,40,98,e0,d8,e6,d8,fc,76,c2,4d,c7,3c,58,05,c0,f7,\
"??"=hex:0a,1e,b9,93,74,34,bd,f3,52,e0,22,cc,ec,df,fd,f1
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3716)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\documents and settings\Blue Devil\Application Data\eType\eTypeUpdate.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-11-03 23:14:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-03 22:14
.
Pre-Run: 3,152,588,800 bytes free
Post-Run: 3,868,082,176 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8D105C16236DBD4CBDBF9D2DB5623093

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Korak 1.

Otvoriti Notepad i iskopirati sledeci tekst:

DEQUARANTINE::
C:\Qoobox\Quarantine\c\windows\system32\roboot.exe.vir
QUIT::


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Korak 2.

Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Dvoklikom pokreni program i klikni na dugme [Search] .
Kada program zavrsi analizu otvorice notepad (AdwCleaner[R1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[R1].txt

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 140
  • Gde živiš: SRBIJA

Napisano: 04 Nov 2012 12:45

C:\Qoobox\Quarantine\c\windows\system32\roboot.exe.vir -> c:\windows\system32\roboot.exe ( 17464 bytes )

mycity.rs/must-login.png

Dopuna: 04 Nov 2012 12:47

Ako si na to mislio jer kad je combo fix se pokrenuo trazio je da se updejtuje pa se onda kada je zavrsio sa skeniranjem onda sam izgubio internet pa sam morao da restartujem racunar da bi dobio internet. Ako tako treba onda ok ako ne da znas.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Ok, u redu Smile

Jos jedan korak, pa zavrsavamo


Ponovo pokreni AdwCleaner
Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt



Kazi mi kakvo je stanje sada? Imas li nekih problema sa racunarom?

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 140
  • Gde živiš: SRBIJA

mycity.rs/must-login.png
Pa cini mi se da je mnogo brzi nego sto je bio pre svega ovoga a i ne iskace vise ono obavestenje iz naslova mada ga nisam dobro ni iskopirao. U svako slucaju javicu ako se jos nesto desi. Hvala ti

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Arrow Racunar je čist što se malware-a tiče. Potrebno je da ispratiš sledeće korake...



Arrow Ponovo pokreni AdwCleaner
Klikni na dugme [Uninstall] i pricekaj da se postupak uninstallacije završi.



Arrow Preuzmi i pokreni OTC. Klikni na CleanUp. Ovim ce biti obrisani korisceni alati.



Arrow Ugasen ti je firewall. Da bi ga ukljucili, potrebno je da skines ovaj fajl

https://www.mycity.rs/must-login.png

Dvoklikom pokreni, klikni na Yes, a zatim na OK.



Arrow Na racunaru je instaliran piratski antivirus, sto nikako nije dobra ideja. Obrisi sledece stavke iz Control Panel-a:
- ESET NOD32 Antivirus
- TNod User & Password Finder

Zatim instaliraj neki AV program. Ukoliko nemaš novaca ili ne želiš da ga izdvojiš za neki komercijalni AV program, na raspolaganju ti se nalaze kvalitetni besplatni AV programi poput

Microsoft Security Essentials
avast! Free Antivirus
Avira Free Antivirus
Panda Antivirus Free
AVG Free

Takodje prelistaj malo i ove teme...

Aplikacija-za-sigurno-surfovanje-Vas-mozak Arrow
http://www.mycity.rs/Zastita/Aplikacija-za-sigurno-surfovanje-Vas-mozak.html


Izbor besplatnog antivirusa Arrow
http://www.mycity.rs/Zastitni-programi/Izbor-besplatnog-antivirusa.html


Najbolji-antivirus-po-vasem-misljenju Arrow
http://www.mycity.rs/Zastitni-programi/Najbolji-an.....jenju.html


Najbolji besplatni zastitni softver Arrow
http://www.mycity.rs/Zastitni-programi/Najbolji-besplatni-zastitni-softver.html



Nemoj koristiti piratske verzije AV programa!!!



Arrow Preporucujem ti da instaliras Service Pack 3 za Windows XP tj. update-ujes svoj Operativni Sistem. Necu govoriti o njegovim prednostima u odnosu na Service Pack 2. Te informacije mozes naci na MS-ovom sajtu. Uglavnom, MS je 13.jula 2010 prekinuo podrsku za Service Pack 2 koji je instaliran na tvom racunaru.

Sta to znaci? Pogledaj link: http://windows.microsoft.com/en-US/windows/help/what-does-end-of-support-mean;

**** Ukoliko se odlucis na ovaj korak (instaliranje SP3), preporucujem ti da prethodno uradis backup svih bitnih podataka.



Arrow Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Više o MCShield-u možeš saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html




Arrow Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html



Arrow Takode, isprati i temu "Kako izbeci i ukloniti toolbar-ove" , procitaj i isprati korake u njoj. Link do teme je: http://www.mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html



TwinHeadedEagle (AMF Tim)

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 140
  • Gde živiš: SRBIJA

TwinHeadedEagle ::Arrow Racunar je čist što se malware-a tiče. Potrebno je da ispratiš sledeće korake...

Hvala ti na pomoci.



Citat:Arrow Ponovo pokreni AdwCleaner
Klikni na dugme [Uninstall] i pricekaj da se postupak uninstallacije završi.

Odradjeno


Citat:Arrow Preuzmi i pokreni OTC. Klikni na CleanUp. Ovim ce biti obrisani korisceni alati.
Odradjeno



Citat:Arrow Ugasen ti je firewall. Da bi ga ukljucili, potrebno je da skines ovaj fajl

mycity.rs/must-login.png

Dvoklikom pokreni, klikni na Yes, a zatim na OK.


I ovo sam odradio



Citat:Arrow Na racunaru je instaliran piratski antivirus, sto nikako nije dobra ideja. Obrisi sledece stavke iz Control Panel-a:
- ESET NOD32 Antivirus
- TNod User & Password Finder

Zatim instaliraj neki AV program. Ukoliko nemaš novaca ili ne želiš da ga izdvojiš za neki komercijalni AV program, na raspolaganju ti se nalaze kvalitetni besplatni AV programi poput

Microsoft Security Essentials
avast! Free Antivirus
Avira Free Antivirus
Panda Antivirus Free
AVG Free


I ovo cu da odradim mada nijemoj kompjuter

Citat: Takodje prelistaj malo i ove teme...

Aplikacija-za-sigurno-surfovanje-Vas-mozak Arrow
mycity.rs/Zastita/Aplikacija-za-sigurno-surfovanje-Vas-mozak.html


Izbor besplatnog antivirusa Arrow
mycity.rs/Zastitni-programi/Izbor-besplatnog-antivirusa.html


Najbolji-antivirus-po-vasem-misljenju Arrow
mycity.rs/Zastitni-programi/Najbolji-an.....jenju.html


Najbolji besplatni zastitni softver Arrow
mycity.rs/Zastitni-programi/Najbolji-besplatni-zastitni-softver.html


Nisam prvi put ovde zato ja na mom kompjuteru vise nemam problema a sto se tice antivirusnog programa najbolji i jeste nas MOZAK ako znas sta radis i nista ne radis mehanicki onda ti maltene ni ne treba antivirus program.





Citat:Arrow Preporucujem ti da instaliras Service Pack 3 za Windows XP tj. update-ujes svoj Operativni Sistem. Necu govoriti o njegovim prednostima u odnosu na Service Pack 2. Te informacije mozes naci na MS-ovom sajtu. Uglavnom, MS je 13.jula 2010 prekinuo podrsku za Service Pack 2 koji je instaliran na tvom racunaru.

Sta to znaci? Pogledaj link: windows.microsoft.com/en-US/windows/help/what-does-end-of-support-mean;

**** Ukoliko se odlucis na ovaj korak (instaliranje SP3), preporucujem ti da prethodno uradis backup svih bitnih podataka.


Upravo skidam SP3



Citat:Arrow Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: amf.mycity.rs/mcshield/

Više o MCShield-u možeš saznati u ovim temama:
v1: mycity.rs/MyCity-Laboratorija/MCShield.html
v2: mycity.rs/MyCity-Laboratorija/MCShield-v2.html




Arrow Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html



Arrow Takode, isprati i temu "Kako izbeci i ukloniti toolbar-ove" , procitaj i isprati korake u njoj. Link do teme je: mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html


Sto se tice Mcshielda to je od moje prve posete ovom sajtu neizostavni program mog i svih ostalih racunara koji dodju kod mene na ciscenje virusa ali ovaj nisamznao kako da ocistim, testiranje ranjivosti browsera je isto jedna od stavki koje koristim, a toolbarove jaih izbegavam ali deca i njihovo mehanicko instaliranje svega sto im padne pod ruku e tu ne mogu nista. Sad ce neko pomisliti iz svega gore navedenog da ja sve ovo radim za pare ali ne ja samo pomazem mojim prijateljima sa posla i iz blize okoline kad zaglupiraju racunar i svima koji imaju i malo tehnoloskih mogucnosti ostavim adresu ovog sajta da bi mogli da se malo vise edukuju i da sami skonrtaju sta ne treba da rade a sta mogu. U svakom slucaju hvala jos jednom na pomoci koja je uvek brza.

Ko je trenutno na forumu
 

Ukupno su 653 korisnika na forumu :: 30 registrovanih, 7 sakrivenih i 616 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., AleksSE, amaterSRB, babaroga2, bato, bondon46, Boris902, Dannyboy, Drug pukovnik, Eyes Wide Shut, ikan, ivica976, kairos2, Kubovac, KUZMAR, Levi2, Marko Marković, matorigile, Misirac, Recce, Sirius, Skywhaler, ssekir75, tacija, uhogrlonos, vladas87, vlvl, voja64, volimpivuvolimrakiju, Vzor50