Dobrý den, mám tu PC, které má napadený boot sektor trojským koněm Win32/Agent.SDG.Gen.
RSIT (šel udělat jen v nouzovém režimu)
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-10-13 15:33:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 127 GB (71%) free of 180 GB
Total RAM: 2046 MB (85% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{EF349FF5-56C3-4131-B850-B8C7F83678AF}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
C:\PROGRA~1\SITERA~1\SiteRank.dll [2010-06-30 349624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files\MyAshampoo\prxtbMyA0.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-24 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-09-21 3853984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-10 842296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-24 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2011-09-21 874688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
IncrediMail MediaBar 2 Toolbar - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-22 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-06-22 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-24 256112]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll []
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2011-09-21 874688]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll []
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files\MyAshampoo\prxtbMyA0.dll []
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll []
{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - IncrediMail MediaBar 2 Toolbar - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-08 3076144]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe -atboottime []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-01-14 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~3\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avas_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avss_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpavdrw_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpmgma_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Novex Canada Ltd\Remote Module\Alarm Receiver.exe"="C:\Program Files\Novex Canada Ltd\Remote Module\Alarm Receiver.exe:*:Enabled:AlarmReportee"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\hry\Age of Empires Trial\empires.exe"="C:\hry\Age of Empires Trial\empires.exe:*:Enabled:Age of Empires Trial"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\Iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"MSVideo8"=VfWWDM32.dll
"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.MP43"=mpg4c32.dll
"VIDC.ACDV"=ACDV.dll
"vidc.iv32"=C:\WINDOWS\system32\ir32_32.dll
"vidc.iv31"=C:\WINDOWS\system32\ir32_32.dll
"VIDC.YVU9"=tsbyuv.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.MJPG"=Pvmjpg30.dll
"VIDC.I420"=msh263.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux2"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux3"=wdmaud.drv
"wave8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv
"midi8"=wdmaud.drv
"aux4"=wdmaud.drv
"midi9"=wdmaud.drv
"aux5"=wdmaud.drv
"aux6"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-10-13 15:32:41 ----A---- C:\WINDOWS\ntbtlog.txt
2011-10-13 15:30:02 ----D---- C:\WINDOWS\temp
2011-10-13 15:30:00 ----AC---- C:\ComboFix.txt
2011-10-13 15:19:41 ----AC---- C:\Boot.bak
2011-10-13 15:19:36 ----RASHDC---- C:\cmdcons
2011-10-13 15:18:11 ----A---- C:\WINDOWS\MBR.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\zip.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\SWSC.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\SWREG.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\sed.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\PEV.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\NIRCMD.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\grep.exe
2011-10-13 15:18:01 ----D---- C:\WINDOWS\ERDNT
2011-10-13 15:15:29 ----DC---- C:\Qoobox
2011-10-13 15:11:32 ----D---- C:\Program Files\trend micro
2011-10-13 15:11:30 ----DC---- C:\rsit
2011-10-13 15:08:55 ----DC---- C:\inst
2011-10-13 15:01:59 ----D---- C:\Program Files\TeamViewer
2011-10-12 13:33:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-12 13:30:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-12 13:29:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-10-12 13:29:53 ----A---- C:\WINDOWS\imsins.BAK
2011-10-04 17:59:41 ----DC---- C:\Documents and Settings\All Users\Data aplikací\ESET
2011-10-04 17:30:58 ----D---- C:\Program Files\Windows Sidebar
2011-10-04 17:30:49 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Norton
2011-10-04 17:18:34 ----DC---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2011-10-02 11:29:57 ----D---- C:\Program Files\McAfee Online Backup
2011-10-01 18:34:45 ----DC---- C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
2011-10-01 18:34:44 ----D---- C:\Program Files\McAfee Security Scan
2011-09-17 16:25:53 ----A---- C:\WINDOWS\Codec Pack - All In 1 Setup Log.txt
2011-09-16 10:52:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2616676$
2011-09-16 10:49:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2011-09-16 09:59:27 ----D---- C:\Program Files\AppGraffiti
======List of files/folders modified in the last 1 month======
2011-10-13 15:32:41 ----D---- C:\WINDOWS
2011-10-13 15:30:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-13 15:30:45 ----AC---- C:\WINDOWS\WINCMD.INI
2011-10-13 15:30:02 ----D---- C:\WINDOWS\system32\drivers
2011-10-13 15:29:12 ----SD---- C:\WINDOWS\Tasks
2011-10-13 15:28:35 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-13 15:26:22 ----C---- C:\WINDOWS\system.ini
2011-10-13 15:26:01 ----D---- C:\WINDOWS\system32\drivers\etc
2011-10-13 15:25:13 ----D---- C:\Program Files
2011-10-13 15:25:09 ----SHD---- C:\System Volume Information
2011-10-13 15:24:12 ----D---- C:\WINDOWS\system32\config
2011-10-13 15:23:36 ----D---- C:\WINDOWS\system32
2011-10-13 15:22:28 ----D---- C:\WINDOWS\AppPatch
2011-10-13 15:22:25 ----D---- C:\Program Files\Common Files
2011-10-13 15:19:41 ----RASHC---- C:\boot.ini
2011-10-13 14:37:21 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-10-13 09:22:33 ----D---- C:\Program Files\Zrychleni Pocitace
2011-10-13 09:10:51 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-13 09:10:46 ----RSD---- C:\WINDOWS\assembly
2011-10-12 13:35:35 ----RSHD---- C:\WINDOWS\system32\dllcache
2011-10-12 13:35:35 ----DC---- C:\Config.Msi
2011-10-12 13:35:35 ----D---- C:\Program Files\Internet Explorer
2011-10-12 13:33:59 ----HD---- C:\WINDOWS\inf
2011-10-12 13:33:51 ----SHD---- C:\WINDOWS\Installer
2011-10-12 13:33:37 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-12 13:33:22 ----D---- C:\WINDOWS\WinSxS
2011-10-12 13:30:10 ----AC---- C:\WINDOWS\system32\MRT.exe
2011-10-12 13:29:57 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-12 09:21:59 ----AC---- C:\WINDOWS\NeroDigital.ini
2011-10-11 14:31:13 ----RD---- C:\Program Files\Skype
2011-10-11 14:31:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-10-11 14:17:49 ----D---- C:\WINDOWS\Prefetch
2011-10-11 14:17:25 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Easybits GO
2011-10-11 09:29:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2011-10-10 13:05:14 ----D---- C:\WINDOWS\network diagnostic
2011-10-10 12:44:38 ----D---- C:\Program Files\Inbox Toolbar
2011-10-06 10:46:48 ----AC---- C:\WINDOWS\ModemLog_NOKIA_3220 GSM Modem.txt
2011-10-04 18:10:44 ----D---- C:\Program Files\TNod User & Password Finder
2011-10-04 17:59:41 ----D---- C:\Program Files\ESET
2011-10-04 17:20:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-10-04 16:04:17 ----D---- C:\WINDOWS\repair
2011-10-04 16:04:08 ----D---- C:\WINDOWS\Registration
2011-10-03 14:21:19 ----D---- C:\WINDOWS\system32\wbem
2011-10-03 14:21:11 ----D---- C:\Program Files\MP3Dancer
2011-10-03 14:21:08 ----D---- C:\Program Files\ICQ7.5
2011-10-03 10:31:24 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-09-26 11:41:42 ----A---- C:\WINDOWS\system32\uiautomationcore.dll
2011-09-26 11:41:42 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2011-09-26 11:41:20 ----A---- C:\WINDOWS\system32\oleacc.dll
2011-09-17 16:25:50 ----AC---- C:\WINDOWS\winzip32.ini
2011-09-17 16:24:48 ----D---- C:\unzipped
2011-09-17 16:11:02 ----D---- C:\Program Files\Vyčistit Počítač PROFESSIONAL
2011-09-17 16:10:28 ----D---- C:\Program Files\Vyčistit Počítač
2011-09-16 15:40:53 ----AC---- C:\WINDOWS\win.ini
2011-09-16 13:04:16 ----D---- C:\WINDOWS\system32\CatRoot
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sonyhcb;Sony Digital Imaging Base; C:\WINDOWS\system32\DRIVERS\sonyhcb.sys [2001-11-05 6097]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-11 32256]
R1 SSHDRV64;SSHDRV64; \??\C:\WINDOWS\system32\drivers\SSHDRV64.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 pfc;PADUS ASPI SHELL; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-13 14604]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0x02000000 OMSCAN;OMSCAN; \Sys []
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2011-08-04 61936]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
S1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
S2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
S2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2011-08-04 147480]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-02-05 209171]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-02-05 9284]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-02-05 36261]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-09-20 4019072]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-10-14 379854]
S3 cmuda3;C-Media PCI Audio Interface; C:\WINDOWS\system32\drivers\cmudax3.sys [2008-12-03 1519424]
S3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2011-08-04 39824]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 gameport;FM801 PCI Joystick; C:\WINDOWS\system32\DRIVERS\fmjoy.sys [2001-11-02 9728]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-01-13 5015040]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
S3 Ser2pl;MAT Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sonyhcs;Sony Digital Imaging Video; C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-11-05 299923]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys []
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S3 wdm_fm801;FM801 PCI Audio (WDM); C:\WINDOWS\system32\drivers\fm801.sys [2001-11-02 328320]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WLC811GPCI;802.11b WLAN PCI; C:\WINDOWS\system32\DRIVERS\WLC811G.sys [2003-08-01 50432]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC301b;USB WEBCAM; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2004-03-03 90534]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-01-14 598016]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-08 974944]
S2 EPSON_PM_RPCV2_01;EPSON V3 Service2(03); C:\WINDOWS\system32\E_S00RP1.EXE [2004-02-19 65536]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-02 182768]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S2 StatusAgent4;Epson Printer Status Agent4; C:\WINDOWS\system32\SAgent4.exe [2006-02-14 131072]
S2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe []
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-04-20 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S4 gupdate1c9f5912b2a076;Služba Google Update (gupdate1c9f5912b2a076); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-25 133104]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-25 133104]
S4 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe []
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-06-22 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
-----------------EOF-----------------
COMBOFIX
ComboFix 11-10-13.02 - Rudla 13.10.2011 15:20:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1288 [GMT 2:00]
Spuštěný z: c:\inst\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Rudla\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Rudla\WINDOWS
c:\program files\UNWISE.EXE
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\default_user_class.dat.LOG
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-13 do 2011-10-13 )))))))))))))))))))))))))))))))
.
.
2011-10-13 13:25 . 2011-10-13 13:25 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{ABE42339-AFBB-41C1-ADD3-E1F5D2CD6163}\offreg.dll
2011-10-13 13:11 . 2011-10-13 13:12 -------- d-----w- c:\program files\trend micro
2011-10-13 13:11 . 2011-10-13 13:11 -------- dc----w- C:\rsit
2011-10-13 13:08 . 2011-10-13 13:09 -------- dc----w- C:\inst
2011-10-13 13:02 . 2011-10-13 13:11 -------- d-----w- c:\documents and settings\Rudla\Data aplikací\TeamViewer
2011-10-13 13:01 . 2011-10-13 13:01 -------- d-----w- c:\program files\TeamViewer
2011-10-12 11:11 . 2011-09-21 07:00 7269712 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{ABE42339-AFBB-41C1-ADD3-E1F5D2CD6163}\mpengine.dll
2011-10-04 16:05 . 2011-10-04 16:05 -------- d-----w- c:\documents and settings\Rudla\Data aplikací\ESET
2011-10-04 16:05 . 2011-10-04 16:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-10-04 15:59 . 2011-10-04 15:59 -------- dc----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-10-04 15:30 . 2011-10-04 15:30 -------- d-----w- c:\program files\Windows Sidebar
2011-10-04 15:30 . 2011-10-13 13:25 -------- dc----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-10-03 12:21 . 2011-10-03 12:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-02 09:29 . 2011-10-04 15:29 -------- d-----w- c:\program files\McAfee Online Backup
2011-10-02 09:04 . 2011-10-02 09:04 -------- d-----w- c:\documents and settings\Rudla\Local Settings\Data aplikací\McAfee Anti-Theft
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\PriceGong
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Conduit
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\MyAshampoo
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\IncrediMail_MediaBar_2
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Winamp Toolbar
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-10-02 08:16 . 2011-10-02 08:16 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
2011-10-01 16:34 . 2011-10-01 16:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 16:34 . 2011-10-01 16:34 -------- dc----w- c:\documents and settings\All Users\Data aplikací\McAfee Security Scan
2011-10-01 16:34 . 2011-10-02 08:16 -------- d-----w- c:\program files\McAfee Security Scan
2011-09-16 07:59 . 2011-09-16 10:59 -------- d-----w- c:\program files\AppGraffiti
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-03-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-21 07:00 . 2010-01-14 10:53 7269712 -c--a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-03 10:17 . 2006-03-02 12:00 602112 -c--a-w- c:\windows\system32\crypt32(3).dll
2011-08-22 23:41 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-03-02 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-09 11:57 . 2011-08-09 11:57 154136 ----a-w- c:\windows\system32\drivers\eamon.sys
2011-08-04 07:20 . 2011-08-04 07:20 61936 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2011-08-04 07:20 . 2011-08-04 07:20 39824 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2011-08-04 07:20 . 2011-08-04 07:20 147480 ----a-w- c:\windows\system32\drivers\epfw.sys
2011-08-04 07:20 . 2011-08-04 07:20 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2011-07-15 13:29 . 2006-03-02 12:00 456320 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-03-02 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 03:22 50688 -csh--w- c:\windows\twain_32.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 03:21 84992 -csha-w- c:\windows\system32\olepro32.dll
2008-04-14 03:22 12288 -csh--w- c:\windows\system32\regsvr32.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2010-06-29 22:11 349624 -c--a-w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 -c--a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54 175912 -c--a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
2011-06-27 10:05 175912 -c--a-w- c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll" [2011-06-27 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
"{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll" [2011-06-27 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-08 3076144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
.
c:\documents and settings\Rudla\Nabídka Start\Programy\Po spuštění\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
MP3 Dancer.lnk - [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Novex Canada Ltd\\Remote Module\\Alarm Receiver.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\hry\\Age of Empires Trial\\empires.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowRedirect"= 1 (0x1)
.
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [30.11.2006 21:05 6097]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 SSHDRV64;SSHDRV64;c:\windows\system32\drivers\SSHDRV64.sys [21.2.2007 18:53 113152]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8.9.2011 7:34 974944]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [13.10.2011 15:02 2358656]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [27.10.2010 18:23 1483072]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 13:34 10064]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [30.11.2006 0:31 209171]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [30.11.2006 0:31 9284]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [30.11.2006 0:31 36261]
S3 gameport;FM801 PCI Joystick;c:\windows\system32\drivers\fmjoy.sys [2.11.2001 11:49 9728]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [30.11.2006 21:05 299923]
S3 wdm_fm801;FM801 PCI Audio (WDM);c:\windows\system32\drivers\fm801.sys [2.11.2001 15:33 328320]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [30.11.2006 0:19 9510]
S3 WLC811GPCI;802.11b WLAN PCI;c:\windows\system32\drivers\wlc811g.sys [29.11.2006 23:57 50432]
S4 gupdate1c9f5912b2a076;Služba Google Update (gupdate1c9f5912b2a076);c:\program files\Google\Update\GoogleUpdate.exe [25.6.2009 14:32 133104]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25.6.2009 14:32 133104]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.8.2009 18:19 247608]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-22 07:49]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 12:32]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 12:32]
.
2011-10-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2011-10-13 c:\windows\Tasks\User_Feed_Synchronization-{EF349FF5-56C3-4131-B850-B8C7F83678AF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{12A6C906-97F9-4A1A-A7FE-6FE00F1292A9}: NameServer = 10.255.255.10,10.255.255.20
TCP: Interfaces\{91D70088-18DB-44F2-8E46-74AD3DF1EB89}: NameServer = 10.255.255.10,10.255.255.20
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{2462d2d8-b36e-44ab-84bf-c5a9383d2429} - (no file)
WebBrowser-{2462D2D8-B36E-44AB-84BF-C5A9383D2429} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Ede Kowalski - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-13 15:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1757981266-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1264)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3676)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\E_S00RP1.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\SAgent4.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Celkový čas: 2011-10-13 15:30:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-13 13:29
.
Před spuštěním: Volných bajtů: 131 184 390 144
Po spuštění: Volných bajtů: 131 175 989 248
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 7C169AACF428D8134F313AA05EB07E75
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Napadený boot sektor Win32/Agent.SDG.Gen
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Napadený boot sektor Win32/Agent.SDG.Gen
Zdravim a pekny den preji 
ComboFix se nepouziva bez doporuceni - vize nize
Nebezpeci CFka
Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
ComboFix se nepouziva bez doporuceni - vize nize Nebezpeci CFka
- Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
- Maze stopy po haveti, takze v logu z RSIT neni nic videt
- Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
- CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
- CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
- Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
- Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
- Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
- Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
- Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
- Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Napadený boot sektor Win32/Agent.SDG.Gen
TDSSKILLER
16:39:06.0593 3944 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
16:39:06.0734 3944 ============================================================
16:39:06.0734 3944 Current date / time: 2011/10/13 16:39:06.0734
16:39:06.0734 3944 SystemInfo:
16:39:06.0734 3944
16:39:06.0734 3944 OS Version: 5.1.2600 ServicePack: 3.0
16:39:06.0734 3944 Product type: Workstation
16:39:06.0734 3944 ComputerName: RUDOLF
16:39:06.0734 3944 UserName: Rudla
16:39:06.0734 3944 Windows directory: C:\WINDOWS
16:39:06.0734 3944 System windows directory: C:\WINDOWS
16:39:06.0734 3944 Processor architecture: Intel x86
16:39:06.0734 3944 Number of processors: 2
16:39:06.0734 3944 Page size: 0x1000
16:39:06.0734 3944 Boot type: Normal boot
16:39:06.0734 3944 ============================================================
16:39:07.0765 3944 Initialize success
16:39:17.0281 0872 ============================================================
16:39:17.0281 0872 Scan started
16:39:17.0281 0872 Mode: Manual;
16:39:17.0281 0872 ============================================================
16:39:18.0093 0872 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
16:39:18.0093 0872 61883 - ok
16:39:18.0093 0872 Abiosdsk - ok
16:39:18.0109 0872 abp480n5 - ok
16:39:18.0140 0872 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:39:18.0140 0872 ACPI - ok
16:39:18.0156 0872 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:39:18.0156 0872 ACPIEC - ok
16:39:18.0171 0872 adpu160m - ok
16:39:18.0187 0872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:39:18.0203 0872 aec - ok
16:39:18.0234 0872 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:39:18.0234 0872 AFD - ok
16:39:18.0234 0872 Aha154x - ok
16:39:18.0250 0872 aic78u2 - ok
16:39:18.0250 0872 aic78xx - ok
16:39:18.0328 0872 ALCXWDM (7262f401de59bbbf24b03eefcb87263d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:39:18.0390 0872 ALCXWDM - ok
16:39:18.0390 0872 AliIde - ok
16:39:18.0421 0872 AmdK7 (3980814f8027d27ea003e2e3d9d4f604) C:\WINDOWS\system32\DRIVERS\amdk7.sys
16:39:18.0421 0872 AmdK7 - ok
16:39:18.0437 0872 amsint - ok
16:39:18.0437 0872 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:39:18.0437 0872 Arp1394 - ok
16:39:18.0453 0872 asc - ok
16:39:18.0453 0872 asc3350p - ok
16:39:18.0468 0872 asc3550 - ok
16:39:18.0484 0872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:39:18.0484 0872 AsyncMac - ok
16:39:18.0515 0872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:39:18.0515 0872 atapi - ok
16:39:18.0515 0872 Atdisk - ok
16:39:18.0593 0872 ati2mtag (1db0e5f78a67307f9c68d777873c1164) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:39:18.0609 0872 ati2mtag - ok
16:39:18.0640 0872 AtiHdmiService (d9bc8892b9440a2551b8148c57aa039e) C:\WINDOWS\system32\drivers\AtiHdmi.sys
16:39:18.0640 0872 AtiHdmiService - ok
16:39:18.0656 0872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:39:18.0656 0872 Atmarpc - ok
16:39:18.0687 0872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:39:18.0687 0872 audstub - ok
16:39:18.0703 0872 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
16:39:18.0703 0872 Avc - ok
16:39:18.0734 0872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:39:18.0734 0872 Beep - ok
16:39:18.0750 0872 BlueletAudio (852a1bd08e7dfeb9e30b5440881c0501) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
16:39:18.0750 0872 BlueletAudio - ok
16:39:18.0765 0872 BlueletSCOAudio (8fc27b12a02b43947787f0ef1885df9b) C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
16:39:18.0765 0872 BlueletSCOAudio - ok
16:39:18.0796 0872 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
16:39:18.0812 0872 BT - ok
16:39:18.0828 0872 Btcsrusb (da473d279420234170da795f1cad4479) C:\WINDOWS\system32\Drivers\btcusb.sys
16:39:18.0828 0872 Btcsrusb - ok
16:39:18.0859 0872 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\WINDOWS\system32\Drivers\vbtenum.sys
16:39:18.0859 0872 BTHidEnum - ok
16:39:18.0859 0872 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
16:39:18.0859 0872 BTHidMgr - ok
16:39:18.0937 0872 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
16:39:18.0937 0872 BTNetFilter - ok
16:39:18.0953 0872 catchme - ok
16:39:18.0953 0872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:39:18.0953 0872 cbidf2k - ok
16:39:18.0984 0872 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:39:18.0984 0872 CCDECODE - ok
16:39:19.0000 0872 cd20xrnt - ok
16:39:19.0015 0872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:39:19.0015 0872 Cdaudio - ok
16:39:19.0031 0872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:39:19.0031 0872 Cdfs - ok
16:39:19.0062 0872 cdrbsdrv (248349293ca42ee5db61dc1fd85a2f49) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
16:39:19.0062 0872 cdrbsdrv - ok
16:39:19.0062 0872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:39:19.0078 0872 Cdrom - ok
16:39:19.0078 0872 Changer - ok
16:39:19.0093 0872 CmdIde - ok
16:39:19.0140 0872 cmpci (3f8a5cfc6b66eff3be7440a8b606a9fc) C:\WINDOWS\system32\drivers\cmaudio.sys
16:39:19.0140 0872 cmpci - ok
16:39:19.0187 0872 cmuda3 (5d9e1c82428d99ff664139648a13fcbf) C:\WINDOWS\system32\drivers\cmudax3.sys
16:39:19.0218 0872 cmuda3 - ok
16:39:19.0218 0872 Cpqarray - ok
16:39:19.0234 0872 dac2w2k - ok
16:39:19.0234 0872 dac960nt - ok
16:39:19.0250 0872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:39:19.0250 0872 Disk - ok
16:39:19.0281 0872 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
16:39:19.0296 0872 dmboot - ok
16:39:19.0296 0872 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
16:39:19.0312 0872 dmio - ok
16:39:19.0312 0872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:39:19.0312 0872 dmload - ok
16:39:19.0343 0872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:39:19.0343 0872 DMusic - ok
16:39:19.0359 0872 dpti2o - ok
16:39:19.0359 0872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:39:19.0359 0872 drmkaud - ok
16:39:19.0390 0872 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
16:39:19.0390 0872 eamon - ok
16:39:19.0437 0872 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
16:39:19.0437 0872 ehdrv - ok
16:39:19.0453 0872 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\WINDOWS\system32\DRIVERS\epfw.sys
16:39:19.0453 0872 epfw - ok
16:39:19.0468 0872 Epfwndis (75d3bcd3e0eded0ab0f96d9a10ff01c9) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
16:39:19.0468 0872 Epfwndis - ok
16:39:19.0484 0872 epfwtdi (dc64f26f35e32c9472bbf8acd84060d3) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
16:39:19.0484 0872 epfwtdi - ok
16:39:19.0500 0872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:39:19.0500 0872 Fastfat - ok
16:39:19.0531 0872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:39:19.0531 0872 Fdc - ok
16:39:19.0562 0872 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
16:39:19.0562 0872 FETNDIS - ok
16:39:19.0578 0872 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
16:39:19.0578 0872 Fips - ok
16:39:19.0578 0872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:39:19.0578 0872 Flpydisk - ok
16:39:19.0609 0872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:39:19.0609 0872 FltMgr - ok
16:39:19.0656 0872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:39:19.0656 0872 Fs_Rec - ok
16:39:19.0656 0872 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:39:19.0656 0872 Ftdisk - ok
16:39:19.0671 0872 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
16:39:19.0671 0872 gameenum - ok
16:39:19.0703 0872 gameport (7ee9a39c7d9d17aa537baef0e1c358cb) C:\WINDOWS\system32\DRIVERS\fmjoy.sys
16:39:19.0703 0872 gameport - ok
16:39:19.0718 0872 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
16:39:19.0765 0872 gdrv - ok
16:39:19.0781 0872 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:39:19.0781 0872 GEARAspiWDM - ok
16:39:19.0781 0872 GMSIPCI - ok
16:39:19.0781 0872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:39:19.0781 0872 Gpc - ok
16:39:19.0812 0872 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:39:19.0812 0872 HDAudBus - ok
16:39:19.0828 0872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:39:19.0843 0872 HidUsb - ok
16:39:19.0843 0872 hpn - ok
16:39:19.0875 0872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:39:19.0875 0872 HTTP - ok
16:39:19.0890 0872 i2omgmt - ok
16:39:19.0890 0872 i2omp - ok
16:39:19.0906 0872 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:39:19.0906 0872 i8042prt - ok
16:39:19.0921 0872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:39:19.0921 0872 Imapi - ok
16:39:19.0937 0872 ini910u - ok
16:39:20.0031 0872 IntcAzAudAddService (db589671e0c403d65884cf0b50600fcd) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:39:20.0062 0872 IntcAzAudAddService - ok
16:39:20.0078 0872 IntelIde (ef4fda4841001a4b98c411797db8894a) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:39:20.0078 0872 IntelIde - ok
16:39:20.0093 0872 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:39:20.0109 0872 intelppm - ok
16:39:20.0125 0872 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:39:20.0125 0872 Ip6Fw - ok
16:39:20.0125 0872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:39:20.0125 0872 IpFilterDriver - ok
16:39:20.0140 0872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:39:20.0140 0872 IpInIp - ok
16:39:20.0171 0872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:39:20.0171 0872 IpNat - ok
16:39:20.0187 0872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:39:20.0187 0872 IPSec - ok
16:39:20.0203 0872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:39:20.0203 0872 IRENUM - ok
16:39:20.0218 0872 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:39:20.0218 0872 isapnp - ok
16:39:20.0234 0872 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:39:20.0234 0872 Kbdclass - ok
16:39:20.0250 0872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:39:20.0250 0872 kmixer - ok
16:39:20.0281 0872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:39:20.0281 0872 KSecDD - ok
16:39:20.0296 0872 lbrtfdc - ok
16:39:20.0328 0872 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
16:39:20.0328 0872 MarvinBus - ok
16:39:20.0343 0872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:39:20.0343 0872 mnmdd - ok
16:39:20.0375 0872 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
16:39:20.0375 0872 Modem - ok
16:39:20.0375 0872 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:39:20.0375 0872 Mouclass - ok
16:39:20.0406 0872 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:39:20.0406 0872 mouhid - ok
16:39:20.0421 0872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:39:20.0421 0872 MountMgr - ok
16:39:20.0421 0872 mraid35x - ok
16:39:20.0437 0872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:39:20.0437 0872 MRxDAV - ok
16:39:20.0468 0872 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
16:39:20.0468 0872 MSDV - ok
16:39:20.0468 0872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:39:20.0468 0872 Msfs - ok
16:39:20.0484 0872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:39:20.0500 0872 MSKSSRV - ok
16:39:20.0515 0872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:39:20.0515 0872 MSPCLOCK - ok
16:39:20.0531 0872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:39:20.0531 0872 MSPQM - ok
16:39:20.0546 0872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:39:20.0546 0872 mssmbios - ok
16:39:20.0562 0872 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:39:20.0562 0872 MSTEE - ok
16:39:20.0578 0872 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:39:20.0578 0872 Mup - ok
16:39:20.0593 0872 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:39:20.0593 0872 NABTSFEC - ok
16:39:20.0609 0872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:39:20.0609 0872 NDIS - ok
16:39:20.0625 0872 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:39:20.0625 0872 NdisIP - ok
16:39:20.0640 0872 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:39:20.0640 0872 NdisTapi - ok
16:39:20.0656 0872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:39:20.0656 0872 Ndisuio - ok
16:39:20.0656 0872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:39:20.0671 0872 NdisWan - ok
16:39:20.0703 0872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:39:20.0703 0872 NDProxy - ok
16:39:20.0703 0872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:39:20.0718 0872 NetBT - ok
16:39:20.0734 0872 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:39:20.0750 0872 NIC1394 - ok
16:39:20.0765 0872 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
16:39:20.0765 0872 nm - ok
16:39:20.0781 0872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:39:20.0781 0872 Npfs - ok
16:39:20.0812 0872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:39:20.0812 0872 Ntfs - ok
16:39:20.0828 0872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:39:20.0828 0872 Null - ok
16:39:20.0859 0872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:39:20.0859 0872 NwlnkFlt - ok
16:39:20.0875 0872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:39:20.0875 0872 NwlnkFwd - ok
16:39:20.0875 0872 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:39:20.0890 0872 ohci1394 - ok
16:39:20.0890 0872 OMSCAN - ok
16:39:20.0906 0872 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
16:39:20.0906 0872 Parport - ok
16:39:20.0921 0872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:39:20.0921 0872 PartMgr - ok
16:39:20.0921 0872 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
16:39:20.0921 0872 ParVdm - ok
16:39:20.0937 0872 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
16:39:20.0953 0872 PCI - ok
16:39:20.0953 0872 PCIDump - ok
16:39:20.0968 0872 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:39:20.0968 0872 PCIIde - ok
16:39:21.0000 0872 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
16:39:21.0000 0872 PCLEPCI - ok
16:39:21.0031 0872 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:39:21.0031 0872 Pcmcia - ok
16:39:21.0031 0872 PDCOMP - ok
16:39:21.0046 0872 PDFRAME - ok
16:39:21.0046 0872 PDRELI - ok
16:39:21.0062 0872 PDRFRAME - ok
16:39:21.0062 0872 perc2 - ok
16:39:21.0078 0872 perc2hib - ok
16:39:21.0109 0872 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\system32\drivers\pfc.sys
16:39:21.0109 0872 pfc - ok
16:39:21.0125 0872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:39:21.0125 0872 PptpMiniport - ok
16:39:21.0125 0872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:39:21.0125 0872 Ptilink - ok
16:39:21.0156 0872 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:39:21.0171 0872 PxHelp20 - ok
16:39:21.0171 0872 ql1080 - ok
16:39:21.0171 0872 Ql10wnt - ok
16:39:21.0187 0872 ql12160 - ok
16:39:21.0203 0872 ql1240 - ok
16:39:21.0203 0872 ql1280 - ok
16:39:21.0218 0872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:39:21.0218 0872 RasAcd - ok
16:39:21.0234 0872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:39:21.0234 0872 Rasl2tp - ok
16:39:21.0234 0872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:39:21.0250 0872 RasPppoe - ok
16:39:21.0250 0872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:39:21.0250 0872 Raspti - ok
16:39:21.0265 0872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:39:21.0265 0872 RDPCDD - ok
16:39:21.0296 0872 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:39:21.0296 0872 RDPWD - ok
16:39:21.0296 0872 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:39:21.0312 0872 redbook - ok
16:39:21.0312 0872 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:39:21.0312 0872 ROOTMODEM - ok
16:39:21.0343 0872 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:39:21.0343 0872 RTLE8023xp - ok
16:39:21.0375 0872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:39:21.0375 0872 Secdrv - ok
16:39:21.0406 0872 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
16:39:21.0406 0872 Ser2pl - ok
16:39:21.0406 0872 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:39:21.0406 0872 serenum - ok
16:39:21.0421 0872 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
16:39:21.0421 0872 Serial - ok
16:39:21.0437 0872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:39:21.0437 0872 Sfloppy - ok
16:39:21.0453 0872 Simbad - ok
16:39:21.0468 0872 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:39:21.0468 0872 SLIP - ok
16:39:21.0500 0872 sonyhcb (e78cd3bb53a208dfab8fc826384307e0) C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
16:39:21.0500 0872 sonyhcb - ok
16:39:21.0515 0872 sonyhcs (610f515fcd95d37f3252e1c250ef8c61) C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
16:39:21.0531 0872 sonyhcs - ok
16:39:21.0531 0872 Sparrow - ok
16:39:21.0562 0872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:39:21.0562 0872 splitter - ok
16:39:21.0562 0872 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
16:39:21.0562 0872 sr - ok
16:39:21.0609 0872 SSHDRV64 (19d1de040e575c87fa74f90bd7c73753) C:\WINDOWS\system32\drivers\SSHDRV64.sys
16:39:21.0609 0872 SSHDRV64 - ok
16:39:21.0640 0872 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:39:21.0640 0872 streamip - ok
16:39:21.0656 0872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:39:21.0656 0872 swenum - ok
16:39:21.0671 0872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:39:21.0671 0872 swmidi - ok
16:39:21.0687 0872 symc810 - ok
16:39:21.0687 0872 symc8xx - ok
16:39:21.0703 0872 sym_hi - ok
16:39:21.0703 0872 sym_u3 - ok
16:39:21.0718 0872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:39:21.0718 0872 sysaudio - ok
16:39:21.0734 0872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:39:21.0750 0872 Tcpip - ok
16:39:21.0765 0872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:39:21.0765 0872 TDPIPE - ok
16:39:21.0781 0872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:39:21.0781 0872 TDTCP - ok
16:39:21.0796 0872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:39:21.0796 0872 TermDD - ok
16:39:21.0796 0872 TosIde - ok
16:39:21.0859 0872 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
16:39:21.0859 0872 TuneUpUtilitiesDrv - ok
16:39:21.0875 0872 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
16:39:21.0875 0872 tunmp - ok
16:39:21.0890 0872 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
16:39:21.0906 0872 uagp35 - ok
16:39:21.0921 0872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:39:21.0921 0872 Udfs - ok
16:39:21.0937 0872 ultra - ok
16:39:21.0968 0872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:39:21.0968 0872 Update - ok
16:39:22.0000 0872 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:39:22.0000 0872 usbaudio - ok
16:39:22.0015 0872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:39:22.0015 0872 usbccgp - ok
16:39:22.0046 0872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:39:22.0046 0872 usbehci - ok
16:39:22.0062 0872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:39:22.0062 0872 usbhub - ok
16:39:22.0093 0872 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:39:22.0093 0872 usbprint - ok
16:39:22.0109 0872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:39:22.0109 0872 usbscan - ok
16:39:22.0125 0872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:39:22.0125 0872 USBSTOR - ok
16:39:22.0140 0872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:39:22.0140 0872 usbuhci - ok
16:39:22.0140 0872 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:39:22.0156 0872 usbvideo - ok
16:39:22.0171 0872 VComm (51750b0539986186c6931fc40d171521) C:\WINDOWS\system32\DRIVERS\VComm.sys
16:39:22.0171 0872 VComm - ok
16:39:22.0187 0872 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\WINDOWS\system32\Drivers\VcommMgr.sys
16:39:22.0187 0872 VcommMgr - ok
16:39:22.0203 0872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:39:22.0203 0872 VgaSave - ok
16:39:22.0218 0872 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:39:22.0218 0872 ViaIde - ok
16:39:22.0250 0872 videX32 (c8ee49fa76eb7c41a9cddfe58151a74e) C:\WINDOWS\system32\DRIVERS\videX32.sys
16:39:22.0250 0872 videX32 - ok
16:39:22.0265 0872 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
16:39:22.0265 0872 VolSnap - ok
16:39:22.0281 0872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:39:22.0296 0872 Wanarp - ok
16:39:22.0296 0872 WDICA - ok
16:39:22.0312 0872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:39:22.0312 0872 wdmaud - ok
16:39:22.0343 0872 wdm_fm801 (cbf2290ecaa5d56246b96abeaf99730d) C:\WINDOWS\system32\drivers\fm801.sys
16:39:22.0359 0872 wdm_fm801 - ok
16:39:22.0375 0872 WF23880 (6379da183b5a6c8a435aab6e9c61839f) C:\WINDOWS\system32\drivers\wf88vcap.sys
16:39:22.0375 0872 WF23880 - ok
16:39:22.0421 0872 WF88XBAR (765f72f8f8ce24e88f90694f34acbefb) C:\WINDOWS\system32\drivers\WF88XBAR.sys
16:39:22.0421 0872 WF88XBAR - ok
16:39:22.0453 0872 WFIOCTL (98e8be5afef76b3900e35b1c5dbfb0fd) C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS
16:39:22.0453 0872 WFIOCTL - ok
16:39:22.0468 0872 WFTUNE (480109853d84cd9efaf059a2a923c290) C:\WINDOWS\system32\drivers\WF88TUNE.sys
16:39:22.0468 0872 WFTUNE - ok
16:39:22.0500 0872 WLC811GPCI (aa2d6e05be36436503e6f3e33f1f2bd8) C:\WINDOWS\system32\DRIVERS\WLC811G.sys
16:39:22.0500 0872 WLC811GPCI - ok
16:39:22.0531 0872 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:39:22.0531 0872 WS2IFSL - ok
16:39:22.0562 0872 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:39:22.0562 0872 WSTCODEC - ok
16:39:22.0593 0872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:39:22.0593 0872 WudfPf - ok
16:39:22.0609 0872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:39:22.0609 0872 WudfRd - ok
16:39:22.0671 0872 ZSMC301b (2d84a29b412cd68317095fb277352cb4) C:\WINDOWS\system32\Drivers\usbVM31b.sys
16:39:22.0671 0872 ZSMC301b - ok
16:39:22.0687 0872 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
16:39:22.0718 0872 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - infected
16:39:22.0718 0872 \Device\Harddisk0\DR0 - detected Trojan-Clicker.Win32.Wistler.c (0)
16:39:22.0734 0872 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk1\DR1
16:39:22.0828 0872 \Device\Harddisk1\DR1 - ok
16:39:22.0828 0872 Boot (0x1200) (40279635bbc5cecf21b0bff82522e61e) \Device\Harddisk0\DR0\Partition0
16:39:22.0828 0872 \Device\Harddisk0\DR0\Partition0 - ok
16:39:22.0843 0872 Boot (0x1200) (ba7135525606837d03c0aa37992933a6) \Device\Harddisk0\DR0\Partition1
16:39:22.0843 0872 \Device\Harddisk0\DR0\Partition1 - ok
16:39:22.0859 0872 Boot (0x1200) (6bd789e7f55da4725b3e7ad365c47a2a) \Device\Harddisk1\DR1\Partition0
16:39:22.0859 0872 \Device\Harddisk1\DR1\Partition0 - ok
16:39:22.0859 0872 Boot (0x1200) (56e11663ccef571dd7fa45e8d02a7408) \Device\Harddisk1\DR1\Partition1
16:39:22.0875 0872 \Device\Harddisk1\DR1\Partition1 - ok
16:39:22.0875 0872 ============================================================
16:39:22.0875 0872 Scan finished
16:39:22.0875 0872 ============================================================
16:39:22.0875 3852 Detected object count: 1
16:39:22.0875 3852 Actual detected object count: 1
16:39:45.0859 3852 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - will be cured on reboot
16:39:45.0859 3852 \Device\Harddisk0\DR0 - ok
16:39:45.0859 3852 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - User select action: Cure
16:39:56.0359 2984 Deinitialize success
16:39:06.0593 3944 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
16:39:06.0734 3944 ============================================================
16:39:06.0734 3944 Current date / time: 2011/10/13 16:39:06.0734
16:39:06.0734 3944 SystemInfo:
16:39:06.0734 3944
16:39:06.0734 3944 OS Version: 5.1.2600 ServicePack: 3.0
16:39:06.0734 3944 Product type: Workstation
16:39:06.0734 3944 ComputerName: RUDOLF
16:39:06.0734 3944 UserName: Rudla
16:39:06.0734 3944 Windows directory: C:\WINDOWS
16:39:06.0734 3944 System windows directory: C:\WINDOWS
16:39:06.0734 3944 Processor architecture: Intel x86
16:39:06.0734 3944 Number of processors: 2
16:39:06.0734 3944 Page size: 0x1000
16:39:06.0734 3944 Boot type: Normal boot
16:39:06.0734 3944 ============================================================
16:39:07.0765 3944 Initialize success
16:39:17.0281 0872 ============================================================
16:39:17.0281 0872 Scan started
16:39:17.0281 0872 Mode: Manual;
16:39:17.0281 0872 ============================================================
16:39:18.0093 0872 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
16:39:18.0093 0872 61883 - ok
16:39:18.0093 0872 Abiosdsk - ok
16:39:18.0109 0872 abp480n5 - ok
16:39:18.0140 0872 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:39:18.0140 0872 ACPI - ok
16:39:18.0156 0872 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:39:18.0156 0872 ACPIEC - ok
16:39:18.0171 0872 adpu160m - ok
16:39:18.0187 0872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:39:18.0203 0872 aec - ok
16:39:18.0234 0872 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:39:18.0234 0872 AFD - ok
16:39:18.0234 0872 Aha154x - ok
16:39:18.0250 0872 aic78u2 - ok
16:39:18.0250 0872 aic78xx - ok
16:39:18.0328 0872 ALCXWDM (7262f401de59bbbf24b03eefcb87263d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:39:18.0390 0872 ALCXWDM - ok
16:39:18.0390 0872 AliIde - ok
16:39:18.0421 0872 AmdK7 (3980814f8027d27ea003e2e3d9d4f604) C:\WINDOWS\system32\DRIVERS\amdk7.sys
16:39:18.0421 0872 AmdK7 - ok
16:39:18.0437 0872 amsint - ok
16:39:18.0437 0872 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:39:18.0437 0872 Arp1394 - ok
16:39:18.0453 0872 asc - ok
16:39:18.0453 0872 asc3350p - ok
16:39:18.0468 0872 asc3550 - ok
16:39:18.0484 0872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:39:18.0484 0872 AsyncMac - ok
16:39:18.0515 0872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:39:18.0515 0872 atapi - ok
16:39:18.0515 0872 Atdisk - ok
16:39:18.0593 0872 ati2mtag (1db0e5f78a67307f9c68d777873c1164) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:39:18.0609 0872 ati2mtag - ok
16:39:18.0640 0872 AtiHdmiService (d9bc8892b9440a2551b8148c57aa039e) C:\WINDOWS\system32\drivers\AtiHdmi.sys
16:39:18.0640 0872 AtiHdmiService - ok
16:39:18.0656 0872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:39:18.0656 0872 Atmarpc - ok
16:39:18.0687 0872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:39:18.0687 0872 audstub - ok
16:39:18.0703 0872 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
16:39:18.0703 0872 Avc - ok
16:39:18.0734 0872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:39:18.0734 0872 Beep - ok
16:39:18.0750 0872 BlueletAudio (852a1bd08e7dfeb9e30b5440881c0501) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
16:39:18.0750 0872 BlueletAudio - ok
16:39:18.0765 0872 BlueletSCOAudio (8fc27b12a02b43947787f0ef1885df9b) C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
16:39:18.0765 0872 BlueletSCOAudio - ok
16:39:18.0796 0872 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
16:39:18.0812 0872 BT - ok
16:39:18.0828 0872 Btcsrusb (da473d279420234170da795f1cad4479) C:\WINDOWS\system32\Drivers\btcusb.sys
16:39:18.0828 0872 Btcsrusb - ok
16:39:18.0859 0872 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\WINDOWS\system32\Drivers\vbtenum.sys
16:39:18.0859 0872 BTHidEnum - ok
16:39:18.0859 0872 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
16:39:18.0859 0872 BTHidMgr - ok
16:39:18.0937 0872 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
16:39:18.0937 0872 BTNetFilter - ok
16:39:18.0953 0872 catchme - ok
16:39:18.0953 0872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:39:18.0953 0872 cbidf2k - ok
16:39:18.0984 0872 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:39:18.0984 0872 CCDECODE - ok
16:39:19.0000 0872 cd20xrnt - ok
16:39:19.0015 0872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:39:19.0015 0872 Cdaudio - ok
16:39:19.0031 0872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:39:19.0031 0872 Cdfs - ok
16:39:19.0062 0872 cdrbsdrv (248349293ca42ee5db61dc1fd85a2f49) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
16:39:19.0062 0872 cdrbsdrv - ok
16:39:19.0062 0872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:39:19.0078 0872 Cdrom - ok
16:39:19.0078 0872 Changer - ok
16:39:19.0093 0872 CmdIde - ok
16:39:19.0140 0872 cmpci (3f8a5cfc6b66eff3be7440a8b606a9fc) C:\WINDOWS\system32\drivers\cmaudio.sys
16:39:19.0140 0872 cmpci - ok
16:39:19.0187 0872 cmuda3 (5d9e1c82428d99ff664139648a13fcbf) C:\WINDOWS\system32\drivers\cmudax3.sys
16:39:19.0218 0872 cmuda3 - ok
16:39:19.0218 0872 Cpqarray - ok
16:39:19.0234 0872 dac2w2k - ok
16:39:19.0234 0872 dac960nt - ok
16:39:19.0250 0872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:39:19.0250 0872 Disk - ok
16:39:19.0281 0872 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
16:39:19.0296 0872 dmboot - ok
16:39:19.0296 0872 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
16:39:19.0312 0872 dmio - ok
16:39:19.0312 0872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:39:19.0312 0872 dmload - ok
16:39:19.0343 0872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:39:19.0343 0872 DMusic - ok
16:39:19.0359 0872 dpti2o - ok
16:39:19.0359 0872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:39:19.0359 0872 drmkaud - ok
16:39:19.0390 0872 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
16:39:19.0390 0872 eamon - ok
16:39:19.0437 0872 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
16:39:19.0437 0872 ehdrv - ok
16:39:19.0453 0872 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\WINDOWS\system32\DRIVERS\epfw.sys
16:39:19.0453 0872 epfw - ok
16:39:19.0468 0872 Epfwndis (75d3bcd3e0eded0ab0f96d9a10ff01c9) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
16:39:19.0468 0872 Epfwndis - ok
16:39:19.0484 0872 epfwtdi (dc64f26f35e32c9472bbf8acd84060d3) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
16:39:19.0484 0872 epfwtdi - ok
16:39:19.0500 0872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:39:19.0500 0872 Fastfat - ok
16:39:19.0531 0872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:39:19.0531 0872 Fdc - ok
16:39:19.0562 0872 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
16:39:19.0562 0872 FETNDIS - ok
16:39:19.0578 0872 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
16:39:19.0578 0872 Fips - ok
16:39:19.0578 0872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:39:19.0578 0872 Flpydisk - ok
16:39:19.0609 0872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:39:19.0609 0872 FltMgr - ok
16:39:19.0656 0872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:39:19.0656 0872 Fs_Rec - ok
16:39:19.0656 0872 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:39:19.0656 0872 Ftdisk - ok
16:39:19.0671 0872 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
16:39:19.0671 0872 gameenum - ok
16:39:19.0703 0872 gameport (7ee9a39c7d9d17aa537baef0e1c358cb) C:\WINDOWS\system32\DRIVERS\fmjoy.sys
16:39:19.0703 0872 gameport - ok
16:39:19.0718 0872 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
16:39:19.0765 0872 gdrv - ok
16:39:19.0781 0872 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:39:19.0781 0872 GEARAspiWDM - ok
16:39:19.0781 0872 GMSIPCI - ok
16:39:19.0781 0872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:39:19.0781 0872 Gpc - ok
16:39:19.0812 0872 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:39:19.0812 0872 HDAudBus - ok
16:39:19.0828 0872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:39:19.0843 0872 HidUsb - ok
16:39:19.0843 0872 hpn - ok
16:39:19.0875 0872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:39:19.0875 0872 HTTP - ok
16:39:19.0890 0872 i2omgmt - ok
16:39:19.0890 0872 i2omp - ok
16:39:19.0906 0872 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:39:19.0906 0872 i8042prt - ok
16:39:19.0921 0872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:39:19.0921 0872 Imapi - ok
16:39:19.0937 0872 ini910u - ok
16:39:20.0031 0872 IntcAzAudAddService (db589671e0c403d65884cf0b50600fcd) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:39:20.0062 0872 IntcAzAudAddService - ok
16:39:20.0078 0872 IntelIde (ef4fda4841001a4b98c411797db8894a) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:39:20.0078 0872 IntelIde - ok
16:39:20.0093 0872 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:39:20.0109 0872 intelppm - ok
16:39:20.0125 0872 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:39:20.0125 0872 Ip6Fw - ok
16:39:20.0125 0872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:39:20.0125 0872 IpFilterDriver - ok
16:39:20.0140 0872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:39:20.0140 0872 IpInIp - ok
16:39:20.0171 0872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:39:20.0171 0872 IpNat - ok
16:39:20.0187 0872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:39:20.0187 0872 IPSec - ok
16:39:20.0203 0872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:39:20.0203 0872 IRENUM - ok
16:39:20.0218 0872 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:39:20.0218 0872 isapnp - ok
16:39:20.0234 0872 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:39:20.0234 0872 Kbdclass - ok
16:39:20.0250 0872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:39:20.0250 0872 kmixer - ok
16:39:20.0281 0872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:39:20.0281 0872 KSecDD - ok
16:39:20.0296 0872 lbrtfdc - ok
16:39:20.0328 0872 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
16:39:20.0328 0872 MarvinBus - ok
16:39:20.0343 0872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:39:20.0343 0872 mnmdd - ok
16:39:20.0375 0872 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
16:39:20.0375 0872 Modem - ok
16:39:20.0375 0872 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:39:20.0375 0872 Mouclass - ok
16:39:20.0406 0872 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:39:20.0406 0872 mouhid - ok
16:39:20.0421 0872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:39:20.0421 0872 MountMgr - ok
16:39:20.0421 0872 mraid35x - ok
16:39:20.0437 0872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:39:20.0437 0872 MRxDAV - ok
16:39:20.0468 0872 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
16:39:20.0468 0872 MSDV - ok
16:39:20.0468 0872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:39:20.0468 0872 Msfs - ok
16:39:20.0484 0872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:39:20.0500 0872 MSKSSRV - ok
16:39:20.0515 0872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:39:20.0515 0872 MSPCLOCK - ok
16:39:20.0531 0872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:39:20.0531 0872 MSPQM - ok
16:39:20.0546 0872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:39:20.0546 0872 mssmbios - ok
16:39:20.0562 0872 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:39:20.0562 0872 MSTEE - ok
16:39:20.0578 0872 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:39:20.0578 0872 Mup - ok
16:39:20.0593 0872 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:39:20.0593 0872 NABTSFEC - ok
16:39:20.0609 0872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:39:20.0609 0872 NDIS - ok
16:39:20.0625 0872 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:39:20.0625 0872 NdisIP - ok
16:39:20.0640 0872 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:39:20.0640 0872 NdisTapi - ok
16:39:20.0656 0872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:39:20.0656 0872 Ndisuio - ok
16:39:20.0656 0872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:39:20.0671 0872 NdisWan - ok
16:39:20.0703 0872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:39:20.0703 0872 NDProxy - ok
16:39:20.0703 0872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:39:20.0718 0872 NetBT - ok
16:39:20.0734 0872 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:39:20.0750 0872 NIC1394 - ok
16:39:20.0765 0872 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
16:39:20.0765 0872 nm - ok
16:39:20.0781 0872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:39:20.0781 0872 Npfs - ok
16:39:20.0812 0872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:39:20.0812 0872 Ntfs - ok
16:39:20.0828 0872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:39:20.0828 0872 Null - ok
16:39:20.0859 0872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:39:20.0859 0872 NwlnkFlt - ok
16:39:20.0875 0872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:39:20.0875 0872 NwlnkFwd - ok
16:39:20.0875 0872 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:39:20.0890 0872 ohci1394 - ok
16:39:20.0890 0872 OMSCAN - ok
16:39:20.0906 0872 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
16:39:20.0906 0872 Parport - ok
16:39:20.0921 0872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:39:20.0921 0872 PartMgr - ok
16:39:20.0921 0872 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
16:39:20.0921 0872 ParVdm - ok
16:39:20.0937 0872 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
16:39:20.0953 0872 PCI - ok
16:39:20.0953 0872 PCIDump - ok
16:39:20.0968 0872 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:39:20.0968 0872 PCIIde - ok
16:39:21.0000 0872 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
16:39:21.0000 0872 PCLEPCI - ok
16:39:21.0031 0872 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:39:21.0031 0872 Pcmcia - ok
16:39:21.0031 0872 PDCOMP - ok
16:39:21.0046 0872 PDFRAME - ok
16:39:21.0046 0872 PDRELI - ok
16:39:21.0062 0872 PDRFRAME - ok
16:39:21.0062 0872 perc2 - ok
16:39:21.0078 0872 perc2hib - ok
16:39:21.0109 0872 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\system32\drivers\pfc.sys
16:39:21.0109 0872 pfc - ok
16:39:21.0125 0872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:39:21.0125 0872 PptpMiniport - ok
16:39:21.0125 0872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:39:21.0125 0872 Ptilink - ok
16:39:21.0156 0872 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:39:21.0171 0872 PxHelp20 - ok
16:39:21.0171 0872 ql1080 - ok
16:39:21.0171 0872 Ql10wnt - ok
16:39:21.0187 0872 ql12160 - ok
16:39:21.0203 0872 ql1240 - ok
16:39:21.0203 0872 ql1280 - ok
16:39:21.0218 0872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:39:21.0218 0872 RasAcd - ok
16:39:21.0234 0872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:39:21.0234 0872 Rasl2tp - ok
16:39:21.0234 0872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:39:21.0250 0872 RasPppoe - ok
16:39:21.0250 0872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:39:21.0250 0872 Raspti - ok
16:39:21.0265 0872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:39:21.0265 0872 RDPCDD - ok
16:39:21.0296 0872 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:39:21.0296 0872 RDPWD - ok
16:39:21.0296 0872 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:39:21.0312 0872 redbook - ok
16:39:21.0312 0872 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:39:21.0312 0872 ROOTMODEM - ok
16:39:21.0343 0872 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:39:21.0343 0872 RTLE8023xp - ok
16:39:21.0375 0872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:39:21.0375 0872 Secdrv - ok
16:39:21.0406 0872 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
16:39:21.0406 0872 Ser2pl - ok
16:39:21.0406 0872 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:39:21.0406 0872 serenum - ok
16:39:21.0421 0872 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
16:39:21.0421 0872 Serial - ok
16:39:21.0437 0872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:39:21.0437 0872 Sfloppy - ok
16:39:21.0453 0872 Simbad - ok
16:39:21.0468 0872 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:39:21.0468 0872 SLIP - ok
16:39:21.0500 0872 sonyhcb (e78cd3bb53a208dfab8fc826384307e0) C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
16:39:21.0500 0872 sonyhcb - ok
16:39:21.0515 0872 sonyhcs (610f515fcd95d37f3252e1c250ef8c61) C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
16:39:21.0531 0872 sonyhcs - ok
16:39:21.0531 0872 Sparrow - ok
16:39:21.0562 0872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:39:21.0562 0872 splitter - ok
16:39:21.0562 0872 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
16:39:21.0562 0872 sr - ok
16:39:21.0609 0872 SSHDRV64 (19d1de040e575c87fa74f90bd7c73753) C:\WINDOWS\system32\drivers\SSHDRV64.sys
16:39:21.0609 0872 SSHDRV64 - ok
16:39:21.0640 0872 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:39:21.0640 0872 streamip - ok
16:39:21.0656 0872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:39:21.0656 0872 swenum - ok
16:39:21.0671 0872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:39:21.0671 0872 swmidi - ok
16:39:21.0687 0872 symc810 - ok
16:39:21.0687 0872 symc8xx - ok
16:39:21.0703 0872 sym_hi - ok
16:39:21.0703 0872 sym_u3 - ok
16:39:21.0718 0872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:39:21.0718 0872 sysaudio - ok
16:39:21.0734 0872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:39:21.0750 0872 Tcpip - ok
16:39:21.0765 0872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:39:21.0765 0872 TDPIPE - ok
16:39:21.0781 0872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:39:21.0781 0872 TDTCP - ok
16:39:21.0796 0872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:39:21.0796 0872 TermDD - ok
16:39:21.0796 0872 TosIde - ok
16:39:21.0859 0872 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
16:39:21.0859 0872 TuneUpUtilitiesDrv - ok
16:39:21.0875 0872 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
16:39:21.0875 0872 tunmp - ok
16:39:21.0890 0872 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
16:39:21.0906 0872 uagp35 - ok
16:39:21.0921 0872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:39:21.0921 0872 Udfs - ok
16:39:21.0937 0872 ultra - ok
16:39:21.0968 0872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:39:21.0968 0872 Update - ok
16:39:22.0000 0872 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:39:22.0000 0872 usbaudio - ok
16:39:22.0015 0872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:39:22.0015 0872 usbccgp - ok
16:39:22.0046 0872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:39:22.0046 0872 usbehci - ok
16:39:22.0062 0872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:39:22.0062 0872 usbhub - ok
16:39:22.0093 0872 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:39:22.0093 0872 usbprint - ok
16:39:22.0109 0872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:39:22.0109 0872 usbscan - ok
16:39:22.0125 0872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:39:22.0125 0872 USBSTOR - ok
16:39:22.0140 0872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:39:22.0140 0872 usbuhci - ok
16:39:22.0140 0872 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:39:22.0156 0872 usbvideo - ok
16:39:22.0171 0872 VComm (51750b0539986186c6931fc40d171521) C:\WINDOWS\system32\DRIVERS\VComm.sys
16:39:22.0171 0872 VComm - ok
16:39:22.0187 0872 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\WINDOWS\system32\Drivers\VcommMgr.sys
16:39:22.0187 0872 VcommMgr - ok
16:39:22.0203 0872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:39:22.0203 0872 VgaSave - ok
16:39:22.0218 0872 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:39:22.0218 0872 ViaIde - ok
16:39:22.0250 0872 videX32 (c8ee49fa76eb7c41a9cddfe58151a74e) C:\WINDOWS\system32\DRIVERS\videX32.sys
16:39:22.0250 0872 videX32 - ok
16:39:22.0265 0872 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
16:39:22.0265 0872 VolSnap - ok
16:39:22.0281 0872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:39:22.0296 0872 Wanarp - ok
16:39:22.0296 0872 WDICA - ok
16:39:22.0312 0872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:39:22.0312 0872 wdmaud - ok
16:39:22.0343 0872 wdm_fm801 (cbf2290ecaa5d56246b96abeaf99730d) C:\WINDOWS\system32\drivers\fm801.sys
16:39:22.0359 0872 wdm_fm801 - ok
16:39:22.0375 0872 WF23880 (6379da183b5a6c8a435aab6e9c61839f) C:\WINDOWS\system32\drivers\wf88vcap.sys
16:39:22.0375 0872 WF23880 - ok
16:39:22.0421 0872 WF88XBAR (765f72f8f8ce24e88f90694f34acbefb) C:\WINDOWS\system32\drivers\WF88XBAR.sys
16:39:22.0421 0872 WF88XBAR - ok
16:39:22.0453 0872 WFIOCTL (98e8be5afef76b3900e35b1c5dbfb0fd) C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS
16:39:22.0453 0872 WFIOCTL - ok
16:39:22.0468 0872 WFTUNE (480109853d84cd9efaf059a2a923c290) C:\WINDOWS\system32\drivers\WF88TUNE.sys
16:39:22.0468 0872 WFTUNE - ok
16:39:22.0500 0872 WLC811GPCI (aa2d6e05be36436503e6f3e33f1f2bd8) C:\WINDOWS\system32\DRIVERS\WLC811G.sys
16:39:22.0500 0872 WLC811GPCI - ok
16:39:22.0531 0872 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:39:22.0531 0872 WS2IFSL - ok
16:39:22.0562 0872 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:39:22.0562 0872 WSTCODEC - ok
16:39:22.0593 0872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:39:22.0593 0872 WudfPf - ok
16:39:22.0609 0872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:39:22.0609 0872 WudfRd - ok
16:39:22.0671 0872 ZSMC301b (2d84a29b412cd68317095fb277352cb4) C:\WINDOWS\system32\Drivers\usbVM31b.sys
16:39:22.0671 0872 ZSMC301b - ok
16:39:22.0687 0872 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
16:39:22.0718 0872 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - infected
16:39:22.0718 0872 \Device\Harddisk0\DR0 - detected Trojan-Clicker.Win32.Wistler.c (0)
16:39:22.0734 0872 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk1\DR1
16:39:22.0828 0872 \Device\Harddisk1\DR1 - ok
16:39:22.0828 0872 Boot (0x1200) (40279635bbc5cecf21b0bff82522e61e) \Device\Harddisk0\DR0\Partition0
16:39:22.0828 0872 \Device\Harddisk0\DR0\Partition0 - ok
16:39:22.0843 0872 Boot (0x1200) (ba7135525606837d03c0aa37992933a6) \Device\Harddisk0\DR0\Partition1
16:39:22.0843 0872 \Device\Harddisk0\DR0\Partition1 - ok
16:39:22.0859 0872 Boot (0x1200) (6bd789e7f55da4725b3e7ad365c47a2a) \Device\Harddisk1\DR1\Partition0
16:39:22.0859 0872 \Device\Harddisk1\DR1\Partition0 - ok
16:39:22.0859 0872 Boot (0x1200) (56e11663ccef571dd7fa45e8d02a7408) \Device\Harddisk1\DR1\Partition1
16:39:22.0875 0872 \Device\Harddisk1\DR1\Partition1 - ok
16:39:22.0875 0872 ============================================================
16:39:22.0875 0872 Scan finished
16:39:22.0875 0872 ============================================================
16:39:22.0875 3852 Detected object count: 1
16:39:22.0875 3852 Actual detected object count: 1
16:39:45.0859 3852 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - will be cured on reboot
16:39:45.0859 3852 \Device\Harddisk0\DR0 - ok
16:39:45.0859 3852 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - User select action: Cure
16:39:56.0359 2984 Deinitialize success
Re: Napadený boot sektor Win32/Agent.SDG.Gen
restart byl, vir hlásí stále
Re: Napadený boot sektor Win32/Agent.SDG.Gen
Co budem pouzivat - Avast nebo ESET - nechte jen Avast, pokud na ESETa nemate koupenou licenci Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: File:: C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\User_Feed_Synchronization-{EF349FF5-56C3-4131-B850-B8C7F83678AF}.job C:\PROGRA~1\INBOXT~1\Inbox.dll C:\Program Files\MyAshampoo\prxtbMyA0.dll C:\Program Files\ConduitEngine\prxConduitEngine.dll C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll c:\documents and settings\Rudla\Nabídka Start\Programy\Po spuštění\MP3 Dancer.lnk Folder:: C:\Program Files\Winamp Toolbar C:\Program Files\ICQ6Toolbar Registry:: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] Driver:: ICQ Service gupdate gupdatem OMSCAN DDS:: uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html RegNull:: [HKEY_USERS\S-1-5-21-1960408961-1757981266-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*] Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Napadený boot sektor Win32/Agent.SDG.Gen
Omlouvám se za prodlevu, byl jsem na pár dnů mimo domov.
Combofix poscriptu
ComboFix 11-10-19.06 - Rudla 19.10.2011 22:50:49.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1417 [GMT 2:00]
Spuštěný z: c:\documents and settings\Rudla\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Rudla\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\Rudla\Nabídka Start\Programy\Po spuštění\MP3 Dancer.lnk"
"c:\progra~1\INBOXT~1\Inbox.dll"
"c:\program files\ConduitEngine\prxConduitEngine.dll"
"c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll"
"c:\program files\MyAshampoo\prxtbMyA0.dll"
"c:\windows\tasks\AppleSoftwareUpdate.job"
"c:\windows\tasks\Google Software Updater.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\MP Scheduled Scan.job"
"c:\windows\tasks\User_Feed_Synchronization-{EF349FF5-56C3-4131-B850-B8C7F83678AF}.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\INBOXT~1\Inbox.dll
c:\program files\ConduitEngine\prxConduitEngine.dll
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Thumbs.db
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll
c:\program files\MyAshampoo\prxtbMyA0.dll
c:\program files\Winamp Toolbar
c:\program files\Winamp Toolbar\apopup.dll
c:\program files\Winamp Toolbar\install.log
c:\program files\Winamp Toolbar\msvcr71.dll
c:\program files\Winamp Toolbar\uninstall.exe
c:\program files\Winamp Toolbar\winamptb.dll
c:\program files\Winamp Toolbar\winampTbServer.exe
c:\program files\Winamp Toolbar\winamptbServerPS.dll
c:\program files\Winamp Toolbar\xprt5.dll
c:\windows\tasks\AppleSoftwareUpdate.job
c:\windows\tasks\Google Software Updater.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\MP Scheduled Scan.job
c:\windows\tasks\User_Feed_Synchronization-{EF349FF5-56C3-4131-B850-B8C7F83678AF}.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ICQ_SERVICE
-------\Legacy_OMSCAN
-------\Service_gupdatem
-------\Service_ICQ Service
-------\Service_OMSCAN
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-19 do 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-19 20:56 . 2011-10-19 20:56 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{8B920C8D-24A4-4F26-AF2B-EC3ACD9DC130}\offreg.dll
2011-10-18 06:38 . 2011-09-21 07:00 7269712 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{8B920C8D-24A4-4F26-AF2B-EC3ACD9DC130}\mpengine.dll
2011-10-13 13:33 . 2011-10-13 13:33 -------- dcsh--w- c:\documents and settings\Administrator.RUDOLF\IETldCache
2011-10-13 13:11 . 2011-10-13 13:30 -------- d-----w- c:\program files\trend micro
2011-10-13 13:11 . 2011-10-13 13:33 -------- dc----w- C:\rsit
2011-10-13 13:08 . 2011-10-19 20:39 -------- dc----w- C:\inst
2011-10-13 13:02 . 2011-10-13 13:11 -------- d-----w- c:\documents and settings\Rudla\Data aplikací\TeamViewer
2011-10-13 13:01 . 2011-10-13 13:01 -------- d-----w- c:\program files\TeamViewer
2011-10-04 16:05 . 2011-10-04 16:05 -------- d-----w- c:\documents and settings\Rudla\Data aplikací\ESET
2011-10-04 16:05 . 2011-10-04 16:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-10-04 15:30 . 2011-10-04 15:30 -------- d-----w- c:\program files\Windows Sidebar
2011-10-04 15:30 . 2011-10-13 13:25 -------- dc----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-10-03 12:21 . 2011-10-03 12:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-02 09:29 . 2011-10-04 15:29 -------- d-----w- c:\program files\McAfee Online Backup
2011-10-02 09:04 . 2011-10-02 09:04 -------- d-----w- c:\documents and settings\Rudla\Local Settings\Data aplikací\McAfee Anti-Theft
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\PriceGong
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Conduit
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\MyAshampoo
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\IncrediMail_MediaBar_2
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Winamp Toolbar
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-10-02 08:16 . 2011-10-02 08:16 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
2011-10-01 16:34 . 2011-10-01 16:34 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 16:34 . 2011-10-19 20:33 -------- d-----w- c:\program files\McAfee Security Scan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2008-07-29 17:59 613376 -c--a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-03-02 12:00 22528 -c--a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 -c--a-w- c:\windows\system32\oleacc.dll
2011-09-21 07:00 . 2010-01-14 10:53 7269712 -c--a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-03 10:17 . 2006-03-02 12:00 602112 -c--a-w- c:\windows\system32\crypt32(3).dll
2011-08-22 23:41 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2006-03-02 12:00 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2006-03-02 12:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-03-02 12:00 385024 -c--a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-03-02 12:00 138496 -c--a-w- c:\windows\system32\drivers\afd.sys
2006-03-02 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 03:22 50688 -csh--w- c:\windows\twain_32.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 03:22 12288 -csh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-13_13.26.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-18 11:18 . 2011-04-18 11:18 165648 c:\windows\system32\drivers\MpFilter.sys
+ 2006-03-02 12:00 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
- 2010-10-14 07:28 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2011-10-19 20:40 . 2011-10-19 20:40 301056 c:\windows\Installer\302f9.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2010-06-29 22:11 349624 -c--a-w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\Rudla\Nabídka Start\Programy\Po spuštění\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
MP3 Dancer.lnk - [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Novex Canada Ltd\\Remote Module\\Alarm Receiver.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\hry\\Age of Empires Trial\\empires.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowRedirect"= 1 (0x1)
.
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [30.11.2006 21:05 6097]
R1 SSHDRV64;SSHDRV64;c:\windows\system32\drivers\SSHDRV64.sys [21.2.2007 18:53 113152]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [13.10.2011 15:02 2358656]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [27.10.2010 18:23 1483072]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 13:34 10064]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [30.11.2006 0:31 209171]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [30.11.2006 0:31 9284]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [30.11.2006 0:31 36261]
S3 gameport;FM801 PCI Joystick;c:\windows\system32\drivers\fmjoy.sys [2.11.2001 11:49 9728]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [30.11.2006 21:05 299923]
S3 wdm_fm801;FM801 PCI Audio (WDM);c:\windows\system32\drivers\fm801.sys [2.11.2001 15:33 328320]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [30.11.2006 0:19 9510]
S3 WLC811GPCI;802.11b WLAN PCI;c:\windows\system32\drivers\wlc811g.sys [29.11.2006 23:57 50432]
S4 gupdate1c9f5912b2a076;Služba Google Update (gupdate1c9f5912b2a076);c:\program files\Google\Update\GoogleUpdate.exe [25.6.2009 14:32 133104]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{91D70088-18DB-44F2-8E46-74AD3DF1EB89}: NameServer = 10.255.255.10,10.255.255.20
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
BHO-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\MyAshampoo\prxtbMyA0.dll
BHO-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll
Toolbar-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\MyAshampoo\prxtbMyA0.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
Toolbar-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - c:\program files\MyAshampoo\prxtbMyA0.dll
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-Winamp Toolbar - c:\program files\Winamp Toolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-19 22:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1757981266-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3408)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\E_S00RP1.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\SAgent4.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-10-19 23:00:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-19 21:00
ComboFix2.txt 2011-10-13 13:30
.
Před spuštěním: Volných bajtů: 131 150 794 752
Po spuštění: Volných bajtů: 131 139 391 488
.
- - End Of File - - 567662C8180D76F9D1EF8AE53244F3D7
Combofix poscriptu
ComboFix 11-10-19.06 - Rudla 19.10.2011 22:50:49.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1417 [GMT 2:00]
Spuštěný z: c:\documents and settings\Rudla\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Rudla\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\Rudla\Nabídka Start\Programy\Po spuštění\MP3 Dancer.lnk"
"c:\progra~1\INBOXT~1\Inbox.dll"
"c:\program files\ConduitEngine\prxConduitEngine.dll"
"c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll"
"c:\program files\MyAshampoo\prxtbMyA0.dll"
"c:\windows\tasks\AppleSoftwareUpdate.job"
"c:\windows\tasks\Google Software Updater.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\MP Scheduled Scan.job"
"c:\windows\tasks\User_Feed_Synchronization-{EF349FF5-56C3-4131-B850-B8C7F83678AF}.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\INBOXT~1\Inbox.dll
c:\program files\ConduitEngine\prxConduitEngine.dll
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Thumbs.db
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll
c:\program files\MyAshampoo\prxtbMyA0.dll
c:\program files\Winamp Toolbar
c:\program files\Winamp Toolbar\apopup.dll
c:\program files\Winamp Toolbar\install.log
c:\program files\Winamp Toolbar\msvcr71.dll
c:\program files\Winamp Toolbar\uninstall.exe
c:\program files\Winamp Toolbar\winamptb.dll
c:\program files\Winamp Toolbar\winampTbServer.exe
c:\program files\Winamp Toolbar\winamptbServerPS.dll
c:\program files\Winamp Toolbar\xprt5.dll
c:\windows\tasks\AppleSoftwareUpdate.job
c:\windows\tasks\Google Software Updater.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\MP Scheduled Scan.job
c:\windows\tasks\User_Feed_Synchronization-{EF349FF5-56C3-4131-B850-B8C7F83678AF}.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ICQ_SERVICE
-------\Legacy_OMSCAN
-------\Service_gupdatem
-------\Service_ICQ Service
-------\Service_OMSCAN
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-19 do 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-19 20:56 . 2011-10-19 20:56 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{8B920C8D-24A4-4F26-AF2B-EC3ACD9DC130}\offreg.dll
2011-10-18 06:38 . 2011-09-21 07:00 7269712 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{8B920C8D-24A4-4F26-AF2B-EC3ACD9DC130}\mpengine.dll
2011-10-13 13:33 . 2011-10-13 13:33 -------- dcsh--w- c:\documents and settings\Administrator.RUDOLF\IETldCache
2011-10-13 13:11 . 2011-10-13 13:30 -------- d-----w- c:\program files\trend micro
2011-10-13 13:11 . 2011-10-13 13:33 -------- dc----w- C:\rsit
2011-10-13 13:08 . 2011-10-19 20:39 -------- dc----w- C:\inst
2011-10-13 13:02 . 2011-10-13 13:11 -------- d-----w- c:\documents and settings\Rudla\Data aplikací\TeamViewer
2011-10-13 13:01 . 2011-10-13 13:01 -------- d-----w- c:\program files\TeamViewer
2011-10-04 16:05 . 2011-10-04 16:05 -------- d-----w- c:\documents and settings\Rudla\Data aplikací\ESET
2011-10-04 16:05 . 2011-10-04 16:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-10-04 15:30 . 2011-10-04 15:30 -------- d-----w- c:\program files\Windows Sidebar
2011-10-04 15:30 . 2011-10-13 13:25 -------- dc----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-10-03 12:21 . 2011-10-03 12:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-02 09:29 . 2011-10-04 15:29 -------- d-----w- c:\program files\McAfee Online Backup
2011-10-02 09:04 . 2011-10-02 09:04 -------- d-----w- c:\documents and settings\Rudla\Local Settings\Data aplikací\McAfee Anti-Theft
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\PriceGong
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Conduit
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\MyAshampoo
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\IncrediMail_MediaBar_2
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Winamp Toolbar
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-10-02 08:16 . 2011-10-02 08:16 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
2011-10-01 16:34 . 2011-10-01 16:34 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 16:34 . 2011-10-19 20:33 -------- d-----w- c:\program files\McAfee Security Scan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2008-07-29 17:59 613376 -c--a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-03-02 12:00 22528 -c--a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 -c--a-w- c:\windows\system32\oleacc.dll
2011-09-21 07:00 . 2010-01-14 10:53 7269712 -c--a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-03 10:17 . 2006-03-02 12:00 602112 -c--a-w- c:\windows\system32\crypt32(3).dll
2011-08-22 23:41 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2006-03-02 12:00 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2006-03-02 12:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-03-02 12:00 385024 -c--a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-03-02 12:00 138496 -c--a-w- c:\windows\system32\drivers\afd.sys
2006-03-02 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 03:22 50688 -csh--w- c:\windows\twain_32.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 03:22 12288 -csh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-13_13.26.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-18 11:18 . 2011-04-18 11:18 165648 c:\windows\system32\drivers\MpFilter.sys
+ 2006-03-02 12:00 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
- 2010-10-14 07:28 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2011-10-19 20:40 . 2011-10-19 20:40 301056 c:\windows\Installer\302f9.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2010-06-29 22:11 349624 -c--a-w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\Rudla\Nabídka Start\Programy\Po spuštění\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
MP3 Dancer.lnk - [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Novex Canada Ltd\\Remote Module\\Alarm Receiver.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\hry\\Age of Empires Trial\\empires.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowRedirect"= 1 (0x1)
.
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [30.11.2006 21:05 6097]
R1 SSHDRV64;SSHDRV64;c:\windows\system32\drivers\SSHDRV64.sys [21.2.2007 18:53 113152]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [13.10.2011 15:02 2358656]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [27.10.2010 18:23 1483072]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 13:34 10064]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [30.11.2006 0:31 209171]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [30.11.2006 0:31 9284]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [30.11.2006 0:31 36261]
S3 gameport;FM801 PCI Joystick;c:\windows\system32\drivers\fmjoy.sys [2.11.2001 11:49 9728]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [30.11.2006 21:05 299923]
S3 wdm_fm801;FM801 PCI Audio (WDM);c:\windows\system32\drivers\fm801.sys [2.11.2001 15:33 328320]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [30.11.2006 0:19 9510]
S3 WLC811GPCI;802.11b WLAN PCI;c:\windows\system32\drivers\wlc811g.sys [29.11.2006 23:57 50432]
S4 gupdate1c9f5912b2a076;Služba Google Update (gupdate1c9f5912b2a076);c:\program files\Google\Update\GoogleUpdate.exe [25.6.2009 14:32 133104]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{91D70088-18DB-44F2-8E46-74AD3DF1EB89}: NameServer = 10.255.255.10,10.255.255.20
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
BHO-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\MyAshampoo\prxtbMyA0.dll
BHO-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll
Toolbar-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\MyAshampoo\prxtbMyA0.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
Toolbar-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - c:\program files\MyAshampoo\prxtbMyA0.dll
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-Winamp Toolbar - c:\program files\Winamp Toolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-19 22:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1757981266-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3408)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\E_S00RP1.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\SAgent4.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-10-19 23:00:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-19 21:00
ComboFix2.txt 2011-10-13 13:30
.
Před spuštěním: Volných bajtů: 131 150 794 752
Po spuštění: Volných bajtů: 131 139 391 488
.
- - End Of File - - 567662C8180D76F9D1EF8AE53244F3D7
Re: Napadený boot sektor Win32/Agent.SDG.Gen
Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.
- Utilitu spustte a prikazte ji, at skenuje - klik na Scan
- Kliknutim na Save log ulozte log aswMBR na plochu
- Obsah logu aswMBR mi sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Napadený boot sektor Win32/Agent.SDG.Gen
aswMBR
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-20 07:23:16
-----------------------------
07:23:16.843 OS Version: Windows 5.1.2600 Service Pack 3
07:23:16.843 Number of processors: 2 586 0x170A
07:23:16.843 ComputerName: RUDOLF UserName: Rudla
07:23:21.234 Initialize success
07:24:45.828 AVAST engine defs: 11101901
07:24:52.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:24:52.375 Disk 0 Vendor: ST3500418AS CC34 Size: 476938MB BusType: 3
07:24:52.375 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
07:24:52.390 Disk 1 Vendor: ST3160021A 8.01 Size: 152626MB BusType: 3
07:24:54.390 Disk 0 MBR read successfully
07:24:54.390 Disk 0 MBR scan
07:24:54.406 Disk 0 Windows XP default MBR code
07:24:54.421 Disk 0 scanning sectors +976768065
07:24:54.484 Disk 0 scanning C:\WINDOWS\system32\drivers
07:25:02.500 Service scanning
07:25:02.703 Service GMSIPCI G:\INSTALL\GMSIPCI.SYS **LOCKED** 21
07:25:03.281 Modules scanning
07:25:14.421 Disk 0 trace - called modules:
07:25:14.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:25:14.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a666ab8]
07:25:14.453 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000007b[0x8a746180]
07:25:14.453 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a759d98]
07:25:23.562 AVAST engine scan C:\WINDOWS
07:25:38.187 AVAST engine scan C:\WINDOWS\system32
07:26:53.531 AVAST engine scan C:\WINDOWS\system32\drivers
07:27:06.546 AVAST engine scan C:\Documents and Settings\Rudla
07:40:16.328 AVAST engine scan C:\Documents and Settings\All Users
07:43:44.421 Scan finished successfully
07:47:11.281 Disk 0 MBR has been saved successfully to "C:\inst\MBR.dat"
07:47:11.281 The log file has been saved successfully to "C:\inst\aswMBR.txt"
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-20 07:23:16
-----------------------------
07:23:16.843 OS Version: Windows 5.1.2600 Service Pack 3
07:23:16.843 Number of processors: 2 586 0x170A
07:23:16.843 ComputerName: RUDOLF UserName: Rudla
07:23:21.234 Initialize success
07:24:45.828 AVAST engine defs: 11101901
07:24:52.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:24:52.375 Disk 0 Vendor: ST3500418AS CC34 Size: 476938MB BusType: 3
07:24:52.375 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
07:24:52.390 Disk 1 Vendor: ST3160021A 8.01 Size: 152626MB BusType: 3
07:24:54.390 Disk 0 MBR read successfully
07:24:54.390 Disk 0 MBR scan
07:24:54.406 Disk 0 Windows XP default MBR code
07:24:54.421 Disk 0 scanning sectors +976768065
07:24:54.484 Disk 0 scanning C:\WINDOWS\system32\drivers
07:25:02.500 Service scanning
07:25:02.703 Service GMSIPCI G:\INSTALL\GMSIPCI.SYS **LOCKED** 21
07:25:03.281 Modules scanning
07:25:14.421 Disk 0 trace - called modules:
07:25:14.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:25:14.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a666ab8]
07:25:14.453 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000007b[0x8a746180]
07:25:14.453 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a759d98]
07:25:23.562 AVAST engine scan C:\WINDOWS
07:25:38.187 AVAST engine scan C:\WINDOWS\system32
07:26:53.531 AVAST engine scan C:\WINDOWS\system32\drivers
07:27:06.546 AVAST engine scan C:\Documents and Settings\Rudla
07:40:16.328 AVAST engine scan C:\Documents and Settings\All Users
07:43:44.421 Scan finished successfully
07:47:11.281 Disk 0 MBR has been saved successfully to "C:\inst\MBR.dat"
07:47:11.281 The log file has been saved successfully to "C:\inst\aswMBR.txt"
Re: Napadený boot sektor Win32/Agent.SDG.Gen
Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
- G:\INSTALL\GMSIPCI.SYS
C:\inst\MBR.dat - Kliknete na Prochazet
- Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
- Kliknete na Send File
- Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
- Vysledek analyzy sem vlozte (jako odkaz)
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Napadený boot sektor Win32/Agent.SDG.Gen
Bohužel se na ten odkaz nemohu dostat.
Vypršel čas spojení
Při pokusu kontaktovat server www.virustotal.com vypršel časový limit.
Server je dočasně nedostupný. Zkuste to prosím znovu
za chvíli.
Pokud se vám nezobrazují ani ostatní stránky, zkontrolujte síťové připojení svého
počítače.
Pokud je váš počítač chráněn firewallem nebo proxy serverem, zkontrolujte, zda má
Firefox přístup na Internet.
Vypršel čas spojení
Při pokusu kontaktovat server www.virustotal.com vypršel časový limit.
Server je dočasně nedostupný. Zkuste to prosím znovu
za chvíli.
Pokud se vám nezobrazují ani ostatní stránky, zkontrolujte síťové připojení svého
počítače.
Pokud je váš počítač chráněn firewallem nebo proxy serverem, zkontrolujte, zda má
Firefox přístup na Internet.
Re: Napadený boot sektor Win32/Agent.SDG.Gen
Zkuste tento http://virusscan.jotti.org/cs
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Napadený boot sektor Win32/Agent.SDG.Gen
Ale asi bude tez pretizen, opakujte pripadne akci pozdeji
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Napadený boot sektor Win32/Agent.SDG.Gen
Jottiho malware test
Název souboru: MBR.dat
Stav: Test dokončen. 0 z 20 programů nalezlo škodlivý kód.
Druhý soubor nebyl nalezen
G:\INSTALL\GMSIPCI.SYS
disk G: neexistuje (G: je mechanika ve které není CD/DVD)
adresář install na F: , ale soubor na celém PC (disky C:, D:, E:, F:,) není, hledáno přes total commander
Název souboru: MBR.dat
Stav: Test dokončen. 0 z 20 programů nalezlo škodlivý kód.
Druhý soubor nebyl nalezen
G:\INSTALL\GMSIPCI.SYS
disk G: neexistuje (G: je mechanika ve které není CD/DVD)
adresář install na F: , ale soubor na celém PC (disky C:, D:, E:, F:,) není, hledáno přes total commander
Re: Napadený boot sektor Win32/Agent.SDG.Gen
Jinak teď už antiviry nic nehlásí (postupně jednotlivě instal a uninstal mse, eset online, avast free) - původně to hlásil eset smart security. Nechal jsem avast free. Jeden "malý" problém zůstal. Vždy po restartu je avast neaktivní a musím v něm dát opravit, aby byl funkční.
Re: Napadený boot sektor Win32/Agent.SDG.Gen
v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) projedte PC temito utilitami, at se zbavime zbytku antiviru co tam mate
- http://files.avast.com/files/eng/aswclear.exe
- http://go.microsoft.com/?linkid=9748340
- http://download.microsoft.com/download/ ... leanUp.exe
- http://download.eset.com/special/ESETUninstaller.exe navod zde http://www.viry.cz/forum/viewtopic.php?p=889437#p889437
Nainstalujte znouv Avast Free http://www.avast.com/cs-cz/free-antivirus-download je mozne ze byl haveti poskozen Odinstalujte Combofix
- Prejmenujte ComboFix na Uninstall
- Spustte jej
- Tohle smaze Combofix a jeho slozky
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
MBAM muzete odinstalovat nebo nechat na obcasny sken - v pripade nalezu velmi doporucuji dat sem log na posouzeni, at si neodstrelite neco legitimniho Stahnete Ccleaner (viz muj podpis)Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
Doporucuji provest defragmentaci disku
- Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
- Kliknete na Tento pocitac, dale na disk kliknete pravym tlacitkem, vyberte Vlastnosti
- prepnete se do zalozky Nastroje
- Nyni vidite pomucky Defragmentace - spustte ji kliknutim na Defragmentovat
- Toto provedte se vsemi disky
- Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
- Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
- Kliknete na Analyzovat
- Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
- Postup provedte se vsemi disky
- Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
- Vyhodou programku je, ze se neinstaluje
- Staci tedy jen stahnout dle verze vaseho OS a rozbalit
- Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
- Probehne analyza disku a nasledne i defragmentace
Dejte novy log z RSIT a napiste co PC"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?