dobrý den, pred nekolika dny mi začal avast hlasit : rootkit mbr: physicaldrived (rootkit skyryty boot sektror).... ačkoliv jej vždy mažu tak se stále znovu vrací...počitač je také zasekán a nepracuje správně. Mohu poprosit o radu? niže log z rsit
Logfile of random's system information tool 1.09 (written by random/random)
Run by breta at 2012-02-10 17:32:03
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (10%) free of 30 GB
Total RAM: 1023 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:32:25, on 10.2.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOW\System32\smss.exe
C:\WINDOW\system32\winlogon.exe
C:\WINDOW\system32\services.exe
C:\WINDOW\system32\lsass.exe
C:\WINDOW\system32\svchost.exe
C:\WINDOW\system32\svchost.exe
C:\WINDOW\system32\Ati2evxx.exe
C:\WINDOW\system32\svchost.exe
C:\WINDOW\System32\svchost.exe
C:\WINDOW\system32\svchost.exe
C:\WINDOW\system32\Ati2evxx.exe
C:\WINDOW\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOW\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOW\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOW\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOW\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOW\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Documents and Settings\breta\Local Settings\Data aplikací\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\WINDOW\system32\wuauclt.exe
C:\Documents and Settings\breta\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\breta\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\breta\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\breta\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\breta\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\breta\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\breta\Dokumenty\Downloads\RSIT (1).exe
C:\Program Files\trend micro\breta.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\breta\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOW\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOW\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOW\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOW\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOW\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex (User 'Default user')
O4 - Startup: _uninst_26077753.lnk = C:\Documents and Settings\breta\Local Settings\Temp\_uninst_26077753.bat
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\DOCUME~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\window\system32\nwprovau.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{158AAD56-A49D-4120-9982-96110D811D5D}: NameServer = 213.192.40.6,77.48.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{158AAD56-A49D-4120-9982-96110D811D5D}: NameServer = 213.192.40.6,77.48.254.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{158AAD56-A49D-4120-9982-96110D811D5D}: NameServer = 213.192.40.6,77.48.254.254
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOW\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOW\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOW\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOW\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOW\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOW\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: (no name) - http://mail.centrum.cz/img/js76dfa9/ego.orig.js
--
End of file - 10172 bytes
======Scheduled tasks folder======
C:\WINDOW\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOW\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOW\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1757981266-839522115-1003Core.job
C:\WINDOW\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1757981266-839522115-1003UA.job
C:\WINDOW\tasks\WGASetup.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\breta\Data aplikací\Mozilla\Firefox\Profiles\l0tiyvaz.default
prefs.js - "browser.startup.homepage" - "http://search.babylon.com/home?AF=15627"
prefs.js - "extensions.enabledItems" - "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3, DTToolbar@toolbarnet.com:1.1.2.0185, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://www.crawler.com/search/dispatche ... 60076&qkw="
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=C:\Program Files\Crawler\firefox\
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOW\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOW\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOW\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
aboutCertError.js.moz-backup
aboutPrivateBrowsing.js.moz-backup
aboutRights.js.moz-backup
aboutRobots.js.moz-backup
aboutSessionRestore.js.moz-backup
binary.manifest
browsercomps.dll
nsIBitCometAgent.xpt
nsPostUpdateWin.js.moz-backup
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npBitCometAgent.dll
npdeployJava1.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
crawlersrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\breta\Data aplikací\Mozilla\Firefox\Profiles\l0tiyvaz.default\extensions\
AppGraffiti@AppGraffiti.com
{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Documents and Settings\breta\Data aplikací\Mozilla\Firefox\Profiles\l0tiyvaz.default\searchplugins\
daemon-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
&Crawler Toolbar Helper - C:\PROGRA~1\Crawler\ctbr.dll [2012-01-06 1237128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
AppGraffiti - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL [2012-01-19 267976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-13 342128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-14 1003576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-24 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2012-01-06 1237128]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-13 342128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2011-11-28 3744552]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-11-30 344064]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2004-11-30 32768]
"SoundMan"=C:\WINDOW\SOUNDMAN.EXE [2007-04-16 577536]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2011-11-24 2216960]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\breta\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-08-14 136176]
"ctfmon.exe"=C:\WINDOW\system32\ctfmon.exe [2004-08-17 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-08-10 39408]
C:\Documents and Settings\All Users.WINDOW\Nabídka Start\Programy\Po spuštění
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe
C:\Documents and Settings\breta\Nabídka Start\Programy\Po spuštění
_uninst_26077753.lnk - C:\Documents and Settings\breta\Local Settings\Temp\_uninst_26077753.bat
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOW\system32\Ati2evxx.dll [2004-12-01 94208]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"D:\Program Files\BF2.exe"="D:\Program Files\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"D:\Documents and Settings\Warcraft III\Warcraft III.exe"="D:\Documents and Settings\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\hra\BlackShot\BlackShot\system\BlackShot.exe"="D:\hra\BlackShot\BlackShot\system\BlackShot.exe:*:Enabled:BlackShot"
"D:\breta\cod\CoD2MP_s.exe"="D:\breta\cod\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\WINDOW\system32\PnkBstrA.exe"="C:\WINDOW\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOW\system32\PnkBstrB.exe"="C:\WINDOW\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"D:\breta\cod4\COD4MW\COD4MW\Setup\Data\iw3mp.exe"="D:\breta\cod4\COD4MW\COD4MW\Setup\Data\iw3mp.exe:*:Enabled:iw3mp"
"C:\Documents and Settings\breta\Local Settings\Temp\mig153.tmp\migwiz.exe"="C:\Documents and Settings\breta\Local Settings\Temp\mig153.tmp\migwiz.exe:*:Enabled:Nástroj Migrace profilu uživatele"
"C:\Documents and Settings\breta\Local Settings\Temp\mig2A7.tmp\migwiz.exe"="C:\Documents and Settings\breta\Local Settings\Temp\mig2A7.tmp\migwiz.exe:*:Enabled:Nástroj Migrace profilu uživatele"
"C:\Documents and Settings\breta\Local Settings\Temp\migF.tmp\migwiz.exe"="C:\Documents and Settings\breta\Local Settings\Temp\migF.tmp\migwiz.exe:*:Enabled:Nástroj Migrace profilu uživatele"
"C:\Documents and Settings\breta\Local Settings\Temp\mig60.tmp\migwiz.exe"="C:\Documents and Settings\breta\Local Settings\Temp\mig60.tmp\migwiz.exe:*:Enabled:Nástroj Migrace profilu uživatele"
"C:\Documents and Settings\breta\Local Settings\Temp\migB.tmp\migwiz.exe"="C:\Documents and Settings\breta\Local Settings\Temp\migB.tmp\migwiz.exe:*:Enabled:Nástroj Migrace profilu uživatele"
"C:\Documents and Settings\breta\Local Settings\Temp\mig2C.tmp\migwiz.exe"="C:\Documents and Settings\breta\Local Settings\Temp\mig2C.tmp\migwiz.exe:*:Enabled:Nástroj Migrace profilu uživatele"
"D:\radek\Radek\counter\hl.exe"="D:\radek\Radek\counter\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\hltv.exe"="C:\Program Files\Valve\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOW\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOW\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.CDVC"=cdvccodc.dll
"vidc.XVID"=xvidvfw.dll
======List of files/folders created in the last 1 month======
2012-02-04 14:59:20 ----A---- C:\WINDOW\system32\drivers\aswSnx.sys
======List of files/folders modified in the last 1 month======
2012-02-10 17:32:05 ----D---- C:\Program Files\Trend Micro
2012-02-10 17:31:48 ----D---- C:\WINDOW\Temp
2012-02-10 17:30:21 ----D---- C:\WINDOW\system32
2012-02-10 17:16:38 ----D---- C:\Program Files\Crawler
2012-02-10 17:12:19 ----D---- C:\WINDOW
2012-02-09 23:23:09 ----A---- C:\WINDOW\SchedLgU.Txt
2012-02-08 19:38:01 ----D---- C:\Documents and Settings\breta\Data aplikací\Skype
2012-02-08 19:01:31 ----D---- C:\Documents and Settings\breta\Data aplikací\skypePM
2012-02-04 14:59:20 ----D---- C:\WINDOW\system32\drivers
2012-02-03 16:07:02 ----D---- C:\Program Files\Valve
2012-02-03 11:25:32 ----SHD---- C:\WINDOW\Installer
2012-01-28 17:22:48 ----D---- C:\WINDOW\Prefetch
2012-01-22 08:21:38 ----D---- C:\Program Files\AppGraffiti
2012-01-21 11:44:42 ----D---- C:\WINDOW\Registration
2012-01-14 20:29:36 ----D---- C:\Documents and Settings\All Users.WINDOW\Data aplikací\Spyware Terminator
2012-01-14 20:29:22 ----D---- C:\Program Files\Spyware Terminator
2012-01-14 20:22:19 ----D---- C:\Documents and Settings\breta\Data aplikací\Spyware Terminator
2012-01-11 22:15:07 ----A---- C:\WINDOW\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOW\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOW\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOW\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOW\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sptd;sptd; C:\WINDOW\System32\Drivers\sptd.sys [2010-12-31 691696]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOW\system32\DRIVERS\uagp35.sys [2004-08-04 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOW\system32\DRIVERS\viaagp1.sys [2003-07-01 27904]
R0 viasraid;viasraid; C:\WINDOW\system32\DRIVERS\viasraid.sys [2003-06-12 75904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOW\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOW\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 aswRdr;aswRdr; C:\WINDOW\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\WINDOW\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\WINDOW\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOW\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOW\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOW\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOW\system32\drivers\aswMon2.sys [2011-11-28 111320]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOW\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOW\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 ati2mtag;ati2mtag; C:\WINDOW\system32\DRIVERS\ati2mtag.sys [2004-12-01 928256]
R3 NIC1394;1394 Net Driver; C:\WINDOW\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOW\system32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOW\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOW\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S3 catchme;catchme; \??\C:\DOCUME~1\breta\LOCALS~1\Temp\catchme.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\breta\LOCALS~1\Temp\VWK17C.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOW\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOW\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOW\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\WINDOW\System32\Drivers\pcouffin.sys [2011-08-15 47360]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOW\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 upperdev;upperdev; C:\WINDOW\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 usbscan;Ovladač skeneru USB; C:\WINDOW\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOW\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOW\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOW\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOW\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOW\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOW\system32\Ati2evxx.exe [2004-12-01 425984]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOW\system32\PnkBstrA.exe [2011-08-14 75136]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-11-24 496128]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOW\system32\svchost.exe [2004-08-17 14336]
S2 ATI Smart;ATI Smart; C:\WINDOW\system32\ati2sgag.exe [2004-11-30 516096]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-06 135664]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOW\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOW\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOW\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-06 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-08-10 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOW\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOW\system32\GameMon.des [2010-10-11 3641832]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOW\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
rootkit mbr: physicaldrived (rootkit skyryty boot sektror)
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: rootkit mbr: physicaldrived (rootkit skyryty boot sektro
Zdravim a pekny den preji 
Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe
Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe
- Ulozte nejlepe na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
- Kliknete na Report
- Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: rootkit mbr: physicaldrived (rootkit skyryty boot sektro
Kód: Vybrat vše
MBRScan v1.1.0
OS : Windows XP Home Service Pack 2 (32 bit)
PROCESSOR : x86 Family 6 Model 10 Stepping 0, AuthenticAMD
BOOT : Normal Boot
DATE : 2012/02/10 (ISO 8601) at 17:41:27
________________________________________________________________________________
Device\Harddisk0\DR0 152.7 Go [Fixed] ==> XP MBR Code ==> PARTITION TABLE FAKED !!
MBR_MD5 : 633A49B1ED1E7C745F1BDE8E323CFDEF
MBR_SHA1 : 083E11C7AA5CFB71D411C1A695C23C2FBF72A481
Device\Harddisk0\Partition1 29.29 Go 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 123.4 Go 0x07 NTFS / HPFS
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : \WINDOW\system32\ntoskrnl.exe => LOCKED!
ADDRESS : 0x804D7000
SIZE : 2.08 Mo
DRIVER : \WINDOW\system32\hal.dll => LOCKED!
ADDRESS : 0x806ED000
SIZE : 128.9 Ko
DRIVER : \WINDOW\system32\KDCOM.DLL => LOCKED!
ADDRESS : 0xF7D2F000
SIZE : 8.0 Ko
DRIVER : \WINDOW\system32\BOOTVID.dll => LOCKED!
ADDRESS : 0xF7C3F000
SIZE : 12.0 Ko
DRIVER : \WINDOW\System32\Drivers\WMILIB.SYS => LOCKED!
ADDRESS : 0xF7D31000
SIZE : 8.0 Ko
DRIVER : \WINDOW\System32\Drivers\SCSIPORT.SYS => LOCKED!
ADDRESS : 0xF7703000
SIZE : 96.0 Ko
DRIVER : \WINDOW\system32\DRIVERS\1394BUS.SYS => LOCKED!
ADDRESS : 0xF783F000
SIZE : 52.0 Ko
DRIVER : \WINDOW\system32\DRIVERS\PCIIDEX.SYS => LOCKED!
ADDRESS : 0xF7AAF000
SIZE : 28.0 Ko
DRIVER : \WINDOW\system32\DRIVERS\CLASSPNP.SYS => LOCKED!
ADDRESS : 0xF789F000
SIZE : 52.0 Ko
DRIVER : C:\WINDOW\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xAA46C000
SIZE : 96.0 Ko
DRIVER : C:\WINDOW\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xF7D7B000
SIZE : 8.0 Ko
DRIVER : \WINDOW\system32\ntdll.dll => LOCKED!
ADDRESS : 0x7C900000
SIZE : 708.0 Ko
SystemStartOptions : NOEXECUTE=OPTIN FASTDETECT
________________________________________________________________________________
_______MBR \Device\Harddisk0\DR0
0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.м.|ûP.P.ü¾.|
0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW¹å.ó¤Ë½¾.±.
0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ
0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´..
0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò.
0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t.
0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..¶.uÒ.F...
0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..¶.ë
0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ¼.>þ}Uªt..~..tÈ.
0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©.ü.W.õË¿...V
0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü
0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|
0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä.
0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ
0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a`
0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j
0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot.
0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C 2ä.V.Í.ëÖaùÃNepl
0x00000130 61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64 atn. tabulka odd
0x00000140 A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61 ¡l..Chyba pýi na
0x00000150 9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68 .¡t.n¡ opera.n¡h
0x00000160 6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F o syst.mu.Opera.
0x00000170 6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65 n¡ syst.m nenale
0x00000180 7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 zen.............
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 2C 44 6A 13 4F 14 4F 00 00 80 01 .....,Dj.O.O....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 B1 62 A9 03 00 00 ...þ..?...±b©...
0x000001D0 C1 FF 0F FE FF FF F0 62 A9 03 E8 9C 6B 0F 00 00 Á..þ..ðb©.è.k...
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
Re: rootkit mbr: physicaldrived (rootkit skyryty boot sektro
Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.
- Utilitu spustte a prikazte ji, at skenuje - klik na Scan
- Kliknutim na Save log ulozte log aswMBR na plochu
- Obsah logu aswMBR mi sem vlozte
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller ... r_TEST.exe
-
Jedna se o testovaci verzi prelozeneho RK - proto je v nazvu ten TEST v navodu nize jsou i anglicke nazvy prikazu kdyby CZ nefungovala - Ukoncete vsechny programy
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Pockejte na dokonceni PreScanu
- Zvolte moznost Prohledat (scan)
- Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: rootkit mbr: physicaldrived (rootkit skyryty boot sektro
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-10 17:46:12
-----------------------------
17:46:12.015 OS Version: Windows 5.1.2600 Service Pack 2
17:46:12.015 Number of processors: 1 586 0xA00
17:46:12.015 ComputerName: BRETA-3A020784F UserName: breta
17:46:12.781 Initialize success
17:46:13.390 AVAST engine defs: 12020903
17:46:15.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:46:15.687 Disk 0 Vendor: Size: 0MB BusType: 0
17:46:15.687 Device \Driver\atapi -> MajorFunction 8676b1f8
17:46:15.687 Disk 0 MBR read successfully
17:46:15.687 Disk 0 MBR scan
17:46:15.687 Disk 0 MBR:Whistler-C [Rtk]
17:46:15.687 Disk 0 Whistler@MBR code has been found
17:46:15.687 Disk 0 MBR hidden
17:46:15.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63
17:46:15.687 Disk 0 Partition - 00 0F Extended LBA 126323 MB offset 61432560
17:46:15.703 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 126323 MB offset 61432623
17:46:15.703 Disk 0 MBR [Whistler] **ROOTKIT**
17:46:15.734 Disk 0 scanning C:\WINDOW\system32\drivers
17:46:25.500 Service scanning
17:46:25.890 Service sptd C:\WINDOW\System32\Drivers\sptd.sys **LOCKED** 32
17:46:26.453 Modules scanning
17:46:32.343 Disk 0 trace - called modules:
17:46:32.343 ntoskrnl.exe >>UNKNOWN [0x86027a0a]<<
17:46:32.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86729ab8]
17:46:32.343 \Driver\Disk[0x86735940] -> IRP_MJ_READ -> 0x86027a0a
17:46:32.671 AVAST engine scan C:\WINDOW
17:46:38.921 AVAST engine scan C:\WINDOW\system32
17:46:43.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\breta\Plocha\MBR.dat"
17:46:43.953 The log file has been saved successfully to "C:\Documents and Settings\breta\Plocha\aswMBR.txt"
Run date: 2012-02-10 17:46:12
-----------------------------
17:46:12.015 OS Version: Windows 5.1.2600 Service Pack 2
17:46:12.015 Number of processors: 1 586 0xA00
17:46:12.015 ComputerName: BRETA-3A020784F UserName: breta
17:46:12.781 Initialize success
17:46:13.390 AVAST engine defs: 12020903
17:46:15.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:46:15.687 Disk 0 Vendor: Size: 0MB BusType: 0
17:46:15.687 Device \Driver\atapi -> MajorFunction 8676b1f8
17:46:15.687 Disk 0 MBR read successfully
17:46:15.687 Disk 0 MBR scan
17:46:15.687 Disk 0 MBR:Whistler-C [Rtk]
17:46:15.687 Disk 0 Whistler@MBR code has been found
17:46:15.687 Disk 0 MBR hidden
17:46:15.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63
17:46:15.687 Disk 0 Partition - 00 0F Extended LBA 126323 MB offset 61432560
17:46:15.703 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 126323 MB offset 61432623
17:46:15.703 Disk 0 MBR [Whistler] **ROOTKIT**
17:46:15.734 Disk 0 scanning C:\WINDOW\system32\drivers
17:46:25.500 Service scanning
17:46:25.890 Service sptd C:\WINDOW\System32\Drivers\sptd.sys **LOCKED** 32
17:46:26.453 Modules scanning
17:46:32.343 Disk 0 trace - called modules:
17:46:32.343 ntoskrnl.exe >>UNKNOWN [0x86027a0a]<<
17:46:32.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86729ab8]
17:46:32.343 \Driver\Disk[0x86735940] -> IRP_MJ_READ -> 0x86027a0a
17:46:32.671 AVAST engine scan C:\WINDOW
17:46:38.921 AVAST engine scan C:\WINDOW\system32
17:46:43.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\breta\Plocha\MBR.dat"
17:46:43.953 The log file has been saved successfully to "C:\Documents and Settings\breta\Plocha\aswMBR.txt"
Re: rootkit mbr: physicaldrived (rootkit skyryty boot sektro
RogueKiller V7.0.4 [02/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operační systém: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v: Normální režim
Uživatel: breta [Práva Správce]
Mode: Kontrola -- Date : 02/10/2012 17:48:41
¤¤¤ Škodlivé procesy: 0 ¤¤¤
¤¤¤ Záznamy Registrů: 6 ¤¤¤
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[SUSP PATH] _uninst_26077753.lnk : C:\Documents and Settings\breta\Local Settings\Temp\_uninst_26077753.bat -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{158AAD56-A49D-4120-9982-96110D811D5D} : NameServer (213.192.40.6,77.48.254.254) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{158AAD56-A49D-4120-9982-96110D811D5D} : NameServer (213.192.40.6,77.48.254.254) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: Maxtor 6L160P0 +++++
--- User ---
[MBR] 633a49b1ed1e7c745f1bde8e323cfdef
[BSP] b2dcb8d572457696c4d5e8196cbf3057 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 29996 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 61432560 | Size: 126323 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[1].txt >>
RKreport[1].txt
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operační systém: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v: Normální režim
Uživatel: breta [Práva Správce]
Mode: Kontrola -- Date : 02/10/2012 17:48:41
¤¤¤ Škodlivé procesy: 0 ¤¤¤
¤¤¤ Záznamy Registrů: 6 ¤¤¤
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[SUSP PATH] _uninst_26077753.lnk : C:\Documents and Settings\breta\Local Settings\Temp\_uninst_26077753.bat -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{158AAD56-A49D-4120-9982-96110D811D5D} : NameServer (213.192.40.6,77.48.254.254) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{158AAD56-A49D-4120-9982-96110D811D5D} : NameServer (213.192.40.6,77.48.254.254) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: Maxtor 6L160P0 +++++
--- User ---
[MBR] 633a49b1ed1e7c745f1bde8e323cfdef
[BSP] b2dcb8d572457696c4d5e8196cbf3057 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 29996 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 61432560 | Size: 126323 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[1].txt >>
RKreport[1].txt
Re: rootkit mbr: physicaldrived (rootkit skyryty boot sektro
Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/
- C:\Documents and Settings\breta\Plocha\MBR.dat
- Kliknete na Choose file
- Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
- Kliknete na Scan It
- Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
- Vysledek analyzy sem vlozte (jako odkaz)
Tento soubor C:\Documents and Settings\breta\Plocha\MBR.dat mi prosim uploadnete na LP"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: rootkit mbr: physicaldrived (rootkit skyryty boot sektro
soubor MBR.dat se mi objevil nyni, je tou saučast jednoho z programu kterym jsem testoval. Kam že to mam upnout ? co je LP ?
Re: rootkit mbr: physicaldrived (rootkit skyryty boot sektro
Ja vim, ze je nove vytvoreny, jen ho chci otestovat Omlouvam se, nedal jsem link na LP http://leteckaposta.cz/"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: rootkit mbr: physicaldrived (rootkit skyryty boot sektro
Nejak se mi jej nedari stahnout 
Muzete jej prosim dat sem http://vyosek.ic.cz/havet/uploader.php Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
- Kliknete na volbu Change parametrs
- V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
- Kliknete na OK
- Utilite prikazte, at skenuje - klik na Start Scan
- Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
- Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
- Pokud mate vsude Skip, kliknete na Continue
- Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: rootkit mbr: physicaldrived (rootkit skyryty boot sektro
Diky, dam to Tigzymu - autorovi RogueKilleru pac havet nedetekuje ac tam ocividne je 
Udelejte TDSSKiller a pres nej to pak i smazem
Udelejte TDSSKiller a pres nej to pak i smazem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: rootkit mbr: physicaldrived (rootkit skyryty boot sektro
18:07:16.0203 3456 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
18:07:16.0703 3456 ============================================================
18:07:16.0703 3456 Current date / time: 2012/02/10 18:07:16.0703
18:07:16.0703 3456 SystemInfo:
18:07:16.0703 3456
18:07:16.0703 3456 OS Version: 5.1.2600 ServicePack: 2.0
18:07:16.0703 3456 Product type: Workstation
18:07:16.0703 3456 ComputerName: BRETA-3A020784F
18:07:16.0703 3456 UserName: breta
18:07:16.0703 3456 Windows directory: C:\WINDOW
18:07:16.0703 3456 System windows directory: C:\WINDOW
18:07:16.0703 3456 Processor architecture: Intel x86
18:07:16.0812 3456 Number of processors: 1
18:07:16.0812 3456 Page size: 0x1000
18:07:16.0812 3456 Boot type: Normal boot
18:07:16.0812 3456 ============================================================
18:07:20.0234 3456 Drive \Device\Harddisk0\DR0 - Size: 0x262AE80000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:07:20.0281 3456 \Device\Harddisk0\DR0:
18:07:20.0312 3456 MBR used
18:07:20.0312 3456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
18:07:20.0328 3456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0xF6B9CA9
18:07:20.0828 3456 Initialize success
18:07:20.0828 3456 ============================================================
18:08:10.0343 3016 ============================================================
18:08:10.0343 3016 Scan started
18:08:10.0343 3016 Mode: Manual; SigCheck; TDLFS;
18:08:10.0343 3016 ============================================================
18:08:11.0156 3016 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOW\system32\drivers\Aavmker4.sys
18:08:11.0390 3016 Aavmker4 - ok
18:08:11.0484 3016 Abiosdsk - ok
18:08:11.0546 3016 abp480n5 - ok
18:08:11.0656 3016 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOW\system32\DRIVERS\ACPI.sys
18:08:14.0343 3016 ACPI - ok
18:08:14.0500 3016 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOW\system32\drivers\ACPIEC.sys
18:08:14.0734 3016 ACPIEC - ok
18:08:14.0843 3016 adpu160m - ok
18:08:14.0921 3016 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOW\system32\drivers\aec.sys
18:08:15.0171 3016 aec - ok
18:08:15.0390 3016 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOW\System32\drivers\afd.sys
18:08:15.0500 3016 AFD - ok
18:08:15.0562 3016 Aha154x - ok
18:08:15.0671 3016 aic78u2 - ok
18:08:15.0718 3016 aic78xx - ok
18:08:16.0203 3016 ALCXWDM (d9026163ed32a13923a2c909897a6b87) C:\WINDOW\system32\drivers\ALCXWDM.SYS
18:08:19.0984 3016 ALCXWDM - ok
18:08:20.0078 3016 AliIde - ok
18:08:20.0156 3016 AmdK7 (2cc3bf45ac3180fe29c199bd95f09601) C:\WINDOW\system32\DRIVERS\amdk7.sys
18:08:20.0390 3016 AmdK7 - ok
18:08:20.0546 3016 amsint - ok
18:08:20.0828 3016 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOW\system32\DRIVERS\arp1394.sys
18:08:21.0203 3016 Arp1394 - ok
18:08:21.0328 3016 asc - ok
18:08:21.0375 3016 asc3350p - ok
18:08:21.0421 3016 asc3550 - ok
18:08:21.0546 3016 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOW\system32\drivers\aswFsBlk.sys
18:08:21.0562 3016 aswFsBlk - ok
18:08:21.0671 3016 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOW\system32\drivers\aswMon2.sys
18:08:21.0718 3016 aswMon2 - ok
18:08:21.0812 3016 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOW\system32\drivers\aswRdr.sys
18:08:21.0843 3016 aswRdr - ok
18:08:22.0187 3016 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOW\system32\drivers\aswSnx.sys
18:08:22.0250 3016 aswSnx - ok
18:08:22.0500 3016 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOW\system32\drivers\aswSP.sys
18:08:22.0546 3016 aswSP - ok
18:08:22.0703 3016 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOW\system32\drivers\aswTdi.sys
18:08:22.0703 3016 aswTdi - ok
18:08:22.0812 3016 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOW\system32\DRIVERS\asyncmac.sys
18:08:23.0109 3016 AsyncMac - ok
18:08:23.0359 3016 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOW\system32\DRIVERS\atapi.sys
18:08:23.0718 3016 atapi - ok
18:08:23.0828 3016 Atdisk - ok
18:08:23.0968 3016 ati2mtag (1e75fad9de6cd4d745d27347324649a8) C:\WINDOW\system32\DRIVERS\ati2mtag.sys
18:08:24.0375 3016 ati2mtag - ok
18:08:24.0515 3016 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOW\system32\DRIVERS\atmarpc.sys
18:08:24.0812 3016 Atmarpc - ok
18:08:25.0062 3016 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOW\system32\DRIVERS\audstub.sys
18:08:25.0312 3016 audstub - ok
18:08:25.0453 3016 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOW\system32\drivers\Beep.sys
18:08:25.0718 3016 Beep - ok
18:08:25.0875 3016 catchme - ok
18:08:25.0984 3016 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOW\system32\drivers\cbidf2k.sys
18:08:26.0390 3016 cbidf2k - ok
18:08:26.0562 3016 cd20xrnt - ok
18:08:26.0656 3016 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOW\system32\drivers\Cdaudio.sys
18:08:26.0875 3016 Cdaudio - ok
18:08:27.0359 3016 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOW\system32\drivers\Cdfs.sys
18:08:27.0625 3016 Cdfs - ok
18:08:27.0937 3016 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOW\system32\DRIVERS\cdrom.sys
18:08:28.0234 3016 Cdrom - ok
18:08:28.0390 3016 Changer - ok
18:08:28.0484 3016 CmdIde - ok
18:08:28.0656 3016 Cpqarray - ok
18:08:28.0703 3016 dac2w2k - ok
18:08:28.0796 3016 dac960nt - ok
18:08:28.0890 3016 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOW\system32\DRIVERS\disk.sys
18:08:29.0156 3016 Disk - ok
18:08:29.0484 3016 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOW\system32\drivers\dmboot.sys
18:08:29.0937 3016 dmboot - ok
18:08:30.0218 3016 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOW\system32\drivers\dmio.sys
18:08:30.0531 3016 dmio - ok
18:08:30.0718 3016 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOW\system32\drivers\dmload.sys
18:08:31.0265 3016 dmload - ok
18:08:31.0484 3016 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOW\system32\drivers\DMusic.sys
18:08:31.0765 3016 DMusic - ok
18:08:31.0890 3016 dpti2o - ok
18:08:31.0984 3016 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOW\system32\drivers\drmkaud.sys
18:08:32.0296 3016 drmkaud - ok
18:08:32.0562 3016 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOW\system32\drivers\Fastfat.sys
18:08:32.0843 3016 Fastfat - ok
18:08:33.0078 3016 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOW\system32\DRIVERS\fdc.sys
18:08:33.0421 3016 Fdc - ok
18:08:33.0687 3016 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOW\system32\drivers\Fips.sys
18:08:33.0921 3016 Fips - ok
18:08:34.0109 3016 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOW\system32\DRIVERS\flpydisk.sys
18:08:34.0359 3016 Flpydisk - ok
18:08:34.0562 3016 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOW\system32\DRIVERS\fltMgr.sys
18:08:34.0828 3016 FltMgr - ok
18:08:35.0015 3016 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOW\system32\drivers\Fs_Rec.sys
18:08:35.0406 3016 Fs_Rec - ok
18:08:35.0484 3016 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOW\system32\DRIVERS\ftdisk.sys
18:08:35.0796 3016 Ftdisk - ok
18:08:36.0000 3016 GarenaPEngine - ok
18:08:36.0109 3016 GGSAFERDriver - ok
18:08:36.0265 3016 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOW\system32\DRIVERS\msgpc.sys
18:08:36.0484 3016 Gpc - ok
18:08:36.0625 3016 hpn - ok
18:08:36.0734 3016 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOW\system32\Drivers\HTTP.sys
18:08:36.0859 3016 HTTP - ok
18:08:36.0968 3016 i2omgmt - ok
18:08:37.0031 3016 i2omp - ok
18:08:37.0296 3016 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOW\system32\DRIVERS\i8042prt.sys
18:08:37.0562 3016 i8042prt - ok
18:08:37.0734 3016 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOW\system32\DRIVERS\imapi.sys
18:08:37.0968 3016 Imapi - ok
18:08:38.0187 3016 ini910u - ok
18:08:38.0250 3016 IntelIde - ok
18:08:38.0359 3016 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOW\system32\DRIVERS\Ip6Fw.sys
18:08:38.0656 3016 Ip6Fw - ok
18:08:38.0859 3016 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOW\system32\DRIVERS\ipfltdrv.sys
18:08:39.0140 3016 IpFilterDriver - ok
18:08:39.0281 3016 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOW\system32\DRIVERS\ipinip.sys
18:08:39.0562 3016 IpInIp - ok
18:08:39.0703 3016 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOW\system32\DRIVERS\ipnat.sys
18:08:40.0000 3016 IpNat - ok
18:08:40.0156 3016 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOW\system32\DRIVERS\ipsec.sys
18:08:40.0421 3016 IPSec - ok
18:08:40.0578 3016 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOW\system32\DRIVERS\irenum.sys
18:08:40.0703 3016 IRENUM - ok
18:08:40.0937 3016 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOW\system32\DRIVERS\isapnp.sys
18:08:41.0203 3016 isapnp - ok
18:08:41.0406 3016 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOW\system32\DRIVERS\kbdclass.sys
18:08:41.0671 3016 Kbdclass - ok
18:08:41.0875 3016 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOW\system32\drivers\kmixer.sys
18:08:42.0156 3016 kmixer - ok
18:08:42.0359 3016 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOW\system32\drivers\KSecDD.sys
18:08:42.0453 3016 KSecDD - ok
18:08:42.0578 3016 lbrtfdc - ok
18:08:42.0687 3016 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOW\system32\drivers\mnmdd.sys
18:08:43.0015 3016 mnmdd - ok
18:08:43.0203 3016 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOW\system32\drivers\Modem.sys
18:08:43.0437 3016 Modem - ok
18:08:44.0406 3016 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOW\system32\DRIVERS\mouclass.sys
18:08:45.0000 3016 Mouclass - ok
18:08:45.0750 3016 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOW\system32\drivers\MountMgr.sys
18:08:46.0203 3016 MountMgr - ok
18:08:47.0500 3016 mraid35x - ok
18:08:47.0937 3016 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOW\system32\DRIVERS\mrxdav.sys
18:08:48.0515 3016 MRxDAV - ok
18:08:48.0796 3016 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOW\system32\DRIVERS\mrxsmb.sys
18:08:49.0187 3016 MRxSmb - ok
18:08:49.0359 3016 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOW\system32\drivers\Msfs.sys
18:08:49.0625 3016 Msfs - ok
18:08:49.0859 3016 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOW\system32\drivers\MSKSSRV.sys
18:08:50.0171 3016 MSKSSRV - ok
18:08:50.0437 3016 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOW\system32\drivers\MSPCLOCK.sys
18:08:50.0734 3016 MSPCLOCK - ok
18:08:51.0062 3016 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOW\system32\drivers\MSPQM.sys
18:08:51.0328 3016 MSPQM - ok
18:08:51.0718 3016 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOW\system32\DRIVERS\mssmbios.sys
18:08:52.0125 3016 mssmbios - ok
18:08:52.0625 3016 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOW\system32\drivers\Mup.sys
18:08:52.0968 3016 Mup - ok
18:08:53.0328 3016 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOW\system32\drivers\NDIS.sys
18:08:53.0750 3016 NDIS - ok
18:08:54.0062 3016 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOW\system32\DRIVERS\ndistapi.sys
18:08:54.0390 3016 NdisTapi - ok
18:08:54.0718 3016 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOW\system32\DRIVERS\ndisuio.sys
18:08:55.0031 3016 Ndisuio - ok
18:08:55.0296 3016 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOW\system32\DRIVERS\ndiswan.sys
18:08:55.0593 3016 NdisWan - ok
18:08:56.0031 3016 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOW\system32\drivers\NDProxy.sys
18:08:56.0359 3016 NDProxy - ok
18:08:56.0609 3016 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOW\system32\DRIVERS\netbios.sys
18:08:56.0828 3016 NetBIOS - ok
18:08:57.0062 3016 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOW\system32\DRIVERS\netbt.sys
18:08:57.0406 3016 NetBT - ok
18:08:57.0640 3016 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOW\system32\DRIVERS\nic1394.sys
18:08:57.0984 3016 NIC1394 - ok
18:08:58.0265 3016 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOW\system32\drivers\ccdcmb.sys
18:08:59.0593 3016 nmwcd - ok
18:08:59.0968 3016 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOW\system32\drivers\ccdcmbo.sys
18:09:00.0062 3016 nmwcdc - ok
18:09:00.0343 3016 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOW\system32\drivers\Npfs.sys
18:09:00.0625 3016 Npfs - ok
18:09:01.0125 3016 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOW\system32\drivers\Ntfs.sys
18:09:01.0562 3016 Ntfs - ok
18:09:01.0859 3016 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOW\system32\drivers\Null.sys
18:09:02.0203 3016 Null - ok
18:09:02.0484 3016 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOW\system32\DRIVERS\nwlnkflt.sys
18:09:02.0796 3016 NwlnkFlt - ok
18:09:02.0984 3016 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOW\system32\DRIVERS\nwlnkfwd.sys
18:09:03.0281 3016 NwlnkFwd - ok
18:09:03.0515 3016 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOW\system32\DRIVERS\ohci1394.sys
18:09:03.0750 3016 ohci1394 - ok
18:09:04.0062 3016 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOW\system32\DRIVERS\parport.sys
18:09:04.0390 3016 Parport - ok
18:09:04.0734 3016 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOW\system32\drivers\PartMgr.sys
18:09:04.0984 3016 PartMgr - ok
18:09:05.0265 3016 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOW\system32\drivers\ParVdm.sys
18:09:05.0531 3016 ParVdm - ok
18:09:05.0875 3016 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOW\system32\DRIVERS\pccsmcfd.sys
18:09:06.0015 3016 pccsmcfd - ok
18:09:06.0453 3016 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOW\system32\DRIVERS\pci.sys
18:09:06.0812 3016 PCI - ok
18:09:07.0062 3016 PCIDump - ok
18:09:07.0125 3016 PCIIde - ok
18:09:07.0265 3016 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOW\system32\drivers\Pcmcia.sys
18:09:07.0515 3016 Pcmcia - ok
18:09:07.0937 3016 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOW\system32\Drivers\pcouffin.sys
18:09:08.0015 3016 pcouffin ( UnsignedFile.Multi.Generic ) - warning
18:09:08.0015 3016 pcouffin - detected UnsignedFile.Multi.Generic (1)
18:09:08.0234 3016 PDCOMP - ok
18:09:08.0281 3016 PDFRAME - ok
18:09:08.0328 3016 PDRELI - ok
18:09:08.0562 3016 PDRFRAME - ok
18:09:08.0781 3016 perc2 - ok
18:09:08.0953 3016 perc2hib - ok
18:09:09.0203 3016 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOW\system32\DRIVERS\raspptp.sys
18:09:09.0468 3016 PptpMiniport - ok
18:09:09.0812 3016 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOW\system32\DRIVERS\psched.sys
18:09:10.0078 3016 PSched - ok
18:09:10.0390 3016 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOW\system32\DRIVERS\ptilink.sys
18:09:10.0656 3016 Ptilink - ok
18:09:10.0875 3016 ql1080 - ok
18:09:10.0937 3016 Ql10wnt - ok
18:09:10.0984 3016 ql12160 - ok
18:09:11.0062 3016 ql1240 - ok
18:09:11.0203 3016 ql1280 - ok
18:09:11.0265 3016 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOW\system32\DRIVERS\rasacd.sys
18:09:11.0500 3016 RasAcd - ok
18:09:11.0703 3016 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOW\system32\DRIVERS\rasl2tp.sys
18:09:11.0953 3016 Rasl2tp - ok
18:09:12.0140 3016 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOW\system32\DRIVERS\raspppoe.sys
18:09:12.0375 3016 RasPppoe - ok
18:09:12.0531 3016 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOW\system32\DRIVERS\raspti.sys
18:09:12.0734 3016 Raspti - ok
18:09:12.0921 3016 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOW\system32\DRIVERS\rdbss.sys
18:09:13.0218 3016 Rdbss - ok
18:09:13.0390 3016 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOW\system32\DRIVERS\RDPCDD.sys
18:09:13.0625 3016 RDPCDD - ok
18:09:13.0859 3016 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOW\system32\DRIVERS\rdpdr.sys
18:09:14.0093 3016 rdpdr - ok
18:09:14.0250 3016 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOW\system32\drivers\RDPWD.sys
18:09:14.0578 3016 RDPWD - ok
18:09:14.0859 3016 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOW\system32\DRIVERS\redbook.sys
18:09:15.0140 3016 redbook - ok
18:09:15.0328 3016 RTL8023 (29f9879a1fd386f7251ae9fdadb2cbf1) C:\WINDOW\system32\DRIVERS\Rtlnic51.sys
18:09:15.0500 3016 RTL8023 - ok
18:09:15.0718 3016 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOW\system32\DRIVERS\RTL8139.SYS
18:09:16.0031 3016 rtl8139 - ok
18:09:16.0187 3016 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOW\system32\DRIVERS\secdrv.sys
18:09:16.0281 3016 Secdrv ( UnsignedFile.Multi.Generic ) - warning
18:09:16.0281 3016 Secdrv - detected UnsignedFile.Multi.Generic (1)
18:09:16.0406 3016 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOW\system32\DRIVERS\serenum.sys
18:09:16.0625 3016 serenum - ok
18:09:16.0828 3016 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOW\system32\DRIVERS\serial.sys
18:09:17.0093 3016 Serial - ok
18:09:17.0296 3016 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOW\system32\drivers\sfdrv01.sys
18:09:17.0328 3016 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
18:09:17.0328 3016 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
18:09:17.0562 3016 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOW\system32\drivers\sfhlp02.sys
18:09:17.0625 3016 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
18:09:17.0625 3016 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
18:09:17.0937 3016 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOW\system32\drivers\Sfloppy.sys
18:09:18.0140 3016 Sfloppy - ok
18:09:18.0375 3016 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOW\system32\drivers\sfsync02.sys
18:09:18.0421 3016 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
18:09:18.0421 3016 sfsync02 - detected UnsignedFile.Multi.Generic (1)
18:09:18.0578 3016 Simbad - ok
18:09:18.0765 3016 Sparrow - ok
18:09:18.0875 3016 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOW\system32\drivers\splitter.sys
18:09:19.0140 3016 splitter - ok
18:09:19.0453 3016 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOW\system32\Drivers\sptd.sys
18:09:19.0453 3016 Suspicious file (NoAccess): C:\WINDOW\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
18:09:19.0453 3016 sptd ( LockedFile.Multi.Generic ) - warning
18:09:19.0453 3016 sptd - detected LockedFile.Multi.Generic (1)
18:09:19.0593 3016 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\WINDOW\system32\drivers\sp_rsdrv2.sys
18:09:19.0734 3016 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
18:09:19.0734 3016 sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
18:09:19.0875 3016 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOW\system32\DRIVERS\sr.sys
18:09:20.0000 3016 sr - ok
18:09:20.0203 3016 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOW\system32\DRIVERS\srv.sys
18:09:20.0375 3016 Srv - ok
18:09:20.0515 3016 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOW\system32\DRIVERS\swenum.sys
18:09:20.0718 3016 swenum - ok
18:09:20.0906 3016 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOW\system32\drivers\swmidi.sys
18:09:21.0218 3016 swmidi - ok
18:09:21.0406 3016 symc810 - ok
18:09:21.0437 3016 symc8xx - ok
18:09:21.0531 3016 sym_hi - ok
18:09:21.0562 3016 sym_u3 - ok
18:09:21.0625 3016 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOW\system32\drivers\sysaudio.sys
18:09:21.0843 3016 sysaudio - ok
18:09:22.0078 3016 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOW\system32\DRIVERS\tcpip.sys
18:09:22.0375 3016 Tcpip - ok
18:09:22.0625 3016 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOW\system32\drivers\TDPIPE.sys
18:09:22.0921 3016 TDPIPE - ok
18:09:23.0765 3016 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOW\system32\drivers\TDTCP.sys
18:09:23.0968 3016 TDTCP - ok
18:09:24.0187 3016 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOW\system32\DRIVERS\termdd.sys
18:09:24.0437 3016 TermDD - ok
18:09:24.0625 3016 TosIde - ok
18:09:24.0750 3016 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOW\system32\DRIVERS\uagp35.sys
18:09:24.0968 3016 uagp35 - ok
18:09:25.0156 3016 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOW\system32\drivers\Udfs.sys
18:09:25.0375 3016 Udfs - ok
18:09:25.0500 3016 ultra - ok
18:09:25.0671 3016 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOW\system32\DRIVERS\update.sys
18:09:25.0875 3016 Update - ok
18:09:26.0109 3016 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOW\system32\DRIVERS\usbser_lowerflt.sys
18:09:26.0218 3016 upperdev - ok
18:09:26.0390 3016 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOW\system32\DRIVERS\usbehci.sys
18:09:26.0718 3016 usbehci - ok
18:09:26.0937 3016 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOW\system32\DRIVERS\usbhub.sys
18:09:27.0203 3016 usbhub - ok
18:09:27.0390 3016 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOW\system32\DRIVERS\usbscan.sys
18:09:27.0625 3016 usbscan - ok
18:09:27.0796 3016 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOW\system32\drivers\usbser.sys
18:09:28.0000 3016 usbser - ok
18:09:28.0203 3016 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOW\system32\DRIVERS\usbser_lowerfltj.sys
18:09:28.0312 3016 UsbserFilt - ok
18:09:28.0578 3016 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOW\system32\DRIVERS\USBSTOR.SYS
18:09:28.0843 3016 USBSTOR - ok
18:09:29.0000 3016 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOW\system32\DRIVERS\usbuhci.sys
18:09:29.0265 3016 usbuhci - ok
18:09:29.0484 3016 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOW\System32\drivers\vga.sys
18:09:29.0734 3016 VgaSave - ok
18:09:29.0937 3016 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOW\system32\DRIVERS\viaagp1.sys
18:09:30.0015 3016 viaagp1 - ok
18:09:30.0125 3016 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOW\system32\DRIVERS\viaide.sys
18:09:30.0421 3016 ViaIde - ok
18:09:30.0640 3016 viasraid (1493f351e5a4b915fb5bbb735c14004b) C:\WINDOW\system32\DRIVERS\viasraid.sys
18:09:30.0718 3016 viasraid - ok
18:09:30.0875 3016 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOW\system32\drivers\VolSnap.sys
18:09:31.0078 3016 VolSnap - ok
18:09:31.0296 3016 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOW\system32\DRIVERS\wanarp.sys
18:09:31.0531 3016 Wanarp - ok
18:09:31.0718 3016 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOW\system32\Drivers\wdf01000.sys
18:09:31.0906 3016 Wdf01000 - ok
18:09:32.0109 3016 WDICA - ok
18:09:32.0265 3016 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOW\system32\drivers\wdmaud.sys
18:09:32.0515 3016 wdmaud - ok
18:09:32.0812 3016 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOW\system32\DRIVERS\WudfPf.sys
18:09:32.0890 3016 WudfPf - ok
18:09:33.0015 3016 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOW\system32\DRIVERS\wudfrd.sys
18:09:33.0109 3016 WudfRd - ok
18:09:33.0187 3016 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
18:09:33.0203 3016 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
18:09:33.0203 3016 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
18:09:35.0078 3016 Boot (0x1200) (5b6ff56d1b0fe060d6fc042a1d15f3c5) \Device\Harddisk0\DR0\Partition0
18:09:35.0078 3016 \Device\Harddisk0\DR0\Partition0 - ok
18:09:35.0093 3016 Boot (0x1200) (5d156674f1173f3e0b79bd17c7c273d0) \Device\Harddisk0\DR0\Partition1
18:09:35.0109 3016 \Device\Harddisk0\DR0\Partition1 - ok
18:09:35.0109 3016 ============================================================
18:09:35.0109 3016 Scan finished
18:09:35.0109 3016 ============================================================
18:09:35.0265 3284 Detected object count: 8
18:09:35.0265 3284 Actual detected object count: 8
18:09:45.0437 3284 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:09:45.0453 3284 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0453 3284 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0453 3284 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user
18:09:45.0453 3284 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
18:09:50.0593 3352 Deinitialize success
18:07:16.0703 3456 ============================================================
18:07:16.0703 3456 Current date / time: 2012/02/10 18:07:16.0703
18:07:16.0703 3456 SystemInfo:
18:07:16.0703 3456
18:07:16.0703 3456 OS Version: 5.1.2600 ServicePack: 2.0
18:07:16.0703 3456 Product type: Workstation
18:07:16.0703 3456 ComputerName: BRETA-3A020784F
18:07:16.0703 3456 UserName: breta
18:07:16.0703 3456 Windows directory: C:\WINDOW
18:07:16.0703 3456 System windows directory: C:\WINDOW
18:07:16.0703 3456 Processor architecture: Intel x86
18:07:16.0812 3456 Number of processors: 1
18:07:16.0812 3456 Page size: 0x1000
18:07:16.0812 3456 Boot type: Normal boot
18:07:16.0812 3456 ============================================================
18:07:20.0234 3456 Drive \Device\Harddisk0\DR0 - Size: 0x262AE80000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:07:20.0281 3456 \Device\Harddisk0\DR0:
18:07:20.0312 3456 MBR used
18:07:20.0312 3456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
18:07:20.0328 3456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0xF6B9CA9
18:07:20.0828 3456 Initialize success
18:07:20.0828 3456 ============================================================
18:08:10.0343 3016 ============================================================
18:08:10.0343 3016 Scan started
18:08:10.0343 3016 Mode: Manual; SigCheck; TDLFS;
18:08:10.0343 3016 ============================================================
18:08:11.0156 3016 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOW\system32\drivers\Aavmker4.sys
18:08:11.0390 3016 Aavmker4 - ok
18:08:11.0484 3016 Abiosdsk - ok
18:08:11.0546 3016 abp480n5 - ok
18:08:11.0656 3016 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOW\system32\DRIVERS\ACPI.sys
18:08:14.0343 3016 ACPI - ok
18:08:14.0500 3016 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOW\system32\drivers\ACPIEC.sys
18:08:14.0734 3016 ACPIEC - ok
18:08:14.0843 3016 adpu160m - ok
18:08:14.0921 3016 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOW\system32\drivers\aec.sys
18:08:15.0171 3016 aec - ok
18:08:15.0390 3016 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOW\System32\drivers\afd.sys
18:08:15.0500 3016 AFD - ok
18:08:15.0562 3016 Aha154x - ok
18:08:15.0671 3016 aic78u2 - ok
18:08:15.0718 3016 aic78xx - ok
18:08:16.0203 3016 ALCXWDM (d9026163ed32a13923a2c909897a6b87) C:\WINDOW\system32\drivers\ALCXWDM.SYS
18:08:19.0984 3016 ALCXWDM - ok
18:08:20.0078 3016 AliIde - ok
18:08:20.0156 3016 AmdK7 (2cc3bf45ac3180fe29c199bd95f09601) C:\WINDOW\system32\DRIVERS\amdk7.sys
18:08:20.0390 3016 AmdK7 - ok
18:08:20.0546 3016 amsint - ok
18:08:20.0828 3016 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOW\system32\DRIVERS\arp1394.sys
18:08:21.0203 3016 Arp1394 - ok
18:08:21.0328 3016 asc - ok
18:08:21.0375 3016 asc3350p - ok
18:08:21.0421 3016 asc3550 - ok
18:08:21.0546 3016 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOW\system32\drivers\aswFsBlk.sys
18:08:21.0562 3016 aswFsBlk - ok
18:08:21.0671 3016 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOW\system32\drivers\aswMon2.sys
18:08:21.0718 3016 aswMon2 - ok
18:08:21.0812 3016 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOW\system32\drivers\aswRdr.sys
18:08:21.0843 3016 aswRdr - ok
18:08:22.0187 3016 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOW\system32\drivers\aswSnx.sys
18:08:22.0250 3016 aswSnx - ok
18:08:22.0500 3016 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOW\system32\drivers\aswSP.sys
18:08:22.0546 3016 aswSP - ok
18:08:22.0703 3016 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOW\system32\drivers\aswTdi.sys
18:08:22.0703 3016 aswTdi - ok
18:08:22.0812 3016 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOW\system32\DRIVERS\asyncmac.sys
18:08:23.0109 3016 AsyncMac - ok
18:08:23.0359 3016 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOW\system32\DRIVERS\atapi.sys
18:08:23.0718 3016 atapi - ok
18:08:23.0828 3016 Atdisk - ok
18:08:23.0968 3016 ati2mtag (1e75fad9de6cd4d745d27347324649a8) C:\WINDOW\system32\DRIVERS\ati2mtag.sys
18:08:24.0375 3016 ati2mtag - ok
18:08:24.0515 3016 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOW\system32\DRIVERS\atmarpc.sys
18:08:24.0812 3016 Atmarpc - ok
18:08:25.0062 3016 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOW\system32\DRIVERS\audstub.sys
18:08:25.0312 3016 audstub - ok
18:08:25.0453 3016 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOW\system32\drivers\Beep.sys
18:08:25.0718 3016 Beep - ok
18:08:25.0875 3016 catchme - ok
18:08:25.0984 3016 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOW\system32\drivers\cbidf2k.sys
18:08:26.0390 3016 cbidf2k - ok
18:08:26.0562 3016 cd20xrnt - ok
18:08:26.0656 3016 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOW\system32\drivers\Cdaudio.sys
18:08:26.0875 3016 Cdaudio - ok
18:08:27.0359 3016 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOW\system32\drivers\Cdfs.sys
18:08:27.0625 3016 Cdfs - ok
18:08:27.0937 3016 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOW\system32\DRIVERS\cdrom.sys
18:08:28.0234 3016 Cdrom - ok
18:08:28.0390 3016 Changer - ok
18:08:28.0484 3016 CmdIde - ok
18:08:28.0656 3016 Cpqarray - ok
18:08:28.0703 3016 dac2w2k - ok
18:08:28.0796 3016 dac960nt - ok
18:08:28.0890 3016 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOW\system32\DRIVERS\disk.sys
18:08:29.0156 3016 Disk - ok
18:08:29.0484 3016 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOW\system32\drivers\dmboot.sys
18:08:29.0937 3016 dmboot - ok
18:08:30.0218 3016 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOW\system32\drivers\dmio.sys
18:08:30.0531 3016 dmio - ok
18:08:30.0718 3016 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOW\system32\drivers\dmload.sys
18:08:31.0265 3016 dmload - ok
18:08:31.0484 3016 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOW\system32\drivers\DMusic.sys
18:08:31.0765 3016 DMusic - ok
18:08:31.0890 3016 dpti2o - ok
18:08:31.0984 3016 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOW\system32\drivers\drmkaud.sys
18:08:32.0296 3016 drmkaud - ok
18:08:32.0562 3016 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOW\system32\drivers\Fastfat.sys
18:08:32.0843 3016 Fastfat - ok
18:08:33.0078 3016 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOW\system32\DRIVERS\fdc.sys
18:08:33.0421 3016 Fdc - ok
18:08:33.0687 3016 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOW\system32\drivers\Fips.sys
18:08:33.0921 3016 Fips - ok
18:08:34.0109 3016 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOW\system32\DRIVERS\flpydisk.sys
18:08:34.0359 3016 Flpydisk - ok
18:08:34.0562 3016 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOW\system32\DRIVERS\fltMgr.sys
18:08:34.0828 3016 FltMgr - ok
18:08:35.0015 3016 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOW\system32\drivers\Fs_Rec.sys
18:08:35.0406 3016 Fs_Rec - ok
18:08:35.0484 3016 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOW\system32\DRIVERS\ftdisk.sys
18:08:35.0796 3016 Ftdisk - ok
18:08:36.0000 3016 GarenaPEngine - ok
18:08:36.0109 3016 GGSAFERDriver - ok
18:08:36.0265 3016 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOW\system32\DRIVERS\msgpc.sys
18:08:36.0484 3016 Gpc - ok
18:08:36.0625 3016 hpn - ok
18:08:36.0734 3016 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOW\system32\Drivers\HTTP.sys
18:08:36.0859 3016 HTTP - ok
18:08:36.0968 3016 i2omgmt - ok
18:08:37.0031 3016 i2omp - ok
18:08:37.0296 3016 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOW\system32\DRIVERS\i8042prt.sys
18:08:37.0562 3016 i8042prt - ok
18:08:37.0734 3016 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOW\system32\DRIVERS\imapi.sys
18:08:37.0968 3016 Imapi - ok
18:08:38.0187 3016 ini910u - ok
18:08:38.0250 3016 IntelIde - ok
18:08:38.0359 3016 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOW\system32\DRIVERS\Ip6Fw.sys
18:08:38.0656 3016 Ip6Fw - ok
18:08:38.0859 3016 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOW\system32\DRIVERS\ipfltdrv.sys
18:08:39.0140 3016 IpFilterDriver - ok
18:08:39.0281 3016 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOW\system32\DRIVERS\ipinip.sys
18:08:39.0562 3016 IpInIp - ok
18:08:39.0703 3016 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOW\system32\DRIVERS\ipnat.sys
18:08:40.0000 3016 IpNat - ok
18:08:40.0156 3016 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOW\system32\DRIVERS\ipsec.sys
18:08:40.0421 3016 IPSec - ok
18:08:40.0578 3016 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOW\system32\DRIVERS\irenum.sys
18:08:40.0703 3016 IRENUM - ok
18:08:40.0937 3016 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOW\system32\DRIVERS\isapnp.sys
18:08:41.0203 3016 isapnp - ok
18:08:41.0406 3016 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOW\system32\DRIVERS\kbdclass.sys
18:08:41.0671 3016 Kbdclass - ok
18:08:41.0875 3016 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOW\system32\drivers\kmixer.sys
18:08:42.0156 3016 kmixer - ok
18:08:42.0359 3016 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOW\system32\drivers\KSecDD.sys
18:08:42.0453 3016 KSecDD - ok
18:08:42.0578 3016 lbrtfdc - ok
18:08:42.0687 3016 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOW\system32\drivers\mnmdd.sys
18:08:43.0015 3016 mnmdd - ok
18:08:43.0203 3016 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOW\system32\drivers\Modem.sys
18:08:43.0437 3016 Modem - ok
18:08:44.0406 3016 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOW\system32\DRIVERS\mouclass.sys
18:08:45.0000 3016 Mouclass - ok
18:08:45.0750 3016 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOW\system32\drivers\MountMgr.sys
18:08:46.0203 3016 MountMgr - ok
18:08:47.0500 3016 mraid35x - ok
18:08:47.0937 3016 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOW\system32\DRIVERS\mrxdav.sys
18:08:48.0515 3016 MRxDAV - ok
18:08:48.0796 3016 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOW\system32\DRIVERS\mrxsmb.sys
18:08:49.0187 3016 MRxSmb - ok
18:08:49.0359 3016 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOW\system32\drivers\Msfs.sys
18:08:49.0625 3016 Msfs - ok
18:08:49.0859 3016 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOW\system32\drivers\MSKSSRV.sys
18:08:50.0171 3016 MSKSSRV - ok
18:08:50.0437 3016 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOW\system32\drivers\MSPCLOCK.sys
18:08:50.0734 3016 MSPCLOCK - ok
18:08:51.0062 3016 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOW\system32\drivers\MSPQM.sys
18:08:51.0328 3016 MSPQM - ok
18:08:51.0718 3016 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOW\system32\DRIVERS\mssmbios.sys
18:08:52.0125 3016 mssmbios - ok
18:08:52.0625 3016 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOW\system32\drivers\Mup.sys
18:08:52.0968 3016 Mup - ok
18:08:53.0328 3016 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOW\system32\drivers\NDIS.sys
18:08:53.0750 3016 NDIS - ok
18:08:54.0062 3016 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOW\system32\DRIVERS\ndistapi.sys
18:08:54.0390 3016 NdisTapi - ok
18:08:54.0718 3016 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOW\system32\DRIVERS\ndisuio.sys
18:08:55.0031 3016 Ndisuio - ok
18:08:55.0296 3016 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOW\system32\DRIVERS\ndiswan.sys
18:08:55.0593 3016 NdisWan - ok
18:08:56.0031 3016 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOW\system32\drivers\NDProxy.sys
18:08:56.0359 3016 NDProxy - ok
18:08:56.0609 3016 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOW\system32\DRIVERS\netbios.sys
18:08:56.0828 3016 NetBIOS - ok
18:08:57.0062 3016 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOW\system32\DRIVERS\netbt.sys
18:08:57.0406 3016 NetBT - ok
18:08:57.0640 3016 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOW\system32\DRIVERS\nic1394.sys
18:08:57.0984 3016 NIC1394 - ok
18:08:58.0265 3016 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOW\system32\drivers\ccdcmb.sys
18:08:59.0593 3016 nmwcd - ok
18:08:59.0968 3016 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOW\system32\drivers\ccdcmbo.sys
18:09:00.0062 3016 nmwcdc - ok
18:09:00.0343 3016 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOW\system32\drivers\Npfs.sys
18:09:00.0625 3016 Npfs - ok
18:09:01.0125 3016 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOW\system32\drivers\Ntfs.sys
18:09:01.0562 3016 Ntfs - ok
18:09:01.0859 3016 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOW\system32\drivers\Null.sys
18:09:02.0203 3016 Null - ok
18:09:02.0484 3016 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOW\system32\DRIVERS\nwlnkflt.sys
18:09:02.0796 3016 NwlnkFlt - ok
18:09:02.0984 3016 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOW\system32\DRIVERS\nwlnkfwd.sys
18:09:03.0281 3016 NwlnkFwd - ok
18:09:03.0515 3016 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOW\system32\DRIVERS\ohci1394.sys
18:09:03.0750 3016 ohci1394 - ok
18:09:04.0062 3016 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOW\system32\DRIVERS\parport.sys
18:09:04.0390 3016 Parport - ok
18:09:04.0734 3016 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOW\system32\drivers\PartMgr.sys
18:09:04.0984 3016 PartMgr - ok
18:09:05.0265 3016 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOW\system32\drivers\ParVdm.sys
18:09:05.0531 3016 ParVdm - ok
18:09:05.0875 3016 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOW\system32\DRIVERS\pccsmcfd.sys
18:09:06.0015 3016 pccsmcfd - ok
18:09:06.0453 3016 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOW\system32\DRIVERS\pci.sys
18:09:06.0812 3016 PCI - ok
18:09:07.0062 3016 PCIDump - ok
18:09:07.0125 3016 PCIIde - ok
18:09:07.0265 3016 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOW\system32\drivers\Pcmcia.sys
18:09:07.0515 3016 Pcmcia - ok
18:09:07.0937 3016 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOW\system32\Drivers\pcouffin.sys
18:09:08.0015 3016 pcouffin ( UnsignedFile.Multi.Generic ) - warning
18:09:08.0015 3016 pcouffin - detected UnsignedFile.Multi.Generic (1)
18:09:08.0234 3016 PDCOMP - ok
18:09:08.0281 3016 PDFRAME - ok
18:09:08.0328 3016 PDRELI - ok
18:09:08.0562 3016 PDRFRAME - ok
18:09:08.0781 3016 perc2 - ok
18:09:08.0953 3016 perc2hib - ok
18:09:09.0203 3016 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOW\system32\DRIVERS\raspptp.sys
18:09:09.0468 3016 PptpMiniport - ok
18:09:09.0812 3016 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOW\system32\DRIVERS\psched.sys
18:09:10.0078 3016 PSched - ok
18:09:10.0390 3016 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOW\system32\DRIVERS\ptilink.sys
18:09:10.0656 3016 Ptilink - ok
18:09:10.0875 3016 ql1080 - ok
18:09:10.0937 3016 Ql10wnt - ok
18:09:10.0984 3016 ql12160 - ok
18:09:11.0062 3016 ql1240 - ok
18:09:11.0203 3016 ql1280 - ok
18:09:11.0265 3016 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOW\system32\DRIVERS\rasacd.sys
18:09:11.0500 3016 RasAcd - ok
18:09:11.0703 3016 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOW\system32\DRIVERS\rasl2tp.sys
18:09:11.0953 3016 Rasl2tp - ok
18:09:12.0140 3016 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOW\system32\DRIVERS\raspppoe.sys
18:09:12.0375 3016 RasPppoe - ok
18:09:12.0531 3016 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOW\system32\DRIVERS\raspti.sys
18:09:12.0734 3016 Raspti - ok
18:09:12.0921 3016 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOW\system32\DRIVERS\rdbss.sys
18:09:13.0218 3016 Rdbss - ok
18:09:13.0390 3016 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOW\system32\DRIVERS\RDPCDD.sys
18:09:13.0625 3016 RDPCDD - ok
18:09:13.0859 3016 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOW\system32\DRIVERS\rdpdr.sys
18:09:14.0093 3016 rdpdr - ok
18:09:14.0250 3016 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOW\system32\drivers\RDPWD.sys
18:09:14.0578 3016 RDPWD - ok
18:09:14.0859 3016 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOW\system32\DRIVERS\redbook.sys
18:09:15.0140 3016 redbook - ok
18:09:15.0328 3016 RTL8023 (29f9879a1fd386f7251ae9fdadb2cbf1) C:\WINDOW\system32\DRIVERS\Rtlnic51.sys
18:09:15.0500 3016 RTL8023 - ok
18:09:15.0718 3016 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOW\system32\DRIVERS\RTL8139.SYS
18:09:16.0031 3016 rtl8139 - ok
18:09:16.0187 3016 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOW\system32\DRIVERS\secdrv.sys
18:09:16.0281 3016 Secdrv ( UnsignedFile.Multi.Generic ) - warning
18:09:16.0281 3016 Secdrv - detected UnsignedFile.Multi.Generic (1)
18:09:16.0406 3016 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOW\system32\DRIVERS\serenum.sys
18:09:16.0625 3016 serenum - ok
18:09:16.0828 3016 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOW\system32\DRIVERS\serial.sys
18:09:17.0093 3016 Serial - ok
18:09:17.0296 3016 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOW\system32\drivers\sfdrv01.sys
18:09:17.0328 3016 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
18:09:17.0328 3016 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
18:09:17.0562 3016 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOW\system32\drivers\sfhlp02.sys
18:09:17.0625 3016 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
18:09:17.0625 3016 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
18:09:17.0937 3016 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOW\system32\drivers\Sfloppy.sys
18:09:18.0140 3016 Sfloppy - ok
18:09:18.0375 3016 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOW\system32\drivers\sfsync02.sys
18:09:18.0421 3016 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
18:09:18.0421 3016 sfsync02 - detected UnsignedFile.Multi.Generic (1)
18:09:18.0578 3016 Simbad - ok
18:09:18.0765 3016 Sparrow - ok
18:09:18.0875 3016 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOW\system32\drivers\splitter.sys
18:09:19.0140 3016 splitter - ok
18:09:19.0453 3016 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOW\system32\Drivers\sptd.sys
18:09:19.0453 3016 Suspicious file (NoAccess): C:\WINDOW\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
18:09:19.0453 3016 sptd ( LockedFile.Multi.Generic ) - warning
18:09:19.0453 3016 sptd - detected LockedFile.Multi.Generic (1)
18:09:19.0593 3016 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\WINDOW\system32\drivers\sp_rsdrv2.sys
18:09:19.0734 3016 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
18:09:19.0734 3016 sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
18:09:19.0875 3016 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOW\system32\DRIVERS\sr.sys
18:09:20.0000 3016 sr - ok
18:09:20.0203 3016 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOW\system32\DRIVERS\srv.sys
18:09:20.0375 3016 Srv - ok
18:09:20.0515 3016 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOW\system32\DRIVERS\swenum.sys
18:09:20.0718 3016 swenum - ok
18:09:20.0906 3016 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOW\system32\drivers\swmidi.sys
18:09:21.0218 3016 swmidi - ok
18:09:21.0406 3016 symc810 - ok
18:09:21.0437 3016 symc8xx - ok
18:09:21.0531 3016 sym_hi - ok
18:09:21.0562 3016 sym_u3 - ok
18:09:21.0625 3016 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOW\system32\drivers\sysaudio.sys
18:09:21.0843 3016 sysaudio - ok
18:09:22.0078 3016 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOW\system32\DRIVERS\tcpip.sys
18:09:22.0375 3016 Tcpip - ok
18:09:22.0625 3016 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOW\system32\drivers\TDPIPE.sys
18:09:22.0921 3016 TDPIPE - ok
18:09:23.0765 3016 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOW\system32\drivers\TDTCP.sys
18:09:23.0968 3016 TDTCP - ok
18:09:24.0187 3016 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOW\system32\DRIVERS\termdd.sys
18:09:24.0437 3016 TermDD - ok
18:09:24.0625 3016 TosIde - ok
18:09:24.0750 3016 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOW\system32\DRIVERS\uagp35.sys
18:09:24.0968 3016 uagp35 - ok
18:09:25.0156 3016 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOW\system32\drivers\Udfs.sys
18:09:25.0375 3016 Udfs - ok
18:09:25.0500 3016 ultra - ok
18:09:25.0671 3016 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOW\system32\DRIVERS\update.sys
18:09:25.0875 3016 Update - ok
18:09:26.0109 3016 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOW\system32\DRIVERS\usbser_lowerflt.sys
18:09:26.0218 3016 upperdev - ok
18:09:26.0390 3016 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOW\system32\DRIVERS\usbehci.sys
18:09:26.0718 3016 usbehci - ok
18:09:26.0937 3016 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOW\system32\DRIVERS\usbhub.sys
18:09:27.0203 3016 usbhub - ok
18:09:27.0390 3016 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOW\system32\DRIVERS\usbscan.sys
18:09:27.0625 3016 usbscan - ok
18:09:27.0796 3016 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOW\system32\drivers\usbser.sys
18:09:28.0000 3016 usbser - ok
18:09:28.0203 3016 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOW\system32\DRIVERS\usbser_lowerfltj.sys
18:09:28.0312 3016 UsbserFilt - ok
18:09:28.0578 3016 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOW\system32\DRIVERS\USBSTOR.SYS
18:09:28.0843 3016 USBSTOR - ok
18:09:29.0000 3016 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOW\system32\DRIVERS\usbuhci.sys
18:09:29.0265 3016 usbuhci - ok
18:09:29.0484 3016 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOW\System32\drivers\vga.sys
18:09:29.0734 3016 VgaSave - ok
18:09:29.0937 3016 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOW\system32\DRIVERS\viaagp1.sys
18:09:30.0015 3016 viaagp1 - ok
18:09:30.0125 3016 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOW\system32\DRIVERS\viaide.sys
18:09:30.0421 3016 ViaIde - ok
18:09:30.0640 3016 viasraid (1493f351e5a4b915fb5bbb735c14004b) C:\WINDOW\system32\DRIVERS\viasraid.sys
18:09:30.0718 3016 viasraid - ok
18:09:30.0875 3016 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOW\system32\drivers\VolSnap.sys
18:09:31.0078 3016 VolSnap - ok
18:09:31.0296 3016 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOW\system32\DRIVERS\wanarp.sys
18:09:31.0531 3016 Wanarp - ok
18:09:31.0718 3016 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOW\system32\Drivers\wdf01000.sys
18:09:31.0906 3016 Wdf01000 - ok
18:09:32.0109 3016 WDICA - ok
18:09:32.0265 3016 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOW\system32\drivers\wdmaud.sys
18:09:32.0515 3016 wdmaud - ok
18:09:32.0812 3016 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOW\system32\DRIVERS\WudfPf.sys
18:09:32.0890 3016 WudfPf - ok
18:09:33.0015 3016 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOW\system32\DRIVERS\wudfrd.sys
18:09:33.0109 3016 WudfRd - ok
18:09:33.0187 3016 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
18:09:33.0203 3016 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
18:09:33.0203 3016 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
18:09:35.0078 3016 Boot (0x1200) (5b6ff56d1b0fe060d6fc042a1d15f3c5) \Device\Harddisk0\DR0\Partition0
18:09:35.0078 3016 \Device\Harddisk0\DR0\Partition0 - ok
18:09:35.0093 3016 Boot (0x1200) (5d156674f1173f3e0b79bd17c7c273d0) \Device\Harddisk0\DR0\Partition1
18:09:35.0109 3016 \Device\Harddisk0\DR0\Partition1 - ok
18:09:35.0109 3016 ============================================================
18:09:35.0109 3016 Scan finished
18:09:35.0109 3016 ============================================================
18:09:35.0265 3284 Detected object count: 8
18:09:35.0265 3284 Actual detected object count: 8
18:09:45.0437 3284 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:09:45.0453 3284 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0453 3284 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0453 3284 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user
18:09:45.0453 3284 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
18:09:50.0593 3352 Deinitialize success
Re: rootkit mbr: physicaldrived (rootkit skyryty boot sektro
18:07:16.0203 3456 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
18:07:16.0703 3456 ============================================================
18:07:16.0703 3456 Current date / time: 2012/02/10 18:07:16.0703
18:07:16.0703 3456 SystemInfo:
18:07:16.0703 3456
18:07:16.0703 3456 OS Version: 5.1.2600 ServicePack: 2.0
18:07:16.0703 3456 Product type: Workstation
18:07:16.0703 3456 ComputerName: BRETA-3A020784F
18:07:16.0703 3456 UserName: breta
18:07:16.0703 3456 Windows directory: C:\WINDOW
18:07:16.0703 3456 System windows directory: C:\WINDOW
18:07:16.0703 3456 Processor architecture: Intel x86
18:07:16.0812 3456 Number of processors: 1
18:07:16.0812 3456 Page size: 0x1000
18:07:16.0812 3456 Boot type: Normal boot
18:07:16.0812 3456 ============================================================
18:07:20.0234 3456 Drive \Device\Harddisk0\DR0 - Size: 0x262AE80000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:07:20.0281 3456 \Device\Harddisk0\DR0:
18:07:20.0312 3456 MBR used
18:07:20.0312 3456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
18:07:20.0328 3456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0xF6B9CA9
18:07:20.0828 3456 Initialize success
18:07:20.0828 3456 ============================================================
18:08:10.0343 3016 ============================================================
18:08:10.0343 3016 Scan started
18:08:10.0343 3016 Mode: Manual; SigCheck; TDLFS;
18:08:10.0343 3016 ============================================================
18:08:11.0156 3016 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOW\system32\drivers\Aavmker4.sys
18:08:11.0390 3016 Aavmker4 - ok
18:08:11.0484 3016 Abiosdsk - ok
18:08:11.0546 3016 abp480n5 - ok
18:08:11.0656 3016 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOW\system32\DRIVERS\ACPI.sys
18:08:14.0343 3016 ACPI - ok
18:08:14.0500 3016 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOW\system32\drivers\ACPIEC.sys
18:08:14.0734 3016 ACPIEC - ok
18:08:14.0843 3016 adpu160m - ok
18:08:14.0921 3016 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOW\system32\drivers\aec.sys
18:08:15.0171 3016 aec - ok
18:08:15.0390 3016 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOW\System32\drivers\afd.sys
18:08:15.0500 3016 AFD - ok
18:08:15.0562 3016 Aha154x - ok
18:08:15.0671 3016 aic78u2 - ok
18:08:15.0718 3016 aic78xx - ok
18:08:16.0203 3016 ALCXWDM (d9026163ed32a13923a2c909897a6b87) C:\WINDOW\system32\drivers\ALCXWDM.SYS
18:08:19.0984 3016 ALCXWDM - ok
18:08:20.0078 3016 AliIde - ok
18:08:20.0156 3016 AmdK7 (2cc3bf45ac3180fe29c199bd95f09601) C:\WINDOW\system32\DRIVERS\amdk7.sys
18:08:20.0390 3016 AmdK7 - ok
18:08:20.0546 3016 amsint - ok
18:08:20.0828 3016 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOW\system32\DRIVERS\arp1394.sys
18:08:21.0203 3016 Arp1394 - ok
18:08:21.0328 3016 asc - ok
18:08:21.0375 3016 asc3350p - ok
18:08:21.0421 3016 asc3550 - ok
18:08:21.0546 3016 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOW\system32\drivers\aswFsBlk.sys
18:08:21.0562 3016 aswFsBlk - ok
18:08:21.0671 3016 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOW\system32\drivers\aswMon2.sys
18:08:21.0718 3016 aswMon2 - ok
18:08:21.0812 3016 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOW\system32\drivers\aswRdr.sys
18:08:21.0843 3016 aswRdr - ok
18:08:22.0187 3016 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOW\system32\drivers\aswSnx.sys
18:08:22.0250 3016 aswSnx - ok
18:08:22.0500 3016 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOW\system32\drivers\aswSP.sys
18:08:22.0546 3016 aswSP - ok
18:08:22.0703 3016 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOW\system32\drivers\aswTdi.sys
18:08:22.0703 3016 aswTdi - ok
18:08:22.0812 3016 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOW\system32\DRIVERS\asyncmac.sys
18:08:23.0109 3016 AsyncMac - ok
18:08:23.0359 3016 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOW\system32\DRIVERS\atapi.sys
18:08:23.0718 3016 atapi - ok
18:08:23.0828 3016 Atdisk - ok
18:08:23.0968 3016 ati2mtag (1e75fad9de6cd4d745d27347324649a8) C:\WINDOW\system32\DRIVERS\ati2mtag.sys
18:08:24.0375 3016 ati2mtag - ok
18:08:24.0515 3016 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOW\system32\DRIVERS\atmarpc.sys
18:08:24.0812 3016 Atmarpc - ok
18:08:25.0062 3016 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOW\system32\DRIVERS\audstub.sys
18:08:25.0312 3016 audstub - ok
18:08:25.0453 3016 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOW\system32\drivers\Beep.sys
18:08:25.0718 3016 Beep - ok
18:08:25.0875 3016 catchme - ok
18:08:25.0984 3016 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOW\system32\drivers\cbidf2k.sys
18:08:26.0390 3016 cbidf2k - ok
18:08:26.0562 3016 cd20xrnt - ok
18:08:26.0656 3016 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOW\system32\drivers\Cdaudio.sys
18:08:26.0875 3016 Cdaudio - ok
18:08:27.0359 3016 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOW\system32\drivers\Cdfs.sys
18:08:27.0625 3016 Cdfs - ok
18:08:27.0937 3016 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOW\system32\DRIVERS\cdrom.sys
18:08:28.0234 3016 Cdrom - ok
18:08:28.0390 3016 Changer - ok
18:08:28.0484 3016 CmdIde - ok
18:08:28.0656 3016 Cpqarray - ok
18:08:28.0703 3016 dac2w2k - ok
18:08:28.0796 3016 dac960nt - ok
18:08:28.0890 3016 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOW\system32\DRIVERS\disk.sys
18:08:29.0156 3016 Disk - ok
18:08:29.0484 3016 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOW\system32\drivers\dmboot.sys
18:08:29.0937 3016 dmboot - ok
18:08:30.0218 3016 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOW\system32\drivers\dmio.sys
18:08:30.0531 3016 dmio - ok
18:08:30.0718 3016 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOW\system32\drivers\dmload.sys
18:08:31.0265 3016 dmload - ok
18:08:31.0484 3016 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOW\system32\drivers\DMusic.sys
18:08:31.0765 3016 DMusic - ok
18:08:31.0890 3016 dpti2o - ok
18:08:31.0984 3016 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOW\system32\drivers\drmkaud.sys
18:08:32.0296 3016 drmkaud - ok
18:08:32.0562 3016 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOW\system32\drivers\Fastfat.sys
18:08:32.0843 3016 Fastfat - ok
18:08:33.0078 3016 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOW\system32\DRIVERS\fdc.sys
18:08:33.0421 3016 Fdc - ok
18:08:33.0687 3016 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOW\system32\drivers\Fips.sys
18:08:33.0921 3016 Fips - ok
18:08:34.0109 3016 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOW\system32\DRIVERS\flpydisk.sys
18:08:34.0359 3016 Flpydisk - ok
18:08:34.0562 3016 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOW\system32\DRIVERS\fltMgr.sys
18:08:34.0828 3016 FltMgr - ok
18:08:35.0015 3016 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOW\system32\drivers\Fs_Rec.sys
18:08:35.0406 3016 Fs_Rec - ok
18:08:35.0484 3016 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOW\system32\DRIVERS\ftdisk.sys
18:08:35.0796 3016 Ftdisk - ok
18:08:36.0000 3016 GarenaPEngine - ok
18:08:36.0109 3016 GGSAFERDriver - ok
18:08:36.0265 3016 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOW\system32\DRIVERS\msgpc.sys
18:08:36.0484 3016 Gpc - ok
18:08:36.0625 3016 hpn - ok
18:08:36.0734 3016 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOW\system32\Drivers\HTTP.sys
18:08:36.0859 3016 HTTP - ok
18:08:36.0968 3016 i2omgmt - ok
18:08:37.0031 3016 i2omp - ok
18:08:37.0296 3016 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOW\system32\DRIVERS\i8042prt.sys
18:08:37.0562 3016 i8042prt - ok
18:08:37.0734 3016 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOW\system32\DRIVERS\imapi.sys
18:08:37.0968 3016 Imapi - ok
18:08:38.0187 3016 ini910u - ok
18:08:38.0250 3016 IntelIde - ok
18:08:38.0359 3016 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOW\system32\DRIVERS\Ip6Fw.sys
18:08:38.0656 3016 Ip6Fw - ok
18:08:38.0859 3016 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOW\system32\DRIVERS\ipfltdrv.sys
18:08:39.0140 3016 IpFilterDriver - ok
18:08:39.0281 3016 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOW\system32\DRIVERS\ipinip.sys
18:08:39.0562 3016 IpInIp - ok
18:08:39.0703 3016 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOW\system32\DRIVERS\ipnat.sys
18:08:40.0000 3016 IpNat - ok
18:08:40.0156 3016 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOW\system32\DRIVERS\ipsec.sys
18:08:40.0421 3016 IPSec - ok
18:08:40.0578 3016 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOW\system32\DRIVERS\irenum.sys
18:08:40.0703 3016 IRENUM - ok
18:08:40.0937 3016 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOW\system32\DRIVERS\isapnp.sys
18:08:41.0203 3016 isapnp - ok
18:08:41.0406 3016 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOW\system32\DRIVERS\kbdclass.sys
18:08:41.0671 3016 Kbdclass - ok
18:08:41.0875 3016 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOW\system32\drivers\kmixer.sys
18:08:42.0156 3016 kmixer - ok
18:08:42.0359 3016 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOW\system32\drivers\KSecDD.sys
18:08:42.0453 3016 KSecDD - ok
18:08:42.0578 3016 lbrtfdc - ok
18:08:42.0687 3016 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOW\system32\drivers\mnmdd.sys
18:08:43.0015 3016 mnmdd - ok
18:08:43.0203 3016 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOW\system32\drivers\Modem.sys
18:08:43.0437 3016 Modem - ok
18:08:44.0406 3016 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOW\system32\DRIVERS\mouclass.sys
18:08:45.0000 3016 Mouclass - ok
18:08:45.0750 3016 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOW\system32\drivers\MountMgr.sys
18:08:46.0203 3016 MountMgr - ok
18:08:47.0500 3016 mraid35x - ok
18:08:47.0937 3016 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOW\system32\DRIVERS\mrxdav.sys
18:08:48.0515 3016 MRxDAV - ok
18:08:48.0796 3016 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOW\system32\DRIVERS\mrxsmb.sys
18:08:49.0187 3016 MRxSmb - ok
18:08:49.0359 3016 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOW\system32\drivers\Msfs.sys
18:08:49.0625 3016 Msfs - ok
18:08:49.0859 3016 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOW\system32\drivers\MSKSSRV.sys
18:08:50.0171 3016 MSKSSRV - ok
18:08:50.0437 3016 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOW\system32\drivers\MSPCLOCK.sys
18:08:50.0734 3016 MSPCLOCK - ok
18:08:51.0062 3016 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOW\system32\drivers\MSPQM.sys
18:08:51.0328 3016 MSPQM - ok
18:08:51.0718 3016 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOW\system32\DRIVERS\mssmbios.sys
18:08:52.0125 3016 mssmbios - ok
18:08:52.0625 3016 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOW\system32\drivers\Mup.sys
18:08:52.0968 3016 Mup - ok
18:08:53.0328 3016 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOW\system32\drivers\NDIS.sys
18:08:53.0750 3016 NDIS - ok
18:08:54.0062 3016 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOW\system32\DRIVERS\ndistapi.sys
18:08:54.0390 3016 NdisTapi - ok
18:08:54.0718 3016 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOW\system32\DRIVERS\ndisuio.sys
18:08:55.0031 3016 Ndisuio - ok
18:08:55.0296 3016 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOW\system32\DRIVERS\ndiswan.sys
18:08:55.0593 3016 NdisWan - ok
18:08:56.0031 3016 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOW\system32\drivers\NDProxy.sys
18:08:56.0359 3016 NDProxy - ok
18:08:56.0609 3016 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOW\system32\DRIVERS\netbios.sys
18:08:56.0828 3016 NetBIOS - ok
18:08:57.0062 3016 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOW\system32\DRIVERS\netbt.sys
18:08:57.0406 3016 NetBT - ok
18:08:57.0640 3016 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOW\system32\DRIVERS\nic1394.sys
18:08:57.0984 3016 NIC1394 - ok
18:08:58.0265 3016 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOW\system32\drivers\ccdcmb.sys
18:08:59.0593 3016 nmwcd - ok
18:08:59.0968 3016 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOW\system32\drivers\ccdcmbo.sys
18:09:00.0062 3016 nmwcdc - ok
18:09:00.0343 3016 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOW\system32\drivers\Npfs.sys
18:09:00.0625 3016 Npfs - ok
18:09:01.0125 3016 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOW\system32\drivers\Ntfs.sys
18:09:01.0562 3016 Ntfs - ok
18:09:01.0859 3016 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOW\system32\drivers\Null.sys
18:09:02.0203 3016 Null - ok
18:09:02.0484 3016 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOW\system32\DRIVERS\nwlnkflt.sys
18:09:02.0796 3016 NwlnkFlt - ok
18:09:02.0984 3016 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOW\system32\DRIVERS\nwlnkfwd.sys
18:09:03.0281 3016 NwlnkFwd - ok
18:09:03.0515 3016 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOW\system32\DRIVERS\ohci1394.sys
18:09:03.0750 3016 ohci1394 - ok
18:09:04.0062 3016 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOW\system32\DRIVERS\parport.sys
18:09:04.0390 3016 Parport - ok
18:09:04.0734 3016 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOW\system32\drivers\PartMgr.sys
18:09:04.0984 3016 PartMgr - ok
18:09:05.0265 3016 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOW\system32\drivers\ParVdm.sys
18:09:05.0531 3016 ParVdm - ok
18:09:05.0875 3016 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOW\system32\DRIVERS\pccsmcfd.sys
18:09:06.0015 3016 pccsmcfd - ok
18:09:06.0453 3016 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOW\system32\DRIVERS\pci.sys
18:09:06.0812 3016 PCI - ok
18:09:07.0062 3016 PCIDump - ok
18:09:07.0125 3016 PCIIde - ok
18:09:07.0265 3016 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOW\system32\drivers\Pcmcia.sys
18:09:07.0515 3016 Pcmcia - ok
18:09:07.0937 3016 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOW\system32\Drivers\pcouffin.sys
18:09:08.0015 3016 pcouffin ( UnsignedFile.Multi.Generic ) - warning
18:09:08.0015 3016 pcouffin - detected UnsignedFile.Multi.Generic (1)
18:09:08.0234 3016 PDCOMP - ok
18:09:08.0281 3016 PDFRAME - ok
18:09:08.0328 3016 PDRELI - ok
18:09:08.0562 3016 PDRFRAME - ok
18:09:08.0781 3016 perc2 - ok
18:09:08.0953 3016 perc2hib - ok
18:09:09.0203 3016 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOW\system32\DRIVERS\raspptp.sys
18:09:09.0468 3016 PptpMiniport - ok
18:09:09.0812 3016 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOW\system32\DRIVERS\psched.sys
18:09:10.0078 3016 PSched - ok
18:09:10.0390 3016 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOW\system32\DRIVERS\ptilink.sys
18:09:10.0656 3016 Ptilink - ok
18:09:10.0875 3016 ql1080 - ok
18:09:10.0937 3016 Ql10wnt - ok
18:09:10.0984 3016 ql12160 - ok
18:09:11.0062 3016 ql1240 - ok
18:09:11.0203 3016 ql1280 - ok
18:09:11.0265 3016 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOW\system32\DRIVERS\rasacd.sys
18:09:11.0500 3016 RasAcd - ok
18:09:11.0703 3016 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOW\system32\DRIVERS\rasl2tp.sys
18:09:11.0953 3016 Rasl2tp - ok
18:09:12.0140 3016 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOW\system32\DRIVERS\raspppoe.sys
18:09:12.0375 3016 RasPppoe - ok
18:09:12.0531 3016 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOW\system32\DRIVERS\raspti.sys
18:09:12.0734 3016 Raspti - ok
18:09:12.0921 3016 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOW\system32\DRIVERS\rdbss.sys
18:09:13.0218 3016 Rdbss - ok
18:09:13.0390 3016 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOW\system32\DRIVERS\RDPCDD.sys
18:09:13.0625 3016 RDPCDD - ok
18:09:13.0859 3016 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOW\system32\DRIVERS\rdpdr.sys
18:09:14.0093 3016 rdpdr - ok
18:09:14.0250 3016 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOW\system32\drivers\RDPWD.sys
18:09:14.0578 3016 RDPWD - ok
18:09:14.0859 3016 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOW\system32\DRIVERS\redbook.sys
18:09:15.0140 3016 redbook - ok
18:09:15.0328 3016 RTL8023 (29f9879a1fd386f7251ae9fdadb2cbf1) C:\WINDOW\system32\DRIVERS\Rtlnic51.sys
18:09:15.0500 3016 RTL8023 - ok
18:09:15.0718 3016 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOW\system32\DRIVERS\RTL8139.SYS
18:09:16.0031 3016 rtl8139 - ok
18:09:16.0187 3016 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOW\system32\DRIVERS\secdrv.sys
18:09:16.0281 3016 Secdrv ( UnsignedFile.Multi.Generic ) - warning
18:09:16.0281 3016 Secdrv - detected UnsignedFile.Multi.Generic (1)
18:09:16.0406 3016 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOW\system32\DRIVERS\serenum.sys
18:09:16.0625 3016 serenum - ok
18:09:16.0828 3016 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOW\system32\DRIVERS\serial.sys
18:09:17.0093 3016 Serial - ok
18:09:17.0296 3016 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOW\system32\drivers\sfdrv01.sys
18:09:17.0328 3016 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
18:09:17.0328 3016 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
18:09:17.0562 3016 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOW\system32\drivers\sfhlp02.sys
18:09:17.0625 3016 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
18:09:17.0625 3016 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
18:09:17.0937 3016 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOW\system32\drivers\Sfloppy.sys
18:09:18.0140 3016 Sfloppy - ok
18:09:18.0375 3016 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOW\system32\drivers\sfsync02.sys
18:09:18.0421 3016 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
18:09:18.0421 3016 sfsync02 - detected UnsignedFile.Multi.Generic (1)
18:09:18.0578 3016 Simbad - ok
18:09:18.0765 3016 Sparrow - ok
18:09:18.0875 3016 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOW\system32\drivers\splitter.sys
18:09:19.0140 3016 splitter - ok
18:09:19.0453 3016 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOW\system32\Drivers\sptd.sys
18:09:19.0453 3016 Suspicious file (NoAccess): C:\WINDOW\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
18:09:19.0453 3016 sptd ( LockedFile.Multi.Generic ) - warning
18:09:19.0453 3016 sptd - detected LockedFile.Multi.Generic (1)
18:09:19.0593 3016 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\WINDOW\system32\drivers\sp_rsdrv2.sys
18:09:19.0734 3016 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
18:09:19.0734 3016 sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
18:09:19.0875 3016 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOW\system32\DRIVERS\sr.sys
18:09:20.0000 3016 sr - ok
18:09:20.0203 3016 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOW\system32\DRIVERS\srv.sys
18:09:20.0375 3016 Srv - ok
18:09:20.0515 3016 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOW\system32\DRIVERS\swenum.sys
18:09:20.0718 3016 swenum - ok
18:09:20.0906 3016 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOW\system32\drivers\swmidi.sys
18:09:21.0218 3016 swmidi - ok
18:09:21.0406 3016 symc810 - ok
18:09:21.0437 3016 symc8xx - ok
18:09:21.0531 3016 sym_hi - ok
18:09:21.0562 3016 sym_u3 - ok
18:09:21.0625 3016 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOW\system32\drivers\sysaudio.sys
18:09:21.0843 3016 sysaudio - ok
18:09:22.0078 3016 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOW\system32\DRIVERS\tcpip.sys
18:09:22.0375 3016 Tcpip - ok
18:09:22.0625 3016 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOW\system32\drivers\TDPIPE.sys
18:09:22.0921 3016 TDPIPE - ok
18:09:23.0765 3016 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOW\system32\drivers\TDTCP.sys
18:09:23.0968 3016 TDTCP - ok
18:09:24.0187 3016 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOW\system32\DRIVERS\termdd.sys
18:09:24.0437 3016 TermDD - ok
18:09:24.0625 3016 TosIde - ok
18:09:24.0750 3016 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOW\system32\DRIVERS\uagp35.sys
18:09:24.0968 3016 uagp35 - ok
18:09:25.0156 3016 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOW\system32\drivers\Udfs.sys
18:09:25.0375 3016 Udfs - ok
18:09:25.0500 3016 ultra - ok
18:09:25.0671 3016 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOW\system32\DRIVERS\update.sys
18:09:25.0875 3016 Update - ok
18:09:26.0109 3016 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOW\system32\DRIVERS\usbser_lowerflt.sys
18:09:26.0218 3016 upperdev - ok
18:09:26.0390 3016 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOW\system32\DRIVERS\usbehci.sys
18:09:26.0718 3016 usbehci - ok
18:09:26.0937 3016 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOW\system32\DRIVERS\usbhub.sys
18:09:27.0203 3016 usbhub - ok
18:09:27.0390 3016 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOW\system32\DRIVERS\usbscan.sys
18:09:27.0625 3016 usbscan - ok
18:09:27.0796 3016 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOW\system32\drivers\usbser.sys
18:09:28.0000 3016 usbser - ok
18:09:28.0203 3016 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOW\system32\DRIVERS\usbser_lowerfltj.sys
18:09:28.0312 3016 UsbserFilt - ok
18:09:28.0578 3016 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOW\system32\DRIVERS\USBSTOR.SYS
18:09:28.0843 3016 USBSTOR - ok
18:09:29.0000 3016 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOW\system32\DRIVERS\usbuhci.sys
18:09:29.0265 3016 usbuhci - ok
18:09:29.0484 3016 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOW\System32\drivers\vga.sys
18:09:29.0734 3016 VgaSave - ok
18:09:29.0937 3016 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOW\system32\DRIVERS\viaagp1.sys
18:09:30.0015 3016 viaagp1 - ok
18:09:30.0125 3016 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOW\system32\DRIVERS\viaide.sys
18:09:30.0421 3016 ViaIde - ok
18:09:30.0640 3016 viasraid (1493f351e5a4b915fb5bbb735c14004b) C:\WINDOW\system32\DRIVERS\viasraid.sys
18:09:30.0718 3016 viasraid - ok
18:09:30.0875 3016 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOW\system32\drivers\VolSnap.sys
18:09:31.0078 3016 VolSnap - ok
18:09:31.0296 3016 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOW\system32\DRIVERS\wanarp.sys
18:09:31.0531 3016 Wanarp - ok
18:09:31.0718 3016 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOW\system32\Drivers\wdf01000.sys
18:09:31.0906 3016 Wdf01000 - ok
18:09:32.0109 3016 WDICA - ok
18:09:32.0265 3016 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOW\system32\drivers\wdmaud.sys
18:09:32.0515 3016 wdmaud - ok
18:09:32.0812 3016 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOW\system32\DRIVERS\WudfPf.sys
18:09:32.0890 3016 WudfPf - ok
18:09:33.0015 3016 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOW\system32\DRIVERS\wudfrd.sys
18:09:33.0109 3016 WudfRd - ok
18:09:33.0187 3016 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
18:09:33.0203 3016 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
18:09:33.0203 3016 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
18:09:35.0078 3016 Boot (0x1200) (5b6ff56d1b0fe060d6fc042a1d15f3c5) \Device\Harddisk0\DR0\Partition0
18:09:35.0078 3016 \Device\Harddisk0\DR0\Partition0 - ok
18:09:35.0093 3016 Boot (0x1200) (5d156674f1173f3e0b79bd17c7c273d0) \Device\Harddisk0\DR0\Partition1
18:09:35.0109 3016 \Device\Harddisk0\DR0\Partition1 - ok
18:09:35.0109 3016 ============================================================
18:09:35.0109 3016 Scan finished
18:09:35.0109 3016 ============================================================
18:09:35.0265 3284 Detected object count: 8
18:09:35.0265 3284 Actual detected object count: 8
18:09:45.0437 3284 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:09:45.0453 3284 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0453 3284 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0453 3284 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user
18:09:45.0453 3284 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
18:09:50.0593 3352 Deinitialize success
18:07:16.0703 3456 ============================================================
18:07:16.0703 3456 Current date / time: 2012/02/10 18:07:16.0703
18:07:16.0703 3456 SystemInfo:
18:07:16.0703 3456
18:07:16.0703 3456 OS Version: 5.1.2600 ServicePack: 2.0
18:07:16.0703 3456 Product type: Workstation
18:07:16.0703 3456 ComputerName: BRETA-3A020784F
18:07:16.0703 3456 UserName: breta
18:07:16.0703 3456 Windows directory: C:\WINDOW
18:07:16.0703 3456 System windows directory: C:\WINDOW
18:07:16.0703 3456 Processor architecture: Intel x86
18:07:16.0812 3456 Number of processors: 1
18:07:16.0812 3456 Page size: 0x1000
18:07:16.0812 3456 Boot type: Normal boot
18:07:16.0812 3456 ============================================================
18:07:20.0234 3456 Drive \Device\Harddisk0\DR0 - Size: 0x262AE80000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:07:20.0281 3456 \Device\Harddisk0\DR0:
18:07:20.0312 3456 MBR used
18:07:20.0312 3456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
18:07:20.0328 3456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0xF6B9CA9
18:07:20.0828 3456 Initialize success
18:07:20.0828 3456 ============================================================
18:08:10.0343 3016 ============================================================
18:08:10.0343 3016 Scan started
18:08:10.0343 3016 Mode: Manual; SigCheck; TDLFS;
18:08:10.0343 3016 ============================================================
18:08:11.0156 3016 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOW\system32\drivers\Aavmker4.sys
18:08:11.0390 3016 Aavmker4 - ok
18:08:11.0484 3016 Abiosdsk - ok
18:08:11.0546 3016 abp480n5 - ok
18:08:11.0656 3016 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOW\system32\DRIVERS\ACPI.sys
18:08:14.0343 3016 ACPI - ok
18:08:14.0500 3016 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOW\system32\drivers\ACPIEC.sys
18:08:14.0734 3016 ACPIEC - ok
18:08:14.0843 3016 adpu160m - ok
18:08:14.0921 3016 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOW\system32\drivers\aec.sys
18:08:15.0171 3016 aec - ok
18:08:15.0390 3016 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOW\System32\drivers\afd.sys
18:08:15.0500 3016 AFD - ok
18:08:15.0562 3016 Aha154x - ok
18:08:15.0671 3016 aic78u2 - ok
18:08:15.0718 3016 aic78xx - ok
18:08:16.0203 3016 ALCXWDM (d9026163ed32a13923a2c909897a6b87) C:\WINDOW\system32\drivers\ALCXWDM.SYS
18:08:19.0984 3016 ALCXWDM - ok
18:08:20.0078 3016 AliIde - ok
18:08:20.0156 3016 AmdK7 (2cc3bf45ac3180fe29c199bd95f09601) C:\WINDOW\system32\DRIVERS\amdk7.sys
18:08:20.0390 3016 AmdK7 - ok
18:08:20.0546 3016 amsint - ok
18:08:20.0828 3016 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOW\system32\DRIVERS\arp1394.sys
18:08:21.0203 3016 Arp1394 - ok
18:08:21.0328 3016 asc - ok
18:08:21.0375 3016 asc3350p - ok
18:08:21.0421 3016 asc3550 - ok
18:08:21.0546 3016 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOW\system32\drivers\aswFsBlk.sys
18:08:21.0562 3016 aswFsBlk - ok
18:08:21.0671 3016 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOW\system32\drivers\aswMon2.sys
18:08:21.0718 3016 aswMon2 - ok
18:08:21.0812 3016 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOW\system32\drivers\aswRdr.sys
18:08:21.0843 3016 aswRdr - ok
18:08:22.0187 3016 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOW\system32\drivers\aswSnx.sys
18:08:22.0250 3016 aswSnx - ok
18:08:22.0500 3016 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOW\system32\drivers\aswSP.sys
18:08:22.0546 3016 aswSP - ok
18:08:22.0703 3016 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOW\system32\drivers\aswTdi.sys
18:08:22.0703 3016 aswTdi - ok
18:08:22.0812 3016 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOW\system32\DRIVERS\asyncmac.sys
18:08:23.0109 3016 AsyncMac - ok
18:08:23.0359 3016 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOW\system32\DRIVERS\atapi.sys
18:08:23.0718 3016 atapi - ok
18:08:23.0828 3016 Atdisk - ok
18:08:23.0968 3016 ati2mtag (1e75fad9de6cd4d745d27347324649a8) C:\WINDOW\system32\DRIVERS\ati2mtag.sys
18:08:24.0375 3016 ati2mtag - ok
18:08:24.0515 3016 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOW\system32\DRIVERS\atmarpc.sys
18:08:24.0812 3016 Atmarpc - ok
18:08:25.0062 3016 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOW\system32\DRIVERS\audstub.sys
18:08:25.0312 3016 audstub - ok
18:08:25.0453 3016 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOW\system32\drivers\Beep.sys
18:08:25.0718 3016 Beep - ok
18:08:25.0875 3016 catchme - ok
18:08:25.0984 3016 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOW\system32\drivers\cbidf2k.sys
18:08:26.0390 3016 cbidf2k - ok
18:08:26.0562 3016 cd20xrnt - ok
18:08:26.0656 3016 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOW\system32\drivers\Cdaudio.sys
18:08:26.0875 3016 Cdaudio - ok
18:08:27.0359 3016 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOW\system32\drivers\Cdfs.sys
18:08:27.0625 3016 Cdfs - ok
18:08:27.0937 3016 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOW\system32\DRIVERS\cdrom.sys
18:08:28.0234 3016 Cdrom - ok
18:08:28.0390 3016 Changer - ok
18:08:28.0484 3016 CmdIde - ok
18:08:28.0656 3016 Cpqarray - ok
18:08:28.0703 3016 dac2w2k - ok
18:08:28.0796 3016 dac960nt - ok
18:08:28.0890 3016 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOW\system32\DRIVERS\disk.sys
18:08:29.0156 3016 Disk - ok
18:08:29.0484 3016 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOW\system32\drivers\dmboot.sys
18:08:29.0937 3016 dmboot - ok
18:08:30.0218 3016 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOW\system32\drivers\dmio.sys
18:08:30.0531 3016 dmio - ok
18:08:30.0718 3016 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOW\system32\drivers\dmload.sys
18:08:31.0265 3016 dmload - ok
18:08:31.0484 3016 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOW\system32\drivers\DMusic.sys
18:08:31.0765 3016 DMusic - ok
18:08:31.0890 3016 dpti2o - ok
18:08:31.0984 3016 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOW\system32\drivers\drmkaud.sys
18:08:32.0296 3016 drmkaud - ok
18:08:32.0562 3016 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOW\system32\drivers\Fastfat.sys
18:08:32.0843 3016 Fastfat - ok
18:08:33.0078 3016 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOW\system32\DRIVERS\fdc.sys
18:08:33.0421 3016 Fdc - ok
18:08:33.0687 3016 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOW\system32\drivers\Fips.sys
18:08:33.0921 3016 Fips - ok
18:08:34.0109 3016 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOW\system32\DRIVERS\flpydisk.sys
18:08:34.0359 3016 Flpydisk - ok
18:08:34.0562 3016 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOW\system32\DRIVERS\fltMgr.sys
18:08:34.0828 3016 FltMgr - ok
18:08:35.0015 3016 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOW\system32\drivers\Fs_Rec.sys
18:08:35.0406 3016 Fs_Rec - ok
18:08:35.0484 3016 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOW\system32\DRIVERS\ftdisk.sys
18:08:35.0796 3016 Ftdisk - ok
18:08:36.0000 3016 GarenaPEngine - ok
18:08:36.0109 3016 GGSAFERDriver - ok
18:08:36.0265 3016 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOW\system32\DRIVERS\msgpc.sys
18:08:36.0484 3016 Gpc - ok
18:08:36.0625 3016 hpn - ok
18:08:36.0734 3016 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOW\system32\Drivers\HTTP.sys
18:08:36.0859 3016 HTTP - ok
18:08:36.0968 3016 i2omgmt - ok
18:08:37.0031 3016 i2omp - ok
18:08:37.0296 3016 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOW\system32\DRIVERS\i8042prt.sys
18:08:37.0562 3016 i8042prt - ok
18:08:37.0734 3016 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOW\system32\DRIVERS\imapi.sys
18:08:37.0968 3016 Imapi - ok
18:08:38.0187 3016 ini910u - ok
18:08:38.0250 3016 IntelIde - ok
18:08:38.0359 3016 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOW\system32\DRIVERS\Ip6Fw.sys
18:08:38.0656 3016 Ip6Fw - ok
18:08:38.0859 3016 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOW\system32\DRIVERS\ipfltdrv.sys
18:08:39.0140 3016 IpFilterDriver - ok
18:08:39.0281 3016 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOW\system32\DRIVERS\ipinip.sys
18:08:39.0562 3016 IpInIp - ok
18:08:39.0703 3016 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOW\system32\DRIVERS\ipnat.sys
18:08:40.0000 3016 IpNat - ok
18:08:40.0156 3016 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOW\system32\DRIVERS\ipsec.sys
18:08:40.0421 3016 IPSec - ok
18:08:40.0578 3016 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOW\system32\DRIVERS\irenum.sys
18:08:40.0703 3016 IRENUM - ok
18:08:40.0937 3016 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOW\system32\DRIVERS\isapnp.sys
18:08:41.0203 3016 isapnp - ok
18:08:41.0406 3016 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOW\system32\DRIVERS\kbdclass.sys
18:08:41.0671 3016 Kbdclass - ok
18:08:41.0875 3016 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOW\system32\drivers\kmixer.sys
18:08:42.0156 3016 kmixer - ok
18:08:42.0359 3016 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOW\system32\drivers\KSecDD.sys
18:08:42.0453 3016 KSecDD - ok
18:08:42.0578 3016 lbrtfdc - ok
18:08:42.0687 3016 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOW\system32\drivers\mnmdd.sys
18:08:43.0015 3016 mnmdd - ok
18:08:43.0203 3016 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOW\system32\drivers\Modem.sys
18:08:43.0437 3016 Modem - ok
18:08:44.0406 3016 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOW\system32\DRIVERS\mouclass.sys
18:08:45.0000 3016 Mouclass - ok
18:08:45.0750 3016 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOW\system32\drivers\MountMgr.sys
18:08:46.0203 3016 MountMgr - ok
18:08:47.0500 3016 mraid35x - ok
18:08:47.0937 3016 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOW\system32\DRIVERS\mrxdav.sys
18:08:48.0515 3016 MRxDAV - ok
18:08:48.0796 3016 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOW\system32\DRIVERS\mrxsmb.sys
18:08:49.0187 3016 MRxSmb - ok
18:08:49.0359 3016 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOW\system32\drivers\Msfs.sys
18:08:49.0625 3016 Msfs - ok
18:08:49.0859 3016 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOW\system32\drivers\MSKSSRV.sys
18:08:50.0171 3016 MSKSSRV - ok
18:08:50.0437 3016 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOW\system32\drivers\MSPCLOCK.sys
18:08:50.0734 3016 MSPCLOCK - ok
18:08:51.0062 3016 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOW\system32\drivers\MSPQM.sys
18:08:51.0328 3016 MSPQM - ok
18:08:51.0718 3016 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOW\system32\DRIVERS\mssmbios.sys
18:08:52.0125 3016 mssmbios - ok
18:08:52.0625 3016 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOW\system32\drivers\Mup.sys
18:08:52.0968 3016 Mup - ok
18:08:53.0328 3016 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOW\system32\drivers\NDIS.sys
18:08:53.0750 3016 NDIS - ok
18:08:54.0062 3016 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOW\system32\DRIVERS\ndistapi.sys
18:08:54.0390 3016 NdisTapi - ok
18:08:54.0718 3016 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOW\system32\DRIVERS\ndisuio.sys
18:08:55.0031 3016 Ndisuio - ok
18:08:55.0296 3016 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOW\system32\DRIVERS\ndiswan.sys
18:08:55.0593 3016 NdisWan - ok
18:08:56.0031 3016 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOW\system32\drivers\NDProxy.sys
18:08:56.0359 3016 NDProxy - ok
18:08:56.0609 3016 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOW\system32\DRIVERS\netbios.sys
18:08:56.0828 3016 NetBIOS - ok
18:08:57.0062 3016 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOW\system32\DRIVERS\netbt.sys
18:08:57.0406 3016 NetBT - ok
18:08:57.0640 3016 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOW\system32\DRIVERS\nic1394.sys
18:08:57.0984 3016 NIC1394 - ok
18:08:58.0265 3016 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOW\system32\drivers\ccdcmb.sys
18:08:59.0593 3016 nmwcd - ok
18:08:59.0968 3016 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOW\system32\drivers\ccdcmbo.sys
18:09:00.0062 3016 nmwcdc - ok
18:09:00.0343 3016 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOW\system32\drivers\Npfs.sys
18:09:00.0625 3016 Npfs - ok
18:09:01.0125 3016 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOW\system32\drivers\Ntfs.sys
18:09:01.0562 3016 Ntfs - ok
18:09:01.0859 3016 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOW\system32\drivers\Null.sys
18:09:02.0203 3016 Null - ok
18:09:02.0484 3016 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOW\system32\DRIVERS\nwlnkflt.sys
18:09:02.0796 3016 NwlnkFlt - ok
18:09:02.0984 3016 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOW\system32\DRIVERS\nwlnkfwd.sys
18:09:03.0281 3016 NwlnkFwd - ok
18:09:03.0515 3016 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOW\system32\DRIVERS\ohci1394.sys
18:09:03.0750 3016 ohci1394 - ok
18:09:04.0062 3016 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOW\system32\DRIVERS\parport.sys
18:09:04.0390 3016 Parport - ok
18:09:04.0734 3016 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOW\system32\drivers\PartMgr.sys
18:09:04.0984 3016 PartMgr - ok
18:09:05.0265 3016 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOW\system32\drivers\ParVdm.sys
18:09:05.0531 3016 ParVdm - ok
18:09:05.0875 3016 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOW\system32\DRIVERS\pccsmcfd.sys
18:09:06.0015 3016 pccsmcfd - ok
18:09:06.0453 3016 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOW\system32\DRIVERS\pci.sys
18:09:06.0812 3016 PCI - ok
18:09:07.0062 3016 PCIDump - ok
18:09:07.0125 3016 PCIIde - ok
18:09:07.0265 3016 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOW\system32\drivers\Pcmcia.sys
18:09:07.0515 3016 Pcmcia - ok
18:09:07.0937 3016 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOW\system32\Drivers\pcouffin.sys
18:09:08.0015 3016 pcouffin ( UnsignedFile.Multi.Generic ) - warning
18:09:08.0015 3016 pcouffin - detected UnsignedFile.Multi.Generic (1)
18:09:08.0234 3016 PDCOMP - ok
18:09:08.0281 3016 PDFRAME - ok
18:09:08.0328 3016 PDRELI - ok
18:09:08.0562 3016 PDRFRAME - ok
18:09:08.0781 3016 perc2 - ok
18:09:08.0953 3016 perc2hib - ok
18:09:09.0203 3016 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOW\system32\DRIVERS\raspptp.sys
18:09:09.0468 3016 PptpMiniport - ok
18:09:09.0812 3016 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOW\system32\DRIVERS\psched.sys
18:09:10.0078 3016 PSched - ok
18:09:10.0390 3016 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOW\system32\DRIVERS\ptilink.sys
18:09:10.0656 3016 Ptilink - ok
18:09:10.0875 3016 ql1080 - ok
18:09:10.0937 3016 Ql10wnt - ok
18:09:10.0984 3016 ql12160 - ok
18:09:11.0062 3016 ql1240 - ok
18:09:11.0203 3016 ql1280 - ok
18:09:11.0265 3016 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOW\system32\DRIVERS\rasacd.sys
18:09:11.0500 3016 RasAcd - ok
18:09:11.0703 3016 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOW\system32\DRIVERS\rasl2tp.sys
18:09:11.0953 3016 Rasl2tp - ok
18:09:12.0140 3016 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOW\system32\DRIVERS\raspppoe.sys
18:09:12.0375 3016 RasPppoe - ok
18:09:12.0531 3016 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOW\system32\DRIVERS\raspti.sys
18:09:12.0734 3016 Raspti - ok
18:09:12.0921 3016 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOW\system32\DRIVERS\rdbss.sys
18:09:13.0218 3016 Rdbss - ok
18:09:13.0390 3016 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOW\system32\DRIVERS\RDPCDD.sys
18:09:13.0625 3016 RDPCDD - ok
18:09:13.0859 3016 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOW\system32\DRIVERS\rdpdr.sys
18:09:14.0093 3016 rdpdr - ok
18:09:14.0250 3016 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOW\system32\drivers\RDPWD.sys
18:09:14.0578 3016 RDPWD - ok
18:09:14.0859 3016 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOW\system32\DRIVERS\redbook.sys
18:09:15.0140 3016 redbook - ok
18:09:15.0328 3016 RTL8023 (29f9879a1fd386f7251ae9fdadb2cbf1) C:\WINDOW\system32\DRIVERS\Rtlnic51.sys
18:09:15.0500 3016 RTL8023 - ok
18:09:15.0718 3016 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOW\system32\DRIVERS\RTL8139.SYS
18:09:16.0031 3016 rtl8139 - ok
18:09:16.0187 3016 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOW\system32\DRIVERS\secdrv.sys
18:09:16.0281 3016 Secdrv ( UnsignedFile.Multi.Generic ) - warning
18:09:16.0281 3016 Secdrv - detected UnsignedFile.Multi.Generic (1)
18:09:16.0406 3016 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOW\system32\DRIVERS\serenum.sys
18:09:16.0625 3016 serenum - ok
18:09:16.0828 3016 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOW\system32\DRIVERS\serial.sys
18:09:17.0093 3016 Serial - ok
18:09:17.0296 3016 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOW\system32\drivers\sfdrv01.sys
18:09:17.0328 3016 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
18:09:17.0328 3016 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
18:09:17.0562 3016 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOW\system32\drivers\sfhlp02.sys
18:09:17.0625 3016 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
18:09:17.0625 3016 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
18:09:17.0937 3016 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOW\system32\drivers\Sfloppy.sys
18:09:18.0140 3016 Sfloppy - ok
18:09:18.0375 3016 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOW\system32\drivers\sfsync02.sys
18:09:18.0421 3016 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
18:09:18.0421 3016 sfsync02 - detected UnsignedFile.Multi.Generic (1)
18:09:18.0578 3016 Simbad - ok
18:09:18.0765 3016 Sparrow - ok
18:09:18.0875 3016 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOW\system32\drivers\splitter.sys
18:09:19.0140 3016 splitter - ok
18:09:19.0453 3016 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOW\system32\Drivers\sptd.sys
18:09:19.0453 3016 Suspicious file (NoAccess): C:\WINDOW\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
18:09:19.0453 3016 sptd ( LockedFile.Multi.Generic ) - warning
18:09:19.0453 3016 sptd - detected LockedFile.Multi.Generic (1)
18:09:19.0593 3016 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\WINDOW\system32\drivers\sp_rsdrv2.sys
18:09:19.0734 3016 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
18:09:19.0734 3016 sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
18:09:19.0875 3016 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOW\system32\DRIVERS\sr.sys
18:09:20.0000 3016 sr - ok
18:09:20.0203 3016 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOW\system32\DRIVERS\srv.sys
18:09:20.0375 3016 Srv - ok
18:09:20.0515 3016 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOW\system32\DRIVERS\swenum.sys
18:09:20.0718 3016 swenum - ok
18:09:20.0906 3016 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOW\system32\drivers\swmidi.sys
18:09:21.0218 3016 swmidi - ok
18:09:21.0406 3016 symc810 - ok
18:09:21.0437 3016 symc8xx - ok
18:09:21.0531 3016 sym_hi - ok
18:09:21.0562 3016 sym_u3 - ok
18:09:21.0625 3016 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOW\system32\drivers\sysaudio.sys
18:09:21.0843 3016 sysaudio - ok
18:09:22.0078 3016 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOW\system32\DRIVERS\tcpip.sys
18:09:22.0375 3016 Tcpip - ok
18:09:22.0625 3016 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOW\system32\drivers\TDPIPE.sys
18:09:22.0921 3016 TDPIPE - ok
18:09:23.0765 3016 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOW\system32\drivers\TDTCP.sys
18:09:23.0968 3016 TDTCP - ok
18:09:24.0187 3016 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOW\system32\DRIVERS\termdd.sys
18:09:24.0437 3016 TermDD - ok
18:09:24.0625 3016 TosIde - ok
18:09:24.0750 3016 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOW\system32\DRIVERS\uagp35.sys
18:09:24.0968 3016 uagp35 - ok
18:09:25.0156 3016 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOW\system32\drivers\Udfs.sys
18:09:25.0375 3016 Udfs - ok
18:09:25.0500 3016 ultra - ok
18:09:25.0671 3016 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOW\system32\DRIVERS\update.sys
18:09:25.0875 3016 Update - ok
18:09:26.0109 3016 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOW\system32\DRIVERS\usbser_lowerflt.sys
18:09:26.0218 3016 upperdev - ok
18:09:26.0390 3016 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOW\system32\DRIVERS\usbehci.sys
18:09:26.0718 3016 usbehci - ok
18:09:26.0937 3016 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOW\system32\DRIVERS\usbhub.sys
18:09:27.0203 3016 usbhub - ok
18:09:27.0390 3016 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOW\system32\DRIVERS\usbscan.sys
18:09:27.0625 3016 usbscan - ok
18:09:27.0796 3016 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOW\system32\drivers\usbser.sys
18:09:28.0000 3016 usbser - ok
18:09:28.0203 3016 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOW\system32\DRIVERS\usbser_lowerfltj.sys
18:09:28.0312 3016 UsbserFilt - ok
18:09:28.0578 3016 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOW\system32\DRIVERS\USBSTOR.SYS
18:09:28.0843 3016 USBSTOR - ok
18:09:29.0000 3016 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOW\system32\DRIVERS\usbuhci.sys
18:09:29.0265 3016 usbuhci - ok
18:09:29.0484 3016 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOW\System32\drivers\vga.sys
18:09:29.0734 3016 VgaSave - ok
18:09:29.0937 3016 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOW\system32\DRIVERS\viaagp1.sys
18:09:30.0015 3016 viaagp1 - ok
18:09:30.0125 3016 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOW\system32\DRIVERS\viaide.sys
18:09:30.0421 3016 ViaIde - ok
18:09:30.0640 3016 viasraid (1493f351e5a4b915fb5bbb735c14004b) C:\WINDOW\system32\DRIVERS\viasraid.sys
18:09:30.0718 3016 viasraid - ok
18:09:30.0875 3016 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOW\system32\drivers\VolSnap.sys
18:09:31.0078 3016 VolSnap - ok
18:09:31.0296 3016 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOW\system32\DRIVERS\wanarp.sys
18:09:31.0531 3016 Wanarp - ok
18:09:31.0718 3016 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOW\system32\Drivers\wdf01000.sys
18:09:31.0906 3016 Wdf01000 - ok
18:09:32.0109 3016 WDICA - ok
18:09:32.0265 3016 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOW\system32\drivers\wdmaud.sys
18:09:32.0515 3016 wdmaud - ok
18:09:32.0812 3016 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOW\system32\DRIVERS\WudfPf.sys
18:09:32.0890 3016 WudfPf - ok
18:09:33.0015 3016 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOW\system32\DRIVERS\wudfrd.sys
18:09:33.0109 3016 WudfRd - ok
18:09:33.0187 3016 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
18:09:33.0203 3016 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
18:09:33.0203 3016 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
18:09:35.0078 3016 Boot (0x1200) (5b6ff56d1b0fe060d6fc042a1d15f3c5) \Device\Harddisk0\DR0\Partition0
18:09:35.0078 3016 \Device\Harddisk0\DR0\Partition0 - ok
18:09:35.0093 3016 Boot (0x1200) (5d156674f1173f3e0b79bd17c7c273d0) \Device\Harddisk0\DR0\Partition1
18:09:35.0109 3016 \Device\Harddisk0\DR0\Partition1 - ok
18:09:35.0109 3016 ============================================================
18:09:35.0109 3016 Scan finished
18:09:35.0109 3016 ============================================================
18:09:35.0265 3284 Detected object count: 8
18:09:35.0265 3284 Actual detected object count: 8
18:09:45.0437 3284 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0437 3284 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:09:45.0437 3284 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:09:45.0453 3284 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:45.0453 3284 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:45.0453 3284 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user
18:09:45.0453 3284 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
18:09:50.0593 3352 Deinitialize success
Přispějete na provoz fóra?