pro vyosek

Zpráva

fraha · #1 Příspěvek od **fraha** » 22 led 2012 17:00

Mám nasledujúci problém na kamaratkinom NTB:

ESET hlási: WIN32/Olmarik
Keď spustím akýkoľvek prehliadač ( IE, CHROME, Mozila ) hneď vypíše chybu prehliadača.
Nenainštalujú sa aktualizácie na VISTA HP.
Nedá sa pripojiť na Internet, ale aplikácie, ktoré sa aktualizujú z netu sa zaktualizujú. (ESET,Aktualizácie vista - nedovolí naištalovať )

Prosím čo s tým?

#2 Příspěvek od **vyosek** » 22 led 2012 17:18

Zdravim

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.

Utilitu spustte a prikazte ji, at skenuje - klik na Scan
Po dokonceni skenu kliknutim na Save log ulozte log aswMBR na plochu
Obsah logu aswMBR mi sem vlozte

fraha · #3 Příspěvek od **fraha** » 22 led 2012 17:25

Vkladam:

Kód: Vybrat vše

MBRScan v1.0.6

OS             : Windows Vista Service Pack 2 (32 bit)
PROCESSOR      : x86 Family 6 Model 15 Stepping 13, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/01/22 (ISO 8601) at 17:23:48
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST932032 0AS (SD56)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR3 __Kingston DataTraveler 2.0 (PMAP)
BUS_TYPE       : (0x07)  USB
USE_PIO        : NO
MAX_TRANSFER   : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________

Device\Harddisk0\DR0	298.1 Go  [Fixed] ==> Vista MBR Code.. ==> PARTITION TABLE FAKED !!

MBR_MD5   : 805247666D3FA8EC7F6713647BF94CDD
MBR_SHA1  : 3B934934E099B64295AAA404ECEF9DFF0D1AD51F

Device\Harddisk0\Partition1	1.46 Go  	0x27 RE Hidden partition 
Device\Harddisk0\Partition2	148.9 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition3	147.7 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

Device\Harddisk1\DR3	1.86 Go  [Removable] ==> Unknown MBR Code

MBR_MD5   : CDAAE7BD2A7CA7F7F35B455389FAC3E2
MBR_SHA1  : 8500DCC74AC8D73DB7DC4EE3FB6254A1BCD61F60

Device\Harddisk1\Partition1	1.86 Go  	0x0B FAT32 [CHS] 
________________________________________________________________________________


_____FAKED   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.Ð¼.|.À.Ø¾.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 10 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1E FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 0F 85 0C 00 80 7E 00 80 0F 84 8A 00 B2 80   N......~......².
0x000000B0   EB 82 55 32 E4 8A 56 00 CD 13 5D EB 9C 81 3E FE   ë.U2ä.V.Í.]ë..>þ
0x000000C0   7D 55 AA 75 6E FF 76 00 E8 8A 00 0F 85 15 00 B0   }Uªun.v.è......°
0x000000D0   D1 E6 64 E8 7F 00 B0 DF E6 60 E8 78 00 B0 FF E6   Ñædè..°ßæ`èx.°.æ
0x000000E0   64 E8 71 00 B8 00 BB CD 1A 66 23 C0 75 3B 66 81   dèq.¸.»Í.f#Àu;f.
0x000000F0   FB 54 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07   ûTCPAu2.ù..r,fh.
0x00000100   BB 00 00 66 68 00 02 00 00 66 68 08 00 00 00 66   »..fh....fh....f
0x00000110   53 66 53 66 55 66 68 00 00 00 00 66 68 00 7C 00   SfSfUfh....fh.|.
0x00000120   00 66 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00   .fah...Í.Z2öê.|.
0x00000130   00 CD 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07   .Í..·.ë..¶.ë..µ.
0x00000140   32 E4 05 00 07 8B F0 AC 3C 00 74 FC BB 07 00 B4   2ä....ð¬<.tü»..´
0x00000150   0E CD 10 EB F2 2B C9 E4 64 EB 00 24 02 E0 F8 24   .Í.ëò+Éädë.$.àø$
0x00000160   02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 74   .ÃInvalid partit
0x00000170   69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 20   ion table.Error 
0x00000180   6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E   loading operatin
0x00000190   67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E 67   g system.Missing
0x000001A0   20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65    operating syste
0x000001B0   6D 00 00 00 00 62 7A 99 CB 84 28 1C 00 00 00 20   m....bz.Ë.(.... 
0x000001C0   21 00 27 59 1A BF 00 08 00 00 00 E0 2E 00 00 59   !.'Y.¿.....à...Y
0x000001D0   1B BF 07 FE FF FF 00 E8 2E 00 00 78 9C 12 00 FE   .¿.þ...è...x...þ
0x000001E0   FF FF 07 FE FF FF 00 60 CB 12 B0 82 77 12 80 FE   ...þ...`Ë.°.w..þ
0x000001F0   FF FF 17 FE FF FF B0 E2 42 25 F0 07 00 00 55 AA   ...þ..°âB%ð...Uª

__ORIGINAL   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.Ð¼.|.À.Ø¾.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 10 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1E FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 0F 85 0C 00 80 7E 00 80 0F 84 8A 00 B2 80   N......~......².
0x000000B0   EB 82 55 32 E4 8A 56 00 CD 13 5D EB 9C 81 3E FE   ë.U2ä.V.Í.]ë..>þ
0x000000C0   7D 55 AA 75 6E FF 76 00 E8 8A 00 0F 85 15 00 B0   }Uªun.v.è......°
0x000000D0   D1 E6 64 E8 7F 00 B0 DF E6 60 E8 78 00 B0 FF E6   Ñædè..°ßæ`èx.°.æ
0x000000E0   64 E8 71 00 B8 00 BB CD 1A 66 23 C0 75 3B 66 81   dèq.¸.»Í.f#Àu;f.
0x000000F0   FB 54 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07   ûTCPAu2.ù..r,fh.
0x00000100   BB 00 00 66 68 00 02 00 00 66 68 08 00 00 00 66   »..fh....fh....f
0x00000110   53 66 53 66 55 66 68 00 00 00 00 66 68 00 7C 00   SfSfUfh....fh.|.
0x00000120   00 66 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00   .fah...Í.Z2öê.|.
0x00000130   00 CD 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07   .Í..·.ë..¶.ë..µ.
0x00000140   32 E4 05 00 07 8B F0 AC 3C 00 74 FC BB 07 00 B4   2ä....ð¬<.tü»..´
0x00000150   0E CD 10 EB F2 2B C9 E4 64 EB 00 24 02 E0 F8 24   .Í.ëò+Éädë.$.àø$
0x00000160   02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 74   .ÃInvalid partit
0x00000170   69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 20   ion table.Error 
0x00000180   6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E   loading operatin
0x00000190   67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E 67   g system.Missing
0x000001A0   20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65    operating syste
0x000001B0   6D 00 00 00 00 62 7A 99 CB 84 28 1C 00 00 00 20   m....bz.Ë.(.... 
0x000001C0   21 00 27 59 1A BF 00 08 00 00 00 E0 2E 00 80 59   !.'Y.¿.....à...Y
0x000001D0   1B BF 07 FE FF FF 00 E8 2E 00 00 78 9C 12 00 FE   .¿.þ...è...x...þ
0x000001E0   FF FF 07 FE FF FF 00 60 CB 12 B0 82 77 12 00 00   ...þ...`Ë.°.w...
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

_______MBR   \Device\Harddisk1\DR3  

0x00000000   FA BE 00 7C BF 00 7A B9 00 01 FC 0E 1F 0E 07 F3   ú¾.|¿.z¹..ü....ó
0x00000010   A5 EA 16 7A 00 00 BB BE 7B 33 C9 80 3F 80 75 06   ¥ê.z..»¾{3É.?.u.
0x00000020   FE C5 8B F3 EB 07 80 3F 00 75 02 FE C1 83 C3 10   þÅ.óë..?.u.þÁ.Ã.
0x00000030   81 FB FE 7B 72 E5 83 F9 04 74 0B 81 F9 03 01 74   .ûþ{rå.ù.t..ù..t
0x00000040   0A BB A5 7A EB 2C BB 87 7A EB 27 8B 4C 02 8B 14   .»¥zë,».zë'.L...
0x00000050   B8 01 02 BB 00 7C CD 13 73 05 BB BC 7A EB 13 2E   ¸..».|Í.s.»¼zë..
0x00000060   A1 FE 7D 3D 55 AA 74 05 BB BC 7A EB 05 EA 00 7C   ¡þ}=Uªt.»¼zë.ê.|
0x00000070   00 00 2E 8A 07 3C 00 74 0C 53 BB 07 00 B4 0E CD   .....<.t.S»..´.Í
0x00000080   10 5B 43 EB ED EB FE 4E 6F 20 62 6F 6F 74 61 62   .[CëíëþNo bootab
0x00000090   6C 65 20 70 61 72 74 69 74 6F 6E 20 69 6E 20 74   le partiton in t
0x000000A0   61 62 6C 65 00 49 6E 76 61 6C 69 64 20 50 61 72   able.Invalid Par
0x000000B0   74 69 74 6F 6E 20 74 61 62 6C 65 00 49 6E 76 61   titon table.Inva
0x000000C0   6C 69 64 20 6F 72 20 64 61 6D 61 67 65 64 20 42   lid or damaged B
0x000000D0   6F 6F 74 61 62 6C 65 20 70 61 72 74 69 74 69 6F   ootable partitio
0x000000E0   6E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   n...............
0x000000F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01   ................
0x000001C0   01 00 0B 0F 60 C7 20 00 00 00 E0 8F 3B 00 00 00   ....`Ç ...à.;...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

fraha · #4 Příspěvek od **fraha** » 22 led 2012 17:34

nainštaloval som aswMBR a spustil SCAN, vyhodilo mi, že mám stiahnuť vírusovú databázu AVAST, tak som dal sťahovať.
Po ukončení budem informovať.

Mimochodom: ESET a MBAM so jej nainštaloval včera v naivnej viere, že problém vyriešim.
Po vyriešení idú obe aplikácie von a nahodím jej AVAST Free.

#5 Příspěvek od **vyosek** » 22 led 2012 17:53

ESET odinstalujte zrovna, nebo se bude prat s Avastem

Mate tam peknou mrchu, dam konzultaci s kolegy

Zkuste udelat sken pomoci toho aswMBR, jestli pujde a havet jej nebude blokovat

fraha · #6 Příspěvek od **fraha** » 22 led 2012 18:12

ESET som odinštaloval, môžem reštartovať PC?

#7 Příspěvek od **vyosek** » 22 led 2012 18:16

Ano, muzete restartovat

Pak udelejte aswMBR a TDSSKiller - navod nize

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

fraha · #8 Příspěvek od **fraha** » 22 led 2012 18:29

po spustení aswMBR:
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-22 17:28:22
-----------------------------
17:28:22.451 OS Version: Windows 6.0.6002 Service Pack 2
17:28:22.451 Number of processors: 2 586 0xF0D
17:28:22.453 ComputerName: SIMON-PC UserName: Simon
17:28:23.365 Initialze error C000010E - driver not loaded
18:07:32.638 AVAST engine defs: 12012200
18:07:48.872 Scan error: Nesprávna funkcia.
18:08:27.638 The log file has been saved successfully to "C:\Users\Simon\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-22 18:24:55
-----------------------------
18:24:55.035 OS Version: Windows 6.0.6002 Service Pack 2
18:24:55.035 Number of processors: 2 586 0xF0D
18:24:55.035 ComputerName: SIMON-PC UserName: Simon
18:25:33.239 Initialze error 0 - driver not loaded
18:25:42.194 AVAST engine defs: 12012200
18:25:56.842 Scan error: Nesprávna funkcia.
18:26:24.563 The log file has been saved successfully to "C:\Users\Simon\Desktop\aswMBR.txt"

Idem inštalovať a spustiť TDSSKiller

fraha · #9 Příspěvek od **fraha** » 22 led 2012 18:32

hlaska s TDSSKiller:

18:29:23.0017 0356 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
18:29:23.0336 0356 ============================================================
18:29:23.0336 0356 Current date / time: 2012/01/22 18:29:23.0336
18:29:23.0336 0356 SystemInfo:
18:29:23.0336 0356
18:29:23.0337 0356 OS Version: 6.0.6002 ServicePack: 2.0
18:29:23.0337 0356 Product type: Workstation
18:29:23.0337 0356 ComputerName: SIMON-PC
18:29:23.0337 0356 UserName: Simon
18:29:23.0337 0356 Windows directory: C:\Windows
18:29:23.0337 0356 System windows directory: C:\Windows
18:29:23.0337 0356 Processor architecture: Intel x86
18:29:23.0337 0356 Number of processors: 2
18:29:23.0337 0356 Page size: 0x1000
18:29:23.0337 0356 Boot type: Normal boot
18:29:23.0337 0356 ============================================================
18:29:23.0895 0356 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:29:24.0104 0356 Initialize success
18:29:47.0711 2752 ============================================================
18:29:47.0711 2752 Scan started
18:29:47.0711 2752 Mode: Manual; SigCheck; TDLFS;
18:29:47.0711 2752 ============================================================
18:29:48.0503 2752 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:29:48.0616 2752 ACPI - ok
18:29:48.0737 2752 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:29:48.0762 2752 adp94xx - ok
18:29:48.0811 2752 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:29:48.0829 2752 adpahci - ok
18:29:48.0863 2752 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:29:48.0877 2752 adpu160m - ok
18:29:48.0926 2752 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:29:48.0940 2752 adpu320 - ok
18:29:49.0022 2752 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:29:49.0092 2752 AFD - ok
18:29:49.0267 2752 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
18:29:49.0353 2752 AgereSoftModem - ok
18:29:49.0498 2752 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:29:49.0509 2752 agp440 - ok
18:29:49.0559 2752 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:29:49.0573 2752 aic78xx - ok
18:29:49.0633 2752 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:29:49.0644 2752 aliide - ok
18:29:49.0674 2752 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:29:49.0689 2752 amdagp - ok
18:29:49.0715 2752 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:29:49.0726 2752 amdide - ok
18:29:49.0788 2752 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:29:49.0827 2752 AmdK7 - ok
18:29:49.0869 2752 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:29:49.0915 2752 AmdK8 - ok
18:29:50.0078 2752 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:29:50.0091 2752 arc - ok
18:29:50.0174 2752 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:29:50.0186 2752 arcsas - ok
18:29:50.0253 2752 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:29:50.0297 2752 AsyncMac - ok
18:29:50.0345 2752 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:29:50.0361 2752 atapi - ok
18:29:50.0485 2752 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
18:29:50.0607 2752 athr - ok
18:29:50.0765 2752 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:29:50.0802 2752 Beep - ok
18:29:50.0950 2752 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:29:50.0987 2752 blbdrive - ok
18:29:51.0027 2752 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:29:51.0081 2752 bowser - ok
18:29:51.0277 2752 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:29:51.0326 2752 BrFiltLo - ok
18:29:51.0470 2752 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:29:51.0508 2752 BrFiltUp - ok
18:29:51.0651 2752 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:29:51.0810 2752 Brserid - ok
18:29:51.0999 2752 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:29:52.0062 2752 BrSerWdm - ok
18:29:52.0108 2752 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:29:52.0161 2752 BrUsbMdm - ok
18:29:52.0202 2752 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:29:52.0258 2752 BrUsbSer - ok
18:29:52.0373 2752 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:29:52.0432 2752 BTHMODEM - ok
18:29:52.0527 2752 catchme - ok
18:29:52.0697 2752 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:29:52.0739 2752 cdfs - ok
18:29:52.0857 2752 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:29:52.0905 2752 cdrom - ok
18:29:52.0985 2752 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:29:53.0023 2752 circlass - ok
18:29:53.0061 2752 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:29:53.0129 2752 CLFS - ok
18:29:53.0255 2752 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:29:53.0286 2752 CmBatt - ok
18:29:53.0320 2752 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:29:53.0331 2752 cmdide - ok
18:29:53.0369 2752 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:29:53.0388 2752 Compbatt - ok
18:29:53.0550 2752 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:29:53.0563 2752 crcdisk - ok
18:29:53.0600 2752 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:29:53.0636 2752 Crusoe - ok
18:29:53.0790 2752 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:29:53.0842 2752 DfsC - ok
18:29:54.0022 2752 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:29:54.0034 2752 disk - ok
18:29:54.0201 2752 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:29:54.0242 2752 drmkaud - ok
18:29:54.0426 2752 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:29:54.0452 2752 DXGKrnl - ok
18:29:54.0526 2752 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:29:54.0564 2752 E1G60 - ok
18:29:54.0737 2752 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:29:54.0755 2752 Ecache - ok
18:29:54.0896 2752 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:29:54.0919 2752 elxstor - ok
18:29:55.0015 2752 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:29:55.0048 2752 ErrDev - ok
18:29:55.0206 2752 ewusbnet (6150c602fc0aad1177e1adc4bad0aafd) C:\Windows\system32\DRIVERS\ewusbnet.sys
18:29:55.0237 2752 ewusbnet - ok
18:29:55.0289 2752 ew_hwusbdev - ok
18:29:55.0367 2752 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:29:55.0423 2752 exfat - ok
18:29:55.0547 2752 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:29:55.0608 2752 fastfat - ok
18:29:55.0870 2752 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:29:55.0915 2752 fdc - ok
18:29:55.0965 2752 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:29:55.0977 2752 FileInfo - ok
18:29:56.0021 2752 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:29:56.0060 2752 Filetrace - ok
18:29:56.0099 2752 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:29:56.0151 2752 flpydisk - ok
18:29:56.0269 2752 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:29:56.0285 2752 FltMgr - ok
18:29:56.0447 2752 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:29:56.0467 2752 Fs_Rec - ok
18:29:56.0526 2752 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
18:29:56.0552 2752 FwLnk - ok
18:29:56.0596 2752 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:29:56.0609 2752 gagp30kx - ok
18:29:56.0727 2752 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:29:56.0790 2752 HdAudAddService - ok
18:29:56.0865 2752 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:29:56.0900 2752 HDAudBus - ok
18:29:56.0954 2752 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:29:57.0009 2752 HidBth - ok
18:29:57.0042 2752 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:29:57.0104 2752 HidIr - ok
18:29:57.0183 2752 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:29:57.0221 2752 HidUsb - ok
18:29:57.0318 2752 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:29:57.0330 2752 HpCISSs - ok
18:29:57.0371 2752 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:29:57.0474 2752 HTTP - ok
18:29:57.0568 2752 huawei_enumerator - ok
18:29:57.0647 2752 hwdatacard (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:29:57.0677 2752 hwdatacard - ok
18:29:57.0724 2752 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:29:57.0738 2752 i2omp - ok
18:29:57.0859 2752 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:29:57.0891 2752 i8042prt - ok
18:29:57.0950 2752 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
18:29:57.0985 2752 iaStor - ok
18:29:58.0081 2752 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:29:58.0098 2752 iaStorV - ok
18:29:58.0278 2752 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:29:58.0433 2752 igfx - ok
18:29:58.0543 2752 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:29:58.0559 2752 iirsp - ok
18:29:58.0677 2752 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
18:29:58.0769 2752 IntcAzAudAddService - ok
18:29:58.0885 2752 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:29:58.0896 2752 intelide - ok
18:29:58.0929 2752 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:29:58.0960 2752 intelppm - ok
18:29:59.0054 2752 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:29:59.0097 2752 IpFilterDriver - ok
18:29:59.0138 2752 IpInIp - ok
18:29:59.0211 2752 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:29:59.0238 2752 IPMIDRV - ok
18:29:59.0275 2752 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:29:59.0301 2752 IPNAT - ok
18:29:59.0334 2752 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:29:59.0377 2752 IRENUM - ok
18:29:59.0406 2752 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:29:59.0417 2752 isapnp - ok
18:29:59.0501 2752 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:29:59.0520 2752 iScsiPrt - ok
18:29:59.0556 2752 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:29:59.0567 2752 iteatapi - ok
18:29:59.0591 2752 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:29:59.0602 2752 iteraid - ok
18:29:59.0685 2752 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
18:29:59.0720 2752 jswpslwf - ok
18:29:59.0798 2752 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:29:59.0810 2752 kbdclass - ok
18:29:59.0839 2752 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
18:29:59.0873 2752 kbdhid - ok
18:29:59.0919 2752 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:29:59.0947 2752 KSecDD - ok
18:30:00.0016 2752 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:30:00.0054 2752 lltdio - ok
18:30:00.0093 2752 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:30:00.0106 2752 LSI_FC - ok
18:30:00.0127 2752 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:30:00.0141 2752 LSI_SAS - ok
18:30:00.0180 2752 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:30:00.0195 2752 LSI_SCSI - ok
18:30:00.0221 2752 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:30:00.0266 2752 luafv - ok
18:30:00.0491 2752 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:30:00.0504 2752 MBAMProtector - ok
18:30:00.0738 2752 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:30:00.0755 2752 megasas - ok
18:30:00.0822 2752 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:30:00.0846 2752 MegaSR - ok
18:30:00.0893 2752 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:30:00.0931 2752 Modem - ok
18:30:01.0046 2752 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:30:01.0086 2752 monitor - ok
18:30:01.0109 2752 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:30:01.0123 2752 mouclass - ok
18:30:01.0154 2752 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:30:01.0181 2752 mouhid - ok
18:30:01.0196 2752 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:30:01.0208 2752 MountMgr - ok
18:30:01.0259 2752 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:30:01.0274 2752 mpio - ok
18:30:01.0304 2752 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:30:01.0341 2752 mpsdrv - ok
18:30:01.0420 2752 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:30:01.0431 2752 Mraid35x - ok
18:30:01.0472 2752 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:30:01.0511 2752 MRxDAV - ok
18:30:01.0598 2752 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:30:01.0640 2752 mrxsmb - ok
18:30:01.0763 2752 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:30:01.0797 2752 mrxsmb10 - ok
18:30:01.0857 2752 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:30:01.0882 2752 mrxsmb20 - ok
18:30:02.0038 2752 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
18:30:02.0049 2752 msahci - ok
18:30:02.0110 2752 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:30:02.0125 2752 msdsm - ok
18:30:02.0202 2752 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:30:02.0237 2752 Msfs - ok
18:30:02.0274 2752 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:30:02.0291 2752 msisadrv - ok
18:30:02.0384 2752 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:30:02.0415 2752 MSKSSRV - ok
18:30:02.0514 2752 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:30:02.0541 2752 MSPCLOCK - ok
18:30:02.0581 2752 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:30:02.0606 2752 MSPQM - ok
18:30:02.0666 2752 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:30:02.0682 2752 MsRPC - ok
18:30:02.0723 2752 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:30:02.0733 2752 mssmbios - ok
18:30:02.0779 2752 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:30:02.0822 2752 MSTEE - ok
18:30:02.0858 2752 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:30:02.0880 2752 Mup - ok
18:30:03.0023 2752 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:30:03.0060 2752 NativeWifiP - ok
18:30:03.0239 2752 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:30:03.0313 2752 NDIS - ok
18:30:03.0512 2752 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:30:03.0548 2752 NdisTapi - ok
18:30:03.0584 2752 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:30:03.0613 2752 Ndisuio - ok
18:30:03.0682 2752 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:30:03.0719 2752 NdisWan - ok
18:30:03.0795 2752 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:30:03.0826 2752 NDProxy - ok
18:30:03.0889 2752 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:30:03.0924 2752 NetBIOS - ok
18:30:04.0050 2752 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:30:04.0079 2752 netbt - ok
18:30:04.0205 2752 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:30:04.0218 2752 nfrd960 - ok
18:30:04.0317 2752 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:30:04.0346 2752 Npfs - ok
18:30:04.0408 2752 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:30:04.0452 2752 nsiproxy - ok
18:30:04.0583 2752 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:30:04.0663 2752 Ntfs - ok
18:30:04.0795 2752 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:30:04.0839 2752 ntrigdigi - ok
18:30:04.0865 2752 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:30:04.0893 2752 Null - ok
18:30:04.0934 2752 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:30:04.0947 2752 nvraid - ok
18:30:04.0980 2752 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:30:04.0993 2752 nvstor - ok
18:30:05.0024 2752 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:30:05.0042 2752 nv_agp - ok
18:30:05.0063 2752 NwlnkFlt - ok
18:30:05.0079 2752 NwlnkFwd - ok
18:30:05.0173 2752 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:30:05.0222 2752 ohci1394 - ok
18:30:05.0376 2752 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:30:05.0433 2752 Parport - ok
18:30:05.0488 2752 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:30:05.0503 2752 partmgr - ok
18:30:05.0540 2752 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:30:05.0596 2752 Parvdm - ok
18:30:05.0714 2752 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:30:05.0731 2752 pci - ok
18:30:05.0920 2752 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
18:30:05.0930 2752 pciide - ok
18:30:05.0980 2752 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:30:05.0995 2752 pcmcia - ok
18:30:06.0071 2752 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:30:06.0149 2752 PEAUTH - ok
18:30:06.0298 2752 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:30:06.0335 2752 PptpMiniport - ok
18:30:06.0357 2752 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:30:06.0389 2752 Processor - ok
18:30:06.0437 2752 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:30:06.0478 2752 PSched - ok
18:30:06.0498 2752 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
18:30:06.0508 2752 PxHelp20 - ok
18:30:06.0603 2752 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:30:06.0671 2752 ql2300 - ok
18:30:06.0854 2752 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:30:06.0866 2752 ql40xx - ok
18:30:06.0909 2752 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:30:06.0933 2752 QWAVEdrv - ok
18:30:06.0969 2752 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:30:07.0007 2752 RasAcd - ok
18:30:07.0112 2752 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:30:07.0141 2752 Rasl2tp - ok
18:30:07.0201 2752 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:30:07.0231 2752 RasPppoe - ok
18:30:07.0274 2752 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:30:07.0289 2752 RasSstp - ok
18:30:07.0405 2752 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:30:07.0439 2752 rdbss - ok
18:30:07.0531 2752 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:30:07.0572 2752 RDPCDD - ok
18:30:07.0617 2752 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:30:07.0648 2752 rdpdr - ok
18:30:07.0687 2752 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:30:07.0726 2752 RDPENCDD - ok
18:30:07.0778 2752 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:30:07.0815 2752 RDPWD - ok
18:30:07.0921 2752 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:30:07.0948 2752 rspndr - ok
18:30:08.0122 2752 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:30:08.0137 2752 RTL8169 - ok
18:30:08.0233 2752 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
18:30:08.0271 2752 RTSTOR - ok
18:30:08.0409 2752 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:30:08.0422 2752 sbp2port - ok
18:30:08.0582 2752 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:30:08.0641 2752 secdrv - ok
18:30:08.0863 2752 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:30:08.0921 2752 Serenum - ok
18:30:09.0046 2752 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:30:09.0102 2752 Serial - ok
18:30:09.0190 2752 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:30:09.0216 2752 sermouse - ok
18:30:09.0418 2752 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:30:09.0467 2752 sffdisk - ok
18:30:09.0513 2752 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:30:09.0556 2752 sffp_mmc - ok
18:30:09.0723 2752 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:30:09.0777 2752 sffp_sd - ok
18:30:09.0847 2752 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:30:09.0900 2752 sfloppy - ok
18:30:10.0003 2752 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:30:10.0014 2752 sisagp - ok
18:30:10.0111 2752 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:30:10.0126 2752 SiSRaid2 - ok
18:30:10.0181 2752 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:30:10.0193 2752 SiSRaid4 - ok
18:30:10.0283 2752 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:30:10.0312 2752 Smb - ok
18:30:10.0366 2752 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:30:10.0378 2752 spldr - ok
18:30:10.0504 2752 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
18:30:10.0504 2752 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
18:30:10.0508 2752 sptd ( LockedFile.Multi.Generic ) - warning
18:30:10.0508 2752 sptd - detected LockedFile.Multi.Generic (1)
18:30:10.0572 2752 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:30:10.0630 2752 srv - ok
18:30:10.0782 2752 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:30:10.0828 2752 srv2 - ok
18:30:11.0019 2752 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:30:11.0035 2752 srvnet - ok
18:30:11.0157 2752 ss_bus (bd15182e9d2d3fabc1d1313badbd2415) C:\Windows\system32\DRIVERS\ss_bus.sys
18:30:11.0182 2752 ss_bus - ok
18:30:11.0256 2752 ss_mdfl (67d1144f249a3c5e03ebd7a2304dee11) C:\Windows\system32\DRIVERS\ss_mdfl.sys
18:30:11.0296 2752 ss_mdfl - ok
18:30:11.0345 2752 ss_mdm (954b7ce2d54c703d6a8471d6b05a5e13) C:\Windows\system32\DRIVERS\ss_mdm.sys
18:30:11.0372 2752 ss_mdm - ok
18:30:11.0445 2752 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:30:11.0455 2752 swenum - ok
18:30:11.0505 2752 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:30:11.0517 2752 Symc8xx - ok
18:30:11.0553 2752 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:30:11.0563 2752 Sym_hi - ok
18:30:11.0589 2752 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:30:11.0601 2752 Sym_u3 - ok
18:30:11.0708 2752 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
18:30:11.0730 2752 SynTP - ok
18:30:11.0847 2752 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:30:11.0930 2752 Tcpip - ok
18:30:12.0169 2752 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:30:12.0203 2752 Tcpip6 - ok
18:30:12.0332 2752 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:30:12.0350 2752 tcpipreg - ok
18:30:12.0432 2752 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:30:12.0467 2752 tdcmdpst - ok
18:30:12.0510 2752 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:30:12.0544 2752 TDPIPE - ok
18:30:12.0572 2752 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:30:12.0597 2752 TDTCP - ok
18:30:12.0643 2752 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:30:12.0679 2752 tdx - ok
18:30:12.0720 2752 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:30:12.0737 2752 TermDD - ok
18:30:12.0946 2752 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
18:30:12.0963 2752 tos_sps32 - ok
18:30:13.0031 2752 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:30:13.0074 2752 tssecsrv - ok
18:30:13.0152 2752 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:30:13.0197 2752 tunmp - ok
18:30:13.0355 2752 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:30:13.0379 2752 tunnel - ok
18:30:13.0465 2752 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:30:13.0477 2752 TVALZ - ok
18:30:13.0515 2752 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:30:13.0530 2752 uagp35 - ok
18:30:13.0598 2752 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:30:13.0623 2752 udfs - ok
18:30:13.0680 2752 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:30:13.0692 2752 uliagpkx - ok
18:30:13.0728 2752 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:30:13.0745 2752 uliahci - ok
18:30:13.0788 2752 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:30:13.0803 2752 UlSata - ok
18:30:13.0840 2752 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:30:13.0853 2752 ulsata2 - ok
18:30:13.0878 2752 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:30:13.0903 2752 umbus - ok
18:30:13.0951 2752 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:30:14.0007 2752 usbccgp - ok
18:30:14.0068 2752 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:30:14.0134 2752 usbcir - ok
18:30:14.0425 2752 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:30:14.0460 2752 usbehci - ok
18:30:14.0536 2752 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:30:14.0576 2752 usbhub - ok
18:30:14.0634 2752 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:30:14.0678 2752 usbohci - ok
18:30:14.0712 2752 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
18:30:14.0754 2752 usbprint - ok
18:30:14.0813 2752 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:30:14.0833 2752 USBSTOR - ok
18:30:14.0882 2752 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:30:14.0913 2752 usbuhci - ok
18:30:14.0975 2752 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:30:15.0010 2752 usbvideo - ok
18:30:15.0064 2752 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
18:30:15.0074 2752 UVCFTR - ok
18:30:15.0144 2752 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:30:15.0179 2752 vga - ok
18:30:15.0198 2752 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:30:15.0247 2752 VgaSave - ok
18:30:15.0278 2752 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:30:15.0293 2752 viaagp - ok
18:30:15.0335 2752 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:30:15.0376 2752 ViaC7 - ok
18:30:15.0408 2752 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:30:15.0422 2752 viaide - ok
18:30:15.0485 2752 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:30:15.0502 2752 volmgr - ok
18:30:15.0549 2752 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:30:15.0571 2752 volmgrx - ok
18:30:15.0620 2752 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:30:15.0634 2752 volsnap - ok
18:30:15.0690 2752 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:30:15.0704 2752 vsmraid - ok
18:30:15.0745 2752 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:30:15.0803 2752 WacomPen - ok
18:30:15.0832 2752 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:30:15.0857 2752 Wanarp - ok
18:30:15.0871 2752 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:30:15.0893 2752 Wanarpv6 - ok
18:30:15.0980 2752 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:30:15.0996 2752 Wd - ok
18:30:16.0046 2752 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:30:16.0075 2752 Wdf01000 - ok
18:30:16.0181 2752 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
18:30:16.0278 2752 WmiAcpi - ok
18:30:16.0358 2752 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:30:16.0372 2752 WpdUsb - ok
18:30:16.0400 2752 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:30:16.0440 2752 ws2ifsl - ok
18:30:16.0494 2752 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:30:16.0541 2752 WUDFRd - ok
18:30:16.0592 2752 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:30:16.0657 2752 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
18:30:16.0657 2752 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
18:30:16.0847 2752 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:30:16.0848 2752 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:30:16.0910 2752 Boot (0x1200) (aacee1cee14e57b13cce49a059f29507) \Device\Harddisk0\DR0\Partition0
18:30:16.0912 2752 \Device\Harddisk0\DR0\Partition0 - ok
18:30:16.0984 2752 Boot (0x1200) (ebf080b2421812ea9e366769271ca493) \Device\Harddisk0\DR0\Partition1
18:30:16.0989 2752 \Device\Harddisk0\DR0\Partition1 - ok
18:30:16.0990 2752 ============================================================
18:30:16.0990 2752 Scan finished
18:30:16.0990 2752 ============================================================
18:30:17.0009 0356 Detected object count: 3
18:30:17.0009 0356 Actual detected object count: 3
18:30:41.0745 0356 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:30:41.0745 0356 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:30:41.0747 0356 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user
18:30:41.0747 0356 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip
18:30:41.0753 0356 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:30:41.0753 0356 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#10 Příspěvek od **vyosek** » 22 led 2012 18:57

Spuste znovu TDSSKiller a nechte jej proskenovat. U polozky sptd.sys nechte Skip u ostatnich nechte predvolene funkce - zrejme Cure. Log pak sem

fraha · #11 Příspěvek od **fraha** » 22 led 2012 19:04

Locked File SKIP
ROOTKIT.BOOT.SST.b CURE
TDSS File System SKIP

...takže u TDSS dať SKIP a ostatné prepnúť na CURE?

#12 Příspěvek od **vyosek** » 22 led 2012 19:13

fraha píše:Locked File SKIP
ROOTKIT.BOOT.SST.b CURE
TDSS File System SKIP

Nechte presne takhle...

fraha · #13 Příspěvek od **fraha** » 22 led 2012 19:20

tak som to spustil ako bolo predvolené,
a potom podľa pokynu TDSSKiller urobil restart NTB dal voľbu start WIN normally a NTB sa reštartoval.
Znova mám 4 možnosti, ktorú dať?

SAFE MODE
SAFE MODE WITH NETWORKING
SAFE MODE WITH COMMAND PROMPT

ALEBO

Start WIN Normally

#14 Příspěvek od **vyosek** » 22 led 2012 19:21

Start WIN Normally pripadne kdyz stale bude restart tak SAFE MODE WITH NETWORKING

fraha · #15 Příspěvek od **fraha** » 22 led 2012 19:24

Po Normally sa mi to znova restartovalo,
dal som SAFE MODE WITH NETWORKING
a nabehol v núdzovom režime.

Čo ďalej?

VIRY.CZ

pro vyosek

pro vyosek

Re: pro vyosek

Re: pro vyosek

Re: pro vyosek

Re: pro vyosek

Re: pro vyosek

Re: pro vyosek

Re: pro vyosek

Re: pro vyosek

Re: pro vyosek

Re: pro vyosek

Re: pro vyosek

Re: pro vyosek

Re: pro vyosek

Re: pro vyosek