Dobry den,
AVG naslo Trojskeho kone v System Volume Information. Identifikovalo ho jako: SHeur2.CDOC
bohuzel jej ale zrejme nedokazalo odstranit. Vypnul jsem System Restore -> provedl test AVG -> zapnul SR -> Zadneho trojaka AVG jiz nenaslo.
Nazev souboru je A0096509.exe
Dekuji za kontrolu, Amarok
Logfile of random's system information tool 1.06 (written by random/random)
Run by lpecina at 2010-01-04 14:29:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 102 GB (67%) free of 152 GB
Total RAM: 2046 MB (69% free)
HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-31 1484056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-07-25 823296]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-07-25 974848]
"openvpn-gui"=C:\Program Files\OpenVPN\bin\openvpn-gui.exe [2005-04-21 98816]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-31 8429568]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-12-31 12464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gemsafe]
C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [2006-11-16 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"consentpromptbehavioradmin"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"ForceStartMenuLogOff"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37112cf8-f930-11de-84b4-005056c00008}]
shell\AutoRun\command - E:\hbcd\wintools\autorun.exe
shell\Option1\command - E:\hbcd\wintools\autorun.exe
======List of files/folders created in the last 1 months======
2010-01-04 14:29:20 ----D---- C:\rsit
2010-01-04 14:29:20 ----D---- C:\Program Files\trend micro
2010-01-04 14:24:47 ----D---- C:\WINDOWS\temp
2010-01-04 14:24:43 ----A---- C:\ComboFix.txt
2010-01-04 14:16:38 ----D---- C:\ComboFix
2010-01-03 16:17:46 ----A---- C:\WINDOWS\zip.exe
2010-01-03 16:17:46 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-03 16:17:46 ----A---- C:\WINDOWS\SWSC.exe
2010-01-03 16:17:46 ----A---- C:\WINDOWS\SWREG.exe
2010-01-03 16:17:46 ----A---- C:\WINDOWS\sed.exe
2010-01-03 16:17:46 ----A---- C:\WINDOWS\PEV.exe
2010-01-03 16:17:46 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-03 16:17:46 ----A---- C:\WINDOWS\MBR.exe
2010-01-03 16:17:46 ----A---- C:\WINDOWS\grep.exe
2010-01-03 16:17:20 ----D---- C:\WINDOWS\ERDNT
2010-01-03 16:16:51 ----D---- C:\Qoobox
2010-01-03 15:50:43 ----D---- C:\Config.Msi
2010-01-02 21:05:50 ----AD---- C:\backup
2010-01-02 20:31:23 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-02 17:33:20 ----D---- C:\Documents and Settings\lpecina\Application Data\Nero
2010-01-02 17:26:12 ----D---- C:\Program Files\Nero
2010-01-02 17:26:03 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2010-01-02 17:26:00 ----D---- C:\Program Files\Common Files\Nero
2010-01-01 00:33:29 ----D---- C:\Program Files\NOS
2010-01-01 00:33:29 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-12-31 21:26:58 ----D---- C:\WINDOWS\Minidump
2009-12-31 21:14:55 ----D---- C:\Documents and Settings\All Users\Application Data\28431018
2009-12-17 11:59:12 ----D---- C:\Documents and Settings\lpecina\Application Data\QuidoCX
2009-12-17 11:14:09 ----A---- C:\WINDOWS\system32\ftserui2.dll
2009-12-17 11:14:09 ----A---- C:\WINDOWS\system32\FTLang.dll
2009-12-17 11:14:09 ----A---- C:\WINDOWS\system32\ftd2xx.dll
2009-12-17 11:14:09 ----A---- C:\WINDOWS\system32\ftbusui.dll
2009-12-16 19:10:38 ----D---- C:\Documents and Settings\lpecina\Application Data\OpenOffice.org
2009-12-16 19:08:35 ----D---- C:\Program Files\OpenOffice.org 3
2009-12-11 18:48:15 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-11 18:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-11 18:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-11 18:46:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-11 18:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-11 18:46:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
======List of files/folders modified in the last 1 months======
2010-01-04 14:29:20 ----RD---- C:\Program Files
2010-01-04 14:24:47 ----D---- C:\WINDOWS\Prefetch
2010-01-04 14:24:47 ----D---- C:\WINDOWS
2010-01-04 14:23:36 ----A---- C:\WINDOWS\system.ini
2010-01-04 14:20:51 ----D---- C:\WINDOWS\system32\drivers
2010-01-04 14:20:50 ----D---- C:\WINDOWS\system32
2010-01-04 14:20:50 ----D---- C:\WINDOWS\AppPatch
2010-01-04 14:20:45 ----D---- C:\Program Files\Common Files
2010-01-04 14:17:37 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-04 14:16:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-04 13:55:32 ----SHD---- C:\System Volume Information
2010-01-04 13:55:32 ----D---- C:\WINDOWS\system32\Restore
2010-01-04 13:51:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-04 13:45:43 ----D---- C:\WINDOWS\security
2010-01-04 13:45:28 ----D---- C:\Documents and Settings\lpecina\Application Data\Skype
2010-01-04 10:36:53 ----D---- C:\Program Files\Mozilla Firefox
2010-01-03 16:39:04 ----SD---- C:\WINDOWS\Tasks
2010-01-03 16:24:35 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-01-03 16:21:22 ----D---- C:\WINDOWS\system32\config
2010-01-03 15:50:59 ----SHD---- C:\WINDOWS\Installer
2010-01-03 15:50:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-03 15:50:47 ----HD---- C:\WINDOWS\inf
2010-01-02 21:23:28 ----SHD---- C:\WINDOWS\CSC
2010-01-02 16:51:03 ----D---- C:\Documents and Settings
2010-01-02 15:33:47 ----D---- C:\Program Files\OpenVPN
2010-01-02 14:49:29 ----D---- C:\WINDOWS\Registration
2010-01-01 15:55:17 ----D---- C:\dumps
2010-01-01 13:49:22 ----D---- C:\Documents and Settings\lpecina\Application Data\VMware
2009-12-31 23:33:27 ----D---- C:\Temp
2009-12-31 23:30:05 ----D---- C:\skoleni
2009-12-31 22:17:10 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-12-25 20:37:52 ----A---- C:\WINDOWS\hpbafd.ini
2009-12-17 09:51:12 ----D---- C:\Documents and Settings\lpecina\Application Data\Juniper Networks
2009-12-16 19:09:45 ----RSD---- C:\WINDOWS\assembly
2009-12-16 19:08:51 ----RSD---- C:\WINDOWS\Fonts
2009-12-11 18:48:14 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-11 18:48:12 ----A---- C:\WINDOWS\imsins.BAK
2009-12-11 18:47:40 ----D---- C:\Program Files\Internet Explorer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-11-09 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-12-31 28424]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-12-31 360584]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NEOFLTR_600_13073;Juniper Networks TDI Filter Driver (NEOFLTR_600_13073); \??\C:\WINDOWS\system32\Drivers\NEOFLTR_600_13073.SYS []
R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951); \??\C:\WINDOWS\system32\Drivers\NEOFLTR_650_14951.SYS []
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-04-26 64896]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-03-21 21393]
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys []
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-12-02 12672]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-05-29 12416]
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2007-09-06 23296]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R2 WavxDMgr;WavxDMgr; C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2007-09-10 161280]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-09-24 155136]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-11-09 30104]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-03-18 160256]
R3 catchme;catchme; \??\C:\DOCUME~1\lpecina\LOCALS~1\Temp\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DXEC01;DXEC01; C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 97536]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-11-28 62208]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-12-02 989952]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-12-02 211200]
R3 NETw4x32;Ovladae adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-08-12 2211456]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-31 6727136]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-12-05 1222840]
R3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 23552]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2007-04-26 41600]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2007-09-06 9600]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960]
R3 WaveFDE;Wave System Power Monitor Device Driver; C:\WINDOWS\system32\DRIVERS\WaveFDE.sys [2007-09-06 18176]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-12-02 731136]
R3 xpvcom;XPVCOM Port; C:\WINDOWS\system32\DRIVERS\XPVCOM.sys [2007-03-23 30032]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-11-09 30104]
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2009-10-22 57800]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2009-10-22 72520]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mbr;mbr; \??\C:\DOCUME~1\lpecina\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-26 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-04-26 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-04-26 73600]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2007-04-26 18612]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-04-26 41856]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-31 285392]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2007-07-20 475136]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-31 163908]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-07-25 987136]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\StacSV.exe [2007-12-05 94208]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-07-25 294912]
R3 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2009-12-31 2303680]
S2 tcsd_win32.exe;NTRU TSS v1.2.1.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2007-11-08 1552384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 caodbmb_TEST;caodbmb_TEST; C:\cygwin\home\lukas\lab\gha\mb\caodbmb_TEST\caodbmb.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 InformaticaOrchestrationServer;Informatica Orchestration Server; C:\Informatica\PowerCenter8.6.0\OrchestrationServer\service\bin\wrapper.exe [2008-06-19 217088]
S3 InformaticaServices8.6.0;Informatica Services 8.6.0; C:\Informatica\PowerCenter8.6.0\server\tomcat\bin\infasvcs.exe [2008-09-25 61440]
S3 Lotus Notes Diagnostics;Lotus Notes Diagnostics; C:\Program Files\lotus\notes\nsd.exe [2009-09-29 3397000]
S3 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
S3 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [2009-09-29 58760]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2005-02-20 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-08-31 486400]
S3 SybaseUAService;Sybase Unified Agent; C:\sybase15\UAF-2_0\utility\ntautostart\release\uaservice.exe [2007-05-17 49152]
S3 SYBBCK_CAODB15_BS;Sybase BCKServer _ CAODB15_BS; C:\sybase15\ASE-15_0\bin\bcksrvr.exe [2007-05-24 286720]
S3 SYBMON_CAODB15_MS;Sybase MONServer _ CAODB15_MS; C:\sybase15\ASE-15_0\bin\monsrvr.exe [2007-05-24 390252]
S3 SYBSQL_CAODB15;Sybase SQLServer _ CAODB15; C:\sybase15\ASE-15_0\bin\sqlsrvr.exe [2007-05-24 50179832]
S3 SYBXPS_CAODB15_XP;Sybase XPServer _ CAODB15_XP; C:\sybase15\ASE-15_0\bin\xpserver.exe [2007-05-24 97360]
S3 TdmService;TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2007-09-07 737280]
S3 Tomcat5;Apache Tomcat; C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe [2007-08-25 57344]
S3 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Server\vmware-authd.exe [2007-09-06 151643]
S3 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2007-09-06 106496]
S3 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-05-01 269104]
S3 vmserverdWin32;VMware Registration Service; C:\Program Files\VMware\VMware Server\vmserverdWin32.exe [2007-09-06 1650781]
S3 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2007-09-06 135168]
S3 Wave UCSPlus;Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [2008-04-14 5120]
S3 WaveEnrollmentService;WaveEnrollmentService; C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe [2007-09-13 192512]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vir v System Volume Information
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Vir v System Volume Information
Hezké odpoledne 
Poprosím o log z combofixu, co jste již dělal
Poprosím o log z combofixu, co jste již dělalNepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Vir v System Volume Information
Posilam.
Dekuji.
ComboFix 10-01-03.05 - lpecina 04.01.2010 14:17:55.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.2046.1514 [GMT 1:00]
Spuštěný z: e:\install\odvirovace\ComboFix.exe
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-04 do 2010-01-04 )))))))))))))))))))))))))))))))
.
2010-01-02 20:13 . 2010-01-02 20:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-02 20:05 . 2010-01-02 20:43 -------- d---a-w- C:\backup
2010-01-02 16:33 . 2010-01-02 16:53 -------- d-----w- c:\documents and settings\lpecina\Application Data\Nero
2010-01-02 16:26 . 2010-01-02 16:26 -------- d-----w- c:\program files\Nero
2010-01-02 16:26 . 2010-01-02 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-01-02 16:26 . 2010-01-02 16:26 -------- d-----w- c:\program files\Common Files\Nero
2009-12-31 23:33 . 2009-12-31 23:33 1924200 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-12-31 23:33 . 2009-12-31 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-31 23:33 . 2009-12-31 23:33 -------- d-----w- c:\program files\NOS
2009-12-31 23:33 . 2009-12-17 15:37 31936 ----a-w- c:\documents and settings\lpecina\Application Data\Mozilla\Firefox\Profiles\bmvfqroc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-12-31 23:33 . 2009-12-17 15:37 29344 ----a-w- c:\documents and settings\lpecina\Application Data\Mozilla\Firefox\Profiles\bmvfqroc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-12-31 21:10 . 2009-12-31 21:10 -------- d-sh--w- c:\documents and settings\lpecina\IECompatCache
2009-12-31 20:14 . 2009-12-31 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\28431018
2009-12-31 20:14 . 2009-12-31 20:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-28 12:34 . 2009-12-28 12:34 -------- d-----w- c:\documents and settings\lpecina\workspace
2009-12-17 11:12 . 2009-12-17 11:12 -------- d-----w- c:\documents and settings\lpecina\Local Settings\Application Data\Lotus
2009-12-17 10:59 . 2009-12-17 11:07 -------- d-----w- c:\documents and settings\lpecina\Application Data\QuidoCX
2009-12-17 10:14 . 2009-10-22 13:17 206144 ----a-w- c:\windows\system32\ftd2xx.dll
2009-12-17 10:14 . 2009-10-22 13:17 120136 ----a-w- c:\windows\system32\ftbusui.dll
2009-12-17 10:14 . 2009-10-22 13:16 197952 ----a-w- c:\windows\system32\FTLang.dll
2009-12-17 10:14 . 2009-10-22 13:11 57800 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2009-12-17 10:14 . 2009-10-22 13:09 72520 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2009-12-17 10:14 . 2009-10-22 13:08 52552 ----a-w- c:\windows\system32\ftserui2.dll
2009-12-17 08:52 . 2009-12-09 13:28 85288 ----a-w- c:\windows\system32\drivers\NEOFLTR_650_14951.SYS
2009-12-16 18:11 . 2009-12-27 16:13 1 ----a-w- c:\documents and settings\lpecina\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-16 18:10 . 2009-12-16 18:10 -------- d-----w- c:\documents and settings\lpecina\Application Data\OpenOffice.org
2009-12-16 18:08 . 2009-12-16 18:08 -------- d-----w- c:\program files\OpenOffice.org 3
2009-12-13 13:00 . 2009-12-13 13:01 -------- d-----w- c:\documents and settings\lpecina\.cc_config
2009-12-09 13:31 . 2009-12-09 13:31 45096 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\uninstall.exe
2009-12-09 13:31 . 2009-12-09 13:31 304424 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsCacheCleaner.exe
2009-12-09 13:31 . 2009-12-09 13:31 24576 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsWinClientResource_EN.dll
2009-12-09 13:23 . 2009-12-09 13:23 18944 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsWinClientResource_FR.dll
2009-12-09 13:23 . 2009-12-09 13:23 18944 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsWinClientResource_DE.dll
2009-12-09 13:23 . 2009-12-09 13:23 16384 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsWinClientResource_ZH_CN.dll
2009-12-09 13:23 . 2009-12-09 13:23 16384 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsWinClientResource_ZH.dll
2009-12-09 13:23 . 2009-12-09 13:23 18432 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsWinClientResource_ES.dll
2009-12-09 13:23 . 2009-12-09 13:23 16896 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsWinClientResource_KO.dll
2009-12-09 13:22 . 2009-12-09 13:22 16896 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsWinClientResource_JA.dll
2009-12-09 13:12 . 2009-10-21 05:38 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-09 13:12 . 2009-10-21 05:38 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-12-09 13:12 . 2009-10-20 16:20 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-12-09 13:11 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2009-12-09 13:11 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-12-09 13:11 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-12-09 13:11 . 2009-10-13 10:30 270336 ------w- c:\windows\system32\dllcache\oakley.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 12:45 . 2008-05-28 15:37 -------- d-----w- c:\documents and settings\lpecina\Application Data\Skype
2010-01-02 20:13 . 2008-03-21 09:57 37109 ----a-w- c:\windows\system32\nvModes.dat
2010-01-02 20:12 . 2010-01-02 20:12 95360 ----a-w- c:\windows\system32\drivers\atapi_sys_lukas
2010-01-02 14:33 . 2008-05-09 12:30 -------- d-----w- c:\program files\OpenVPN
2010-01-01 14:11 . 2010-01-01 14:11 30240 ----a-w- c:\documents and settings\xxx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-01 12:49 . 2008-05-13 12:20 -------- d-----w- c:\documents and settings\lpecina\Application Data\VMware
2010-01-01 12:32 . 2009-01-11 17:29 8722 ----a-w- c:\windows\hh.dat
2009-12-31 21:17 . 2009-04-08 15:31 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-31 21:17 . 2009-04-08 15:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-31 21:17 . 2008-03-27 10:19 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-17 08:51 . 2008-07-30 13:08 37464 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\uninstall.exe
2009-12-17 08:51 . 2008-07-30 13:08 -------- d-----w- c:\documents and settings\lpecina\Application Data\Juniper Networks
2009-12-17 08:05 . 2008-04-23 11:36 30240 ----a-w- c:\documents and settings\lpecina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-17 08:03 . 2008-03-21 10:30 30240 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 15:51 . 2004-08-11 17:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 02:14 . 2009-11-13 02:14 50776 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\uninstall.exe
2009-11-13 02:14 . 2009-11-13 02:14 132392 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\dsmmf.exe
2009-11-13 02:14 . 2009-11-13 02:14 496936 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe
2009-11-13 02:14 . 2009-11-13 02:14 230696 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\JuniperSetupDLL.dll
2009-11-13 02:13 . 2009-11-13 02:13 329752 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
2009-11-13 02:13 . 2009-11-13 02:13 29696 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\setupResource_de.dll
2009-11-13 02:13 . 2009-11-13 02:13 3072 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\dsmmfres_fr.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\dsmmfres_es.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\dsmmfres_de.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\dsmmfres_zh.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\dsmmfres_ko.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\dsmmfres_ja.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\dsmmfres_zh_cn.dll
2009-11-13 02:13 . 2009-11-13 02:13 23552 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\setupResource_zh_cn.dll
2009-11-13 02:12 . 2009-11-13 02:12 23552 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\setupResource_zh.dll
2009-11-13 02:12 . 2009-11-13 02:12 28160 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\setupResource_en.dll
2009-11-13 02:12 . 2009-11-13 02:12 25088 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\setupResource_ko.dll
2009-11-13 02:12 . 2009-11-13 02:12 29184 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\setupResource_fr.dll
2009-11-13 02:12 . 2009-11-13 02:12 28672 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\setupResource_es.dll
2009-11-13 02:12 . 2009-11-13 02:12 25088 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\setupResource_ja.dll
2009-11-13 02:12 . 2009-11-13 02:12 217800 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\JuniperSetupXP.exe
2009-11-13 02:12 . 2009-11-13 02:12 116008 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\JuniperSetupClient.exe
2009-11-13 02:12 . 2009-11-13 02:12 62832 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\dsmmf.exe
2009-11-13 02:12 . 2009-11-13 02:12 42360 ------r- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\JuniperSetupApp.exe
2009-11-13 02:12 . 2009-11-13 02:12 116088 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\JuniperSetupDLL.dll
2009-11-13 02:11 . 2009-11-13 02:11 28672 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\setupResource_zh_cn.dll
2009-11-13 02:11 . 2009-11-13 02:11 28672 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\setupResource_zh.dll
2009-11-13 02:11 . 2009-11-13 02:11 28672 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\setupResource_ko.dll
2009-11-13 02:11 . 2009-11-13 02:11 32768 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\setupResource_fr.dll
2009-11-13 02:11 . 2009-11-13 02:11 28672 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\setupResource_ja.dll
2009-11-13 02:11 . 2009-11-13 02:11 32768 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\setupResource_es.dll
2009-11-13 02:11 . 2009-11-13 02:11 32768 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\setupResource_en.dll
2009-11-13 02:10 . 2009-11-13 02:10 32768 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\setupResource_de.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\dsmmfres_zh_cn.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\dsmmfres_zh.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\dsmmfres_ko.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\dsmmfres_ja.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\dsmmfres_fr.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\dsmmfres_es.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\dsmmfres_de.dll
2009-11-10 12:00 . 2008-03-27 12:49 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-09 09:04 . 2009-04-08 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-09 09:04 . 2009-04-08 15:31 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-09 09:04 . 2009-04-08 15:31 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-09 09:03 . 2009-11-09 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-09 09:03 . 2009-04-08 15:29 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-11-09 09:03 . 2009-04-08 15:29 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-11-09 09:03 . 2009-04-08 15:29 -------- d-----w- c:\program files\AVG
2009-11-09 09:00 . 2009-11-09 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-11-06 17:01 . 2009-11-06 17:01 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-11-06 16:18 . 2009-11-06 16:18 164880 ---ha-w- c:\documents and settings\lpecina\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2009-11-06 16:06 . 2009-11-06 16:06 -------- d-----w- c:\program files\Microsoft Device Emulator
2009-11-06 16:06 . 2009-11-06 16:05 -------- d-----w- c:\program files\Windows Mobile 6 SDK
2009-11-06 16:01 . 2009-11-06 16:01 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-11-02 19:42 . 2009-10-05 16:08 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45 . 2004-08-11 17:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-11 17:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-11 17:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 12:06 . 2009-10-19 12:06 223232 ------w- c:\windows\system32\wksprt.exe
2009-10-19 12:06 . 2009-10-19 12:06 46080 ------w- c:\windows\system32\TSWbPrxy.exe
2009-10-19 12:06 . 2009-10-19 12:06 12800 ------w- c:\windows\system32\wksprtPS.dll
2009-10-19 12:06 . 2008-03-27 10:18 36864 ------w- c:\windows\system32\tsgQec.dll
2009-10-19 12:06 . 2004-08-11 17:11 1033728 ----a-w- c:\windows\system32\mstsc.exe
2009-10-19 12:06 . 2004-08-11 17:11 2689024 ----a-w- c:\windows\system32\mstscax.dll
2009-10-19 12:06 . 2009-10-19 12:06 44544 ------w- c:\windows\system32\MsRdpWebAccess.dll
2009-10-19 12:06 . 2008-03-27 10:18 130560 ------w- c:\windows\system32\aaclient.dll
2009-10-13 10:30 . 2004-08-11 17:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-11 17:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-11 17:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-09 15:23 . 2009-10-09 15:23 1107456 ------w- c:\windows\system32\WsmSvc.dll
2009-10-09 15:23 . 2009-10-09 15:23 178176 ------w- c:\windows\system32\wevtfwd.dll
2009-10-09 15:22 . 2009-10-09 15:22 368640 ------w- c:\windows\system32\WsmRes.dll
2009-10-09 15:22 . 2009-10-09 15:22 69632 ------w- c:\windows\system32\winrs.exe
2009-10-09 15:22 . 2009-10-09 15:22 42496 ------w- c:\windows\system32\pwrshplugin.dll
2009-10-09 13:56 . 2009-10-09 13:56 209408 ------w- c:\windows\system32\WsmWmiPl.dll
2009-10-09 13:56 . 2009-10-09 13:56 14848 ------w- c:\windows\system32\wsmprovhost.exe
2009-10-09 13:56 . 2009-10-09 13:56 22528 ------w- c:\windows\system32\winrshost.exe
2009-10-09 13:56 . 2009-10-09 13:56 25088 ------w- c:\windows\system32\winrmprov.dll
2009-10-09 13:56 . 2009-10-09 13:56 12288 ------w- c:\windows\system32\wsmplpxy.dll
2009-10-09 13:56 . 2009-10-09 13:56 2048 ------w- c:\windows\system32\winrsmgr.dll
2009-10-09 13:56 . 2009-10-09 13:56 233984 ------w- c:\windows\system32\winrscmd.dll
2009-10-09 13:56 . 2009-10-09 13:56 225280 ------w- c:\windows\system32\wsmanhttpconfig.exe
2009-10-09 13:56 . 2009-10-09 13:56 12288 ------w- c:\windows\system32\winrssrv.dll
2009-10-09 13:56 . 2009-10-09 13:56 139776 ------w- c:\windows\system32\WsmAuto.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-04-21 98816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"NvMediaCenter"="NvMCTray.dll" [2007-05-31 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-31 21:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 15:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1893691856-636425866-1250845650-3586\Scripts\Logon\0\0]
"Script"=mapdrives.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1893691856-636425866-1250845650-3763\Scripts\Logon\0\0]
"Script"=\\profinit.lan\SysVol\profinit.lan\scripts\mapdrivestodesktop.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1893691856-636425866-1250845650-3763\Scripts\Logon\1\0]
"Script"=\\profinit.lan\SysVol\profinit.lan\scripts\mapdrives.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8.4.2009 16:31 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8.4.2009 16:31 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8.4.2009 16:31 360584]
R1 NEOFLTR_600_13073;Juniper Networks TDI Filter Driver (NEOFLTR_600_13073);c:\windows\system32\drivers\NEOFLTR_600_13073.sys [30.4.2008 20:54 64160]
R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\drivers\NEOFLTR_650_14951.SYS [17.12.2009 9:52 85288]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [19.12.2006 15:21 79432]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [31.12.2009 22:17 285392]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8.4.2009 16:29 30104]
R3 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [31.12.2009 22:16 2303680]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2.11.2006 13:32 97536]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [24.6.2004 3:54 23552]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [23.3.2007 2:00 30032]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8.4.2009 16:29 30104]
S3 caodbmb_TEST;caodbmb_TEST;c:\cygwin\home\lukas\lab\gha\mb\caodbmb_TEST\caodbmb.exe --> c:\cygwin\home\lukas\lab\gha\mb\caodbmb_TEST\caodbmb.exe [?]
S3 InformaticaOrchestrationServer;Informatica Orchestration Server;c:\informatica\PowerCenter8.6.0\OrchestrationServer\service\bin\wrapper.exe -s c:\informatica\PowerCenter8.6.0\OrchestrationServer\service\conf\wrapper.conf --> c:\informatica\PowerCenter8.6.0\OrchestrationServer\service\bin\wrapper.exe -s c:\informatica\PowerCenter8.6.0\OrchestrationServer\service\conf\wrapper.conf [?]
S3 InformaticaServices8.6.0;Informatica Services 8.6.0;c:\informatica\PowerCenter8.6.0\server\tomcat\bin\infasvcs.exe [10.1.2009 14:38 61440]
S3 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\lotus\notes\nsd.exe [29.9.2009 11:29 3397000]
S3 SybaseUAService;Sybase Unified Agent;c:\sybase15\UAF-2_0\utility\ntautostart\release\uaservice.exe [10.1.2009 13:21 49152]
S3 SYBBCK_CAODB15_BS;Sybase BCKServer _ CAODB15_BS;c:\sybase15\ASE-15_0\bin\bcksrvr.exe -SCAODB15_BS -R --> c:\sybase15\ASE-15_0\bin\bcksrvr.exe -SCAODB15_BS -R [?]
S3 SYBMON_CAODB15_MS;Sybase MONServer _ CAODB15_MS;c:\sybase15\ASE-15_0\bin\monsrvr.exe -MCAODB15_MS -C --> c:\sybase15\ASE-15_0\bin\monsrvr.exe -MCAODB15_MS -C [?]
S3 SYBSQL_CAODB15;Sybase SQLServer _ CAODB15;c:\sybase15\ASE-15_0\bin\sqlsrvr.exe -sCAODB15 -C --> c:\sybase15\ASE-15_0\bin\sqlsrvr.exe -sCAODB15 -C [?]
S3 SYBXPS_CAODB15_XP;Sybase XPServer _ CAODB15_XP;c:\sybase15\ASE-15_0\bin\xpserver.exe -SCAODB15_XP -C --> c:\sybase15\ASE-15_0\bin\xpserver.exe -SCAODB15_XP -C [?]
S3 Tomcat5;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe [25.8.2007 0:35 57344]
S3 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [6.9.2007 13:40 1650781]
S3 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [11.8.2004 18:00 5120]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11.8.2004 18:00 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 10.2.10.28:8088
uInternet Settings,ProxyOverride = intranet;cvs;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\lpecina\Application Data\Mozilla\Firefox\Profiles\bmvfqroc.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-HijackThis - e:\av\HijackThis.exe
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
- - - - - - - > 'explorer.exe'(2440)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-01-04 14:24:42
ComboFix-quarantined-files.txt 2010-01-04 13:24
ComboFix2.txt 2010-01-03 15:39
Před spuštěním: 106 750 910 464 bytes free
Po spuštění: 106 712 305 664 bytes free
- - End Of File - - 6A8079E51E67A5FE481193D3AA88A523
Dekuji.
ComboFix 10-01-03.05 - lpecina 04.01.2010 14:17:55.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.2046.1514 [GMT 1:00]
Spuštěný z: e:\install\odvirovace\ComboFix.exe
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-04 do 2010-01-04 )))))))))))))))))))))))))))))))
.
2010-01-02 20:13 . 2010-01-02 20:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-02 20:05 . 2010-01-02 20:43 -------- d---a-w- C:\backup
2010-01-02 16:33 . 2010-01-02 16:53 -------- d-----w- c:\documents and settings\lpecina\Application Data\Nero
2010-01-02 16:26 . 2010-01-02 16:26 -------- d-----w- c:\program files\Nero
2010-01-02 16:26 . 2010-01-02 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-01-02 16:26 . 2010-01-02 16:26 -------- d-----w- c:\program files\Common Files\Nero
2009-12-31 23:33 . 2009-12-31 23:33 1924200 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-12-31 23:33 . 2009-12-31 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-31 23:33 . 2009-12-31 23:33 -------- d-----w- c:\program files\NOS
2009-12-31 23:33 . 2009-12-17 15:37 31936 ----a-w- c:\documents and settings\lpecina\Application Data\Mozilla\Firefox\Profiles\bmvfqroc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-12-31 23:33 . 2009-12-17 15:37 29344 ----a-w- c:\documents and settings\lpecina\Application Data\Mozilla\Firefox\Profiles\bmvfqroc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-12-31 21:10 . 2009-12-31 21:10 -------- d-sh--w- c:\documents and settings\lpecina\IECompatCache
2009-12-31 20:14 . 2009-12-31 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\28431018
2009-12-31 20:14 . 2009-12-31 20:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-28 12:34 . 2009-12-28 12:34 -------- d-----w- c:\documents and settings\lpecina\workspace
2009-12-17 11:12 . 2009-12-17 11:12 -------- d-----w- c:\documents and settings\lpecina\Local Settings\Application Data\Lotus
2009-12-17 10:59 . 2009-12-17 11:07 -------- d-----w- c:\documents and settings\lpecina\Application Data\QuidoCX
2009-12-17 10:14 . 2009-10-22 13:17 206144 ----a-w- c:\windows\system32\ftd2xx.dll
2009-12-17 10:14 . 2009-10-22 13:17 120136 ----a-w- c:\windows\system32\ftbusui.dll
2009-12-17 10:14 . 2009-10-22 13:16 197952 ----a-w- c:\windows\system32\FTLang.dll
2009-12-17 10:14 . 2009-10-22 13:11 57800 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2009-12-17 10:14 . 2009-10-22 13:09 72520 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2009-12-17 10:14 . 2009-10-22 13:08 52552 ----a-w- c:\windows\system32\ftserui2.dll
2009-12-17 08:52 . 2009-12-09 13:28 85288 ----a-w- c:\windows\system32\drivers\NEOFLTR_650_14951.SYS
2009-12-16 18:11 . 2009-12-27 16:13 1 ----a-w- c:\documents and settings\lpecina\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-16 18:10 . 2009-12-16 18:10 -------- d-----w- c:\documents and settings\lpecina\Application Data\OpenOffice.org
2009-12-16 18:08 . 2009-12-16 18:08 -------- d-----w- c:\program files\OpenOffice.org 3
2009-12-13 13:00 . 2009-12-13 13:01 -------- d-----w- c:\documents and settings\lpecina\.cc_config
2009-12-09 13:31 . 2009-12-09 13:31 45096 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\uninstall.exe
2009-12-09 13:31 . 2009-12-09 13:31 304424 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsCacheCleaner.exe
2009-12-09 13:31 . 2009-12-09 13:31 24576 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsWinClientResource_EN.dll
2009-12-09 13:23 . 2009-12-09 13:23 18944 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsWinClientResource_FR.dll
2009-12-09 13:23 . 2009-12-09 13:23 18944 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsWinClientResource_DE.dll
2009-12-09 13:23 . 2009-12-09 13:23 16384 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsWinClientResource_ZH_CN.dll
2009-12-09 13:23 . 2009-12-09 13:23 16384 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsWinClientResource_ZH.dll
2009-12-09 13:23 . 2009-12-09 13:23 18432 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsWinClientResource_ES.dll
2009-12-09 13:23 . 2009-12-09 13:23 16896 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsWinClientResource_KO.dll
2009-12-09 13:22 . 2009-12-09 13:22 16896 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsWinClientResource_JA.dll
2009-12-09 13:12 . 2009-10-21 05:38 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-09 13:12 . 2009-10-21 05:38 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-12-09 13:12 . 2009-10-20 16:20 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-12-09 13:11 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2009-12-09 13:11 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-12-09 13:11 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-12-09 13:11 . 2009-10-13 10:30 270336 ------w- c:\windows\system32\dllcache\oakley.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 12:45 . 2008-05-28 15:37 -------- d-----w- c:\documents and settings\lpecina\Application Data\Skype
2010-01-02 20:13 . 2008-03-21 09:57 37109 ----a-w- c:\windows\system32\nvModes.dat
2010-01-02 20:12 . 2010-01-02 20:12 95360 ----a-w- c:\windows\system32\drivers\atapi_sys_lukas
2010-01-02 14:33 . 2008-05-09 12:30 -------- d-----w- c:\program files\OpenVPN
2010-01-01 14:11 . 2010-01-01 14:11 30240 ----a-w- c:\documents and settings\xxx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-01 12:49 . 2008-05-13 12:20 -------- d-----w- c:\documents and settings\lpecina\Application Data\VMware
2010-01-01 12:32 . 2009-01-11 17:29 8722 ----a-w- c:\windows\hh.dat
2009-12-31 21:17 . 2009-04-08 15:31 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-31 21:17 . 2009-04-08 15:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-31 21:17 . 2008-03-27 10:19 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-17 08:51 . 2008-07-30 13:08 37464 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\uninstall.exe
2009-12-17 08:51 . 2008-07-30 13:08 -------- d-----w- c:\documents and settings\lpecina\Application Data\Juniper Networks
2009-12-17 08:05 . 2008-04-23 11:36 30240 ----a-w- c:\documents and settings\lpecina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-17 08:03 . 2008-03-21 10:30 30240 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 15:51 . 2004-08-11 17:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 02:14 . 2009-11-13 02:14 50776 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\uninstall.exe
2009-11-13 02:14 . 2009-11-13 02:14 132392 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\dsmmf.exe
2009-11-13 02:14 . 2009-11-13 02:14 496936 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe
2009-11-13 02:14 . 2009-11-13 02:14 230696 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\JuniperSetupDLL.dll
2009-11-13 02:13 . 2009-11-13 02:13 329752 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
2009-11-13 02:13 . 2009-11-13 02:13 29696 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\setupResource_de.dll
2009-11-13 02:13 . 2009-11-13 02:13 3072 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\dsmmfres_fr.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\dsmmfres_es.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\dsmmfres_de.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\dsmmfres_zh.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\dsmmfres_ko.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\dsmmfres_ja.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\dsmmfres_zh_cn.dll
2009-11-13 02:13 . 2009-11-13 02:13 23552 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\setupResource_zh_cn.dll
2009-11-13 02:12 . 2009-11-13 02:12 23552 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\setupResource_zh.dll
2009-11-13 02:12 . 2009-11-13 02:12 28160 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\setupResource_en.dll
2009-11-13 02:12 . 2009-11-13 02:12 25088 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\setupResource_ko.dll
2009-11-13 02:12 . 2009-11-13 02:12 29184 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\setupResource_fr.dll
2009-11-13 02:12 . 2009-11-13 02:12 28672 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\setupResource_es.dll
2009-11-13 02:12 . 2009-11-13 02:12 25088 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\setupResource_ja.dll
2009-11-13 02:12 . 2009-11-13 02:12 217800 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\Setup Client\JuniperSetupXP.exe
2009-11-13 02:12 . 2009-11-13 02:12 116008 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\JuniperSetupClient.exe
2009-11-13 02:12 . 2009-11-13 02:12 62832 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\dsmmf.exe
2009-11-13 02:12 . 2009-11-13 02:12 42360 ------r- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\JuniperSetupApp.exe
2009-11-13 02:12 . 2009-11-13 02:12 116088 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\JuniperSetupDLL.dll
2009-11-13 02:11 . 2009-11-13 02:11 28672 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\setupResource_zh_cn.dll
2009-11-13 02:11 . 2009-11-13 02:11 28672 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\setupResource_zh.dll
2009-11-13 02:11 . 2009-11-13 02:11 28672 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\setupResource_ko.dll
2009-11-13 02:11 . 2009-11-13 02:11 32768 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\setupResource_fr.dll
2009-11-13 02:11 . 2009-11-13 02:11 28672 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\setupResource_ja.dll
2009-11-13 02:11 . 2009-11-13 02:11 32768 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\setupResource_es.dll
2009-11-13 02:11 . 2009-11-13 02:11 32768 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\setupResource_en.dll
2009-11-13 02:10 . 2009-11-13 02:10 32768 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\setupResource_de.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\dsmmfres_zh_cn.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\dsmmfres_zh.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\dsmmfres_ko.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\dsmmfres_ja.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\dsmmfres_fr.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\dsmmfres_es.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\lpecina\Application Data\Juniper Networks\setup\dsmmfres_de.dll
2009-11-10 12:00 . 2008-03-27 12:49 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-09 09:04 . 2009-04-08 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-09 09:04 . 2009-04-08 15:31 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-09 09:04 . 2009-04-08 15:31 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-09 09:03 . 2009-11-09 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-09 09:03 . 2009-04-08 15:29 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-11-09 09:03 . 2009-04-08 15:29 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-11-09 09:03 . 2009-04-08 15:29 -------- d-----w- c:\program files\AVG
2009-11-09 09:00 . 2009-11-09 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-11-06 17:01 . 2009-11-06 17:01 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-11-06 16:18 . 2009-11-06 16:18 164880 ---ha-w- c:\documents and settings\lpecina\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2009-11-06 16:06 . 2009-11-06 16:06 -------- d-----w- c:\program files\Microsoft Device Emulator
2009-11-06 16:06 . 2009-11-06 16:05 -------- d-----w- c:\program files\Windows Mobile 6 SDK
2009-11-06 16:01 . 2009-11-06 16:01 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-11-02 19:42 . 2009-10-05 16:08 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45 . 2004-08-11 17:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-11 17:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-11 17:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 12:06 . 2009-10-19 12:06 223232 ------w- c:\windows\system32\wksprt.exe
2009-10-19 12:06 . 2009-10-19 12:06 46080 ------w- c:\windows\system32\TSWbPrxy.exe
2009-10-19 12:06 . 2009-10-19 12:06 12800 ------w- c:\windows\system32\wksprtPS.dll
2009-10-19 12:06 . 2008-03-27 10:18 36864 ------w- c:\windows\system32\tsgQec.dll
2009-10-19 12:06 . 2004-08-11 17:11 1033728 ----a-w- c:\windows\system32\mstsc.exe
2009-10-19 12:06 . 2004-08-11 17:11 2689024 ----a-w- c:\windows\system32\mstscax.dll
2009-10-19 12:06 . 2009-10-19 12:06 44544 ------w- c:\windows\system32\MsRdpWebAccess.dll
2009-10-19 12:06 . 2008-03-27 10:18 130560 ------w- c:\windows\system32\aaclient.dll
2009-10-13 10:30 . 2004-08-11 17:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-11 17:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-11 17:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-09 15:23 . 2009-10-09 15:23 1107456 ------w- c:\windows\system32\WsmSvc.dll
2009-10-09 15:23 . 2009-10-09 15:23 178176 ------w- c:\windows\system32\wevtfwd.dll
2009-10-09 15:22 . 2009-10-09 15:22 368640 ------w- c:\windows\system32\WsmRes.dll
2009-10-09 15:22 . 2009-10-09 15:22 69632 ------w- c:\windows\system32\winrs.exe
2009-10-09 15:22 . 2009-10-09 15:22 42496 ------w- c:\windows\system32\pwrshplugin.dll
2009-10-09 13:56 . 2009-10-09 13:56 209408 ------w- c:\windows\system32\WsmWmiPl.dll
2009-10-09 13:56 . 2009-10-09 13:56 14848 ------w- c:\windows\system32\wsmprovhost.exe
2009-10-09 13:56 . 2009-10-09 13:56 22528 ------w- c:\windows\system32\winrshost.exe
2009-10-09 13:56 . 2009-10-09 13:56 25088 ------w- c:\windows\system32\winrmprov.dll
2009-10-09 13:56 . 2009-10-09 13:56 12288 ------w- c:\windows\system32\wsmplpxy.dll
2009-10-09 13:56 . 2009-10-09 13:56 2048 ------w- c:\windows\system32\winrsmgr.dll
2009-10-09 13:56 . 2009-10-09 13:56 233984 ------w- c:\windows\system32\winrscmd.dll
2009-10-09 13:56 . 2009-10-09 13:56 225280 ------w- c:\windows\system32\wsmanhttpconfig.exe
2009-10-09 13:56 . 2009-10-09 13:56 12288 ------w- c:\windows\system32\winrssrv.dll
2009-10-09 13:56 . 2009-10-09 13:56 139776 ------w- c:\windows\system32\WsmAuto.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-04-21 98816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"NvMediaCenter"="NvMCTray.dll" [2007-05-31 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-31 21:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 15:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1893691856-636425866-1250845650-3586\Scripts\Logon\0\0]
"Script"=mapdrives.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1893691856-636425866-1250845650-3763\Scripts\Logon\0\0]
"Script"=\\profinit.lan\SysVol\profinit.lan\scripts\mapdrivestodesktop.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1893691856-636425866-1250845650-3763\Scripts\Logon\1\0]
"Script"=\\profinit.lan\SysVol\profinit.lan\scripts\mapdrives.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8.4.2009 16:31 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8.4.2009 16:31 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8.4.2009 16:31 360584]
R1 NEOFLTR_600_13073;Juniper Networks TDI Filter Driver (NEOFLTR_600_13073);c:\windows\system32\drivers\NEOFLTR_600_13073.sys [30.4.2008 20:54 64160]
R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\drivers\NEOFLTR_650_14951.SYS [17.12.2009 9:52 85288]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [19.12.2006 15:21 79432]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [31.12.2009 22:17 285392]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8.4.2009 16:29 30104]
R3 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [31.12.2009 22:16 2303680]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2.11.2006 13:32 97536]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [24.6.2004 3:54 23552]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [23.3.2007 2:00 30032]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8.4.2009 16:29 30104]
S3 caodbmb_TEST;caodbmb_TEST;c:\cygwin\home\lukas\lab\gha\mb\caodbmb_TEST\caodbmb.exe --> c:\cygwin\home\lukas\lab\gha\mb\caodbmb_TEST\caodbmb.exe [?]
S3 InformaticaOrchestrationServer;Informatica Orchestration Server;c:\informatica\PowerCenter8.6.0\OrchestrationServer\service\bin\wrapper.exe -s c:\informatica\PowerCenter8.6.0\OrchestrationServer\service\conf\wrapper.conf --> c:\informatica\PowerCenter8.6.0\OrchestrationServer\service\bin\wrapper.exe -s c:\informatica\PowerCenter8.6.0\OrchestrationServer\service\conf\wrapper.conf [?]
S3 InformaticaServices8.6.0;Informatica Services 8.6.0;c:\informatica\PowerCenter8.6.0\server\tomcat\bin\infasvcs.exe [10.1.2009 14:38 61440]
S3 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\lotus\notes\nsd.exe [29.9.2009 11:29 3397000]
S3 SybaseUAService;Sybase Unified Agent;c:\sybase15\UAF-2_0\utility\ntautostart\release\uaservice.exe [10.1.2009 13:21 49152]
S3 SYBBCK_CAODB15_BS;Sybase BCKServer _ CAODB15_BS;c:\sybase15\ASE-15_0\bin\bcksrvr.exe -SCAODB15_BS -R --> c:\sybase15\ASE-15_0\bin\bcksrvr.exe -SCAODB15_BS -R [?]
S3 SYBMON_CAODB15_MS;Sybase MONServer _ CAODB15_MS;c:\sybase15\ASE-15_0\bin\monsrvr.exe -MCAODB15_MS -C --> c:\sybase15\ASE-15_0\bin\monsrvr.exe -MCAODB15_MS -C [?]
S3 SYBSQL_CAODB15;Sybase SQLServer _ CAODB15;c:\sybase15\ASE-15_0\bin\sqlsrvr.exe -sCAODB15 -C --> c:\sybase15\ASE-15_0\bin\sqlsrvr.exe -sCAODB15 -C [?]
S3 SYBXPS_CAODB15_XP;Sybase XPServer _ CAODB15_XP;c:\sybase15\ASE-15_0\bin\xpserver.exe -SCAODB15_XP -C --> c:\sybase15\ASE-15_0\bin\xpserver.exe -SCAODB15_XP -C [?]
S3 Tomcat5;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe [25.8.2007 0:35 57344]
S3 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [6.9.2007 13:40 1650781]
S3 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [11.8.2004 18:00 5120]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11.8.2004 18:00 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 10.2.10.28:8088
uInternet Settings,ProxyOverride = intranet;cvs;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\lpecina\Application Data\Mozilla\Firefox\Profiles\bmvfqroc.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-HijackThis - e:\av\HijackThis.exe
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
- - - - - - - > 'explorer.exe'(2440)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-01-04 14:24:42
ComboFix-quarantined-files.txt 2010-01-04 13:24
ComboFix2.txt 2010-01-03 15:39
Před spuštěním: 106 750 910 464 bytes free
Po spuštění: 106 712 305 664 bytes free
- - End Of File - - 6A8079E51E67A5FE481193D3AA88A523
Re: Vir v System Volume Information
Start - ovládací panely - možnosti složky - zobrazení - odkrýt skryté a systémové soubory Dejte soubor otestovat na http://www.virustotal.comc:\windows\system32\drivers\NEOFLTR_650_14951.SYS
c:\windows\system32\drivers\atapi_sys_lukas
c:\cygwin\home\lukas\lab\gha\mb\caodbmb_TEST\caodbmb.exe
c:\windows\system32\drivers\dxec01.sys
Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.
vy jste dělal něco s atapi.sys?c:\windows\system32\drivers\atapi_sys_lukas
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Vir v System Volume Information
Dobre rano,
-> soubory jsou podle Virustotalu v poradku - zadny nalez
-> atapi.sys prejmenovaval kolega, ktery se snazil infekce zbavit. Muzu jej smazat.
-> posilam pouze prvni log, protoze pokazde kdyz jsem spustil kompletni test GMER, tak system spadl do BSOD. Navic vzdy s jinou hlaskou STOP.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-05 09:19:15
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\lpecina\LOCALS~1\Temp\pxriypog.sys
---- System - GMER 1.0.15 ----
Code \??\C:\DOCUME~1\lpecina\LOCALS~1\Temp\catchme.sys pIofCallDriver
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_600_13073.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_600_13073.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_600_13073.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_600_13073.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
---- EOF - GMER 1.0.15 ----
-> soubory jsou podle Virustotalu v poradku - zadny nalez
-> atapi.sys prejmenovaval kolega, ktery se snazil infekce zbavit. Muzu jej smazat.
-> posilam pouze prvni log, protoze pokazde kdyz jsem spustil kompletni test GMER, tak system spadl do BSOD. Navic vzdy s jinou hlaskou STOP.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-05 09:19:15
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\lpecina\LOCALS~1\Temp\pxriypog.sys
---- System - GMER 1.0.15 ----
Code \??\C:\DOCUME~1\lpecina\LOCALS~1\Temp\catchme.sys pIofCallDriver
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_600_13073.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_600_13073.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_600_13073.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_600_13073.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
---- EOF - GMER 1.0.15 ----
Re: Vir v System Volume Information
Zkuste ještě jednou v nouzovém režimu, když to nepůjde uděláme to jinak.
jak přišel kolega na tu nákatu v atapi?
máte daemon, alcohol?
jak přišel kolega na tu nákatu v atapi?
máte daemon, alcohol?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Vir v System Volume Information
-> Posilam vyjadreni kolegy:
"Na foru AVG radili nahradit napadeny atapi.sys puvodnim souborem z adresare i386. To jsem zkusil a puvodni soubor zalohoval jako atapi_sys_old_lukas. Zmena ale zpusobila neustale temer 100% vytizeni procesu csrss.exe, tak jsem zmenu vratil zpet a novy soubor zalohoval jako atapi_sys_lukas, ale obe zalohy se muzou klidne smazat."
-> V Safe Modu bohuzel spadl system behem testu do BSAD tez.
"Na foru AVG radili nahradit napadeny atapi.sys puvodnim souborem z adresare i386. To jsem zkusil a puvodni soubor zalohoval jako atapi_sys_old_lukas. Zmena ale zpusobila neustale temer 100% vytizeni procesu csrss.exe, tak jsem zmenu vratil zpet a novy soubor zalohoval jako atapi_sys_lukas, ale obe zalohy se muzou klidne smazat."
-> V Safe Modu bohuzel spadl system behem testu do BSAD tez.
Re: Vir v System Volume Information
A AVG Vám hlásilo napadený atapi.sys? Jinak atapi.sys je dost důležitý, bez něj nenabootujete, takže opatrně s nějakou výměnou a pod
odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)
Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu
start-spustit
do okénka zkopírujte
ok
vytvoří se log s názvem mbr.log, vložte ho zde [/quote]
Stáhněte
http://rootrepeal.googlepages.com/RootRepeal.zip
-Stáhněte,rozbalte a spusťte
-vyberte záložku Files, klikněte na Scan,
-proběhne sken, po něm klikněte na Save Report , tím se uloží log, který zkopírujete sem
-postupně vyberte všechny záložky a udělejte skeny.
odinstalujte všechny virtuální jednotky (Daemon nebo alcohol) Stáhněte SPTD http://www.duplexsecure.com/en/downloads-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
stáhněte MBR http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu
start-spustit do okénka zkopírujte
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -thttp://rootrepeal.googlepages.com/RootRepeal.zip
-Stáhněte,rozbalte a spusťte
-vyberte záložku Files, klikněte na Scan,
-proběhne sken, po něm klikněte na Save Report , tím se uloží log, který zkopírujete sem
-postupně vyberte všechny záložky a udělejte skeny.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Vir v System Volume Information
Dobre rano,
zasilam vytvorene logy:
MBR:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
RootRepeal po odkliknuti File -> Scan spadl:
ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows XP SP3
Exception Code: 0xc0000005
Exception Address: 0x7c910a19
Attempt to read from address: 0x00000000
zasilam vytvorene logy:
MBR:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
RootRepeal po odkliknuti File -> Scan spadl:
ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows XP SP3
Exception Code: 0xc0000005
Exception Address: 0x7c910a19
Attempt to read from address: 0x00000000
Re: Vir v System Volume Information
Zkuste ještě záložku drivers
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Vir v System Volume Information
Vsechny ostatni zalozky prosly.
Drivers:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/06 18:35
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xBA118000 Size: 57344 File Visible: - Signed: -
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB9F79000 Size: 187776 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xBA378000 Size: 19328 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB7AA8000 Size: 138496 File Visible: - Signed: -
Status: -
Name: Apfiltr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
Address: 0xB929F000 Size: 180224 File Visible: - Signed: -
Status: -
Name: APPDRV.SYS
Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
Address: 0xB8046000 Size: 16128 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xB9EED000 Size: 96512 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA6E8000 Size: 3072 File Visible: - Signed: -
Status: -
Name: avgfwdx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
Address: 0xBA418000 Size: 24704 File Visible: - Signed: -
Status: -
Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xB7982000 Size: 326528 File Visible: - Signed: -
Status: -
Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xBA488000 Size: 21760 File Visible: - Signed: -
Status: -
Name: avgrkx86.sys
Image Path: avgrkx86.sys
Address: 0xB9DAA000 Size: 155136 File Visible: - Signed: -
Status: -
Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xB7BBA000 Size: 353920 File Visible: - Signed: -
Status: -
Name: b57xp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\b57xp32.sys
Address: 0xB92CB000 Size: 176128 File Visible: - Signed: -
Status: -
Name: BASFND.sys
Image Path: C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
Address: 0xBA5E2000 Size: 5312 File Visible: - Signed: -
Status: -
Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xBA4C0000 Size: 16384 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB9194000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA308000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA0E8000 Size: 53248 File Visible: - Signed: -
Status: -
Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xBA580000 Size: 13952 File Visible: - Signed: -
Status: -
Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xBA4BC000 Size: 10240 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xBA0D8000 Size: 36352 File Visible: - Signed: -
Status: -
Name: dmio.sys
Image Path: dmio.sys
Address: 0xB9F05000 Size: 153344 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA1D8000 Size: 61440 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB7942000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA608000 Size: 8192 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB9BFD000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxec01.sys
Image Path: C:\WINDOWS\system32\drivers\dxec01.sys
Address: 0xB7EDC000 Size: 97536 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBA6C6000 Size: 4096 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBA298000 Size: 44544 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB9ECD000 Size: 129792 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA5D8000 Size: 7936 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB9F2B000 Size: 125056 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -
Name: hcmon.sys
Image Path: C:\WINDOWS\system32\Drivers\hcmon.sys
Address: 0xB7B62000 Size: 40960 File Visible: - Signed: -
Status: -
Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB9512000 Size: 163840 File Visible: - Signed: -
Status: -
Name: hiber_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS
Address: 0xBA5FA000 Size: 8192 File Visible: No Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBA248000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBA468000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xBA564000 Size: 10368 File Visible: - Signed: -
Status: -
Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xB7D03000 Size: 731136 File Visible: - Signed: -
Status: -
Name: HSF_DPV.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
Address: 0xB7DB6000 Size: 989952 File Visible: - Signed: -
Status: -
Name: HSFHWAZL.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
Address: 0xB7EA8000 Size: 211200 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB471F000 Size: 265728 File Visible: - Signed: -
Status: -
Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xB9BED000 Size: 8576 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xBA2C8000 Size: 52480 File Visible: - Signed: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA2F8000 Size: 42112 File Visible: - Signed: -
Status: -
Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xBA2B8000 Size: 36352 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xB7CA8000 Size: 75264 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA0A8000 Size: 37248 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA410000 Size: 24576 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000 Size: 8192 File Visible: - Signed: -
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB0E55000 Size: 172416 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB91ED000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB9EA4000 Size: 92928 File Visible: - Signed: -
Status: -
Name: mbr.sys
Image Path: C:\DOCUME~1\lpecina\LOCALS~1\Temp\mbr.sys
Address: 0xBA450000 Size: 20864 File Visible: No Signed: -
Status: -
Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xB5095000 Size: 12672 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA5DC000 Size: 4224 File Visible: - Signed: -
Status: -
Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBA448000 Size: 30080 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA408000 Size: 23040 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xBA56C000 Size: 12160 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA0B8000 Size: 42368 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xB518D000 Size: 180608 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xB79D2000 Size: 455296 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBA478000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBA178000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA5A0000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xB9DD0000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB9DEA000 Size: 182656 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBA58C000 Size: 10112 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB5536000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB91C5000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA1B8000 Size: 40576 File Visible: - Signed: -
Status: -
Name: NEOFLTR_600_13073.SYS
Image Path: C:\WINDOWS\system32\Drivers\NEOFLTR_600_13073.SYS
Address: 0xBA278000 Size: 56768 File Visible: - Signed: -
Status: -
Name: NEOFLTR_650_14951.SYS
Image Path: C:\WINDOWS\system32\Drivers\NEOFLTR_650_14951.SYS
Address: 0xB7C37000 Size: 98304 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBA288000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xB7ACA000 Size: 162816 File Visible: - Signed: -
Status: -
Name: NETw4x32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
Address: 0xB92F6000 Size: 2211456 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBA480000 Size: 30848 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9E17000 Size: 574976 File Visible: - Signed: -
Status: -
Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBA7E9000 Size: 2944 File Visible: - Signed: -
Status: -
Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF012000 Size: 5468160 File Visible: - Signed: -
Status: -
Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB9572000 Size: 6727136 File Visible: - Signed: -
Status: -
Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xBA108000 Size: 61696 File Visible: - Signed: -
Status: -
Name: oz776.sys
Image Path: C:\WINDOWS\System32\Drivers\oz776.sys
Address: 0xBA258000 Size: 62208 File Visible: - Signed: -
Status: -
Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB9210000 Size: 80128 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBA330000 Size: 19712 File Visible: - Signed: -
Status: -
Name: PBADRV.sys
Image Path: PBADRV.sys
Address: 0xBA0F8000 Size: 45056 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xB9F68000 Size: 68224 File Visible: - Signed: -
Status: -
Name: pciide.sys
Image Path: pciide.sys
Address: 0xBA670000 Size: 3328 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000 Size: 28672 File Visible: - Signed: -
Status: -
Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xB9F4A000 Size: 120192 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB7EF4000 Size: 147456 File Visible: - Signed: -
Status: -
Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xBA638000 Size: 7872 File Visible: No Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB91B4000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA428000 Size: 17792 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB9BDD000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBA148000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBA158000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBA168000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA430000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xB7A42000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA5DE000 Size: 4224 File Visible: - Signed: -
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB90E4000 Size: 196224 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA318000 Size: 57600 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB30AF000 Size: 49152 File Visible: No Signed: -
Status: -
Name: s24trans.sys
Image Path: C:\WINDOWS\system32\DRIVERS\s24trans.sys
Address: 0xB552A000 Size: 12416 File Visible: - Signed: -
Status: -
Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBA574000 Size: 15744 File Visible: - Signed: -
Status: -
Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xBA2E8000 Size: 64512 File Visible: - Signed: -
Status: -
Name: SMCLIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\SMCLIB.SYS
Address: 0xBA568000 Size: 16384 File Visible: - Signed: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xB9EBB000 Size: 73472 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB4D50000 Size: 333952 File Visible: - Signed: -
Status: -
Name: sthda.sys
Image Path: C:\WINDOWS\system32\drivers\sthda.sys
Address: 0xB7F18000 Size: 1169728 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA5CC000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB513D000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tap0801.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tap0801.sys
Address: 0xBA188000 Size: 40960 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xB7C4F000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA420000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBA198000 Size: 40704 File Visible: - Signed: -
Status: -
Name: tosporte.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tosporte.sys
Address: 0xBA1A8000 Size: 41600 File Visible: - Signed: -
Status: -
Name: tosrfcom.sys
Image Path: C:\WINDOWS\System32\Drivers\tosrfcom.sys
Address: 0xBA138000 Size: 64896 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB9086000 Size: 384768 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBA5D0000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA400000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBA1C8000 Size: 59520 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB953A000 Size: 147456 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBA3F8000 Size: 20608 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBA470000 Size: 20992 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB955E000 Size: 81920 File Visible: - Signed: -
Status: -
Name: vmm.sys
Image Path: C:\WINDOWS\system32\Drivers\vmm.sys
Address: 0xB7A6D000 Size: 241664 File Visible: - Signed: -
Status: -
Name: VMNET.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VMNET.SYS
Address: 0xB553E000 Size: 12288 File Visible: - Signed: -
Status: -
Name: vmnetbridge.sys
Image Path: C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
Address: 0xBA380000 Size: 23296 File Visible: - Signed: -
Status: -
Name: VMNetSrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
Address: 0xB91DC000 Size: 69632 File Visible: - Signed: -
Status: -
Name: vmnetuserif.sys
Image Path: C:\WINDOWS\system32\drivers\vmnetuserif.sys
Address: 0xB4CBC000 Size: 15616 File Visible: - Signed: -
Status: -
Name: VMparport.sys
Image Path: C:\WINDOWS\system32\Drivers\VMparport.sys
Address: 0xBA3C8000 Size: 28672 File Visible: - Signed: -
Status: -
Name: vmx86.sys
Image Path: C:\WINDOWS\system32\Drivers\vmx86.sys
Address: 0xB514D000 Size: 97152 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA0C8000 Size: 52352 File Visible: - Signed: -
Status: -
Name: vstor2.sys
Image Path: C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
Address: 0xB4CB4000 Size: 11520 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBA238000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xBA4B0000 Size: 20480 File Visible: - Signed: -
Status: -
Name: WaveFDE.sys
Image Path: C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
Address: 0xBA440000 Size: 18176 File Visible: - Signed: -
Status: -
Name: WavxDMgr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
Address: 0xB54DA000 Size: 161280 File Visible: - Signed: -
Status: -
Name: Wdf01000.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
Address: 0xB9224000 Size: 503808 File Visible: - Signed: -
Status: -
Name: WDFLDR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS
Address: 0xBA2D8000 Size: 53248 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB5048000 Size: 83072 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: wmiacpi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Address: 0xBA584000 Size: 8832 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBA5AA000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: XPVCOM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\XPVCOM.sys
Address: 0xBA438000 Size: 20480 File Visible: - Signed: -
Status: -
Drivers:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/06 18:35
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xBA118000 Size: 57344 File Visible: - Signed: -
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB9F79000 Size: 187776 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xBA378000 Size: 19328 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB7AA8000 Size: 138496 File Visible: - Signed: -
Status: -
Name: Apfiltr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
Address: 0xB929F000 Size: 180224 File Visible: - Signed: -
Status: -
Name: APPDRV.SYS
Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
Address: 0xB8046000 Size: 16128 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xB9EED000 Size: 96512 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA6E8000 Size: 3072 File Visible: - Signed: -
Status: -
Name: avgfwdx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
Address: 0xBA418000 Size: 24704 File Visible: - Signed: -
Status: -
Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xB7982000 Size: 326528 File Visible: - Signed: -
Status: -
Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xBA488000 Size: 21760 File Visible: - Signed: -
Status: -
Name: avgrkx86.sys
Image Path: avgrkx86.sys
Address: 0xB9DAA000 Size: 155136 File Visible: - Signed: -
Status: -
Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xB7BBA000 Size: 353920 File Visible: - Signed: -
Status: -
Name: b57xp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\b57xp32.sys
Address: 0xB92CB000 Size: 176128 File Visible: - Signed: -
Status: -
Name: BASFND.sys
Image Path: C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
Address: 0xBA5E2000 Size: 5312 File Visible: - Signed: -
Status: -
Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xBA4C0000 Size: 16384 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB9194000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA308000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA0E8000 Size: 53248 File Visible: - Signed: -
Status: -
Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xBA580000 Size: 13952 File Visible: - Signed: -
Status: -
Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xBA4BC000 Size: 10240 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xBA0D8000 Size: 36352 File Visible: - Signed: -
Status: -
Name: dmio.sys
Image Path: dmio.sys
Address: 0xB9F05000 Size: 153344 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA1D8000 Size: 61440 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB7942000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA608000 Size: 8192 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB9BFD000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxec01.sys
Image Path: C:\WINDOWS\system32\drivers\dxec01.sys
Address: 0xB7EDC000 Size: 97536 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBA6C6000 Size: 4096 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBA298000 Size: 44544 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB9ECD000 Size: 129792 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA5D8000 Size: 7936 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB9F2B000 Size: 125056 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -
Name: hcmon.sys
Image Path: C:\WINDOWS\system32\Drivers\hcmon.sys
Address: 0xB7B62000 Size: 40960 File Visible: - Signed: -
Status: -
Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB9512000 Size: 163840 File Visible: - Signed: -
Status: -
Name: hiber_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS
Address: 0xBA5FA000 Size: 8192 File Visible: No Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBA248000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBA468000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xBA564000 Size: 10368 File Visible: - Signed: -
Status: -
Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xB7D03000 Size: 731136 File Visible: - Signed: -
Status: -
Name: HSF_DPV.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
Address: 0xB7DB6000 Size: 989952 File Visible: - Signed: -
Status: -
Name: HSFHWAZL.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
Address: 0xB7EA8000 Size: 211200 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB471F000 Size: 265728 File Visible: - Signed: -
Status: -
Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xB9BED000 Size: 8576 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xBA2C8000 Size: 52480 File Visible: - Signed: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA2F8000 Size: 42112 File Visible: - Signed: -
Status: -
Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xBA2B8000 Size: 36352 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xB7CA8000 Size: 75264 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA0A8000 Size: 37248 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA410000 Size: 24576 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000 Size: 8192 File Visible: - Signed: -
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB0E55000 Size: 172416 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB91ED000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB9EA4000 Size: 92928 File Visible: - Signed: -
Status: -
Name: mbr.sys
Image Path: C:\DOCUME~1\lpecina\LOCALS~1\Temp\mbr.sys
Address: 0xBA450000 Size: 20864 File Visible: No Signed: -
Status: -
Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xB5095000 Size: 12672 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA5DC000 Size: 4224 File Visible: - Signed: -
Status: -
Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBA448000 Size: 30080 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA408000 Size: 23040 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xBA56C000 Size: 12160 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA0B8000 Size: 42368 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xB518D000 Size: 180608 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xB79D2000 Size: 455296 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBA478000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBA178000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA5A0000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xB9DD0000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB9DEA000 Size: 182656 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBA58C000 Size: 10112 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB5536000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB91C5000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA1B8000 Size: 40576 File Visible: - Signed: -
Status: -
Name: NEOFLTR_600_13073.SYS
Image Path: C:\WINDOWS\system32\Drivers\NEOFLTR_600_13073.SYS
Address: 0xBA278000 Size: 56768 File Visible: - Signed: -
Status: -
Name: NEOFLTR_650_14951.SYS
Image Path: C:\WINDOWS\system32\Drivers\NEOFLTR_650_14951.SYS
Address: 0xB7C37000 Size: 98304 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBA288000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xB7ACA000 Size: 162816 File Visible: - Signed: -
Status: -
Name: NETw4x32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
Address: 0xB92F6000 Size: 2211456 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBA480000 Size: 30848 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9E17000 Size: 574976 File Visible: - Signed: -
Status: -
Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBA7E9000 Size: 2944 File Visible: - Signed: -
Status: -
Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF012000 Size: 5468160 File Visible: - Signed: -
Status: -
Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB9572000 Size: 6727136 File Visible: - Signed: -
Status: -
Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xBA108000 Size: 61696 File Visible: - Signed: -
Status: -
Name: oz776.sys
Image Path: C:\WINDOWS\System32\Drivers\oz776.sys
Address: 0xBA258000 Size: 62208 File Visible: - Signed: -
Status: -
Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB9210000 Size: 80128 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBA330000 Size: 19712 File Visible: - Signed: -
Status: -
Name: PBADRV.sys
Image Path: PBADRV.sys
Address: 0xBA0F8000 Size: 45056 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xB9F68000 Size: 68224 File Visible: - Signed: -
Status: -
Name: pciide.sys
Image Path: pciide.sys
Address: 0xBA670000 Size: 3328 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000 Size: 28672 File Visible: - Signed: -
Status: -
Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xB9F4A000 Size: 120192 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB7EF4000 Size: 147456 File Visible: - Signed: -
Status: -
Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xBA638000 Size: 7872 File Visible: No Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB91B4000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA428000 Size: 17792 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB9BDD000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBA148000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBA158000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBA168000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA430000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xB7A42000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA5DE000 Size: 4224 File Visible: - Signed: -
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB90E4000 Size: 196224 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA318000 Size: 57600 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB30AF000 Size: 49152 File Visible: No Signed: -
Status: -
Name: s24trans.sys
Image Path: C:\WINDOWS\system32\DRIVERS\s24trans.sys
Address: 0xB552A000 Size: 12416 File Visible: - Signed: -
Status: -
Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBA574000 Size: 15744 File Visible: - Signed: -
Status: -
Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xBA2E8000 Size: 64512 File Visible: - Signed: -
Status: -
Name: SMCLIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\SMCLIB.SYS
Address: 0xBA568000 Size: 16384 File Visible: - Signed: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xB9EBB000 Size: 73472 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB4D50000 Size: 333952 File Visible: - Signed: -
Status: -
Name: sthda.sys
Image Path: C:\WINDOWS\system32\drivers\sthda.sys
Address: 0xB7F18000 Size: 1169728 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA5CC000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB513D000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tap0801.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tap0801.sys
Address: 0xBA188000 Size: 40960 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xB7C4F000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA420000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBA198000 Size: 40704 File Visible: - Signed: -
Status: -
Name: tosporte.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tosporte.sys
Address: 0xBA1A8000 Size: 41600 File Visible: - Signed: -
Status: -
Name: tosrfcom.sys
Image Path: C:\WINDOWS\System32\Drivers\tosrfcom.sys
Address: 0xBA138000 Size: 64896 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB9086000 Size: 384768 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBA5D0000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA400000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBA1C8000 Size: 59520 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB953A000 Size: 147456 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBA3F8000 Size: 20608 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBA470000 Size: 20992 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB955E000 Size: 81920 File Visible: - Signed: -
Status: -
Name: vmm.sys
Image Path: C:\WINDOWS\system32\Drivers\vmm.sys
Address: 0xB7A6D000 Size: 241664 File Visible: - Signed: -
Status: -
Name: VMNET.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VMNET.SYS
Address: 0xB553E000 Size: 12288 File Visible: - Signed: -
Status: -
Name: vmnetbridge.sys
Image Path: C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
Address: 0xBA380000 Size: 23296 File Visible: - Signed: -
Status: -
Name: VMNetSrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
Address: 0xB91DC000 Size: 69632 File Visible: - Signed: -
Status: -
Name: vmnetuserif.sys
Image Path: C:\WINDOWS\system32\drivers\vmnetuserif.sys
Address: 0xB4CBC000 Size: 15616 File Visible: - Signed: -
Status: -
Name: VMparport.sys
Image Path: C:\WINDOWS\system32\Drivers\VMparport.sys
Address: 0xBA3C8000 Size: 28672 File Visible: - Signed: -
Status: -
Name: vmx86.sys
Image Path: C:\WINDOWS\system32\Drivers\vmx86.sys
Address: 0xB514D000 Size: 97152 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA0C8000 Size: 52352 File Visible: - Signed: -
Status: -
Name: vstor2.sys
Image Path: C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
Address: 0xB4CB4000 Size: 11520 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBA238000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xBA4B0000 Size: 20480 File Visible: - Signed: -
Status: -
Name: WaveFDE.sys
Image Path: C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
Address: 0xBA440000 Size: 18176 File Visible: - Signed: -
Status: -
Name: WavxDMgr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
Address: 0xB54DA000 Size: 161280 File Visible: - Signed: -
Status: -
Name: Wdf01000.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
Address: 0xB9224000 Size: 503808 File Visible: - Signed: -
Status: -
Name: WDFLDR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS
Address: 0xBA2D8000 Size: 53248 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB5048000 Size: 83072 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: wmiacpi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Address: 0xBA584000 Size: 8832 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBA5AA000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: XPVCOM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\XPVCOM.sys
Address: 0xBA438000 Size: 20480 File Visible: - Signed: -
Status: -
Re: Vir v System Volume Information
Ještě prosím otestujte na www.virustotal.com
C:\WINDOWS\system32\DRIVERS\atapi.sys
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
- otevře se okno, v něm zaškrtněte Scan All Users , File Scan,
-do bílého okna dole skopírujte tento skript:
-klikněte na tlačítko Run scan.
-proběhne sken a objeví se dva logy, obsah obou vložte zde
C:\WINDOWS\system32\DRIVERS\atapi.sys
Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe-uložte ho na plochu a spustte soubor OTL.exe.
- otevře se okno, v něm zaškrtněte Scan All Users , File Scan,
-do bílého okna dole skopírujte tento skript:
Kód: Vybrat vše
netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
CREATERESTOREPOINT-proběhne sken a objeví se dva logy, obsah obou vložte zde
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?