Dobrý den,
prosím o kontrolu logu. Párkrát se mi seknul a vypnul, i sám od sebe v průběhu práce. Zobrazují se mi divné stránky (zaplatit pro odblokování notebooku 100 dolarů, do emailu mi chodí ruský spam). Často jsem stahoval torenty z ruských stránek. Nyní mám program na torenty smazaný. Myslím, že to je z toho. Děkuji za pomoc.
Logfile of random's system information tool 1.09 (written by random/random)
Run by oem at 2012-02-29 12:36:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 267 GB (88%) free of 305 GB
Total RAM: 2975 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:36:06, on 29.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17108)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\extras\Vista Drive Icon\DrvIcon.exe
C:\Program Files\extras\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Launch Manager\LManager.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\PLFSetL.exe
C:\WINDOWS\PLFSetI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\oem\Plocha\RSIT.exe
C:\Program Files\trend micro\oem.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.3.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Vista D I] C:\Program Files\extras\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\extras\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.cz/cz.special-uninstalla ... er=9.0.894
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\oem\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\oem\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Služba Google Update (gupdate1ca88a037f522fc) (gupdate1ca88a037f522fc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
--
End of file - 10414 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\oem\Data aplikací\Mozilla\Firefox\Profiles\acmtm6o3.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, jqs@sun.com:1.0, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216, {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.27"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852]
"Description"=RealMedia Plugin
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662]
"Description"=RealPlayer Version Plugin
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46]
"Description"=6.0.12.46
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
nppdf32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
avg_igeared.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\oem\Data aplikací\Mozilla\Firefox\Profiles\acmtm6o3.default\extensions\
staged-xpis
{20a82645-c095-46ed-80e3-08825760534b}
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2)
C:\Documents and Settings\oem\Data aplikací\Mozilla\Firefox\Profiles\acmtm6o3.default\searchplugins\
conduit.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-02-28 192112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17 3855520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-15 1003576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.3.dll [2011-01-19 1175152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-02-28 192112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2008-12-26 77312]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"Vista D I"=C:\Program Files\extras\Vista Drive Icon\DrvIcon.exe [2008-04-13 49152]
"DrvIcon"=C:\Program Files\extras\Vista Drive Icon\DrvIcon.exe [2008-04-13 49152]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-09-03 1067528]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-04-29 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-04-29 173592]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-04-29 142872]
"PLFSetL"=C:\WINDOWS\PLFSetL.exe [2007-07-05 94208]
"PLFSetI"=C:\WINDOWS\PLFSetI.exe [2007-10-23 200704]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-02 281768]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2011-09-17 126976]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.cz/cz.special-uninstalla ... er=9.0.894 []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-10-21 433872]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2011-01-19 489584]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe /MINIMIZED []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-12-19 40960]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"=C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe [2011-09-15 669936]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-04-22 206848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-12-14 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Windows XP Ultimate 2009\Windows XP Ultimate 2009.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Windows XP Ultimate 2009.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux2"=wdmaud.drv
======List of files/folders created in the last 1 month======
2012-02-28 08:50:18 ----SHD---- C:\RECYCLER
2012-02-27 21:32:55 ----A---- C:\ComboFix.txt
2012-02-27 21:12:48 ----A---- C:\Boot.bak
2012-02-27 21:12:40 ----RASHD---- C:\cmdcons
2012-02-27 21:10:48 ----A---- C:\WINDOWS\zip.exe
2012-02-27 21:10:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-02-27 21:10:48 ----A---- C:\WINDOWS\SWSC.exe
2012-02-27 21:10:48 ----A---- C:\WINDOWS\SWREG.exe
2012-02-27 21:10:48 ----A---- C:\WINDOWS\sed.exe
2012-02-27 21:10:48 ----A---- C:\WINDOWS\PEV.exe
2012-02-27 21:10:48 ----A---- C:\WINDOWS\NIRCMD.exe
2012-02-27 21:10:48 ----A---- C:\WINDOWS\MBR.exe
2012-02-27 21:10:48 ----A---- C:\WINDOWS\grep.exe
2012-02-27 21:10:40 ----D---- C:\WINDOWS\ERDNT
2012-02-27 21:10:35 ----D---- C:\Qoobox
2012-02-27 18:23:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-02-27 18:23:32 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-02-27 15:29:09 ----DC---- C:\Documents and Settings\All Users\Data aplikací\{EF63305C-BAD7-4144-9208-D65528260864}
2012-02-15 17:16:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-15 17:16:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-15 14:07:37 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-01-31 16:22:12 ----A---- C:\WINDOWS\system32\drivers\L6PODX3LV.sys
======List of files/folders modified in the last 1 month======
2012-02-29 12:36:06 ----D---- C:\Program Files\trend micro
2012-02-29 11:57:38 ----D---- C:\Program Files\Mozilla Firefox
2012-02-29 11:46:17 ----D---- C:\WINDOWS\Temp
2012-02-29 11:44:18 ----D---- C:\WINDOWS\Prefetch
2012-02-29 11:43:02 ----RD---- C:\Program Files
2012-02-29 11:42:55 ----D---- C:\Documents and Settings\oem\Data aplikací\uTorrent
2012-02-29 11:42:02 ----D---- C:\WINDOWS\Registration
2012-02-29 11:41:38 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-29 11:41:17 ----D---- C:\WINDOWS
2012-02-29 11:39:07 ----D---- C:\WINDOWS\system32\drivers
2012-02-28 18:53:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-28 18:00:35 ----D---- C:\WINDOWS\Network Diagnostic
2012-02-28 14:06:55 ----A---- C:\WINDOWS\NeroDigital.ini
2012-02-28 08:41:36 ----SHD---- C:\WINDOWS\Installer
2012-02-27 21:31:36 ----SD---- C:\WINDOWS\Tasks
2012-02-27 21:26:09 ----A---- C:\WINDOWS\system.ini
2012-02-27 21:25:38 ----D---- C:\WINDOWS\system32\drivers\etc
2012-02-27 21:24:22 ----D---- C:\WINDOWS\system32
2012-02-27 21:24:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-27 21:23:32 ----D---- C:\WINDOWS\system32\config
2012-02-27 21:22:30 ----D---- C:\Program Files\Internet Explorer
2012-02-27 21:18:45 ----D---- C:\WINDOWS\AppPatch
2012-02-27 21:18:40 ----D---- C:\Program Files\Common Files
2012-02-27 21:12:48 ----RASH---- C:\boot.ini
2012-02-27 21:00:43 ----SHD---- C:\System Volume Information
2012-02-27 20:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2012-02-27 19:18:54 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2012-02-25 19:09:15 ----D---- C:\Documents and Settings\oem\Data aplikací\Skype
2012-02-17 14:06:21 ----HD---- C:\WINDOWS\inf
2012-02-16 09:14:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-02-16 09:14:45 ----D---- C:\WINDOWS\Debug
2012-02-16 07:09:55 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-16 07:09:48 ----RSD---- C:\WINDOWS\assembly
2012-02-15 17:21:43 ----D---- C:\Config.Msi
2012-02-15 17:20:52 ----D---- C:\WINDOWS\WinSxS
2012-02-15 17:16:54 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-15 17:16:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-15 17:16:35 ----D---- C:\WINDOWS\system32\cs-cz
2012-02-15 17:16:25 ----D---- C:\WINDOWS\ie7updates
2012-02-15 17:15:50 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-08 07:55:04 ----SD---- C:\Documents and Settings\oem\Data aplikací\Microsoft
2012-02-08 07:54:21 ----D---- C:\Documents and Settings\oem\Data aplikací\DVDVideoSoft
2012-01-31 16:48:47 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-01-31 16:48:08 ----A---- C:\WINDOWS\GearBox.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2011-09-15 64160]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-05-12 20576]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-12-14 77568]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-01-22 138192]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\system32\Drivers\nvport.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-01-22 66616]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2008-12-26 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2008-12-26 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2008-12-26 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2008-12-26 4992]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2008-12-26 10112]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2009-09-03 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-09-03 991136]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2009-09-03 24072]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-04-22 6314592]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2008-07-30 110080]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-09-04 45056]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NETw5x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-04-20 3626112]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 xcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\drivers\xcpip.sys []
R3 xpsec;Ovladač IPSEC; C:\WINDOWS\system32\drivers\xpsec.sys []
S0 owktp;owktp; C:\WINDOWS\System32\drivers\brita.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner; C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys [2008-07-21 273152]
S3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2009-09-03 534312]
S3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2009-09-03 156816]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2009-09-03 47272]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 grmnusb;Garmin USB Driver; C:\WINDOWS\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 L6PODX3LV;POD X3 Live Service; C:\WINDOWS\System32\Drivers\L6PODX3LV.sys [2010-03-09 571264]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-10-21 47360]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-03-29 9856]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 ubxlwo.sys;ubxlwo.sys; \??\C:\WINDOWS\system32\drivers\ubxlwo.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-12-14 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-12-14 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-01-22 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-01-22 136360]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2009-03-23 349528]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe [2009-09-03 117256]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2008-12-22 238592]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2008-12-22 103424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-15 1036104]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1ca88a037f522fc;Služba Google Update (gupdate1ca88a037f522fc); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-29 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-12-13 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-29 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-22 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Sekání notebooku, zobrazování podivných stránek
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
apache.davidson
- Návštěvník
- Příspěvky: 26
- Registrován: 21 led 2009 17:50
-
apache.davidson
- Návštěvník
- Příspěvky: 26
- Registrován: 21 led 2009 17:50
Re: Sekání notebooku, zobrazování podivných stránek
To jsem nevědel, že ComboFix se nesmí bez svolení používat. Tak soráč.
Odkaz pro stažení Qoobox: http://www.edisk.cz/stahni/24836/Qoobox.zip_7.56MB.html
Log z CF:
ComboFix 12-02-27.02 - oem 27.02.2012 21:14:03.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2975.2185 [GMT 1:00]
Spuštěný z: c:\documents and settings\oem\Plocha\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\SET18.tmp
c:\program files\Internet Explorer\SET19.tmp
c:\windows\system32\SET1A.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET34.tmp
c:\windows\system32\SET36.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3A.tmp
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET43.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-27 do 2012-02-27 )))))))))))))))))))))))))))))))
.
.
2012-02-27 17:23 . 2012-02-27 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-27 17:23 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-27 14:29 . 2012-02-27 14:29 -------- dc----w- c:\documents and settings\All Users\Data aplikací\{EF63305C-BAD7-4144-9208-D65528260864}
2012-02-15 13:07 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 13:07 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-08 06:55 . 2012-02-08 06:55 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\DVDVideoSoft_Ltd
2012-01-31 15:22 . 2010-03-09 22:40 571264 ----a-w- c:\windows\system32\drivers\L6PODX3LV.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 15:56 . 2011-06-20 05:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-22 13:23 . 2011-04-08 12:02 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-22 13:23 . 2009-10-26 16:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-12 17:21 . 2008-12-14 14:45 1869056 ----a-w- c:\windows\system32\win32k.sys
2012-01-01 14:46 . 2009-10-21 16:42 87608 ----a-w- c:\documents and settings\oem\Data aplikací\inst.exe
2012-01-01 14:46 . 2009-10-21 16:42 47360 ----a-w- c:\documents and settings\oem\Data aplikací\pcouffin.sys
2011-12-19 08:08 . 2008-08-26 07:27 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:08 . 2008-08-26 07:26 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:08 . 2008-12-14 14:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:08 . 2008-12-14 14:35 17408 ----a-w- c:\windows\system32\corpol.dll
2011-11-30 20:13 . 2011-02-11 09:06 180224 ----a-w- c:\windows\system32\l6podx3lv.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-12-19 12:23 . A23DF7213FE43F712F27A74DBCA5222B . 1593856 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-12-19 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-12-19 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-12-19 . D39127310CBAD1485EC5001A4ED1D853 . 1486336 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-12-19 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-12-26 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2011-01-19 489584]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-26 740216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-12-19 40960]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-09-15 669936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2008-12-26 77312]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Vista D I"="c:\program files\extras\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"DrvIcon"="c:\program files\extras\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-09-03 1067528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-29 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-29 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-29 142872]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-09-17 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.cz/cz.special-uninstalla ... er=9.0.894" [?]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [15.9.2011 11:43 64160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8.4.2011 13:02 136360]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2.10.2009 13:26 117256]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 20:06 1036104]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2.10.2009 12:10 110080]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4.9.2009 2:16 45056]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [22.10.2009 17:40 27632]
R3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 owktp;owktp;c:\windows\system32\drivers\brita.sys --> c:\windows\system32\drivers\brita.sys [?]
S2 gupdate1ca88a037f522fc;Služba Google Update (gupdate1ca88a037f522fc);c:\program files\Google\Update\GoogleUpdate.exe [29.12.2009 17:01 133104]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [18.10.2009 9:34 273152]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29.12.2009 17:01 133104]
S3 L6PODX3LV;POD X3 Live Service;c:\windows\system32\drivers\L6PODX3LV.sys [31.1.2012 16:22 571264]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [21.10.2009 17:42 47360]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [22.10.2009 17:39 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [22.10.2009 17:39 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [22.10.2009 17:39 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [22.10.2009 17:39 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [22.10.2009 17:39 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [22.10.2009 17:39 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [22.10.2009 17:39 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [29.12.2010 16:00 155344]
S3 ubxlwo.sys;ubxlwo.sys;\??\c:\windows\system32\drivers\ubxlwo.sys --> c:\windows\system32\drivers\ubxlwo.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - xcpip
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2011-12-19 08:08 124928 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 10:43]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 16:01]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 16:01]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\oem\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\oem\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: line6.net
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\acmtm6o3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-27 21:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(920)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\btmmhook.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\eHome\ehRecvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2012-02-27 21:32:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-27 20:32
.
Před spuštěním: Volných bajtů: 280 924 090 368
Po spuštění: Volných bajtů: 282 210 459 648
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 90D832946314BB1053F2A567156E523A
LOG Mbrscan:
Odkaz pro stažení Qoobox: http://www.edisk.cz/stahni/24836/Qoobox.zip_7.56MB.html
Log z CF:
ComboFix 12-02-27.02 - oem 27.02.2012 21:14:03.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2975.2185 [GMT 1:00]
Spuštěný z: c:\documents and settings\oem\Plocha\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\SET18.tmp
c:\program files\Internet Explorer\SET19.tmp
c:\windows\system32\SET1A.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET34.tmp
c:\windows\system32\SET36.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3A.tmp
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET43.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-27 do 2012-02-27 )))))))))))))))))))))))))))))))
.
.
2012-02-27 17:23 . 2012-02-27 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-27 17:23 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-27 14:29 . 2012-02-27 14:29 -------- dc----w- c:\documents and settings\All Users\Data aplikací\{EF63305C-BAD7-4144-9208-D65528260864}
2012-02-15 13:07 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 13:07 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-08 06:55 . 2012-02-08 06:55 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\DVDVideoSoft_Ltd
2012-01-31 15:22 . 2010-03-09 22:40 571264 ----a-w- c:\windows\system32\drivers\L6PODX3LV.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 15:56 . 2011-06-20 05:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-22 13:23 . 2011-04-08 12:02 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-22 13:23 . 2009-10-26 16:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-12 17:21 . 2008-12-14 14:45 1869056 ----a-w- c:\windows\system32\win32k.sys
2012-01-01 14:46 . 2009-10-21 16:42 87608 ----a-w- c:\documents and settings\oem\Data aplikací\inst.exe
2012-01-01 14:46 . 2009-10-21 16:42 47360 ----a-w- c:\documents and settings\oem\Data aplikací\pcouffin.sys
2011-12-19 08:08 . 2008-08-26 07:27 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:08 . 2008-08-26 07:26 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:08 . 2008-12-14 14:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:08 . 2008-12-14 14:35 17408 ----a-w- c:\windows\system32\corpol.dll
2011-11-30 20:13 . 2011-02-11 09:06 180224 ----a-w- c:\windows\system32\l6podx3lv.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-12-19 12:23 . A23DF7213FE43F712F27A74DBCA5222B . 1593856 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-12-19 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-12-19 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-12-19 . D39127310CBAD1485EC5001A4ED1D853 . 1486336 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-12-19 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-12-26 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2011-01-19 489584]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-26 740216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-12-19 40960]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-09-15 669936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2008-12-26 77312]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Vista D I"="c:\program files\extras\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"DrvIcon"="c:\program files\extras\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-09-03 1067528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-29 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-29 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-29 142872]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-09-17 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.cz/cz.special-uninstalla ... er=9.0.894" [?]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [15.9.2011 11:43 64160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8.4.2011 13:02 136360]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2.10.2009 13:26 117256]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 20:06 1036104]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2.10.2009 12:10 110080]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4.9.2009 2:16 45056]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [22.10.2009 17:40 27632]
R3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 owktp;owktp;c:\windows\system32\drivers\brita.sys --> c:\windows\system32\drivers\brita.sys [?]
S2 gupdate1ca88a037f522fc;Služba Google Update (gupdate1ca88a037f522fc);c:\program files\Google\Update\GoogleUpdate.exe [29.12.2009 17:01 133104]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [18.10.2009 9:34 273152]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29.12.2009 17:01 133104]
S3 L6PODX3LV;POD X3 Live Service;c:\windows\system32\drivers\L6PODX3LV.sys [31.1.2012 16:22 571264]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [21.10.2009 17:42 47360]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [22.10.2009 17:39 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [22.10.2009 17:39 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [22.10.2009 17:39 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [22.10.2009 17:39 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [22.10.2009 17:39 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [22.10.2009 17:39 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [22.10.2009 17:39 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [29.12.2010 16:00 155344]
S3 ubxlwo.sys;ubxlwo.sys;\??\c:\windows\system32\drivers\ubxlwo.sys --> c:\windows\system32\drivers\ubxlwo.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - xcpip
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2011-12-19 08:08 124928 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 10:43]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 16:01]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 16:01]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\oem\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\oem\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: line6.net
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\acmtm6o3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-27 21:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(920)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\btmmhook.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\eHome\ehRecvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2012-02-27 21:32:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-27 20:32
.
Před spuštěním: Volných bajtů: 280 924 090 368
Po spuštění: Volných bajtů: 282 210 459 648
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 90D832946314BB1053F2A567156E523A
LOG Mbrscan:
Kód: Vybrat vše
MBRScan v1.1.1
OS : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR : x86 Family 6 Model 23 Stepping 10, GenuineIntel
BOOT : Normal Boot
DATE : 2012/02/29 (ISO 8601) at 14:00:35
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __Hitachi HTS545032B9A300 (PB3OC60F)
BUS_TYPE : (0x03) P-ATA
USE_PIO : YES
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 298.1 Go [Fixed] ==> Unknown MBR Code
MBR_MD5 : 05AECF9BB60F0249AF7CE961A13435E8
MBR_SHA1 : 5C7EB439C924E2DC1F8BA4AD3E66D2093341D652
Device\Harddisk0\Partition1 298.1 Go 0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xA6D1F000
SIZE : 96.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xBA608000
SIZE : 8.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\xpsec.sys => Invisible on the disk
ADDRESS : 0xA6A25000
SIZE : 76.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\xcpip.sys => Invisible on the disk
ADDRESS : 0xA6904000
SIZE : 356.0 Ko
SystemStartOptions : NOEXECUTE=OPTIN FASTDETECT
________________________________________________________________________________
_____FAKED \Device\Harddisk0\DR0
0x00000000 33 C0 8E D8 8E C0 8E D0 BC 00 7C BE 1A 7C BF 00 3À.Ø.À.м.|¾.|¿.
0x00000010 06 B9 E6 01 50 57 FC F3 A4 CB BE A4 07 B1 04 90 .¹æ.PWüó¤Ë¾¤.±..
0x00000020 80 3C 80 74 0D 38 2C 0F 85 C0 00 83 C6 10 E2 F0 .<.t.8,..À..Æ.âð
0x00000030 CD 18 66 8B 44 08 8B 14 8B DC B9 01 00 E8 64 00 Í.f.D....ܹ..èd.
0x00000040 73 0C 8B 4C 02 B8 01 02 CD 13 0F 82 B8 00 B9 55 s..L.¸..Í...¸.¹U
0x00000050 AA 2B 0E FE 7D 0F 85 CF 00 66 B8 00 00 00 00 66 ª+.þ}..Ï.f¸....f
0x00000060 39 44 08 72 08 66 8B 44 08 66 03 44 0C 83 C6 10 9D.r.f.D.f.D..Æ.
0x00000070 81 FE E4 07 72 E9 66 0B C0 74 1E B9 09 00 81 C3 .þä.réf.Àt.¹...Ã
0x00000080 00 02 E8 1F 00 72 12 8B F3 81 C6 0C 02 8D 54 F4 ..è..r..ó.Æ...Tô
0x00000090 66 81 3C 75 2F F3 A4 74 05 EA 00 7C 00 00 8B F3 f.<u/ó¤t.ê.|...ó
0x000000A0 FF D2 EB F5 66 60 B2 80 BB AA 55 B4 41 CD 13 73 .Òëõf`².»ªU´AÍ.s
0x000000B0 04 F9 66 61 C3 81 FB 55 AA 75 F6 F6 C1 01 74 F1 .ùfaÃ.ûUªuööÁ.tñ
0x000000C0 66 61 66 60 6A 00 6A 00 66 50 06 53 51 6A 10 B4 faf`j.j.fP.SQj.´
0x000000D0 42 8B F4 CD 13 61 66 61 C3 5E AC 0A C0 74 FC 56 B.ôÍ.afaÃ^¬.ÀtüV
0x000000E0 1E BB 07 00 B4 0E CD 10 1F EB EE E8 EB FF 49 6E .»..´.Í..ëîèë.In
0x000000F0 76 61 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 valid partition
0x00000100 74 61 62 6C 65 00 E8 D0 FF 45 72 72 6F 72 20 6C table.èÐ.Error l
0x00000110 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E 67 oading operating
0x00000120 20 73 79 73 74 65 6D 00 E8 AE FF 4D 69 73 73 69 system.è®.Missi
0x00000130 6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 ng operating sys
0x00000140 74 65 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 tem.............
0x00000150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 2C 44 6A BA FD 80 70 00 00 80 01 .....,Djºý.p....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 C1 97 42 25 00 00 ...þ..?...Á.B%..
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
__ORIGINAL \Device\Harddisk0\DR0
0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.м.|ûP.P.ü¾.|
0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW¹å.ó¤Ë½¾.±.
0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ
0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´..
0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò.
0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t.
0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..¶.uÒ.F...
0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..¶.ë
0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ¼.>þ}Uªt..~..tÈ.
0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©.ü.W.õË¿...V
0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü
0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|
0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä.
0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ
0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a`
0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j
0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot.
0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C 2ä.V.Í.ëÖaùÃNepl
0x00000130 61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64 atn. tabulka odd
0x00000140 A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61 ¡l..Chyba pýi na
0x00000150 9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68 .¡t.n¡ opera.n¡h
0x00000160 6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F o syst.mu.Opera.
0x00000170 6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65 n¡ syst.m nenale
0x00000180 7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 zen.............
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 2C 44 6A BA FD 80 70 00 00 80 01 .....,Djºý.p....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 C1 97 42 25 00 00 ...þ..?...Á.B%..
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
-
apache.davidson
- Návštěvník
- Příspěvky: 26
- Registrován: 21 led 2009 17:50
Re: Sekání notebooku, zobrazování podivných stránek
Otestované soubory:
https://www.virustotal.com/file/285788f ... 330522626/
https://www.virustotal.com/file/dcb2560 ... 330523531/
https://www.virustotal.com/file/c584314 ... 330524445/
https://www.virustotal.com/file/cacdb2f ... 330524777/
https://www.virustotal.com/file/e8ab1fe ... 330524990/
https://www.virustotal.com/file/05cc1dd ... 330525314/
https://www.virustotal.com/file/542b57f ... 330525495/
https://www.virustotal.com/file/bd5a051 ... 330525711/
https://www.virustotal.com/file/7ab3119 ... 330525944/
https://www.virustotal.com/file/efcfb53 ... 330526131/
https://www.virustotal.com/file/885a507 ... 330526381/
https://www.virustotal.com/file/bf285a1 ... 330526515/
https://www.virustotal.com/file/285788f ... 330522626/
https://www.virustotal.com/file/dcb2560 ... 330523531/
https://www.virustotal.com/file/c584314 ... 330524445/
https://www.virustotal.com/file/cacdb2f ... 330524777/
https://www.virustotal.com/file/e8ab1fe ... 330524990/
https://www.virustotal.com/file/05cc1dd ... 330525314/
https://www.virustotal.com/file/542b57f ... 330525495/
https://www.virustotal.com/file/bd5a051 ... 330525711/
https://www.virustotal.com/file/7ab3119 ... 330525944/
https://www.virustotal.com/file/efcfb53 ... 330526131/
https://www.virustotal.com/file/885a507 ... 330526381/
https://www.virustotal.com/file/bf285a1 ... 330526515/
-
apache.davidson
- Návštěvník
- Příspěvky: 26
- Registrován: 21 led 2009 17:50
Re: Sekání notebooku, zobrazování podivných stránek
Odkaz na soubor: http://www.edisk.cz/stahni/46195/Dump.rar_944B.html
Log:
16:24:03.0387 5440 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
16:24:03.0512 5440 ============================================================
16:24:03.0512 5440 Current date / time: 2012/02/29 16:24:03.0512
16:24:03.0512 5440 SystemInfo:
16:24:03.0512 5440
16:24:03.0512 5440 OS Version: 5.1.2600 ServicePack: 3.0
16:24:03.0512 5440 Product type: Workstation
16:24:03.0512 5440 ComputerName: S-359835CC70E24
16:24:03.0512 5440 UserName: oem
16:24:03.0512 5440 Windows directory: C:\WINDOWS
16:24:03.0512 5440 System windows directory: C:\WINDOWS
16:24:03.0512 5440 Processor architecture: Intel x86
16:24:03.0512 5440 Number of processors: 2
16:24:03.0512 5440 Page size: 0x1000
16:24:03.0512 5440 Boot type: Normal boot
16:24:03.0512 5440 ============================================================
16:24:06.0121 5440 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:24:06.0121 5440 \Device\Harddisk0\DR0:
16:24:06.0121 5440 MBR used
16:24:06.0121 5440 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
16:24:06.0152 5440 Initialize success
16:24:06.0152 5440 ============================================================
16:24:47.0397 4660 ============================================================
16:24:47.0397 4660 Scan started
16:24:47.0397 4660 Mode: Manual; SigCheck; TDLFS;
16:24:47.0397 4660 ============================================================
16:24:47.0975 4660 Abiosdsk - ok
16:24:47.0990 4660 abp480n5 - ok
16:24:48.0068 4660 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:24:49.0506 4660 ACPI - ok
16:24:49.0662 4660 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:24:49.0787 4660 ACPIEC - ok
16:24:49.0818 4660 adpu160m - ok
16:24:49.0896 4660 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:24:50.0037 4660 aec - ok
16:24:50.0084 4660 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
16:24:50.0162 4660 AFD - ok
16:24:50.0256 4660 Aha154x - ok
16:24:50.0287 4660 aic78u2 - ok
16:24:50.0302 4660 aic78xx - ok
16:24:50.0349 4660 AliIde - ok
16:24:50.0381 4660 amsint - ok
16:24:50.0443 4660 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
16:24:50.0474 4660 aracpi ( UnsignedFile.Multi.Generic ) - warning
16:24:50.0474 4660 aracpi - detected UnsignedFile.Multi.Generic (1)
16:24:50.0506 4660 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
16:24:50.0521 4660 arhidfltr ( UnsignedFile.Multi.Generic ) - warning
16:24:50.0521 4660 arhidfltr - detected UnsignedFile.Multi.Generic (1)
16:24:50.0537 4660 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
16:24:50.0552 4660 arkbcfltr ( UnsignedFile.Multi.Generic ) - warning
16:24:50.0552 4660 arkbcfltr - detected UnsignedFile.Multi.Generic (1)
16:24:50.0755 4660 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
16:24:50.0771 4660 armoucfltr ( UnsignedFile.Multi.Generic ) - warning
16:24:50.0771 4660 armoucfltr - detected UnsignedFile.Multi.Generic (1)
16:24:50.0771 4660 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
16:24:50.0787 4660 ARPolicy ( UnsignedFile.Multi.Generic ) - warning
16:24:50.0787 4660 ARPolicy - detected UnsignedFile.Multi.Generic (1)
16:24:50.0818 4660 asc - ok
16:24:50.0834 4660 asc3350p - ok
16:24:50.0865 4660 asc3550 - ok
16:24:50.0959 4660 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:24:51.0084 4660 AsyncMac - ok
16:24:51.0209 4660 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:24:51.0365 4660 atapi - ok
16:24:51.0459 4660 Atdisk - ok
16:24:51.0505 4660 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:24:51.0662 4660 Atmarpc - ok
16:24:51.0724 4660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:24:51.0849 4660 audstub - ok
16:24:51.0896 4660 AVerFx2hbtv (c653d38371706d51ff465f512c4e6a99) C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys
16:24:51.0927 4660 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - warning
16:24:51.0927 4660 AVerFx2hbtv - detected UnsignedFile.Multi.Generic (1)
16:24:52.0068 4660 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
16:24:52.0083 4660 avgio - ok
16:24:52.0302 4660 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:24:52.0412 4660 avgntflt - ok
16:24:52.0443 4660 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:24:52.0458 4660 avipbb - ok
16:24:52.0521 4660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:24:52.0661 4660 Beep - ok
16:24:52.0786 4660 btaudio (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys
16:24:52.0818 4660 btaudio - ok
16:24:52.0990 4660 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
16:24:53.0005 4660 BTDriver - ok
16:24:53.0052 4660 BTKRNL (49fd2960c0c5fe06dedf9560ad4c9547) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
16:24:53.0083 4660 BTKRNL - ok
16:24:53.0255 4660 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
16:24:53.0271 4660 BTWDNDIS - ok
16:24:53.0302 4660 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys
16:24:53.0318 4660 BTWUSB - ok
16:24:53.0333 4660 catchme - ok
16:24:53.0411 4660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:24:53.0583 4660 cbidf2k - ok
16:24:53.0614 4660 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:24:53.0755 4660 CCDECODE - ok
16:24:53.0880 4660 cd20xrnt - ok
16:24:53.0927 4660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:24:54.0099 4660 Cdaudio - ok
16:24:54.0114 4660 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:24:54.0255 4660 Cdfs - ok
16:24:54.0286 4660 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:24:54.0333 4660 Cdrom - ok
16:24:54.0333 4660 Changer - ok
16:24:54.0411 4660 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:24:54.0552 4660 CmBatt - ok
16:24:54.0661 4660 CmdIde - ok
16:24:54.0724 4660 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:24:54.0849 4660 Compbatt - ok
16:24:54.0896 4660 Cpqarray - ok
16:24:54.0942 4660 dac2w2k - ok
16:24:54.0958 4660 dac960nt - ok
16:24:55.0021 4660 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:24:55.0145 4660 Disk - ok
16:24:55.0192 4660 DKbFltr (66c8d2405d9acc629125782de9538f6e) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
16:24:55.0208 4660 DKbFltr - ok
16:24:55.0270 4660 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
16:24:55.0442 4660 dmboot - ok
16:24:55.0599 4660 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
16:24:55.0739 4660 dmio - ok
16:24:55.0770 4660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:24:55.0911 4660 dmload - ok
16:24:56.0052 4660 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:24:56.0192 4660 DMusic - ok
16:24:56.0270 4660 dpti2o - ok
16:24:56.0317 4660 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:24:56.0442 4660 drmkaud - ok
16:24:56.0583 4660 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:24:56.0739 4660 Fastfat - ok
16:24:56.0833 4660 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:24:56.0973 4660 Fdc - ok
16:24:57.0067 4660 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
16:24:57.0192 4660 Fips - ok
16:24:57.0239 4660 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:24:57.0380 4660 Flpydisk - ok
16:24:57.0489 4660 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:24:57.0630 4660 FltMgr - ok
16:24:57.0723 4660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:24:57.0879 4660 Fs_Rec - ok
16:24:58.0020 4660 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:24:58.0145 4660 Ftdisk - ok
16:24:58.0192 4660 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:24:58.0317 4660 Gpc - ok
16:24:58.0395 4660 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
16:24:58.0442 4660 grmnusb - ok
16:24:58.0583 4660 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:24:58.0864 4660 HDAudBus - ok
16:24:59.0098 4660 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:24:59.0239 4660 HidUsb - ok
16:24:59.0270 4660 hpn - ok
16:24:59.0317 4660 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:24:59.0364 4660 HPZid412 - ok
16:24:59.0411 4660 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:24:59.0426 4660 HPZipr12 - ok
16:24:59.0457 4660 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:24:59.0504 4660 HPZius12 - ok
16:24:59.0676 4660 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:24:59.0692 4660 HTTP - ok
16:24:59.0723 4660 i2omgmt - ok
16:24:59.0739 4660 i2omp - ok
16:24:59.0817 4660 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:24:59.0957 4660 i8042prt - ok
16:25:00.0332 4660 ialm (9369957485fa01f1b45318779207df6e) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:25:00.0848 4660 ialm - ok
16:25:01.0020 4660 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:25:01.0160 4660 Imapi - ok
16:25:01.0192 4660 ini910u - ok
16:25:01.0395 4660 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:25:01.0582 4660 IntcAzAudAddService - ok
16:25:01.0738 4660 IntcHdmiAddService (64c301d73db18ebdc8680ca82d82af2d) C:\WINDOWS\system32\drivers\IntcHdmi.sys
16:25:01.0754 4660 IntcHdmiAddService - ok
16:25:01.0770 4660 IntelIde - ok
16:25:01.0832 4660 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:25:01.0973 4660 intelppm - ok
16:25:01.0988 4660 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:25:02.0145 4660 Ip6Fw - ok
16:25:02.0176 4660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:25:02.0332 4660 IpFilterDriver - ok
16:25:02.0457 4660 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:25:02.0629 4660 IpInIp - ok
16:25:02.0660 4660 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:25:02.0801 4660 IpNat - ok
16:25:02.0832 4660 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:25:02.0973 4660 IPSec - ok
16:25:03.0098 4660 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:25:03.0191 4660 IRENUM - ok
16:25:03.0238 4660 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:25:03.0379 4660 isapnp - ok
16:25:03.0457 4660 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:25:03.0597 4660 Kbdclass - ok
16:25:03.0660 4660 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:25:03.0801 4660 kbdhid - ok
16:25:03.0972 4660 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:25:04.0191 4660 kmixer - ok
16:25:04.0238 4660 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
16:25:04.0254 4660 KSecDD - ok
16:25:04.0316 4660 L1c (573337205057e22e13da1ffbc66a8aaf) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
16:25:04.0394 4660 L1c - ok
16:25:04.0457 4660 L6PODX3LV (02fb6c7a8bfcb45833e604954915a778) C:\WINDOWS\system32\Drivers\L6PODX3LV.sys
16:25:04.0504 4660 L6PODX3LV ( UnsignedFile.Multi.Generic ) - warning
16:25:04.0504 4660 L6PODX3LV - detected UnsignedFile.Multi.Generic (1)
16:25:04.0691 4660 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
16:25:04.0707 4660 Lbd - ok
16:25:04.0722 4660 lbrtfdc - ok
16:25:04.0863 4660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:25:05.0003 4660 mnmdd - ok
16:25:05.0050 4660 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
16:25:05.0535 4660 Modem - ok
16:25:05.0675 4660 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:25:05.0831 4660 Mouclass - ok
16:25:05.0894 4660 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:25:06.0035 4660 mouhid - ok
16:25:06.0066 4660 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:25:06.0206 4660 MountMgr - ok
16:25:06.0253 4660 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
16:25:06.0378 4660 MPE - ok
16:25:06.0550 4660 mraid35x - ok
16:25:06.0597 4660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:25:06.0769 4660 MRxDAV - ok
16:25:06.0831 4660 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:25:06.0878 4660 MRxSmb - ok
16:25:07.0019 4660 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:25:07.0191 4660 Msfs - ok
16:25:07.0238 4660 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:25:07.0363 4660 MSKSSRV - ok
16:25:07.0378 4660 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:25:07.0534 4660 MSPCLOCK - ok
16:25:07.0566 4660 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:25:07.0722 4660 MSPQM - ok
16:25:07.0909 4660 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:25:08.0034 4660 mssmbios - ok
16:25:08.0066 4660 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:25:08.0191 4660 MSTEE - ok
16:25:08.0284 4660 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:25:08.0331 4660 Mup - ok
16:25:08.0362 4660 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:25:08.0519 4660 NABTSFEC - ok
16:25:08.0690 4660 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
16:25:08.0722 4660 NDIS - ok
16:25:08.0753 4660 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:25:08.0940 4660 NdisIP - ok
16:25:08.0987 4660 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:25:09.0019 4660 NdisTapi - ok
16:25:09.0065 4660 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:25:09.0206 4660 Ndisuio - ok
16:25:09.0315 4660 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:25:09.0378 4660 NdisWan - ok
16:25:09.0425 4660 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:25:09.0472 4660 NDProxy - ok
16:25:09.0518 4660 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:25:09.0659 4660 NetBIOS - ok
16:25:09.0815 4660 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:25:09.0956 4660 NetBT - ok
16:25:10.0159 4660 NETw5x32 (6d5b4083d02f01bc98e418eee9c7c62e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
16:25:10.0409 4660 NETw5x32 ( UnsignedFile.Multi.Generic ) - warning
16:25:10.0409 4660 NETw5x32 - detected UnsignedFile.Multi.Generic (1)
16:25:10.0581 4660 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:25:10.0721 4660 Npfs - ok
16:25:10.0768 4660 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:25:10.0987 4660 Ntfs - ok
16:25:11.0128 4660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:25:11.0268 4660 Null - ok
16:25:11.0362 4660 nvport (add596f11d3a23e55d960d4cce6e9b3a) C:\WINDOWS\system32\Drivers\nvport.sys
16:25:11.0378 4660 nvport ( UnsignedFile.Multi.Generic ) - warning
16:25:11.0378 4660 nvport - detected UnsignedFile.Multi.Generic (1)
16:25:11.0409 4660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:25:11.0549 4660 NwlnkFlt - ok
16:25:11.0612 4660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:25:11.0737 4660 NwlnkFwd - ok
16:25:11.0893 4660 owktp - ok
16:25:12.0034 4660 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
16:25:12.0284 4660 Parport - ok
16:25:12.0393 4660 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:25:12.0534 4660 PartMgr - ok
16:25:12.0549 4660 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
16:25:12.0721 4660 ParVdm - ok
16:25:12.0737 4660 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
16:25:12.0877 4660 PCI - ok
16:25:12.0877 4660 PCIDump - ok
16:25:12.0909 4660 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:25:13.0080 4660 PCIIde - ok
16:25:13.0112 4660 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:25:13.0487 4660 Pcmcia - ok
16:25:13.0612 4660 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
16:25:13.0612 4660 pcouffin ( UnsignedFile.Multi.Generic ) - warning
16:25:13.0612 4660 pcouffin - detected UnsignedFile.Multi.Generic (1)
16:25:13.0627 4660 PDCOMP - ok
16:25:13.0659 4660 PDFRAME - ok
16:25:13.0690 4660 PDRELI - ok
16:25:13.0721 4660 PDRFRAME - ok
16:25:13.0737 4660 perc2 - ok
16:25:13.0768 4660 perc2hib - ok
16:25:13.0846 4660 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
16:25:13.0877 4660 pfc ( UnsignedFile.Multi.Generic ) - warning
16:25:13.0877 4660 pfc - detected UnsignedFile.Multi.Generic (1)
16:25:13.0987 4660 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:25:14.0112 4660 PptpMiniport - ok
16:25:14.0252 4660 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:25:14.0393 4660 PSched - ok
16:25:14.0440 4660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:25:14.0580 4660 Ptilink - ok
16:25:14.0690 4660 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:25:14.0705 4660 PxHelp20 - ok
16:25:14.0815 4660 ql1080 - ok
16:25:14.0846 4660 Ql10wnt - ok
16:25:14.0861 4660 ql12160 - ok
16:25:14.0893 4660 ql1240 - ok
16:25:14.0924 4660 ql1280 - ok
16:25:14.0971 4660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:25:15.0111 4660 RasAcd - ok
16:25:15.0143 4660 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:25:15.0299 4660 Rasl2tp - ok
16:25:15.0330 4660 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:25:15.0455 4660 RasPppoe - ok
16:25:15.0502 4660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:25:15.0643 4660 Raspti - ok
16:25:15.0768 4660 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:25:15.0893 4660 Rdbss - ok
16:25:15.0924 4660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:25:16.0064 4660 RDPCDD - ok
16:25:16.0080 4660 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:25:16.0252 4660 rdpdr - ok
16:25:16.0299 4660 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:25:16.0361 4660 RDPWD - ok
16:25:16.0455 4660 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:25:16.0596 4660 redbook - ok
16:25:16.0689 4660 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
16:25:16.0705 4660 s1018bus - ok
16:25:16.0736 4660 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
16:25:16.0752 4660 s1018mdfl - ok
16:25:16.0767 4660 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
16:25:16.0783 4660 s1018mdm - ok
16:25:16.0877 4660 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
16:25:16.0939 4660 s1018mgmt - ok
16:25:16.0955 4660 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
16:25:16.0971 4660 s1018nd5 - ok
16:25:17.0002 4660 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
16:25:17.0017 4660 s1018obex - ok
16:25:17.0049 4660 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
16:25:17.0064 4660 s1018unic - ok
16:25:17.0205 4660 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:25:17.0299 4660 Secdrv - ok
16:25:17.0361 4660 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
16:25:17.0392 4660 seehcri - ok
16:25:17.0533 4660 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
16:25:17.0658 4660 Serial - ok
16:25:17.0705 4660 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:25:17.0908 4660 Sfloppy - ok
16:25:18.0002 4660 Simbad - ok
16:25:18.0064 4660 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:25:18.0174 4660 SLIP - ok
16:25:18.0267 4660 Sparrow - ok
16:25:18.0298 4660 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:25:18.0439 4660 splitter - ok
16:25:18.0533 4660 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
16:25:18.0611 4660 sr - ok
16:25:18.0689 4660 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
16:25:18.0752 4660 Srv - ok
16:25:18.0798 4660 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:25:18.0814 4660 ssmdrv - ok
16:25:18.0877 4660 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:25:19.0017 4660 streamip - ok
16:25:19.0111 4660 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:25:19.0251 4660 swenum - ok
16:25:19.0298 4660 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:25:19.0439 4660 swmidi - ok
16:25:19.0455 4660 symc810 - ok
16:25:19.0486 4660 symc8xx - ok
16:25:19.0501 4660 sym_hi - ok
16:25:19.0533 4660 sym_u3 - ok
16:25:19.0564 4660 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:25:19.0689 4660 sysaudio - ok
16:25:19.0783 4660 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:25:19.0955 4660 Tcpip - ok
16:25:20.0048 4660 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:25:20.0220 4660 TDPIPE - ok
16:25:20.0251 4660 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:25:20.0408 4660 TDTCP - ok
16:25:20.0439 4660 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:25:20.0564 4660 TermDD - ok
16:25:20.0658 4660 TosIde - ok
16:25:20.0704 4660 ubxlwo.sys - ok
16:25:20.0736 4660 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:25:20.0876 4660 Udfs - ok
16:25:20.0939 4660 ultra - ok
16:25:20.0986 4660 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:25:21.0142 4660 Update - ok
16:25:21.0251 4660 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:25:21.0392 4660 usbccgp - ok
16:25:21.0501 4660 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:25:21.0626 4660 usbehci - ok
16:25:21.0673 4660 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:25:21.0814 4660 usbhub - ok
16:25:21.0923 4660 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:25:22.0079 4660 usbprint - ok
16:25:22.0204 4660 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:25:22.0345 4660 usbscan - ok
16:25:22.0392 4660 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:25:22.0517 4660 usbstor - ok
16:25:22.0610 4660 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:25:22.0751 4660 usbuhci - ok
16:25:22.0782 4660 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:25:22.0923 4660 usbvideo - ok
16:25:23.0063 4660 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:25:23.0204 4660 VgaSave - ok
16:25:23.0204 4660 ViaIde - ok
16:25:23.0251 4660 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
16:25:23.0392 4660 VolSnap - ok
16:25:23.0501 4660 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:25:23.0641 4660 Wanarp - ok
16:25:23.0657 4660 wceusbsh (a2a8cacb5b80ac45cc69692e60621864) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
16:25:23.0813 4660 wceusbsh - ok
16:25:24.0016 4660 WDICA - ok
16:25:24.0063 4660 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:25:24.0204 4660 wdmaud - ok
16:25:24.0360 4660 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:25:24.0485 4660 WmiAcpi - ok
16:25:24.0594 4660 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:25:24.0626 4660 WpdUsb - ok
16:25:24.0641 4660 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:25:24.0798 4660 WS2IFSL - ok
16:25:24.0907 4660 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:25:25.0063 4660 WSTCODEC - ok
16:25:25.0219 4660 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:25:25.0235 4660 WudfPf - ok
16:25:25.0282 4660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:25:25.0313 4660 WudfRd - ok
16:25:25.0360 4660 xcpip - ok
16:25:25.0391 4660 xpsec - ok
16:25:25.0501 4660 MBR (0x1B8) (0e1d60863e74698b6255deeb65261da6) \Device\Harddisk0\DR0
16:25:25.0501 4660 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
16:25:25.0501 4660 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
16:25:25.0579 4660 Boot (0x1200) (b8b8ebf2dd2f6f1f28227d5df3ceaeac) \Device\Harddisk0\DR0\Partition0
16:25:25.0579 4660 \Device\Harddisk0\DR0\Partition0 - ok
16:25:25.0594 4660 ============================================================
16:25:25.0594 4660 Scan finished
16:25:25.0594 4660 ============================================================
16:25:25.0719 5996 Detected object count: 12
16:25:25.0719 5996 Actual detected object count: 12
16:25:55.0528 5996 aracpi ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0528 5996 aracpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0543 5996 arhidfltr ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0543 5996 arhidfltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0559 5996 arkbcfltr ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0559 5996 arkbcfltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0559 5996 armoucfltr ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0559 5996 armoucfltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0559 5996 ARPolicy ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0559 5996 ARPolicy ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0559 5996 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0559 5996 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0574 5996 L6PODX3LV ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0574 5996 L6PODX3LV ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0590 5996 NETw5x32 ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0590 5996 NETw5x32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0606 5996 nvport ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0606 5996 nvport ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0621 5996 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0621 5996 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0621 5996 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0621 5996 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0637 5996 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - skipped by user
16:25:55.0637 5996 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Skip
Log:
16:24:03.0387 5440 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
16:24:03.0512 5440 ============================================================
16:24:03.0512 5440 Current date / time: 2012/02/29 16:24:03.0512
16:24:03.0512 5440 SystemInfo:
16:24:03.0512 5440
16:24:03.0512 5440 OS Version: 5.1.2600 ServicePack: 3.0
16:24:03.0512 5440 Product type: Workstation
16:24:03.0512 5440 ComputerName: S-359835CC70E24
16:24:03.0512 5440 UserName: oem
16:24:03.0512 5440 Windows directory: C:\WINDOWS
16:24:03.0512 5440 System windows directory: C:\WINDOWS
16:24:03.0512 5440 Processor architecture: Intel x86
16:24:03.0512 5440 Number of processors: 2
16:24:03.0512 5440 Page size: 0x1000
16:24:03.0512 5440 Boot type: Normal boot
16:24:03.0512 5440 ============================================================
16:24:06.0121 5440 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:24:06.0121 5440 \Device\Harddisk0\DR0:
16:24:06.0121 5440 MBR used
16:24:06.0121 5440 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
16:24:06.0152 5440 Initialize success
16:24:06.0152 5440 ============================================================
16:24:47.0397 4660 ============================================================
16:24:47.0397 4660 Scan started
16:24:47.0397 4660 Mode: Manual; SigCheck; TDLFS;
16:24:47.0397 4660 ============================================================
16:24:47.0975 4660 Abiosdsk - ok
16:24:47.0990 4660 abp480n5 - ok
16:24:48.0068 4660 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:24:49.0506 4660 ACPI - ok
16:24:49.0662 4660 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:24:49.0787 4660 ACPIEC - ok
16:24:49.0818 4660 adpu160m - ok
16:24:49.0896 4660 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:24:50.0037 4660 aec - ok
16:24:50.0084 4660 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
16:24:50.0162 4660 AFD - ok
16:24:50.0256 4660 Aha154x - ok
16:24:50.0287 4660 aic78u2 - ok
16:24:50.0302 4660 aic78xx - ok
16:24:50.0349 4660 AliIde - ok
16:24:50.0381 4660 amsint - ok
16:24:50.0443 4660 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
16:24:50.0474 4660 aracpi ( UnsignedFile.Multi.Generic ) - warning
16:24:50.0474 4660 aracpi - detected UnsignedFile.Multi.Generic (1)
16:24:50.0506 4660 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
16:24:50.0521 4660 arhidfltr ( UnsignedFile.Multi.Generic ) - warning
16:24:50.0521 4660 arhidfltr - detected UnsignedFile.Multi.Generic (1)
16:24:50.0537 4660 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
16:24:50.0552 4660 arkbcfltr ( UnsignedFile.Multi.Generic ) - warning
16:24:50.0552 4660 arkbcfltr - detected UnsignedFile.Multi.Generic (1)
16:24:50.0755 4660 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
16:24:50.0771 4660 armoucfltr ( UnsignedFile.Multi.Generic ) - warning
16:24:50.0771 4660 armoucfltr - detected UnsignedFile.Multi.Generic (1)
16:24:50.0771 4660 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
16:24:50.0787 4660 ARPolicy ( UnsignedFile.Multi.Generic ) - warning
16:24:50.0787 4660 ARPolicy - detected UnsignedFile.Multi.Generic (1)
16:24:50.0818 4660 asc - ok
16:24:50.0834 4660 asc3350p - ok
16:24:50.0865 4660 asc3550 - ok
16:24:50.0959 4660 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:24:51.0084 4660 AsyncMac - ok
16:24:51.0209 4660 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:24:51.0365 4660 atapi - ok
16:24:51.0459 4660 Atdisk - ok
16:24:51.0505 4660 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:24:51.0662 4660 Atmarpc - ok
16:24:51.0724 4660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:24:51.0849 4660 audstub - ok
16:24:51.0896 4660 AVerFx2hbtv (c653d38371706d51ff465f512c4e6a99) C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys
16:24:51.0927 4660 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - warning
16:24:51.0927 4660 AVerFx2hbtv - detected UnsignedFile.Multi.Generic (1)
16:24:52.0068 4660 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
16:24:52.0083 4660 avgio - ok
16:24:52.0302 4660 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:24:52.0412 4660 avgntflt - ok
16:24:52.0443 4660 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:24:52.0458 4660 avipbb - ok
16:24:52.0521 4660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:24:52.0661 4660 Beep - ok
16:24:52.0786 4660 btaudio (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys
16:24:52.0818 4660 btaudio - ok
16:24:52.0990 4660 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
16:24:53.0005 4660 BTDriver - ok
16:24:53.0052 4660 BTKRNL (49fd2960c0c5fe06dedf9560ad4c9547) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
16:24:53.0083 4660 BTKRNL - ok
16:24:53.0255 4660 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
16:24:53.0271 4660 BTWDNDIS - ok
16:24:53.0302 4660 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys
16:24:53.0318 4660 BTWUSB - ok
16:24:53.0333 4660 catchme - ok
16:24:53.0411 4660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:24:53.0583 4660 cbidf2k - ok
16:24:53.0614 4660 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:24:53.0755 4660 CCDECODE - ok
16:24:53.0880 4660 cd20xrnt - ok
16:24:53.0927 4660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:24:54.0099 4660 Cdaudio - ok
16:24:54.0114 4660 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:24:54.0255 4660 Cdfs - ok
16:24:54.0286 4660 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:24:54.0333 4660 Cdrom - ok
16:24:54.0333 4660 Changer - ok
16:24:54.0411 4660 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:24:54.0552 4660 CmBatt - ok
16:24:54.0661 4660 CmdIde - ok
16:24:54.0724 4660 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:24:54.0849 4660 Compbatt - ok
16:24:54.0896 4660 Cpqarray - ok
16:24:54.0942 4660 dac2w2k - ok
16:24:54.0958 4660 dac960nt - ok
16:24:55.0021 4660 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:24:55.0145 4660 Disk - ok
16:24:55.0192 4660 DKbFltr (66c8d2405d9acc629125782de9538f6e) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
16:24:55.0208 4660 DKbFltr - ok
16:24:55.0270 4660 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
16:24:55.0442 4660 dmboot - ok
16:24:55.0599 4660 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
16:24:55.0739 4660 dmio - ok
16:24:55.0770 4660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:24:55.0911 4660 dmload - ok
16:24:56.0052 4660 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:24:56.0192 4660 DMusic - ok
16:24:56.0270 4660 dpti2o - ok
16:24:56.0317 4660 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:24:56.0442 4660 drmkaud - ok
16:24:56.0583 4660 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:24:56.0739 4660 Fastfat - ok
16:24:56.0833 4660 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:24:56.0973 4660 Fdc - ok
16:24:57.0067 4660 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
16:24:57.0192 4660 Fips - ok
16:24:57.0239 4660 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:24:57.0380 4660 Flpydisk - ok
16:24:57.0489 4660 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:24:57.0630 4660 FltMgr - ok
16:24:57.0723 4660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:24:57.0879 4660 Fs_Rec - ok
16:24:58.0020 4660 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:24:58.0145 4660 Ftdisk - ok
16:24:58.0192 4660 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:24:58.0317 4660 Gpc - ok
16:24:58.0395 4660 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
16:24:58.0442 4660 grmnusb - ok
16:24:58.0583 4660 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:24:58.0864 4660 HDAudBus - ok
16:24:59.0098 4660 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:24:59.0239 4660 HidUsb - ok
16:24:59.0270 4660 hpn - ok
16:24:59.0317 4660 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:24:59.0364 4660 HPZid412 - ok
16:24:59.0411 4660 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:24:59.0426 4660 HPZipr12 - ok
16:24:59.0457 4660 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:24:59.0504 4660 HPZius12 - ok
16:24:59.0676 4660 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:24:59.0692 4660 HTTP - ok
16:24:59.0723 4660 i2omgmt - ok
16:24:59.0739 4660 i2omp - ok
16:24:59.0817 4660 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:24:59.0957 4660 i8042prt - ok
16:25:00.0332 4660 ialm (9369957485fa01f1b45318779207df6e) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:25:00.0848 4660 ialm - ok
16:25:01.0020 4660 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:25:01.0160 4660 Imapi - ok
16:25:01.0192 4660 ini910u - ok
16:25:01.0395 4660 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:25:01.0582 4660 IntcAzAudAddService - ok
16:25:01.0738 4660 IntcHdmiAddService (64c301d73db18ebdc8680ca82d82af2d) C:\WINDOWS\system32\drivers\IntcHdmi.sys
16:25:01.0754 4660 IntcHdmiAddService - ok
16:25:01.0770 4660 IntelIde - ok
16:25:01.0832 4660 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:25:01.0973 4660 intelppm - ok
16:25:01.0988 4660 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:25:02.0145 4660 Ip6Fw - ok
16:25:02.0176 4660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:25:02.0332 4660 IpFilterDriver - ok
16:25:02.0457 4660 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:25:02.0629 4660 IpInIp - ok
16:25:02.0660 4660 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:25:02.0801 4660 IpNat - ok
16:25:02.0832 4660 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:25:02.0973 4660 IPSec - ok
16:25:03.0098 4660 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:25:03.0191 4660 IRENUM - ok
16:25:03.0238 4660 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:25:03.0379 4660 isapnp - ok
16:25:03.0457 4660 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:25:03.0597 4660 Kbdclass - ok
16:25:03.0660 4660 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:25:03.0801 4660 kbdhid - ok
16:25:03.0972 4660 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:25:04.0191 4660 kmixer - ok
16:25:04.0238 4660 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
16:25:04.0254 4660 KSecDD - ok
16:25:04.0316 4660 L1c (573337205057e22e13da1ffbc66a8aaf) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
16:25:04.0394 4660 L1c - ok
16:25:04.0457 4660 L6PODX3LV (02fb6c7a8bfcb45833e604954915a778) C:\WINDOWS\system32\Drivers\L6PODX3LV.sys
16:25:04.0504 4660 L6PODX3LV ( UnsignedFile.Multi.Generic ) - warning
16:25:04.0504 4660 L6PODX3LV - detected UnsignedFile.Multi.Generic (1)
16:25:04.0691 4660 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
16:25:04.0707 4660 Lbd - ok
16:25:04.0722 4660 lbrtfdc - ok
16:25:04.0863 4660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:25:05.0003 4660 mnmdd - ok
16:25:05.0050 4660 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
16:25:05.0535 4660 Modem - ok
16:25:05.0675 4660 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:25:05.0831 4660 Mouclass - ok
16:25:05.0894 4660 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:25:06.0035 4660 mouhid - ok
16:25:06.0066 4660 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:25:06.0206 4660 MountMgr - ok
16:25:06.0253 4660 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
16:25:06.0378 4660 MPE - ok
16:25:06.0550 4660 mraid35x - ok
16:25:06.0597 4660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:25:06.0769 4660 MRxDAV - ok
16:25:06.0831 4660 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:25:06.0878 4660 MRxSmb - ok
16:25:07.0019 4660 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:25:07.0191 4660 Msfs - ok
16:25:07.0238 4660 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:25:07.0363 4660 MSKSSRV - ok
16:25:07.0378 4660 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:25:07.0534 4660 MSPCLOCK - ok
16:25:07.0566 4660 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:25:07.0722 4660 MSPQM - ok
16:25:07.0909 4660 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:25:08.0034 4660 mssmbios - ok
16:25:08.0066 4660 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:25:08.0191 4660 MSTEE - ok
16:25:08.0284 4660 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:25:08.0331 4660 Mup - ok
16:25:08.0362 4660 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:25:08.0519 4660 NABTSFEC - ok
16:25:08.0690 4660 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
16:25:08.0722 4660 NDIS - ok
16:25:08.0753 4660 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:25:08.0940 4660 NdisIP - ok
16:25:08.0987 4660 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:25:09.0019 4660 NdisTapi - ok
16:25:09.0065 4660 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:25:09.0206 4660 Ndisuio - ok
16:25:09.0315 4660 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:25:09.0378 4660 NdisWan - ok
16:25:09.0425 4660 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:25:09.0472 4660 NDProxy - ok
16:25:09.0518 4660 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:25:09.0659 4660 NetBIOS - ok
16:25:09.0815 4660 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:25:09.0956 4660 NetBT - ok
16:25:10.0159 4660 NETw5x32 (6d5b4083d02f01bc98e418eee9c7c62e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
16:25:10.0409 4660 NETw5x32 ( UnsignedFile.Multi.Generic ) - warning
16:25:10.0409 4660 NETw5x32 - detected UnsignedFile.Multi.Generic (1)
16:25:10.0581 4660 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:25:10.0721 4660 Npfs - ok
16:25:10.0768 4660 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:25:10.0987 4660 Ntfs - ok
16:25:11.0128 4660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:25:11.0268 4660 Null - ok
16:25:11.0362 4660 nvport (add596f11d3a23e55d960d4cce6e9b3a) C:\WINDOWS\system32\Drivers\nvport.sys
16:25:11.0378 4660 nvport ( UnsignedFile.Multi.Generic ) - warning
16:25:11.0378 4660 nvport - detected UnsignedFile.Multi.Generic (1)
16:25:11.0409 4660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:25:11.0549 4660 NwlnkFlt - ok
16:25:11.0612 4660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:25:11.0737 4660 NwlnkFwd - ok
16:25:11.0893 4660 owktp - ok
16:25:12.0034 4660 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
16:25:12.0284 4660 Parport - ok
16:25:12.0393 4660 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:25:12.0534 4660 PartMgr - ok
16:25:12.0549 4660 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
16:25:12.0721 4660 ParVdm - ok
16:25:12.0737 4660 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
16:25:12.0877 4660 PCI - ok
16:25:12.0877 4660 PCIDump - ok
16:25:12.0909 4660 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:25:13.0080 4660 PCIIde - ok
16:25:13.0112 4660 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:25:13.0487 4660 Pcmcia - ok
16:25:13.0612 4660 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
16:25:13.0612 4660 pcouffin ( UnsignedFile.Multi.Generic ) - warning
16:25:13.0612 4660 pcouffin - detected UnsignedFile.Multi.Generic (1)
16:25:13.0627 4660 PDCOMP - ok
16:25:13.0659 4660 PDFRAME - ok
16:25:13.0690 4660 PDRELI - ok
16:25:13.0721 4660 PDRFRAME - ok
16:25:13.0737 4660 perc2 - ok
16:25:13.0768 4660 perc2hib - ok
16:25:13.0846 4660 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
16:25:13.0877 4660 pfc ( UnsignedFile.Multi.Generic ) - warning
16:25:13.0877 4660 pfc - detected UnsignedFile.Multi.Generic (1)
16:25:13.0987 4660 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:25:14.0112 4660 PptpMiniport - ok
16:25:14.0252 4660 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:25:14.0393 4660 PSched - ok
16:25:14.0440 4660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:25:14.0580 4660 Ptilink - ok
16:25:14.0690 4660 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:25:14.0705 4660 PxHelp20 - ok
16:25:14.0815 4660 ql1080 - ok
16:25:14.0846 4660 Ql10wnt - ok
16:25:14.0861 4660 ql12160 - ok
16:25:14.0893 4660 ql1240 - ok
16:25:14.0924 4660 ql1280 - ok
16:25:14.0971 4660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:25:15.0111 4660 RasAcd - ok
16:25:15.0143 4660 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:25:15.0299 4660 Rasl2tp - ok
16:25:15.0330 4660 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:25:15.0455 4660 RasPppoe - ok
16:25:15.0502 4660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:25:15.0643 4660 Raspti - ok
16:25:15.0768 4660 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:25:15.0893 4660 Rdbss - ok
16:25:15.0924 4660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:25:16.0064 4660 RDPCDD - ok
16:25:16.0080 4660 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:25:16.0252 4660 rdpdr - ok
16:25:16.0299 4660 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:25:16.0361 4660 RDPWD - ok
16:25:16.0455 4660 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:25:16.0596 4660 redbook - ok
16:25:16.0689 4660 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
16:25:16.0705 4660 s1018bus - ok
16:25:16.0736 4660 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
16:25:16.0752 4660 s1018mdfl - ok
16:25:16.0767 4660 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
16:25:16.0783 4660 s1018mdm - ok
16:25:16.0877 4660 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
16:25:16.0939 4660 s1018mgmt - ok
16:25:16.0955 4660 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
16:25:16.0971 4660 s1018nd5 - ok
16:25:17.0002 4660 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
16:25:17.0017 4660 s1018obex - ok
16:25:17.0049 4660 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
16:25:17.0064 4660 s1018unic - ok
16:25:17.0205 4660 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:25:17.0299 4660 Secdrv - ok
16:25:17.0361 4660 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
16:25:17.0392 4660 seehcri - ok
16:25:17.0533 4660 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
16:25:17.0658 4660 Serial - ok
16:25:17.0705 4660 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:25:17.0908 4660 Sfloppy - ok
16:25:18.0002 4660 Simbad - ok
16:25:18.0064 4660 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:25:18.0174 4660 SLIP - ok
16:25:18.0267 4660 Sparrow - ok
16:25:18.0298 4660 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:25:18.0439 4660 splitter - ok
16:25:18.0533 4660 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
16:25:18.0611 4660 sr - ok
16:25:18.0689 4660 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
16:25:18.0752 4660 Srv - ok
16:25:18.0798 4660 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:25:18.0814 4660 ssmdrv - ok
16:25:18.0877 4660 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:25:19.0017 4660 streamip - ok
16:25:19.0111 4660 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:25:19.0251 4660 swenum - ok
16:25:19.0298 4660 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:25:19.0439 4660 swmidi - ok
16:25:19.0455 4660 symc810 - ok
16:25:19.0486 4660 symc8xx - ok
16:25:19.0501 4660 sym_hi - ok
16:25:19.0533 4660 sym_u3 - ok
16:25:19.0564 4660 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:25:19.0689 4660 sysaudio - ok
16:25:19.0783 4660 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:25:19.0955 4660 Tcpip - ok
16:25:20.0048 4660 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:25:20.0220 4660 TDPIPE - ok
16:25:20.0251 4660 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:25:20.0408 4660 TDTCP - ok
16:25:20.0439 4660 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:25:20.0564 4660 TermDD - ok
16:25:20.0658 4660 TosIde - ok
16:25:20.0704 4660 ubxlwo.sys - ok
16:25:20.0736 4660 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:25:20.0876 4660 Udfs - ok
16:25:20.0939 4660 ultra - ok
16:25:20.0986 4660 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:25:21.0142 4660 Update - ok
16:25:21.0251 4660 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:25:21.0392 4660 usbccgp - ok
16:25:21.0501 4660 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:25:21.0626 4660 usbehci - ok
16:25:21.0673 4660 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:25:21.0814 4660 usbhub - ok
16:25:21.0923 4660 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:25:22.0079 4660 usbprint - ok
16:25:22.0204 4660 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:25:22.0345 4660 usbscan - ok
16:25:22.0392 4660 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:25:22.0517 4660 usbstor - ok
16:25:22.0610 4660 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:25:22.0751 4660 usbuhci - ok
16:25:22.0782 4660 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:25:22.0923 4660 usbvideo - ok
16:25:23.0063 4660 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:25:23.0204 4660 VgaSave - ok
16:25:23.0204 4660 ViaIde - ok
16:25:23.0251 4660 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
16:25:23.0392 4660 VolSnap - ok
16:25:23.0501 4660 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:25:23.0641 4660 Wanarp - ok
16:25:23.0657 4660 wceusbsh (a2a8cacb5b80ac45cc69692e60621864) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
16:25:23.0813 4660 wceusbsh - ok
16:25:24.0016 4660 WDICA - ok
16:25:24.0063 4660 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:25:24.0204 4660 wdmaud - ok
16:25:24.0360 4660 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:25:24.0485 4660 WmiAcpi - ok
16:25:24.0594 4660 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:25:24.0626 4660 WpdUsb - ok
16:25:24.0641 4660 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:25:24.0798 4660 WS2IFSL - ok
16:25:24.0907 4660 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:25:25.0063 4660 WSTCODEC - ok
16:25:25.0219 4660 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:25:25.0235 4660 WudfPf - ok
16:25:25.0282 4660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:25:25.0313 4660 WudfRd - ok
16:25:25.0360 4660 xcpip - ok
16:25:25.0391 4660 xpsec - ok
16:25:25.0501 4660 MBR (0x1B8) (0e1d60863e74698b6255deeb65261da6) \Device\Harddisk0\DR0
16:25:25.0501 4660 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
16:25:25.0501 4660 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
16:25:25.0579 4660 Boot (0x1200) (b8b8ebf2dd2f6f1f28227d5df3ceaeac) \Device\Harddisk0\DR0\Partition0
16:25:25.0579 4660 \Device\Harddisk0\DR0\Partition0 - ok
16:25:25.0594 4660 ============================================================
16:25:25.0594 4660 Scan finished
16:25:25.0594 4660 ============================================================
16:25:25.0719 5996 Detected object count: 12
16:25:25.0719 5996 Actual detected object count: 12
16:25:55.0528 5996 aracpi ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0528 5996 aracpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0543 5996 arhidfltr ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0543 5996 arhidfltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0559 5996 arkbcfltr ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0559 5996 arkbcfltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0559 5996 armoucfltr ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0559 5996 armoucfltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0559 5996 ARPolicy ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0559 5996 ARPolicy ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0559 5996 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0559 5996 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0574 5996 L6PODX3LV ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0574 5996 L6PODX3LV ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0590 5996 NETw5x32 ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0590 5996 NETw5x32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0606 5996 nvport ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0606 5996 nvport ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0621 5996 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0621 5996 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0621 5996 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:55.0621 5996 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:55.0637 5996 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - skipped by user
16:25:55.0637 5996 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Skip
-
apache.davidson
- Návštěvník
- Příspěvky: 26
- Registrován: 21 led 2009 17:50
Re: Sekání notebooku, zobrazování podivných stránek
17:57:05.0046 5808 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
17:57:05.0187 5808 ============================================================
17:57:05.0187 5808 Current date / time: 2012/02/29 17:57:05.0187
17:57:05.0187 5808 SystemInfo:
17:57:05.0187 5808
17:57:05.0187 5808 OS Version: 5.1.2600 ServicePack: 3.0
17:57:05.0187 5808 Product type: Workstation
17:57:05.0187 5808 ComputerName: S-359835CC70E24
17:57:05.0187 5808 UserName: oem
17:57:05.0187 5808 Windows directory: C:\WINDOWS
17:57:05.0187 5808 System windows directory: C:\WINDOWS
17:57:05.0187 5808 Processor architecture: Intel x86
17:57:05.0187 5808 Number of processors: 2
17:57:05.0187 5808 Page size: 0x1000
17:57:05.0187 5808 Boot type: Normal boot
17:57:05.0187 5808 ============================================================
17:57:07.0296 5808 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:57:07.0296 5808 \Device\Harddisk0\DR0:
17:57:07.0296 5808 MBR used
17:57:07.0296 5808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
17:57:07.0328 5808 Initialize success
17:57:07.0328 5808 ============================================================
17:57:10.0906 4996 ============================================================
17:57:10.0906 4996 Scan started
17:57:10.0906 4996 Mode: Manual;
17:57:10.0906 4996 ============================================================
17:57:12.0296 4996 Abiosdsk - ok
17:57:12.0375 4996 abp480n5 - ok
17:57:12.0437 4996 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:57:12.0453 4996 ACPI - ok
17:57:12.0484 4996 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:57:12.0484 4996 ACPIEC - ok
17:57:12.0562 4996 adpu160m - ok
17:57:12.0640 4996 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:57:12.0656 4996 aec - ok
17:57:12.0718 4996 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
17:57:12.0718 4996 AFD - ok
17:57:12.0734 4996 Aha154x - ok
17:57:12.0765 4996 aic78u2 - ok
17:57:12.0781 4996 aic78xx - ok
17:57:12.0828 4996 AliIde - ok
17:57:12.0859 4996 amsint - ok
17:57:12.0968 4996 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
17:57:12.0968 4996 aracpi - ok
17:57:13.0000 4996 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
17:57:13.0000 4996 arhidfltr - ok
17:57:13.0078 4996 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
17:57:13.0078 4996 arkbcfltr - ok
17:57:13.0125 4996 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
17:57:13.0125 4996 armoucfltr - ok
17:57:13.0156 4996 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
17:57:13.0156 4996 ARPolicy - ok
17:57:13.0203 4996 asc - ok
17:57:13.0234 4996 asc3350p - ok
17:57:13.0265 4996 asc3550 - ok
17:57:13.0359 4996 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:57:13.0359 4996 AsyncMac - ok
17:57:13.0390 4996 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:57:13.0390 4996 atapi - ok
17:57:13.0406 4996 Atdisk - ok
17:57:13.0421 4996 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:57:13.0437 4996 Atmarpc - ok
17:57:13.0484 4996 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:57:13.0484 4996 audstub - ok
17:57:13.0515 4996 AVerFx2hbtv (c653d38371706d51ff465f512c4e6a99) C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys
17:57:13.0531 4996 AVerFx2hbtv - ok
17:57:13.0656 4996 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
17:57:13.0671 4996 avgio - ok
17:57:13.0859 4996 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:57:13.0859 4996 avgntflt - ok
17:57:13.0890 4996 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:57:13.0906 4996 avipbb - ok
17:57:13.0984 4996 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:57:13.0984 4996 Beep - ok
17:57:14.0093 4996 btaudio (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys
17:57:14.0093 4996 btaudio - ok
17:57:14.0234 4996 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
17:57:14.0234 4996 BTDriver - ok
17:57:14.0296 4996 BTKRNL (49fd2960c0c5fe06dedf9560ad4c9547) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
17:57:14.0312 4996 BTKRNL - ok
17:57:14.0515 4996 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
17:57:14.0515 4996 BTWDNDIS - ok
17:57:14.0562 4996 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys
17:57:14.0578 4996 BTWUSB - ok
17:57:14.0593 4996 catchme - ok
17:57:14.0640 4996 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:57:14.0640 4996 cbidf2k - ok
17:57:14.0687 4996 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:57:14.0687 4996 CCDECODE - ok
17:57:14.0718 4996 cd20xrnt - ok
17:57:14.0765 4996 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:57:14.0765 4996 Cdaudio - ok
17:57:14.0953 4996 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:57:14.0953 4996 Cdfs - ok
17:57:14.0968 4996 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:57:14.0984 4996 Cdrom - ok
17:57:15.0000 4996 Changer - ok
17:57:15.0109 4996 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:57:15.0109 4996 CmBatt - ok
17:57:15.0125 4996 CmdIde - ok
17:57:15.0171 4996 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:57:15.0187 4996 Compbatt - ok
17:57:15.0234 4996 Cpqarray - ok
17:57:15.0515 4996 dac2w2k - ok
17:57:15.0531 4996 dac960nt - ok
17:57:15.0546 4996 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:57:15.0562 4996 Disk - ok
17:57:15.0578 4996 DKbFltr (66c8d2405d9acc629125782de9538f6e) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
17:57:15.0593 4996 DKbFltr - ok
17:57:15.0656 4996 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
17:57:15.0671 4996 dmboot - ok
17:57:15.0812 4996 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
17:57:15.0828 4996 dmio - ok
17:57:15.0859 4996 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:57:15.0859 4996 dmload - ok
17:57:15.0906 4996 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:57:15.0906 4996 DMusic - ok
17:57:15.0921 4996 dpti2o - ok
17:57:15.0921 4996 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:57:15.0937 4996 drmkaud - ok
17:57:16.0015 4996 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:57:16.0015 4996 Fastfat - ok
17:57:16.0046 4996 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:57:16.0046 4996 Fdc - ok
17:57:16.0187 4996 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
17:57:16.0187 4996 Fips - ok
17:57:16.0203 4996 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:57:16.0203 4996 Flpydisk - ok
17:57:16.0250 4996 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:57:16.0265 4996 FltMgr - ok
17:57:16.0312 4996 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:57:16.0312 4996 Fs_Rec - ok
17:57:16.0312 4996 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:57:16.0328 4996 Ftdisk - ok
17:57:16.0359 4996 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:57:16.0359 4996 Gpc - ok
17:57:16.0421 4996 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
17:57:16.0437 4996 grmnusb - ok
17:57:16.0609 4996 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:57:16.0609 4996 HDAudBus - ok
17:57:16.0671 4996 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:57:16.0671 4996 HidUsb - ok
17:57:16.0687 4996 hpn - ok
17:57:16.0718 4996 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:57:16.0734 4996 HPZid412 - ok
17:57:16.0734 4996 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:57:16.0750 4996 HPZipr12 - ok
17:57:16.0765 4996 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:57:16.0765 4996 HPZius12 - ok
17:57:16.0828 4996 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:57:16.0843 4996 HTTP - ok
17:57:17.0000 4996 i2omgmt - ok
17:57:17.0015 4996 i2omp - ok
17:57:17.0031 4996 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:57:17.0031 4996 i8042prt - ok
17:57:17.0562 4996 ialm (9369957485fa01f1b45318779207df6e) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:57:17.0625 4996 ialm - ok
17:57:17.0796 4996 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:57:17.0796 4996 Imapi - ok
17:57:17.0812 4996 ini910u - ok
17:57:17.0968 4996 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:57:18.0046 4996 IntcAzAudAddService - ok
17:57:18.0187 4996 IntcHdmiAddService (64c301d73db18ebdc8680ca82d82af2d) C:\WINDOWS\system32\drivers\IntcHdmi.sys
17:57:18.0187 4996 IntcHdmiAddService - ok
17:57:18.0203 4996 IntelIde - ok
17:57:18.0250 4996 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:57:18.0250 4996 intelppm - ok
17:57:18.0265 4996 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:57:18.0281 4996 Ip6Fw - ok
17:57:18.0312 4996 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:57:18.0312 4996 IpFilterDriver - ok
17:57:18.0312 4996 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:57:18.0328 4996 IpInIp - ok
17:57:18.0359 4996 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:57:18.0375 4996 IpNat - ok
17:57:18.0421 4996 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:57:18.0437 4996 IPSec - ok
17:57:18.0609 4996 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:57:18.0625 4996 IRENUM - ok
17:57:18.0640 4996 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:57:18.0656 4996 isapnp - ok
17:57:18.0703 4996 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:57:18.0718 4996 Kbdclass - ok
17:57:18.0781 4996 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:57:18.0781 4996 kbdhid - ok
17:57:18.0812 4996 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:57:18.0828 4996 kmixer - ok
17:57:19.0000 4996 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
17:57:19.0015 4996 KSecDD - ok
17:57:19.0062 4996 L1c (573337205057e22e13da1ffbc66a8aaf) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
17:57:19.0062 4996 L1c - ok
17:57:19.0156 4996 L6PODX3LV (02fb6c7a8bfcb45833e604954915a778) C:\WINDOWS\system32\Drivers\L6PODX3LV.sys
17:57:19.0171 4996 L6PODX3LV - ok
17:57:19.0343 4996 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:57:19.0359 4996 Lbd - ok
17:57:19.0359 4996 lbrtfdc - ok
17:57:19.0437 4996 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:57:19.0437 4996 mnmdd - ok
17:57:19.0484 4996 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
17:57:19.0484 4996 Modem - ok
17:57:19.0546 4996 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:57:19.0546 4996 Mouclass - ok
17:57:19.0609 4996 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:57:19.0609 4996 mouhid - ok
17:57:19.0750 4996 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:57:19.0750 4996 MountMgr - ok
17:57:19.0812 4996 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
17:57:19.0812 4996 MPE - ok
17:57:19.0828 4996 mraid35x - ok
17:57:19.0859 4996 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:57:19.0875 4996 MRxDAV - ok
17:57:19.0937 4996 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:57:19.0953 4996 MRxSmb - ok
17:57:20.0109 4996 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:57:20.0109 4996 Msfs - ok
17:57:20.0156 4996 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:57:20.0171 4996 MSKSSRV - ok
17:57:20.0171 4996 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:57:20.0187 4996 MSPCLOCK - ok
17:57:20.0187 4996 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:57:20.0187 4996 MSPQM - ok
17:57:20.0218 4996 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:57:20.0218 4996 mssmbios - ok
17:57:20.0250 4996 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:57:20.0250 4996 MSTEE - ok
17:57:20.0312 4996 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:57:20.0312 4996 Mup - ok
17:57:20.0328 4996 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:57:20.0343 4996 NABTSFEC - ok
17:57:20.0375 4996 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
17:57:20.0390 4996 NDIS - ok
17:57:20.0546 4996 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:57:20.0546 4996 NdisIP - ok
17:57:20.0609 4996 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:57:20.0609 4996 NdisTapi - ok
17:57:20.0671 4996 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:57:20.0687 4996 Ndisuio - ok
17:57:20.0687 4996 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:57:20.0703 4996 NdisWan - ok
17:57:20.0765 4996 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:57:20.0781 4996 NDProxy - ok
17:57:20.0796 4996 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:57:20.0796 4996 NetBIOS - ok
17:57:20.0984 4996 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:57:21.0000 4996 NetBT - ok
17:57:21.0171 4996 NETw5x32 (6d5b4083d02f01bc98e418eee9c7c62e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
17:57:21.0218 4996 NETw5x32 - ok
17:57:21.0390 4996 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:57:21.0406 4996 Npfs - ok
17:57:21.0468 4996 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:57:21.0484 4996 Ntfs - ok
17:57:21.0562 4996 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:57:21.0562 4996 Null - ok
17:57:21.0625 4996 nvport (add596f11d3a23e55d960d4cce6e9b3a) C:\WINDOWS\system32\Drivers\nvport.sys
17:57:21.0625 4996 nvport - ok
17:57:21.0781 4996 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:57:21.0796 4996 NwlnkFlt - ok
17:57:21.0796 4996 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:57:21.0812 4996 NwlnkFwd - ok
17:57:21.0828 4996 owktp - ok
17:57:21.0859 4996 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
17:57:21.0875 4996 Parport - ok
17:57:21.0890 4996 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:57:21.0906 4996 PartMgr - ok
17:57:21.0937 4996 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
17:57:21.0937 4996 ParVdm - ok
17:57:21.0953 4996 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
17:57:21.0953 4996 PCI - ok
17:57:21.0968 4996 PCIDump - ok
17:57:21.0984 4996 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:57:21.0984 4996 PCIIde - ok
17:57:22.0000 4996 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:57:22.0015 4996 Pcmcia - ok
17:57:22.0046 4996 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
17:57:22.0046 4996 pcouffin - ok
17:57:22.0156 4996 PDCOMP - ok
17:57:22.0171 4996 PDFRAME - ok
17:57:22.0171 4996 PDRELI - ok
17:57:22.0187 4996 PDRFRAME - ok
17:57:22.0203 4996 perc2 - ok
17:57:22.0203 4996 perc2hib - ok
17:57:22.0265 4996 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
17:57:22.0265 4996 pfc - ok
17:57:22.0328 4996 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:57:22.0328 4996 PptpMiniport - ok
17:57:22.0343 4996 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:57:22.0359 4996 PSched - ok
17:57:22.0406 4996 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:57:22.0406 4996 Ptilink - ok
17:57:22.0562 4996 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:57:22.0578 4996 PxHelp20 - ok
17:57:22.0578 4996 ql1080 - ok
17:57:22.0593 4996 Ql10wnt - ok
17:57:22.0593 4996 ql12160 - ok
17:57:22.0609 4996 ql1240 - ok
17:57:22.0625 4996 ql1280 - ok
17:57:22.0656 4996 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:57:22.0671 4996 RasAcd - ok
17:57:22.0718 4996 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:57:22.0734 4996 Rasl2tp - ok
17:57:22.0734 4996 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:57:22.0750 4996 RasPppoe - ok
17:57:22.0765 4996 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:57:22.0765 4996 Raspti - ok
17:57:22.0828 4996 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:57:22.0843 4996 Rdbss - ok
17:57:22.0875 4996 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:57:22.0875 4996 RDPCDD - ok
17:57:23.0000 4996 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:57:23.0015 4996 rdpdr - ok
17:57:23.0062 4996 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:57:23.0062 4996 RDPWD - ok
17:57:23.0109 4996 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:57:23.0109 4996 redbook - ok
17:57:23.0171 4996 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
17:57:23.0171 4996 s1018bus - ok
17:57:23.0203 4996 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
17:57:23.0203 4996 s1018mdfl - ok
17:57:23.0296 4996 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
17:57:23.0312 4996 s1018mdm - ok
17:57:23.0343 4996 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
17:57:23.0359 4996 s1018mgmt - ok
17:57:23.0375 4996 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
17:57:23.0390 4996 s1018nd5 - ok
17:57:23.0421 4996 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
17:57:23.0437 4996 s1018obex - ok
17:57:23.0453 4996 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
17:57:23.0468 4996 s1018unic - ok
17:57:23.0578 4996 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:57:23.0578 4996 Secdrv - ok
17:57:23.0640 4996 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
17:57:23.0656 4996 seehcri - ok
17:57:23.0671 4996 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
17:57:23.0687 4996 Serial - ok
17:57:23.0718 4996 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:57:23.0718 4996 Sfloppy - ok
17:57:23.0812 4996 Simbad - ok
17:57:23.0859 4996 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:57:23.0859 4996 SLIP - ok
17:57:23.0875 4996 Sparrow - ok
17:57:23.0921 4996 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:57:23.0921 4996 splitter - ok
17:57:23.0984 4996 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
17:57:23.0984 4996 sr - ok
17:57:24.0031 4996 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
17:57:24.0046 4996 Srv - ok
17:57:24.0093 4996 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:57:24.0093 4996 ssmdrv - ok
17:57:24.0203 4996 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:57:24.0218 4996 streamip - ok
17:57:24.0281 4996 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:57:24.0281 4996 swenum - ok
17:57:24.0296 4996 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:57:24.0312 4996 swmidi - ok
17:57:24.0312 4996 symc810 - ok
17:57:24.0328 4996 symc8xx - ok
17:57:24.0343 4996 sym_hi - ok
17:57:24.0343 4996 sym_u3 - ok
17:57:24.0359 4996 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:57:24.0375 4996 sysaudio - ok
17:57:24.0437 4996 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:57:24.0453 4996 Tcpip - ok
17:57:24.0562 4996 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:57:24.0562 4996 TDPIPE - ok
17:57:24.0593 4996 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:57:24.0593 4996 TDTCP - ok
17:57:24.0640 4996 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:57:24.0640 4996 TermDD - ok
17:57:24.0671 4996 TosIde - ok
17:57:24.0687 4996 ubxlwo.sys - ok
17:57:24.0734 4996 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:57:24.0734 4996 Udfs - ok
17:57:24.0796 4996 ultra - ok
17:57:24.0875 4996 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:57:24.0890 4996 Update - ok
17:57:25.0218 4996 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:57:25.0234 4996 usbccgp - ok
17:57:25.0265 4996 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:57:25.0265 4996 usbehci - ok
17:57:25.0312 4996 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:57:25.0312 4996 usbhub - ok
17:57:25.0343 4996 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:57:25.0359 4996 usbprint - ok
17:57:25.0484 4996 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:57:25.0484 4996 usbscan - ok
17:57:25.0578 4996 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:57:25.0593 4996 usbstor - ok
17:57:25.0656 4996 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:57:25.0656 4996 usbuhci - ok
17:57:25.0734 4996 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:57:25.0734 4996 usbvideo - ok
17:57:25.0796 4996 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:57:25.0812 4996 VgaSave - ok
17:57:25.0875 4996 ViaIde - ok
17:57:25.0921 4996 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
17:57:25.0937 4996 VolSnap - ok
17:57:26.0046 4996 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:57:26.0046 4996 Wanarp - ok
17:57:26.0078 4996 wceusbsh (a2a8cacb5b80ac45cc69692e60621864) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
17:57:26.0093 4996 wceusbsh - ok
17:57:26.0156 4996 WDICA - ok
17:57:26.0203 4996 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:57:26.0203 4996 wdmaud - ok
17:57:26.0359 4996 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:57:26.0359 4996 WmiAcpi - ok
17:57:26.0437 4996 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:57:26.0453 4996 WpdUsb - ok
17:57:26.0578 4996 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:57:26.0578 4996 WS2IFSL - ok
17:57:26.0625 4996 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:57:26.0625 4996 WSTCODEC - ok
17:57:26.0671 4996 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:57:26.0687 4996 WudfPf - ok
17:57:26.0750 4996 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:57:26.0750 4996 WudfRd - ok
17:57:26.0796 4996 xcpip - ok
17:57:26.0828 4996 xpsec - ok
17:57:26.0937 4996 MBR (0x1B8) (0e1d60863e74698b6255deeb65261da6) \Device\Harddisk0\DR0
17:57:26.0937 4996 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
17:57:26.0937 4996 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
17:57:26.0953 4996 Boot (0x1200) (b8b8ebf2dd2f6f1f28227d5df3ceaeac) \Device\Harddisk0\DR0\Partition0
17:57:26.0953 4996 \Device\Harddisk0\DR0\Partition0 - ok
17:57:26.0968 4996 ============================================================
17:57:26.0968 4996 Scan finished
17:57:26.0968 4996 ============================================================
17:57:27.0015 2144 Detected object count: 1
17:57:27.0015 2144 Actual detected object count: 1
17:57:41.0671 2144 \Device\Harddisk0\DR0\# - copied to quarantine
17:57:41.0671 2144 \Device\Harddisk0\DR0 - copied to quarantine
17:57:41.0718 2144 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
17:57:41.0734 2144 \Device\Harddisk0\DR0 - ok
17:57:41.0734 2144 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
17:58:02.0531 5644 Deinitialize success
17:57:05.0187 5808 ============================================================
17:57:05.0187 5808 Current date / time: 2012/02/29 17:57:05.0187
17:57:05.0187 5808 SystemInfo:
17:57:05.0187 5808
17:57:05.0187 5808 OS Version: 5.1.2600 ServicePack: 3.0
17:57:05.0187 5808 Product type: Workstation
17:57:05.0187 5808 ComputerName: S-359835CC70E24
17:57:05.0187 5808 UserName: oem
17:57:05.0187 5808 Windows directory: C:\WINDOWS
17:57:05.0187 5808 System windows directory: C:\WINDOWS
17:57:05.0187 5808 Processor architecture: Intel x86
17:57:05.0187 5808 Number of processors: 2
17:57:05.0187 5808 Page size: 0x1000
17:57:05.0187 5808 Boot type: Normal boot
17:57:05.0187 5808 ============================================================
17:57:07.0296 5808 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:57:07.0296 5808 \Device\Harddisk0\DR0:
17:57:07.0296 5808 MBR used
17:57:07.0296 5808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
17:57:07.0328 5808 Initialize success
17:57:07.0328 5808 ============================================================
17:57:10.0906 4996 ============================================================
17:57:10.0906 4996 Scan started
17:57:10.0906 4996 Mode: Manual;
17:57:10.0906 4996 ============================================================
17:57:12.0296 4996 Abiosdsk - ok
17:57:12.0375 4996 abp480n5 - ok
17:57:12.0437 4996 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:57:12.0453 4996 ACPI - ok
17:57:12.0484 4996 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:57:12.0484 4996 ACPIEC - ok
17:57:12.0562 4996 adpu160m - ok
17:57:12.0640 4996 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:57:12.0656 4996 aec - ok
17:57:12.0718 4996 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
17:57:12.0718 4996 AFD - ok
17:57:12.0734 4996 Aha154x - ok
17:57:12.0765 4996 aic78u2 - ok
17:57:12.0781 4996 aic78xx - ok
17:57:12.0828 4996 AliIde - ok
17:57:12.0859 4996 amsint - ok
17:57:12.0968 4996 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
17:57:12.0968 4996 aracpi - ok
17:57:13.0000 4996 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
17:57:13.0000 4996 arhidfltr - ok
17:57:13.0078 4996 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
17:57:13.0078 4996 arkbcfltr - ok
17:57:13.0125 4996 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
17:57:13.0125 4996 armoucfltr - ok
17:57:13.0156 4996 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
17:57:13.0156 4996 ARPolicy - ok
17:57:13.0203 4996 asc - ok
17:57:13.0234 4996 asc3350p - ok
17:57:13.0265 4996 asc3550 - ok
17:57:13.0359 4996 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:57:13.0359 4996 AsyncMac - ok
17:57:13.0390 4996 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:57:13.0390 4996 atapi - ok
17:57:13.0406 4996 Atdisk - ok
17:57:13.0421 4996 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:57:13.0437 4996 Atmarpc - ok
17:57:13.0484 4996 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:57:13.0484 4996 audstub - ok
17:57:13.0515 4996 AVerFx2hbtv (c653d38371706d51ff465f512c4e6a99) C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys
17:57:13.0531 4996 AVerFx2hbtv - ok
17:57:13.0656 4996 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
17:57:13.0671 4996 avgio - ok
17:57:13.0859 4996 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:57:13.0859 4996 avgntflt - ok
17:57:13.0890 4996 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:57:13.0906 4996 avipbb - ok
17:57:13.0984 4996 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:57:13.0984 4996 Beep - ok
17:57:14.0093 4996 btaudio (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys
17:57:14.0093 4996 btaudio - ok
17:57:14.0234 4996 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
17:57:14.0234 4996 BTDriver - ok
17:57:14.0296 4996 BTKRNL (49fd2960c0c5fe06dedf9560ad4c9547) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
17:57:14.0312 4996 BTKRNL - ok
17:57:14.0515 4996 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
17:57:14.0515 4996 BTWDNDIS - ok
17:57:14.0562 4996 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys
17:57:14.0578 4996 BTWUSB - ok
17:57:14.0593 4996 catchme - ok
17:57:14.0640 4996 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:57:14.0640 4996 cbidf2k - ok
17:57:14.0687 4996 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:57:14.0687 4996 CCDECODE - ok
17:57:14.0718 4996 cd20xrnt - ok
17:57:14.0765 4996 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:57:14.0765 4996 Cdaudio - ok
17:57:14.0953 4996 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:57:14.0953 4996 Cdfs - ok
17:57:14.0968 4996 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:57:14.0984 4996 Cdrom - ok
17:57:15.0000 4996 Changer - ok
17:57:15.0109 4996 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:57:15.0109 4996 CmBatt - ok
17:57:15.0125 4996 CmdIde - ok
17:57:15.0171 4996 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:57:15.0187 4996 Compbatt - ok
17:57:15.0234 4996 Cpqarray - ok
17:57:15.0515 4996 dac2w2k - ok
17:57:15.0531 4996 dac960nt - ok
17:57:15.0546 4996 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:57:15.0562 4996 Disk - ok
17:57:15.0578 4996 DKbFltr (66c8d2405d9acc629125782de9538f6e) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
17:57:15.0593 4996 DKbFltr - ok
17:57:15.0656 4996 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
17:57:15.0671 4996 dmboot - ok
17:57:15.0812 4996 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
17:57:15.0828 4996 dmio - ok
17:57:15.0859 4996 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:57:15.0859 4996 dmload - ok
17:57:15.0906 4996 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:57:15.0906 4996 DMusic - ok
17:57:15.0921 4996 dpti2o - ok
17:57:15.0921 4996 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:57:15.0937 4996 drmkaud - ok
17:57:16.0015 4996 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:57:16.0015 4996 Fastfat - ok
17:57:16.0046 4996 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:57:16.0046 4996 Fdc - ok
17:57:16.0187 4996 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
17:57:16.0187 4996 Fips - ok
17:57:16.0203 4996 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:57:16.0203 4996 Flpydisk - ok
17:57:16.0250 4996 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:57:16.0265 4996 FltMgr - ok
17:57:16.0312 4996 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:57:16.0312 4996 Fs_Rec - ok
17:57:16.0312 4996 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:57:16.0328 4996 Ftdisk - ok
17:57:16.0359 4996 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:57:16.0359 4996 Gpc - ok
17:57:16.0421 4996 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
17:57:16.0437 4996 grmnusb - ok
17:57:16.0609 4996 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:57:16.0609 4996 HDAudBus - ok
17:57:16.0671 4996 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:57:16.0671 4996 HidUsb - ok
17:57:16.0687 4996 hpn - ok
17:57:16.0718 4996 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:57:16.0734 4996 HPZid412 - ok
17:57:16.0734 4996 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:57:16.0750 4996 HPZipr12 - ok
17:57:16.0765 4996 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:57:16.0765 4996 HPZius12 - ok
17:57:16.0828 4996 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:57:16.0843 4996 HTTP - ok
17:57:17.0000 4996 i2omgmt - ok
17:57:17.0015 4996 i2omp - ok
17:57:17.0031 4996 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:57:17.0031 4996 i8042prt - ok
17:57:17.0562 4996 ialm (9369957485fa01f1b45318779207df6e) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:57:17.0625 4996 ialm - ok
17:57:17.0796 4996 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:57:17.0796 4996 Imapi - ok
17:57:17.0812 4996 ini910u - ok
17:57:17.0968 4996 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:57:18.0046 4996 IntcAzAudAddService - ok
17:57:18.0187 4996 IntcHdmiAddService (64c301d73db18ebdc8680ca82d82af2d) C:\WINDOWS\system32\drivers\IntcHdmi.sys
17:57:18.0187 4996 IntcHdmiAddService - ok
17:57:18.0203 4996 IntelIde - ok
17:57:18.0250 4996 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:57:18.0250 4996 intelppm - ok
17:57:18.0265 4996 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:57:18.0281 4996 Ip6Fw - ok
17:57:18.0312 4996 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:57:18.0312 4996 IpFilterDriver - ok
17:57:18.0312 4996 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:57:18.0328 4996 IpInIp - ok
17:57:18.0359 4996 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:57:18.0375 4996 IpNat - ok
17:57:18.0421 4996 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:57:18.0437 4996 IPSec - ok
17:57:18.0609 4996 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:57:18.0625 4996 IRENUM - ok
17:57:18.0640 4996 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:57:18.0656 4996 isapnp - ok
17:57:18.0703 4996 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:57:18.0718 4996 Kbdclass - ok
17:57:18.0781 4996 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:57:18.0781 4996 kbdhid - ok
17:57:18.0812 4996 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:57:18.0828 4996 kmixer - ok
17:57:19.0000 4996 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
17:57:19.0015 4996 KSecDD - ok
17:57:19.0062 4996 L1c (573337205057e22e13da1ffbc66a8aaf) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
17:57:19.0062 4996 L1c - ok
17:57:19.0156 4996 L6PODX3LV (02fb6c7a8bfcb45833e604954915a778) C:\WINDOWS\system32\Drivers\L6PODX3LV.sys
17:57:19.0171 4996 L6PODX3LV - ok
17:57:19.0343 4996 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:57:19.0359 4996 Lbd - ok
17:57:19.0359 4996 lbrtfdc - ok
17:57:19.0437 4996 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:57:19.0437 4996 mnmdd - ok
17:57:19.0484 4996 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
17:57:19.0484 4996 Modem - ok
17:57:19.0546 4996 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:57:19.0546 4996 Mouclass - ok
17:57:19.0609 4996 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:57:19.0609 4996 mouhid - ok
17:57:19.0750 4996 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:57:19.0750 4996 MountMgr - ok
17:57:19.0812 4996 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
17:57:19.0812 4996 MPE - ok
17:57:19.0828 4996 mraid35x - ok
17:57:19.0859 4996 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:57:19.0875 4996 MRxDAV - ok
17:57:19.0937 4996 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:57:19.0953 4996 MRxSmb - ok
17:57:20.0109 4996 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:57:20.0109 4996 Msfs - ok
17:57:20.0156 4996 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:57:20.0171 4996 MSKSSRV - ok
17:57:20.0171 4996 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:57:20.0187 4996 MSPCLOCK - ok
17:57:20.0187 4996 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:57:20.0187 4996 MSPQM - ok
17:57:20.0218 4996 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:57:20.0218 4996 mssmbios - ok
17:57:20.0250 4996 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:57:20.0250 4996 MSTEE - ok
17:57:20.0312 4996 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:57:20.0312 4996 Mup - ok
17:57:20.0328 4996 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:57:20.0343 4996 NABTSFEC - ok
17:57:20.0375 4996 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
17:57:20.0390 4996 NDIS - ok
17:57:20.0546 4996 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:57:20.0546 4996 NdisIP - ok
17:57:20.0609 4996 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:57:20.0609 4996 NdisTapi - ok
17:57:20.0671 4996 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:57:20.0687 4996 Ndisuio - ok
17:57:20.0687 4996 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:57:20.0703 4996 NdisWan - ok
17:57:20.0765 4996 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:57:20.0781 4996 NDProxy - ok
17:57:20.0796 4996 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:57:20.0796 4996 NetBIOS - ok
17:57:20.0984 4996 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:57:21.0000 4996 NetBT - ok
17:57:21.0171 4996 NETw5x32 (6d5b4083d02f01bc98e418eee9c7c62e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
17:57:21.0218 4996 NETw5x32 - ok
17:57:21.0390 4996 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:57:21.0406 4996 Npfs - ok
17:57:21.0468 4996 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:57:21.0484 4996 Ntfs - ok
17:57:21.0562 4996 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:57:21.0562 4996 Null - ok
17:57:21.0625 4996 nvport (add596f11d3a23e55d960d4cce6e9b3a) C:\WINDOWS\system32\Drivers\nvport.sys
17:57:21.0625 4996 nvport - ok
17:57:21.0781 4996 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:57:21.0796 4996 NwlnkFlt - ok
17:57:21.0796 4996 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:57:21.0812 4996 NwlnkFwd - ok
17:57:21.0828 4996 owktp - ok
17:57:21.0859 4996 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
17:57:21.0875 4996 Parport - ok
17:57:21.0890 4996 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:57:21.0906 4996 PartMgr - ok
17:57:21.0937 4996 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
17:57:21.0937 4996 ParVdm - ok
17:57:21.0953 4996 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
17:57:21.0953 4996 PCI - ok
17:57:21.0968 4996 PCIDump - ok
17:57:21.0984 4996 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:57:21.0984 4996 PCIIde - ok
17:57:22.0000 4996 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:57:22.0015 4996 Pcmcia - ok
17:57:22.0046 4996 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
17:57:22.0046 4996 pcouffin - ok
17:57:22.0156 4996 PDCOMP - ok
17:57:22.0171 4996 PDFRAME - ok
17:57:22.0171 4996 PDRELI - ok
17:57:22.0187 4996 PDRFRAME - ok
17:57:22.0203 4996 perc2 - ok
17:57:22.0203 4996 perc2hib - ok
17:57:22.0265 4996 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
17:57:22.0265 4996 pfc - ok
17:57:22.0328 4996 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:57:22.0328 4996 PptpMiniport - ok
17:57:22.0343 4996 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:57:22.0359 4996 PSched - ok
17:57:22.0406 4996 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:57:22.0406 4996 Ptilink - ok
17:57:22.0562 4996 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:57:22.0578 4996 PxHelp20 - ok
17:57:22.0578 4996 ql1080 - ok
17:57:22.0593 4996 Ql10wnt - ok
17:57:22.0593 4996 ql12160 - ok
17:57:22.0609 4996 ql1240 - ok
17:57:22.0625 4996 ql1280 - ok
17:57:22.0656 4996 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:57:22.0671 4996 RasAcd - ok
17:57:22.0718 4996 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:57:22.0734 4996 Rasl2tp - ok
17:57:22.0734 4996 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:57:22.0750 4996 RasPppoe - ok
17:57:22.0765 4996 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:57:22.0765 4996 Raspti - ok
17:57:22.0828 4996 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:57:22.0843 4996 Rdbss - ok
17:57:22.0875 4996 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:57:22.0875 4996 RDPCDD - ok
17:57:23.0000 4996 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:57:23.0015 4996 rdpdr - ok
17:57:23.0062 4996 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:57:23.0062 4996 RDPWD - ok
17:57:23.0109 4996 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:57:23.0109 4996 redbook - ok
17:57:23.0171 4996 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
17:57:23.0171 4996 s1018bus - ok
17:57:23.0203 4996 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
17:57:23.0203 4996 s1018mdfl - ok
17:57:23.0296 4996 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
17:57:23.0312 4996 s1018mdm - ok
17:57:23.0343 4996 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
17:57:23.0359 4996 s1018mgmt - ok
17:57:23.0375 4996 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
17:57:23.0390 4996 s1018nd5 - ok
17:57:23.0421 4996 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
17:57:23.0437 4996 s1018obex - ok
17:57:23.0453 4996 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
17:57:23.0468 4996 s1018unic - ok
17:57:23.0578 4996 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:57:23.0578 4996 Secdrv - ok
17:57:23.0640 4996 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
17:57:23.0656 4996 seehcri - ok
17:57:23.0671 4996 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
17:57:23.0687 4996 Serial - ok
17:57:23.0718 4996 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:57:23.0718 4996 Sfloppy - ok
17:57:23.0812 4996 Simbad - ok
17:57:23.0859 4996 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:57:23.0859 4996 SLIP - ok
17:57:23.0875 4996 Sparrow - ok
17:57:23.0921 4996 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:57:23.0921 4996 splitter - ok
17:57:23.0984 4996 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
17:57:23.0984 4996 sr - ok
17:57:24.0031 4996 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
17:57:24.0046 4996 Srv - ok
17:57:24.0093 4996 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:57:24.0093 4996 ssmdrv - ok
17:57:24.0203 4996 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:57:24.0218 4996 streamip - ok
17:57:24.0281 4996 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:57:24.0281 4996 swenum - ok
17:57:24.0296 4996 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:57:24.0312 4996 swmidi - ok
17:57:24.0312 4996 symc810 - ok
17:57:24.0328 4996 symc8xx - ok
17:57:24.0343 4996 sym_hi - ok
17:57:24.0343 4996 sym_u3 - ok
17:57:24.0359 4996 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:57:24.0375 4996 sysaudio - ok
17:57:24.0437 4996 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:57:24.0453 4996 Tcpip - ok
17:57:24.0562 4996 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:57:24.0562 4996 TDPIPE - ok
17:57:24.0593 4996 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:57:24.0593 4996 TDTCP - ok
17:57:24.0640 4996 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:57:24.0640 4996 TermDD - ok
17:57:24.0671 4996 TosIde - ok
17:57:24.0687 4996 ubxlwo.sys - ok
17:57:24.0734 4996 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:57:24.0734 4996 Udfs - ok
17:57:24.0796 4996 ultra - ok
17:57:24.0875 4996 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:57:24.0890 4996 Update - ok
17:57:25.0218 4996 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:57:25.0234 4996 usbccgp - ok
17:57:25.0265 4996 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:57:25.0265 4996 usbehci - ok
17:57:25.0312 4996 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:57:25.0312 4996 usbhub - ok
17:57:25.0343 4996 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:57:25.0359 4996 usbprint - ok
17:57:25.0484 4996 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:57:25.0484 4996 usbscan - ok
17:57:25.0578 4996 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:57:25.0593 4996 usbstor - ok
17:57:25.0656 4996 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:57:25.0656 4996 usbuhci - ok
17:57:25.0734 4996 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:57:25.0734 4996 usbvideo - ok
17:57:25.0796 4996 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:57:25.0812 4996 VgaSave - ok
17:57:25.0875 4996 ViaIde - ok
17:57:25.0921 4996 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
17:57:25.0937 4996 VolSnap - ok
17:57:26.0046 4996 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:57:26.0046 4996 Wanarp - ok
17:57:26.0078 4996 wceusbsh (a2a8cacb5b80ac45cc69692e60621864) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
17:57:26.0093 4996 wceusbsh - ok
17:57:26.0156 4996 WDICA - ok
17:57:26.0203 4996 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:57:26.0203 4996 wdmaud - ok
17:57:26.0359 4996 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:57:26.0359 4996 WmiAcpi - ok
17:57:26.0437 4996 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:57:26.0453 4996 WpdUsb - ok
17:57:26.0578 4996 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:57:26.0578 4996 WS2IFSL - ok
17:57:26.0625 4996 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:57:26.0625 4996 WSTCODEC - ok
17:57:26.0671 4996 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:57:26.0687 4996 WudfPf - ok
17:57:26.0750 4996 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:57:26.0750 4996 WudfRd - ok
17:57:26.0796 4996 xcpip - ok
17:57:26.0828 4996 xpsec - ok
17:57:26.0937 4996 MBR (0x1B8) (0e1d60863e74698b6255deeb65261da6) \Device\Harddisk0\DR0
17:57:26.0937 4996 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
17:57:26.0937 4996 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
17:57:26.0953 4996 Boot (0x1200) (b8b8ebf2dd2f6f1f28227d5df3ceaeac) \Device\Harddisk0\DR0\Partition0
17:57:26.0953 4996 \Device\Harddisk0\DR0\Partition0 - ok
17:57:26.0968 4996 ============================================================
17:57:26.0968 4996 Scan finished
17:57:26.0968 4996 ============================================================
17:57:27.0015 2144 Detected object count: 1
17:57:27.0015 2144 Actual detected object count: 1
17:57:41.0671 2144 \Device\Harddisk0\DR0\# - copied to quarantine
17:57:41.0671 2144 \Device\Harddisk0\DR0 - copied to quarantine
17:57:41.0718 2144 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
17:57:41.0734 2144 \Device\Harddisk0\DR0 - ok
17:57:41.0734 2144 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
17:58:02.0531 5644 Deinitialize success
-
apache.davidson
- Návštěvník
- Příspěvky: 26
- Registrován: 21 led 2009 17:50
Re: Sekání notebooku, zobrazování podivných stránek
Nahrané soubory:
http://www.mediafire.com/?tlx36kdrl5v1i6c
http://www.mediafire.com/?eyc29k8q58xyncx
ComboFix log:
ComboFix 12-02-27.02 - oem 29.02.2012 18:08:05.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2975.2391 [GMT 1:00]
Spuštěný z: c:\documents and settings\oem\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\oem\Plocha\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_owktp
-------\Service_xcpip
-------\Service_xpsec
-------\Legacy_ubxlwo.sys
-------\Service_ubxlwo.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-28 do 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 16:57 . 2012-02-29 16:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-27 17:23 . 2012-02-27 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-27 17:23 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-27 14:29 . 2012-02-27 14:29 -------- dc----w- c:\documents and settings\All Users\Data aplikací\{EF63305C-BAD7-4144-9208-D65528260864}
2012-02-15 13:07 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 13:07 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-08 06:55 . 2012-02-08 06:55 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\DVDVideoSoft_Ltd
2012-01-31 15:22 . 2010-03-09 22:40 571264 ----a-w- c:\windows\system32\drivers\L6PODX3LV.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 15:56 . 2011-06-20 05:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-22 13:23 . 2011-04-08 12:02 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-22 13:23 . 2009-10-26 16:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-12 17:21 . 2008-12-14 14:45 1869056 ----a-w- c:\windows\system32\win32k.sys
2012-01-01 14:46 . 2009-10-21 16:42 87608 ----a-w- c:\documents and settings\oem\Data aplikací\inst.exe
2012-01-01 14:46 . 2009-10-21 16:42 47360 ----a-w- c:\documents and settings\oem\Data aplikací\pcouffin.sys
2011-12-19 08:08 . 2008-08-26 07:27 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:08 . 2008-08-26 07:26 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:08 . 2008-12-14 14:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:08 . 2008-12-14 14:35 17408 ----a-w- c:\windows\system32\corpol.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-12-19 12:23 . A23DF7213FE43F712F27A74DBCA5222B . 1593856 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-12-19 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-12-19 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-12-19 . D39127310CBAD1485EC5001A4ED1D853 . 1486336 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-12-19 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-12-26 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-02-27_20.26.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-29 17:15 . 2012-02-29 17:15 16384 c:\windows\temp\Perflib_Perfdata_4dc.dat
+ 2009-10-02 09:47 . 2012-02-28 07:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-10-02 09:47 . 2012-01-26 09:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-02-28 07:41 . 2012-02-28 07:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-10-02 09:47 . 2012-01-26 09:39 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2011-01-19 489584]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-12-19 40960]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-09-15 669936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2008-12-26 77312]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Vista D I"="c:\program files\extras\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"DrvIcon"="c:\program files\extras\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-09-03 1067528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-29 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-29 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-29 142872]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-09-17 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.cz/cz.special-uninstalla ... er=9.0.894" [?]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [15.9.2011 11:43 64160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8.4.2011 13:02 136360]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2.10.2009 13:26 117256]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 20:06 1036104]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2.10.2009 12:10 110080]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4.9.2009 2:16 45056]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [22.10.2009 17:40 27632]
S2 gupdate1ca88a037f522fc;Služba Google Update (gupdate1ca88a037f522fc);c:\program files\Google\Update\GoogleUpdate.exe [29.12.2009 17:01 133104]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [18.10.2009 9:34 273152]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29.12.2009 17:01 133104]
S3 L6PODX3LV;POD X3 Live Service;c:\windows\system32\drivers\L6PODX3LV.sys [31.1.2012 16:22 571264]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [21.10.2009 17:42 47360]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [22.10.2009 17:39 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [22.10.2009 17:39 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [22.10.2009 17:39 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [22.10.2009 17:39 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [22.10.2009 17:39 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [22.10.2009 17:39 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [22.10.2009 17:39 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [29.12.2010 16:00 155344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2011-12-19 08:08 124928 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 10:43]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 16:01]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 16:01]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\oem\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\oem\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: line6.net
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\acmtm6o3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-29 18:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(932)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(3396)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\btmmhook.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dllhost.exe
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\igfxext.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2012-02-29 18:22:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-29 17:22
ComboFix2.txt 2012-02-27 20:32
.
Před spuštěním: Volných bajtů: 281 023 012 864
Po spuštění: Volných bajtů: 281 041 293 312
.
- - End Of File - - C7081F61AAF1E48C55BB9089D5778C71
http://www.mediafire.com/?tlx36kdrl5v1i6c
http://www.mediafire.com/?eyc29k8q58xyncx
ComboFix log:
ComboFix 12-02-27.02 - oem 29.02.2012 18:08:05.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2975.2391 [GMT 1:00]
Spuštěný z: c:\documents and settings\oem\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\oem\Plocha\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_owktp
-------\Service_xcpip
-------\Service_xpsec
-------\Legacy_ubxlwo.sys
-------\Service_ubxlwo.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-28 do 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 16:57 . 2012-02-29 16:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-27 17:23 . 2012-02-27 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-27 17:23 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-27 14:29 . 2012-02-27 14:29 -------- dc----w- c:\documents and settings\All Users\Data aplikací\{EF63305C-BAD7-4144-9208-D65528260864}
2012-02-15 13:07 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 13:07 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-08 06:55 . 2012-02-08 06:55 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\DVDVideoSoft_Ltd
2012-01-31 15:22 . 2010-03-09 22:40 571264 ----a-w- c:\windows\system32\drivers\L6PODX3LV.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 15:56 . 2011-06-20 05:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-22 13:23 . 2011-04-08 12:02 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-22 13:23 . 2009-10-26 16:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-12 17:21 . 2008-12-14 14:45 1869056 ----a-w- c:\windows\system32\win32k.sys
2012-01-01 14:46 . 2009-10-21 16:42 87608 ----a-w- c:\documents and settings\oem\Data aplikací\inst.exe
2012-01-01 14:46 . 2009-10-21 16:42 47360 ----a-w- c:\documents and settings\oem\Data aplikací\pcouffin.sys
2011-12-19 08:08 . 2008-08-26 07:27 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:08 . 2008-08-26 07:26 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:08 . 2008-12-14 14:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:08 . 2008-12-14 14:35 17408 ----a-w- c:\windows\system32\corpol.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-12-19 12:23 . A23DF7213FE43F712F27A74DBCA5222B . 1593856 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-12-19 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-12-19 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-12-19 . D39127310CBAD1485EC5001A4ED1D853 . 1486336 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-12-19 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-12-26 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-02-27_20.26.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-29 17:15 . 2012-02-29 17:15 16384 c:\windows\temp\Perflib_Perfdata_4dc.dat
+ 2009-10-02 09:47 . 2012-02-28 07:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-10-02 09:47 . 2012-01-26 09:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-02-28 07:41 . 2012-02-28 07:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-10-02 09:47 . 2012-01-26 09:39 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2011-01-19 489584]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-12-19 40960]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-09-15 669936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2008-12-26 77312]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Vista D I"="c:\program files\extras\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"DrvIcon"="c:\program files\extras\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-09-03 1067528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-29 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-29 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-29 142872]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-09-17 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.cz/cz.special-uninstalla ... er=9.0.894" [?]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [15.9.2011 11:43 64160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8.4.2011 13:02 136360]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2.10.2009 13:26 117256]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 20:06 1036104]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2.10.2009 12:10 110080]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4.9.2009 2:16 45056]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [22.10.2009 17:40 27632]
S2 gupdate1ca88a037f522fc;Služba Google Update (gupdate1ca88a037f522fc);c:\program files\Google\Update\GoogleUpdate.exe [29.12.2009 17:01 133104]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [18.10.2009 9:34 273152]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29.12.2009 17:01 133104]
S3 L6PODX3LV;POD X3 Live Service;c:\windows\system32\drivers\L6PODX3LV.sys [31.1.2012 16:22 571264]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [21.10.2009 17:42 47360]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [22.10.2009 17:39 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [22.10.2009 17:39 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [22.10.2009 17:39 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [22.10.2009 17:39 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [22.10.2009 17:39 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [22.10.2009 17:39 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [22.10.2009 17:39 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [29.12.2010 16:00 155344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2011-12-19 08:08 124928 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 10:43]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 16:01]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 16:01]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\oem\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\oem\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: line6.net
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\acmtm6o3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-29 18:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(932)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(3396)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\btmmhook.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dllhost.exe
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\igfxext.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2012-02-29 18:22:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-29 17:22
ComboFix2.txt 2012-02-27 20:32
.
Před spuštěním: Volných bajtů: 281 023 012 864
Po spuštění: Volných bajtů: 281 041 293 312
.
- - End Of File - - C7081F61AAF1E48C55BB9089D5778C71
-
apache.davidson
- Návštěvník
- Příspěvky: 26
- Registrován: 21 led 2009 17:50
Re: Sekání notebooku, zobrazování podivných stránek
Soubor nejde otestovat, je to jen složka, není tam nic k testu.
scan:
scan:
Kód: Vybrat vše
MBRScan v1.1.1
OS : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR : x86 Family 6 Model 23 Stepping 10, GenuineIntel
BOOT : Normal Boot
DATE : 2012/02/29 (ISO 8601) at 19:05:21
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __Hitachi HTS545032B9A300 (PB3OC60F)
BUS_TYPE : (0x03) P-ATA
USE_PIO : YES
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 298.1 Go [Fixed] ==> XP MBR Code
MBR_MD5 : 6D819D8AAD2EAE049FAE3C0966EC9E1D
MBR_SHA1 : FEA8F0F108A3ABEC81086EB702E6F947E633BAB4
Device\Harddisk0\Partition1 298.1 Go 0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xA6EAB000
SIZE : 96.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xBA5E4000
SIZE : 8.0 Ko
DRIVER : C:\ComboFix\catchme.sys => Invisible on the disk
ADDRESS : 0xBA418000
SIZE : 32.0 Ko
DRIVER : C:\WINDOWS\system32\Drivers\PROCEXP113.SYS => Invisible on the disk
ADDRESS : 0xBA66A000
SIZE : 8.0 Ko
SystemStartOptions : NOEXECUTE=OPTIN FASTDETECT
________________________________________________________________________________
_______MBR \Device\Harddisk0\DR0
0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.м.|ûP.P.ü¾.|
0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW¹å.ó¤Ë½¾.±.
0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ
0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´..
0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò.
0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t.
0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..¶.uÒ.F...
0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..¶.ë
0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ¼.>þ}Uªt..~..tÈ.
0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©.ü.W.õË¿...V
0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü
0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|
0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä.
0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ
0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a`
0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j
0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot.
0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C 2ä.V.Í.ëÖaùÃNepl
0x00000130 61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64 atn. tabulka odd
0x00000140 A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61 ¡l..Chyba pýi na
0x00000150 9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68 .¡t.n¡ opera.n¡h
0x00000160 6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F o syst.mu.Opera.
0x00000170 6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65 n¡ syst.m nenale
0x00000180 7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 zen.............
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 2C 44 6A BA FD 80 70 00 00 80 01 .....,Djºý.p....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 C1 97 42 25 00 00 ...þ..?...Á.B%..
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
-
apache.davidson
- Návštěvník
- Příspěvky: 26
- Registrován: 21 led 2009 17:50
Re: Sekání notebooku, zobrazování podivných stránek
Vše se zdá být v pořádku. Kdyby něco, zašlu příspěvek.
Moc děkuji za pomoc
Hezký večer.
Moc děkuji za pomoc
Hezký večer.
Přispějete na provoz fóra?