michal.kolesa - podezreni na TDL

[michal.kolesa]

Nastartoval jsem PC z Hiren's Boot CD a spustil Eset online.

Vše OK

Ale jak čtu tuto diskusi, tak to asi tomu "hajzlíkovi" nevadí.

Je někde popis v češtině jak to odstranit, pro méně zkušené uživatele co neví co je MBR ?

[vyosek]

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
• Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
• Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
• Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
• Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
• Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

[michal.kolesa]

Dík PC čisté

23:24:35.0537 4712 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
23:24:35.0634 4712 ============================================================
23:24:35.0634 4712 Current date / time: 2011/11/01 23:24:35.0634
23:24:35.0634 4712 SystemInfo:
23:24:35.0634 4712
23:24:35.0634 4712 OS Version: 6.1.7601 ServicePack: 1.0
23:24:35.0634 4712 Product type: Workstation
23:24:35.0634 4712 ComputerName: KOLESOVISTOLNI
23:24:35.0634 4712 UserName: MichalKolesa
23:24:35.0635 4712 Windows directory: C:\Windows
23:24:35.0635 4712 System windows directory: C:\Windows
23:24:35.0635 4712 Running under WOW64
23:24:35.0635 4712 Processor architecture: Intel x64
23:24:35.0635 4712 Number of processors: 8
23:24:35.0635 4712 Page size: 0x1000
23:24:35.0635 4712 Boot type: Normal boot
23:24:35.0635 4712 ============================================================
23:24:36.0150 4712 Initialize success
23:24:41.0492 3036 ============================================================
23:24:41.0492 3036 Scan started
23:24:41.0492 3036 Mode: Manual; SigCheck; TDLFS;
23:24:41.0492 3036 ============================================================
23:24:41.0835 3036 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
23:24:41.0876 3036 1394ohci - ok
23:24:41.0890 3036 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:24:41.0904 3036 ACPI - ok
23:24:41.0915 3036 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:24:41.0926 3036 AcpiPmi - ok
23:24:41.0980 3036 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:24:42.0003 3036 adp94xx - ok
23:24:42.0017 3036 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:24:42.0034 3036 adpahci - ok
23:24:42.0048 3036 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:24:42.0058 3036 adpu320 - ok
23:24:42.0100 3036 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
23:24:42.0114 3036 AFD - ok
23:24:42.0125 3036 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:24:42.0135 3036 agp440 - ok
23:24:42.0167 3036 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:24:42.0183 3036 aliide - ok
23:24:42.0197 3036 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:24:42.0214 3036 amdide - ok
23:24:42.0230 3036 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:24:42.0247 3036 AmdK8 - ok
23:24:42.0264 3036 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:24:42.0278 3036 AmdPPM - ok
23:24:42.0302 3036 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:24:42.0313 3036 amdsata - ok
23:24:42.0337 3036 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:24:42.0349 3036 amdsbs - ok
23:24:42.0364 3036 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:24:42.0374 3036 amdxata - ok
23:24:42.0391 3036 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:24:42.0417 3036 AppID - ok
23:24:42.0444 3036 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:24:42.0453 3036 arc - ok
23:24:42.0464 3036 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:24:42.0473 3036 arcsas - ok
23:24:42.0489 3036 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:24:42.0513 3036 AsyncMac - ok
23:24:42.0522 3036 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:24:42.0530 3036 atapi - ok
23:24:42.0549 3036 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:24:42.0562 3036 b06bdrv - ok
23:24:42.0574 3036 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:24:42.0587 3036 b57nd60a - ok
23:24:42.0603 3036 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:24:42.0624 3036 Beep - ok
23:24:42.0635 3036 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:24:42.0646 3036 blbdrive - ok
23:24:42.0666 3036 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:24:42.0677 3036 bowser - ok
23:24:42.0690 3036 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:24:42.0702 3036 BrFiltLo - ok
23:24:42.0711 3036 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:24:42.0722 3036 BrFiltUp - ok
23:24:42.0738 3036 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:24:42.0750 3036 Brserid - ok
23:24:42.0764 3036 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:24:42.0776 3036 BrSerWdm - ok
23:24:42.0792 3036 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:24:42.0804 3036 BrUsbMdm - ok
23:24:42.0811 3036 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:24:42.0822 3036 BrUsbSer - ok
23:24:42.0827 3036 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:24:42.0837 3036 BTHMODEM - ok
23:24:42.0857 3036 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:24:42.0887 3036 cdfs - ok
23:24:42.0897 3036 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:24:42.0917 3036 cdrom - ok
23:24:42.0927 3036 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:24:42.0937 3036 circlass - ok
23:24:42.0971 3036 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:24:42.0985 3036 CLFS - ok
23:24:43.0009 3036 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
23:24:43.0020 3036 CmBatt - ok
23:24:43.0033 3036 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:24:43.0041 3036 cmdide - ok
23:24:43.0061 3036 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
23:24:43.0078 3036 CNG - ok
23:24:43.0092 3036 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:24:43.0101 3036 Compbatt - ok
23:24:43.0112 3036 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:24:43.0124 3036 CompositeBus - ok
23:24:43.0127 3036 cpuz134 - ok
23:24:43.0144 3036 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:24:43.0152 3036 crcdisk - ok
23:24:43.0201 3036 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
23:24:43.0227 3036 CSC - ok
23:24:43.0267 3036 CtClsFlt (754f0c7dfa63eed14cc465e654a469d3) C:\Windows\system32\DRIVERS\CtClsFlt.sys
23:24:43.0284 3036 CtClsFlt - ok
23:24:43.0295 3036 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:24:43.0327 3036 DfsC - ok
23:24:43.0344 3036 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:24:43.0368 3036 discache - ok
23:24:43.0381 3036 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:24:43.0390 3036 Disk - ok
23:24:43.0412 3036 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
23:24:43.0423 3036 dmvsc - ok
23:24:43.0458 3036 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
23:24:43.0484 3036 Dot4 - ok
23:24:43.0498 3036 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:24:43.0512 3036 Dot4Print - ok
23:24:43.0608 3036 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
23:24:43.0633 3036 dot4usb - ok
23:24:43.0658 3036 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:24:43.0669 3036 drmkaud - ok
23:24:43.0688 3036 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:24:43.0711 3036 DXGKrnl - ok
23:24:43.0761 3036 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:24:43.0795 3036 ebdrv - ok
23:24:43.0821 3036 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:24:43.0835 3036 elxstor - ok
23:24:43.0849 3036 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:24:43.0859 3036 ErrDev - ok
23:24:43.0891 3036 esihdrv - ok
23:24:43.0910 3036 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:24:43.0949 3036 exfat - ok
23:24:43.0967 3036 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:24:43.0993 3036 fastfat - ok
23:24:44.0020 3036 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:24:44.0031 3036 fdc - ok
23:24:44.0050 3036 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:24:44.0060 3036 FileInfo - ok
23:24:44.0074 3036 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:24:44.0098 3036 Filetrace - ok
23:24:44.0105 3036 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:24:44.0116 3036 flpydisk - ok
23:24:44.0128 3036 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:24:44.0141 3036 FltMgr - ok
23:24:44.0156 3036 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:24:44.0165 3036 FsDepends - ok
23:24:44.0190 3036 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
23:24:44.0198 3036 fssfltr - ok
23:24:44.0215 3036 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:24:44.0224 3036 Fs_Rec - ok
23:24:44.0237 3036 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:24:44.0251 3036 fvevol - ok
23:24:44.0266 3036 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:24:44.0276 3036 gagp30kx - ok
23:24:44.0300 3036 gdrv - ok
23:24:44.0320 3036 gHidPnp (3dde7c6713d699bfd78227de882ce438) C:\Windows\system32\Drivers\gHidPnp.Sys
23:24:44.0331 3036 gHidPnp - ok
23:24:44.0340 3036 gMouUsb16 (c04fe50330830e77e519ba3f297b88c6) C:\Windows\system32\DRIVERS\gMouUsb16.sys
23:24:44.0350 3036 gMouUsb16 - ok
23:24:44.0359 3036 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:24:44.0369 3036 hcw85cir - ok
23:24:44.0390 3036 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:24:44.0405 3036 HdAudAddService - ok
23:24:44.0420 3036 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:24:44.0433 3036 HDAudBus - ok
23:24:44.0448 3036 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:24:44.0459 3036 HidBatt - ok
23:24:44.0471 3036 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:24:44.0484 3036 HidBth - ok
23:24:44.0500 3036 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:24:44.0512 3036 HidIr - ok
23:24:44.0526 3036 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:24:44.0536 3036 HidUsb - ok
23:24:44.0550 3036 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:24:44.0558 3036 HpSAMD - ok
23:24:44.0577 3036 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:24:44.0607 3036 HTTP - ok
23:24:44.0623 3036 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:24:44.0631 3036 hwpolicy - ok
23:24:44.0646 3036 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:24:44.0658 3036 i8042prt - ok
23:24:44.0685 3036 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:24:44.0711 3036 iaStorV - ok
23:24:44.0724 3036 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:24:44.0734 3036 iirsp - ok
23:24:44.0805 3036 IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys
23:24:44.0853 3036 IntcAzAudAddService - ok
23:24:44.0936 3036 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:24:44.0953 3036 intelide - ok
23:24:44.0967 3036 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:24:44.0984 3036 intelppm - ok
23:24:45.0002 3036 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:24:45.0029 3036 IpFilterDriver - ok
23:24:45.0043 3036 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:24:45.0055 3036 IPMIDRV - ok
23:24:45.0063 3036 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:24:45.0089 3036 IPNAT - ok
23:24:45.0104 3036 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:24:45.0117 3036 IRENUM - ok
23:24:45.0128 3036 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:24:45.0137 3036 isapnp - ok
23:24:45.0156 3036 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:24:45.0168 3036 iScsiPrt - ok
23:24:45.0174 3036 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:24:45.0184 3036 kbdclass - ok
23:24:45.0194 3036 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:24:45.0204 3036 kbdhid - ok
23:24:45.0224 3036 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
23:24:45.0234 3036 KSecDD - ok
23:24:45.0244 3036 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
23:24:45.0254 3036 KSecPkg - ok
23:24:45.0274 3036 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:24:45.0294 3036 ksthunk - ok
23:24:45.0325 3036 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:24:45.0349 3036 lltdio - ok
23:24:45.0367 3036 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:24:45.0376 3036 LSI_FC - ok
23:24:45.0387 3036 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:24:45.0396 3036 LSI_SAS - ok
23:24:45.0417 3036 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:24:45.0426 3036 LSI_SAS2 - ok
23:24:45.0438 3036 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:24:45.0448 3036 LSI_SCSI - ok
23:24:45.0455 3036 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:24:45.0481 3036 luafv - ok
23:24:45.0519 3036 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:24:45.0528 3036 megasas - ok
23:24:45.0543 3036 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:24:45.0555 3036 MegaSR - ok
23:24:45.0566 3036 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:24:45.0590 3036 Modem - ok
23:24:45.0603 3036 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:24:45.0615 3036 monitor - ok
23:24:45.0629 3036 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:24:45.0638 3036 mouclass - ok
23:24:45.0651 3036 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:24:45.0661 3036 mouhid - ok
23:24:45.0676 3036 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:24:45.0686 3036 mountmgr - ok
23:24:45.0709 3036 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
23:24:45.0721 3036 MpFilter - ok
23:24:45.0741 3036 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:24:45.0751 3036 mpio - ok
23:24:45.0766 3036 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
23:24:45.0774 3036 MpNWMon - ok
23:24:45.0791 3036 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:24:45.0816 3036 mpsdrv - ok
23:24:45.0829 3036 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:24:45.0843 3036 MRxDAV - ok
23:24:45.0862 3036 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:24:45.0874 3036 mrxsmb - ok
23:24:45.0896 3036 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:24:45.0909 3036 mrxsmb10 - ok
23:24:45.0917 3036 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:24:45.0928 3036 mrxsmb20 - ok
23:24:45.0945 3036 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
23:24:45.0954 3036 msahci - ok
23:24:45.0972 3036 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:24:45.0982 3036 msdsm - ok
23:24:45.0992 3036 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:24:46.0016 3036 Msfs - ok
23:24:46.0031 3036 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:24:46.0052 3036 mshidkmdf - ok
23:24:46.0064 3036 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:24:46.0072 3036 msisadrv - ok
23:24:46.0094 3036 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:24:46.0118 3036 MSKSSRV - ok
23:24:46.0141 3036 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:24:46.0162 3036 MSPCLOCK - ok
23:24:46.0173 3036 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:24:46.0193 3036 MSPQM - ok
23:24:46.0214 3036 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:24:46.0225 3036 MsRPC - ok
23:24:46.0238 3036 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:24:46.0248 3036 mssmbios - ok
23:24:46.0257 3036 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:24:46.0277 3036 MSTEE - ok
23:24:46.0293 3036 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:24:46.0304 3036 MTConfig - ok
23:24:46.0311 3036 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:24:46.0320 3036 Mup - ok
23:24:46.0351 3036 mv91cons (e53d9ab63917338d7ffe12e85310a636) C:\Windows\system32\DRIVERS\mv91cons.sys
23:24:46.0359 3036 mv91cons - ok
23:24:46.0383 3036 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:24:46.0399 3036 NativeWifiP - ok
23:24:46.0447 3036 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:24:46.0483 3036 NDIS - ok
23:24:46.0495 3036 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:24:46.0526 3036 NdisCap - ok
23:24:46.0537 3036 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:24:46.0560 3036 NdisTapi - ok
23:24:46.0568 3036 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:24:46.0591 3036 Ndisuio - ok
23:24:46.0602 3036 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:24:46.0627 3036 NdisWan - ok
23:24:46.0645 3036 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:24:46.0669 3036 NDProxy - ok
23:24:46.0700 3036 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:24:46.0737 3036 NetBIOS - ok
23:24:46.0754 3036 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:24:46.0780 3036 NetBT - ok
23:24:46.0806 3036 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:24:46.0815 3036 nfrd960 - ok
23:24:46.0833 3036 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:24:46.0842 3036 NisDrv - ok
23:24:46.0878 3036 nmwcd (903681bab213d5f84717c0fc42afb28a) C:\Windows\system32\drivers\ccdcmbx64.sys
23:24:46.0909 3036 nmwcd - ok
23:24:46.0916 3036 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:24:46.0944 3036 Npfs - ok
23:24:46.0955 3036 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:24:46.0979 3036 nsiproxy - ok
23:24:47.0025 3036 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:24:47.0051 3036 Ntfs - ok
23:24:47.0058 3036 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:24:47.0079 3036 Null - ok
23:24:47.0104 3036 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
23:24:47.0114 3036 nusb3hub - ok
23:24:47.0128 3036 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:24:47.0138 3036 nusb3xhc - ok
23:24:47.0164 3036 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
23:24:47.0174 3036 NVHDA - ok
23:24:47.0349 3036 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:24:47.0911 3036 nvlddmkm - ok
23:24:47.0932 3036 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:24:47.0942 3036 nvraid - ok
23:24:47.0960 3036 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:24:47.0970 3036 nvstor - ok
23:24:47.0989 3036 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:24:48.0000 3036 nv_agp - ok
23:24:48.0007 3036 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:24:48.0019 3036 ohci1394 - ok
23:24:48.0034 3036 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:24:48.0045 3036 Parport - ok
23:24:48.0060 3036 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:24:48.0070 3036 partmgr - ok
23:24:48.0163 3036 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
23:24:48.0176 3036 pavboot - ok
23:24:48.0197 3036 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:24:48.0212 3036 pci - ok
23:24:48.0220 3036 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:24:48.0232 3036 pciide - ok
23:24:48.0249 3036 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:24:48.0263 3036 pcmcia - ok
23:24:48.0276 3036 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:24:48.0287 3036 pcw - ok
23:24:48.0306 3036 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:24:48.0335 3036 PEAUTH - ok
23:24:48.0373 3036 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:24:48.0398 3036 PptpMiniport - ok
23:24:48.0405 3036 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:24:48.0415 3036 Processor - ok
23:24:48.0429 3036 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:24:48.0453 3036 Psched - ok
23:24:48.0479 3036 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:24:48.0501 3036 ql2300 - ok
23:24:48.0515 3036 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:24:48.0525 3036 ql40xx - ok
23:24:48.0540 3036 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:24:48.0554 3036 QWAVEdrv - ok
23:24:48.0564 3036 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:24:48.0587 3036 RasAcd - ok
23:24:48.0600 3036 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:24:48.0624 3036 RasAgileVpn - ok
23:24:48.0639 3036 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:24:48.0664 3036 Rasl2tp - ok
23:24:48.0674 3036 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:24:48.0698 3036 RasPppoe - ok
23:24:48.0705 3036 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:24:48.0729 3036 RasSstp - ok
23:24:48.0741 3036 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:24:48.0767 3036 rdbss - ok
23:24:48.0775 3036 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:24:48.0787 3036 rdpbus - ok
23:24:48.0795 3036 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:24:48.0815 3036 RDPCDD - ok
23:24:48.0843 3036 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
23:24:48.0855 3036 RDPDR - ok
23:24:48.0866 3036 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:24:48.0886 3036 RDPENCDD - ok
23:24:48.0894 3036 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:24:48.0914 3036 RDPREFMP - ok
23:24:48.0945 3036 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
23:24:48.0963 3036 RdpVideoMiniport - ok
23:24:48.0976 3036 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:24:49.0006 3036 RDPWD - ok
23:24:49.0023 3036 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:24:49.0034 3036 rdyboost - ok
23:24:49.0052 3036 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:24:49.0077 3036 rspndr - ok
23:24:49.0100 3036 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:24:49.0113 3036 RTL8167 - ok
23:24:49.0131 3036 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
23:24:49.0138 3036 s3cap - ok
23:24:49.0155 3036 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:24:49.0165 3036 sbp2port - ok
23:24:49.0182 3036 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:24:49.0206 3036 scfilter - ok
23:24:49.0225 3036 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:24:49.0249 3036 secdrv - ok
23:24:49.0259 3036 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:24:49.0270 3036 Serenum - ok
23:24:49.0278 3036 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:24:49.0288 3036 Serial - ok
23:24:49.0296 3036 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:24:49.0307 3036 sermouse - ok
23:24:49.0324 3036 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:24:49.0335 3036 sffdisk - ok
23:24:49.0348 3036 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:24:49.0360 3036 sffp_mmc - ok
23:24:49.0375 3036 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:24:49.0386 3036 sffp_sd - ok
23:24:49.0393 3036 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:24:49.0404 3036 sfloppy - ok
23:24:49.0424 3036 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:24:49.0433 3036 SiSRaid2 - ok
23:24:49.0446 3036 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:24:49.0455 3036 SiSRaid4 - ok
23:24:49.0474 3036 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:24:49.0499 3036 Smb - ok
23:24:49.0518 3036 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:24:49.0527 3036 spldr - ok
23:24:49.0558 3036 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:24:49.0572 3036 srv - ok
23:24:49.0589 3036 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:24:49.0603 3036 srv2 - ok
23:24:49.0615 3036 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:24:49.0628 3036 srvnet - ok
23:24:49.0658 3036 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:24:49.0667 3036 stexstor - ok
23:24:49.0684 3036 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
23:24:49.0694 3036 storflt - ok
23:24:49.0710 3036 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
23:24:49.0719 3036 storvsc - ok
23:24:49.0729 3036 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:24:49.0739 3036 swenum - ok
23:24:49.0752 3036 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
23:24:49.0763 3036 Synth3dVsc - ok
23:24:49.0802 3036 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
23:24:49.0829 3036 Tcpip - ok
23:24:49.0861 3036 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
23:24:49.0888 3036 TCPIP6 - ok
23:24:49.0901 3036 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:24:49.0924 3036 tcpipreg - ok
23:24:49.0941 3036 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:24:49.0965 3036 TDPIPE - ok
23:24:49.0975 3036 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:24:49.0999 3036 TDTCP - ok
23:24:50.0015 3036 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:24:50.0039 3036 tdx - ok
23:24:50.0047 3036 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
23:24:50.0057 3036 TermDD - ok
23:24:50.0069 3036 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
23:24:50.0079 3036 terminpt - ok
23:24:50.0096 3036 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:24:50.0120 3036 tssecsrv - ok
23:24:50.0136 3036 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:24:50.0147 3036 TsUsbFlt - ok
23:24:50.0162 3036 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:24:50.0172 3036 TsUsbGD - ok
23:24:50.0189 3036 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
23:24:50.0199 3036 tsusbhub - ok
23:24:50.0218 3036 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:24:50.0242 3036 tunnel - ok
23:24:50.0253 3036 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:24:50.0263 3036 uagp35 - ok
23:24:50.0277 3036 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:24:50.0302 3036 udfs - ok
23:24:50.0313 3036 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:24:50.0322 3036 uliagpkx - ok
23:24:50.0337 3036 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:24:50.0347 3036 umbus - ok
23:24:50.0354 3036 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:24:50.0364 3036 UmPass - ok
23:24:50.0395 3036 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:24:50.0410 3036 usbaudio - ok
23:24:50.0430 3036 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:24:50.0441 3036 usbccgp - ok
23:24:50.0449 3036 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:24:50.0462 3036 usbcir - ok
23:24:50.0470 3036 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:24:50.0479 3036 usbehci - ok
23:24:50.0492 3036 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:24:50.0505 3036 usbhub - ok
23:24:50.0520 3036 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:24:50.0530 3036 usbohci - ok
23:24:50.0555 3036 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:24:50.0566 3036 usbprint - ok
23:24:50.0592 3036 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:24:50.0613 3036 usbscan - ok
23:24:50.0632 3036 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
23:24:50.0648 3036 USBSTOR - ok
23:24:50.0662 3036 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:24:50.0675 3036 usbuhci - ok
23:24:50.0689 3036 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
23:24:50.0704 3036 usbvideo - ok
23:24:50.0724 3036 V0680Vid (17c582457453e7cd625f4ebb8aa21b09) C:\Windows\system32\DRIVERS\V0680Vid.sys
23:24:50.0738 3036 V0680Vid - ok
23:24:50.0751 3036 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:24:50.0760 3036 vdrvroot - ok
23:24:50.0774 3036 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:24:50.0785 3036 vga - ok
23:24:50.0799 3036 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:24:50.0823 3036 VgaSave - ok
23:24:50.0829 3036 VGPU - ok
23:24:50.0843 3036 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:24:50.0855 3036 vhdmp - ok
23:24:50.0872 3036 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:24:50.0880 3036 viaide - ok
23:24:50.0904 3036 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
23:24:50.0916 3036 vmbus - ok
23:24:50.0928 3036 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
23:24:50.0938 3036 VMBusHID - ok
23:24:50.0952 3036 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:24:50.0962 3036 volmgr - ok
23:24:50.0981 3036 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:24:50.0993 3036 volmgrx - ok
23:24:51.0009 3036 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:24:51.0021 3036 volsnap - ok
23:24:51.0051 3036 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:24:51.0061 3036 vsmraid - ok
23:24:51.0074 3036 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:24:51.0086 3036 vwifibus - ok
23:24:51.0095 3036 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:24:51.0106 3036 WacomPen - ok
23:24:51.0118 3036 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:24:51.0142 3036 WANARP - ok
23:24:51.0145 3036 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:24:51.0170 3036 Wanarpv6 - ok
23:24:51.0198 3036 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:24:51.0206 3036 Wd - ok
23:24:51.0228 3036 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:24:51.0243 3036 Wdf01000 - ok
23:24:51.0258 3036 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:24:51.0282 3036 WfpLwf - ok
23:24:51.0298 3036 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:24:51.0307 3036 WIMMount - ok
23:24:51.0338 3036 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:24:51.0350 3036 WinUsb - ok
23:24:51.0385 3036 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:24:51.0395 3036 WmiAcpi - ok
23:24:51.0414 3036 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:24:51.0437 3036 ws2ifsl - ok
23:24:51.0460 3036 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:24:51.0484 3036 WudfPf - ok
23:24:51.0499 3036 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:24:51.0523 3036 WUDFRd - ok
23:24:51.0554 3036 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:24:51.0619 3036 \Device\Harddisk0\DR0 - ok
23:24:51.0622 3036 Boot (0x1200) (d1b3cfc6a65aded5cd27f3dc99fc9fcb) \Device\Harddisk0\DR0\Partition0
23:24:51.0623 3036 \Device\Harddisk0\DR0\Partition0 - ok
23:24:51.0644 3036 Boot (0x1200) (5adb2464e19d2728b6d048a43934a73c) \Device\Harddisk0\DR0\Partition1
23:24:51.0645 3036 \Device\Harddisk0\DR0\Partition1 - ok
23:24:51.0645 3036 ============================================================
23:24:51.0645 3036 Scan finished
23:24:51.0645 3036 ============================================================
23:24:51.0652 3300 Detected object count: 0
23:24:51.0652 3300 Actual detected object count: 0

[vyosek]

kaspersky vydava aktualizaci tusim co druhy den

Nevím, jak je to teď, ale bývaly doby, kdy se TDL aktualizoval každou chvíli. Každých pár hodin vycházel ve zmutované podobě, aby unikl signaturám v databázích antivirů. A často přinášel vylepšení v podobě anti-anti technologií.

jinak tak je to preci skoro vzdy, nekdo vytvro havet a pak se dela anti (lecidlo)

Sehnat dneska zavadec TDL rootkita neni problem, i toho v4 neni problem - pokud vrtule chces, dam ti muj login na jedno hezke forum

[Vrtule]

Vyosek: Jaké to je fórum?

K samplům mám myslím přístup dostatečný vzhledem k hodnosti Confirmed User na fóru kernelmode.info. Ale dík za nabídku.

[vyosek]

K samplům mám myslím přístup dostatečný vzhledem k hodnosti Confirmed User na fóru kernelmode.info. Ale dík za nabídku.

To ses na tom lepe nez ja, tohle jsem myslel

[vyosek]

Z tematu odstranen post uzivatele milek a zalozeno nove tema zde http://viry.cz/forum/viewtopic.php?f=13&t=116654 - je to pro prehlednost, thx za pochopeni

[michal.kolesa]

Můžete se prosím podívat i na můj comp, děkuji moc, poprř. mi prosím poraďte který řádek je ten NEJ duležitější

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-02 14:03:13
-----------------------------
14:03:13.171 OS Version: Windows x64 6.1.7601 Service Pack 1
14:03:13.171 Number of processors: 8 586 0x2A07
14:03:13.172 ComputerName: KOLESOVISTOLNI UserName: MichalKolesa
14:03:17.600 Initialize success
14:04:51.114 AVAST engine defs: 11110200
14:04:59.837 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:04:59.839 Disk 0 Vendor: WDC_WD2002FAEX-007BA0 05.01D05 Size: 1907729MB BusType: 3
14:04:59.850 Disk 0 MBR read successfully
14:04:59.851 Disk 0 MBR scan
14:04:59.902 Disk 0 Windows 7 default MBR code
14:04:59.903 Service scanning
14:05:00.266 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
14:05:00.818 Modules scanning
14:05:00.821 Disk 0 trace - called modules:
14:05:00.826 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:05:00.829 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d886790]
14:05:00.832 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d5f3060]
14:05:05.494 AVAST engine scan C:\Windows
14:05:11.107 AVAST engine scan C:\Windows\system32
14:06:17.713 AVAST engine scan C:\Windows\system32\drivers
14:06:29.642 AVAST engine scan C:\Users\MichalKolesa
14:09:18.664 AVAST engine scan C:\ProgramData
14:11:11.270 Scan finished successfully
14:12:21.607 Disk 0 MBR has been saved successfully to "C:\Users\MichalKolesa\Documents\MBR.dat"
14:12:21.638 The log file has been saved successfully to "C:\Users\MichalKolesa\Documents\aswMBR.txt"

[vyosek]

Log je OK, defakto cely log je dulezity, ne jen nejaky radek - pouze jako celek dava informaci ci je mbr sektor OK ci ne...

[michal.kolesa]

Tak projel jsem to ComboFixem, ale z LOGu nevidím co se děje

ComboFix 11-11-02.01 - MichalKolesa 02.11.2011 16:03:14.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.16367.14118 [GMT 1:00]
Spuštěný z: c:\users\MichalKolesa\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-02 do 2011-11-02 )))))))))))))))))))))))))))))))
.
.
2011-11-02 15:08 . 2011-11-02 15:08 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58367D20-882F-4783-BC2A-16BB2A98A0EA}\offreg.dll
2011-11-02 15:06 . 2011-11-02 15:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-02 07:47 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58367D20-882F-4783-BC2A-16BB2A98A0EA}\mpengine.dll
2011-11-01 19:23 . 2011-11-01 19:23 42672 ----a-w- c:\windows\SysWow64\drivers\fsbts.sys
2011-11-01 19:04 . 2011-11-01 19:04 -------- d-----w- c:\programdata\boost_interprocess
2011-11-01 17:35 . 2011-11-01 17:35 -------- d-----w- c:\users\MichalKolesa\AppData\Roaming\QuickScan
2011-11-01 17:30 . 2011-11-01 17:30 -------- d-----w- c:\programdata\McAfee Security Scan
2011-11-01 17:30 . 2011-11-01 17:30 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2011-11-01 17:30 . 2011-11-01 17:30 -------- d-----w- c:\programdata\McAfee
2011-10-31 15:00 . 2011-10-31 15:00 -------- d-----w- c:\program files (x86)\CDBurnerXP
2011-10-30 17:32 . 2011-10-30 17:32 -------- d-----w- c:\users\MichalKolesa\AppData\Roaming\KillSwitch 2
2011-10-30 13:06 . 2011-10-30 13:06 -------- d-----w- c:\users\MichalKolesa\AppData\Roaming\f-secure
2011-10-30 13:06 . 2011-10-30 13:06 -------- d-----w- c:\programdata\F-Secure
2011-10-30 13:01 . 2009-06-30 09:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys
2011-10-30 13:01 . 2011-10-30 13:01 -------- d-----w- c:\program files (x86)\Panda Security
2011-10-25 13:13 . 2011-10-25 13:13 -------- d-----w- c:\users\UpdatusUser
2011-10-25 13:13 . 2011-11-02 15:08 -------- d-----w- c:\programdata\NVIDIA
2011-10-25 13:13 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-25 13:13 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-25 13:13 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-25 13:13 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-25 13:13 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-10-25 13:13 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-25 13:13 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-25 13:13 . 2011-10-25 13:13 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-10-25 13:09 . 2011-10-25 13:09 -------- d-----w- C:\NVIDIA
2011-10-23 15:41 . 2011-10-23 15:41 -------- d-----w- c:\users\AlenaKolesova\AppData\Local\Electronic_Arts_Inc
2011-10-23 14:21 . 2011-10-29 07:26 -------- d-----w- c:\users\AlenaKolesova\AppData\Roaming\Skype
2011-10-21 22:26 . 2011-10-21 22:26 -------- d-----w- c:\users\MichalKolesa\AppData\Roaming\Need for Speed World
2011-10-21 22:02 . 2011-10-21 22:02 -------- d-----w- c:\users\MichalKolesa\.thumbnails
2011-10-21 22:02 . 2011-10-21 22:02 -------- d-----w- c:\program files\Blender Foundation
2011-10-21 21:18 . 2011-10-21 21:18 -------- d-----w- c:\users\MichalKolesa\AppData\Local\Electronic_Arts_Inc
2011-10-21 21:17 . 2011-10-30 18:10 -------- d-----w- c:\program files (x86)\Common Files\Akamai
2011-10-21 21:17 . 2011-10-21 21:17 -------- d-----w- c:\programdata\Electronic Arts
2011-10-21 21:17 . 2011-10-21 21:17 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-10-20 08:52 . 2011-10-20 08:52 -------- d-----w- c:\program files\Java
2011-10-18 17:10 . 2011-10-18 17:10 -------- d-----w- c:\program files\Speccy
2011-10-14 22:54 . 2011-10-14 22:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-11 18:07 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-11 18:07 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-11 18:07 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-11 18:07 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-11 18:07 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-11 18:07 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-11 18:07 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-11 18:07 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-11 18:07 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-11 08:08 . 2011-10-11 08:08 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70DD812D-8591-44E3-B265-D9C6E27EE076}\gapaengine.dll
2011-10-06 19:33 . 2011-10-06 19:33 -------- d-----w- c:\program files (x86)\Aquadelic
2011-10-05 15:56 . 2011-10-05 15:56 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-20 08:52 . 2011-08-08 21:33 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-07 04:16 . 2011-06-18 09:13 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-05 15:57 . 2011-09-24 18:55 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-15 08:00 . 2011-06-17 20:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-31 17:12 . 2011-07-14 16:23 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-23 19:57 . 2011-09-21 18:07 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-08-23 19:57 . 2011-09-21 18:07 565352 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-08-23 19:57 . 2011-09-21 18:07 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" [2009-11-16 240992]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ClamWin"="c:\program files (x86)\ClamWin\bin\ClamTray.exe" [2011-10-23 86016]
"Live! Central 3"="c:\program files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" [2011-04-08 503955]
"V0680Mon.exe"="c:\windows\V0680Mon.exe" [2011-07-27 28672]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.229\SSScheduler.exe [2011-9-20 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 cpuz134;cpuz134;e:\servis\info\pcwizard\pcwiz_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 esihdrv;esihdrv;c:\users\MICHAL~1\AppData\Local\Temp\esihdrv.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.229\McCHSvc.exe [2011-09-20 237008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [2010-03-11 16384]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2010-11-24 130000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [x]
S3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb16.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 V0680Vid;Creative Live! Cam Socialize HD 1080 Driver;c:\windows\system32\DRIVERS\V0680Vid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-307678904-601986023-3308821423-1000Core.job
- c:\users\MichalKolesa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 20:51]
.
2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-307678904-601986023-3308821423-1000UA.job
- c:\users\MichalKolesa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 20:51]
.
2011-10-29 c:\windows\Tasks\Norton Security Scan for MichalKolesa.job
- c:\progra~2\NORTON~2\Engine\311~1.6\Nss.exe [2011-06-20 09:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\MichalKolesa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\MichalKolesa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 10.0.0.2
FF - ProfilePath - c:\users\MichalKolesa\AppData\Roaming\Mozilla\Firefox\Profiles\yvqnkulg.default\
.
.
------- Asociace souborů -------
.
txtfile="c:\program files (x86)\PSPad editor\PSPad.exe" "%1"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_807ba95.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_807ba95.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\windows\MHotKey.exe
c:\windows\ChiFuncExt.exe
.
**************************************************************************
.
Celkový čas: 2011-11-02 16:10:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-02 15:10
.
Před spuštěním: Volných bajtů: 1 935 892 779 008
Po spuštění: Volných bajtů: 1 935 663 140 864
.
- - End Of File - - 1DA5FAB74D28B5AEA778D6F35BC018A1

[T72]

Panebože máš ho TAM!!!

[Pavuk29]

Panebože máš ho TAM!!!

Ty co tu strasis ludi

[meteorolog]

tanky jsou na strašení

[cernohous13]

Panebože máš ho TAM!!!

to by snad měl poznat sám - partnerka si možná všimla pozdě

[Pavuk29]

Dako sa to tu zvrhava