Abnow.com

Zpráva

MartiN182 · #1 Příspěvek od **MartiN182** » 07 bře 2012 18:48

Dobrý večer, Mám problém s presmerovaním z Googlu na stránku abnow.com, čítal som na internete rôzne fóra, ale informácie sa líšia a nechcem nič pokaziť tak radšej sa obraciam na Vás. Antivirák mi často vyhadzuje informácie o vírusoch (mám Kasperski Internet Security 2012), ale podľa toho čo som sa dočítal sú to všetko zrejme fake hlásenia abnowu..

Ďakujem za pomoc

Pridávam log z RSITu:

Logfile of random's system information tool 1.09 (written by random/random)
Run by miso at 2012-03-07 18:21:26
Microsoft Windows 7 Ultimate
System drive C: has 485 MB (1%) free of 51 GB
Total RAM: 991 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:21:48 PM, on 3/7/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Citrix\ICA Client\PNAMain.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\miso\Downloads\RSIT.exe
C:\Program Files\trend micro\miso.exe
C:\Windows\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Citrix XenApp.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ie_banner_deny.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O16 - DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} (O2C-Player - area constructor view (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayerac.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PReS License Service (PRESLICSER) - Unknown owner - C:\WINDOWS\SYSTEM32\preslicser.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7444 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\miso\AppData\Roaming\Mozilla\Firefox\Profiles\pcqdyuwm.default

prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"virtualKeyboard@kaspersky.ru"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
"linkfilter@kaspersky.ru"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
"KavAntiBanner@Kaspersky.ru"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\KavAntiBanner@Kaspersky.ru

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
KavAntiBanner@kaspersky.ru_bak2
linkfilter@kaspersky.ru_bak2
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
IICAClient.xpt

C:\Program Files\Mozilla Firefox\plugins\
cgpcfg.dll
CgpCore.dll
confmgr.dll
ctxlogging.dll
ctxmui.dll
ICAClObj.class
icafile.dll
icalogon.dll
Microsoft.VC80.CRT.manifest
msvcm80.dll
msvcp80.dll
msvcr80.dll
np-mswmp.dll
npdeployJava1.dll
npFoxitReaderPlugin.dll
npicaN.dll
NPOFFICE.DLL
nppdf32.dll
sslsdk_b.dll
TcpPServ.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll [2011-04-24 86416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll [2011-04-24 229776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2011-07-06 1047656]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-04-24 202296]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2011-01-05 133432]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Citrix XenApp.lnk - C:\Windows\Installer\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe

C:\Users\miso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2011-04-24 229776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=28

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-03-07 18:21:28 ----D---- C:\Program Files\trend micro
2012-03-07 18:21:26 ----D---- C:\rsit
2012-03-05 19:18:42 ----ASH---- C:\Windows\system32\dds_log_trash.cmd

======List of files/folders modified in the last 1 month======

2012-03-07 18:21:42 ----D---- C:\Windows\Prefetch
2012-03-07 18:21:28 ----RD---- C:\Program Files
2012-03-07 17:59:40 ----D---- C:\Windows\System32
2012-03-07 17:59:40 ----D---- C:\Windows\inf
2012-03-07 17:59:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-07 17:56:21 ----D---- C:\Windows\Temp
2012-03-07 17:55:26 ----D---- C:\ProgramData\Kaspersky Lab
2012-03-07 17:54:40 ----D---- C:\Windows\system32\drivers
2012-03-07 17:54:39 ----D---- C:\Windows
2012-03-07 17:53:24 ----D---- C:\Windows\PLA
2012-03-07 17:15:49 ----D---- C:\Windows\system32\drivers\etc
2012-03-07 15:50:45 ----D---- C:\Windows\system32\config
2012-03-07 15:39:32 ----SHD---- C:\System Volume Information
2012-03-06 01:11:18 ----D---- C:\Windows\schemas
2012-03-06 00:52:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-03-05 14:44:21 ----D---- C:\Windows\system32\catroot2
2012-03-04 00:00:47 ----D---- C:\Windows\Minidump
2012-02-20 14:06:13 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2011-03-04 133208]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-01-16 436792]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2011-06-21 570160]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2006-05-07 90688]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-07-06 22712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 aws1i1u1;aws1i1u1; C:\Windows\system32\drivers\aws1i1u1.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2011-05-25 32768]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AVP;Kaspersky Anti-Virus Service; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-04-24 202296]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 JuniperAccessService;Juniper Unified Network Service; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2010-03-17 132464]
R2 LicCtrlService;LicCtrl Service; C:\Windows\runservice.exe [2011-04-06 2560]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-01-11 129640]
R2 PRESLICSER;PReS License Service; C:\WINDOWS\SYSTEM32\preslicser.exe [2007-03-05 143360]
R2 PTproct;Cpqvcagent; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-05-07 206400]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S2 avsinc;Ssidrv; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 avsvcmonitor;Subsonic; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 brmfbags;Traprcvr; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 fcprintservice;Fasttx2k; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-31 136176]
S2 NIPALK;Nimcrpcsu; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 psimsvc;Kerbkey; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 se44mdfl;Bltrust; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 trackcam4;Fasttrackinstallerservice; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 WNCPKT;Wlankeeper; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-31 136176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 07 bře 2012 19:03

Zdravim a pekny vecer preji

Jste majitelem rootkitu ZeroAccess

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

MartiN182 · #3 Příspěvek od **MartiN182** » 07 bře 2012 19:19

Uff tak to neznie moc lákavo

Takže preto mi tu asi vkuse vyskakuje ten Java updater...

Toto je ono:

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows 7  (32 bit)
PROCESSOR      : x86 Family 15 Model 107 Stepping 1, AuthenticAMD
BOOT           : Normal Boot
DATE           : 2012/03/07 (ISO 8601) at 19:14:01
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST3160812A (3.AAJ)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR1 __Hitachi HDS721616PLA (P22O)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	149.1 Go  [Fixed] ==> 7 MBR Code

MBR_MD5   : F15056B95AA7ADBC50FA9A710E568C0B
MBR_SHA1  : F615FC71BE2EB941EBE2457F4358D914906AA96C

Device\Harddisk0\Partition1	29.29 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	39.06 Go  	0x83 Linux 
Device\Harddisk0\Partition3	22.09 Go  	0x82 Linux Swap 
Device\Harddisk0\Partition4	19.53 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition5	19.53 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition6	19.53 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

Device\Harddisk1\DR1	149.1 Go  [Fixed] ==> XP MBR Code .

MBR_MD5   : 655875F0C1ED5FD242CB6BCF8624B8D2
MBR_SHA1  : 59FDAE5BDAD50FF7CBADD7D7927F0DC08A09F8A9

Device\Harddisk1\Partition1	49.81 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk1\Partition2	99.2 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\System32\drivers\cywmxt.sys => Invisible on the disk
ADDRESS : 0x83328000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\sptd.sys => LOCKED!
ADDRESS : 0x87623000
SIZE    : 1.07 Mo

DRIVER  : C:\Windows\system32\drivers\csc.sys => LOCKED!
ADDRESS : 0x8E818000
SIZE    : 400.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x9187B000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0x91886000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x9188F000
SIZE    : 68.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.Ð¼.|.À.Ø¾.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A C8 2F C9 2F 00 00 80 01   em...c{.È/É/....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 B1 62 A9 03 00 FE   ...þ..?...±b©..þ
0x000001D0   FF FF 0F FE FF FF F0 62 A9 03 62 43 53 07 00 FE   ...þ..ðb©.bCS..þ
0x000001E0   FF FF 83 FE FF FF 52 A6 FC 0A 2B EE E1 04 00 FE   ...þ..R¦ü.+îá..þ
0x000001F0   FF FF 82 FE FF FF 7D 94 DE 0F 44 F6 C2 02 55 AA   ...þ..}.Þ.DöÂ.Uª

_______MBR   \Device\Harddisk1\DR1  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖaùÃInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 03 B5 08 00 00 00 80 01   .....,Dc.µ......
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 A7 D9 39 06 00 00   ...þ..?...§Ù9...
0x000001D0   C1 FF 0F FE FF FF E6 D9 39 06 1A 72 67 0C 00 00   Á..þ..æÙ9..rg...
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

#4 Příspěvek od **vyosek** » 07 bře 2012 19:21

ZA je pekna mrcha

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

MartiN182 · #5 Příspěvek od **MartiN182** » 07 bře 2012 19:35

Ahaa presne tieto 2 mi našiel aj Kasperski antivirák, takže to asi neboli Fake hlásenia

A tu je ten log:

19:30:47.0443 2132 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
19:30:47.0706 2132 ============================================================
19:30:47.0706 2132 Current date / time: 2012/03/07 19:30:47.0706
19:30:47.0706 2132 SystemInfo:
19:30:47.0706 2132
19:30:47.0706 2132 OS Version: 6.1.7600 ServicePack: 0.0
19:30:47.0706 2132 Product type: Workstation
19:30:47.0707 2132 ComputerName: STOLEN-ONE
19:30:47.0732 2132 UserName: miso
19:30:47.0732 2132 Windows directory: C:\Windows
19:30:47.0732 2132 System windows directory: C:\Windows
19:30:47.0732 2132 Processor architecture: Intel x86
19:30:47.0732 2132 Number of processors: 2
19:30:47.0732 2132 Page size: 0x1000
19:30:47.0732 2132 Boot type: Normal boot
19:30:47.0732 2132 ============================================================
19:30:50.0488 2132 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:30:50.0494 2132 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:30:50.0497 2132 \Device\Harddisk0\DR0:
19:30:50.0497 2132 MBR used
19:30:50.0497 2132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
19:30:50.0509 2132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0x2711637
19:30:50.0517 2132 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0x2711637
19:30:50.0528 2132 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x88B901B, BlocksNum 0x2711637
19:30:50.0528 2132 \Device\Harddisk1\DR1:
19:30:50.0528 2132 MBR used
19:30:50.0528 2132 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x639D9A7
19:30:50.0540 2132 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x639DA25, BlocksNum 0xC6771DB
19:30:50.0731 2132 Initialize success
19:30:50.0731 2132 ============================================================
19:31:50.0430 4092 ============================================================
19:31:50.0430 4092 Scan started
19:31:50.0430 4092 Mode: Manual; SigCheck; TDLFS;
19:31:50.0430 4092 ============================================================
19:31:54.0306 4092 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
19:31:54.0481 4092 1394ohci - ok
19:31:54.0605 4092 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
19:31:54.0670 4092 ACPI - ok
19:31:54.0979 4092 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
19:31:55.0046 4092 AcpiPmi - ok
19:31:55.0253 4092 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:31:55.0286 4092 adp94xx - ok
19:31:55.0418 4092 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:31:55.0437 4092 adpahci - ok
19:31:55.0458 4092 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:31:55.0474 4092 adpu320 - ok
19:31:55.0788 4092 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
19:31:55.0886 4092 AFD - ok
19:31:56.0162 4092 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
19:31:56.0189 4092 agp440 - ok
19:31:56.0235 4092 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:31:56.0249 4092 aic78xx - ok
19:31:56.0409 4092 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
19:31:56.0421 4092 aliide - ok
19:31:56.0440 4092 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
19:31:56.0456 4092 amdagp - ok
19:31:56.0474 4092 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
19:31:56.0487 4092 amdide - ok
19:31:56.0655 4092 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:31:56.0698 4092 AmdK8 - ok
19:31:56.0720 4092 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:31:56.0751 4092 AmdPPM - ok
19:31:56.0917 4092 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
19:31:56.0934 4092 amdsata - ok
19:31:56.0953 4092 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:31:56.0971 4092 amdsbs - ok
19:31:56.0987 4092 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
19:31:57.0001 4092 amdxata - ok
19:31:57.0146 4092 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
19:31:57.0234 4092 AppID - ok
19:31:57.0615 4092 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:31:57.0644 4092 arc - ok
19:31:57.0663 4092 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:31:57.0690 4092 arcsas - ok
19:31:58.0084 4092 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:31:58.0161 4092 AsyncMac - ok
19:31:58.0187 4092 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
19:31:58.0199 4092 atapi - ok
19:31:58.0399 4092 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:31:58.0451 4092 b06bdrv - ok
19:31:58.0599 4092 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:31:58.0660 4092 b57nd60x - ok
19:31:58.0873 4092 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:31:58.0929 4092 Beep - ok
19:31:58.0955 4092 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:31:58.0987 4092 blbdrive - ok
19:31:59.0108 4092 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
19:31:59.0164 4092 bowser - ok
19:31:59.0180 4092 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:31:59.0209 4092 BrFiltLo - ok
19:31:59.0302 4092 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:31:59.0330 4092 BrFiltUp - ok
19:31:59.0805 4092 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:31:59.0886 4092 Brserid - ok
19:32:00.0067 4092 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:32:00.0107 4092 BrSerWdm - ok
19:32:00.0153 4092 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:32:00.0254 4092 BrUsbMdm - ok
19:32:00.0585 4092 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:32:00.0648 4092 BrUsbSer - ok
19:32:00.0810 4092 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
19:32:00.0853 4092 BthEnum - ok
19:32:00.0894 4092 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:32:00.0923 4092 BTHMODEM - ok
19:32:01.0003 4092 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
19:32:01.0044 4092 BthPan - ok
19:32:01.0109 4092 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
19:32:01.0135 4092 BTHPORT - ok
19:32:01.0264 4092 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
19:32:01.0309 4092 BTHUSB - ok
19:32:01.0351 4092 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:32:01.0399 4092 cdfs - ok
19:32:01.0523 4092 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
19:32:01.0551 4092 cdrom - ok
19:32:01.0676 4092 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:32:01.0724 4092 circlass - ok
19:32:01.0770 4092 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:32:01.0792 4092 CLFS - ok
19:32:01.0944 4092 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:32:01.0974 4092 CmBatt - ok
19:32:02.0020 4092 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
19:32:02.0031 4092 cmdide - ok
19:32:02.0065 4092 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
19:32:02.0134 4092 CNG - ok
19:32:02.0435 4092 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:32:02.0460 4092 Compbatt - ok
19:32:02.0508 4092 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:32:02.0533 4092 CompositeBus - ok
19:32:02.0641 4092 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:32:02.0654 4092 crcdisk - ok
19:32:02.0713 4092 CSC (07851134991e17e41b6def5714d82841) C:\Windows\system32\drivers\csc.sys
19:32:02.0766 4092 Suspicious file (NoAccess): C:\Windows\system32\drivers\csc.sys. md5: 07851134991e17e41b6def5714d82841
19:32:02.0769 4092 CSC ( LockedFile.Multi.Generic ) - warning
19:32:02.0769 4092 CSC - detected LockedFile.Multi.Generic (1)
19:32:02.0958 4092 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
19:32:03.0048 4092 DfsC - ok
19:32:03.0179 4092 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:32:03.0229 4092 discache - ok
19:32:03.0422 4092 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:32:03.0439 4092 Disk - ok
19:32:03.0500 4092 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:32:03.0559 4092 drmkaud - ok
19:32:03.0935 4092 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
19:32:04.0009 4092 DXGKrnl - ok
19:32:04.0882 4092 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:32:04.0965 4092 ebdrv - ok
19:32:05.0095 4092 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:32:05.0126 4092 elxstor - ok
19:32:05.0255 4092 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
19:32:05.0301 4092 ErrDev - ok
19:32:05.0535 4092 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:32:05.0579 4092 exfat - ok
19:32:06.0751 4092 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:32:06.0830 4092 fastfat - ok
19:32:06.0990 4092 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:32:07.0024 4092 fdc - ok
19:32:07.0070 4092 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:32:07.0088 4092 FileInfo - ok
19:32:07.0207 4092 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:32:07.0242 4092 Filetrace - ok
19:32:07.0261 4092 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:32:07.0289 4092 flpydisk - ok
19:32:07.0620 4092 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:32:07.0638 4092 FltMgr - ok
19:32:07.0678 4092 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:32:07.0694 4092 FsDepends - ok
19:32:07.0712 4092 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:32:07.0725 4092 Fs_Rec - ok
19:32:07.0851 4092 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
19:32:07.0872 4092 fvevol - ok
19:32:07.0897 4092 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:32:07.0911 4092 gagp30kx - ok
19:32:08.0115 4092 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:32:08.0166 4092 hcw85cir - ok
19:32:08.0220 4092 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
19:32:08.0261 4092 HdAudAddService - ok
19:32:08.0612 4092 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:32:08.0679 4092 HDAudBus - ok
19:32:08.0740 4092 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:32:08.0773 4092 HidBatt - ok
19:32:08.0960 4092 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:32:08.0991 4092 HidBth - ok
19:32:09.0022 4092 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:32:09.0054 4092 HidIr - ok
19:32:09.0279 4092 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
19:32:09.0303 4092 HidUsb - ok
19:32:09.0512 4092 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:32:09.0528 4092 HpSAMD - ok
19:32:09.0567 4092 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
19:32:09.0627 4092 HTTP - ok
19:32:09.0804 4092 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
19:32:09.0819 4092 hwpolicy - ok
19:32:09.0839 4092 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
19:32:09.0866 4092 i8042prt - ok
19:32:10.0032 4092 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
19:32:10.0053 4092 iaStorV - ok
19:32:10.0094 4092 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:32:10.0109 4092 iirsp - ok
19:32:10.0288 4092 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
19:32:10.0312 4092 intelide - ok
19:32:10.0487 4092 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:32:10.0507 4092 intelppm - ok
19:32:10.0596 4092 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:32:10.0655 4092 IpFilterDriver - ok
19:32:10.0814 4092 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:32:10.0890 4092 IPMIDRV - ok
19:32:11.0025 4092 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:32:11.0098 4092 IPNAT - ok
19:32:11.0197 4092 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:32:11.0259 4092 IRENUM - ok
19:32:11.0404 4092 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
19:32:11.0433 4092 isapnp - ok
19:32:11.0461 4092 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
19:32:11.0478 4092 iScsiPrt - ok
19:32:11.0674 4092 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:32:11.0688 4092 kbdclass - ok
19:32:11.0713 4092 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
19:32:11.0742 4092 kbdhid - ok
19:32:12.0108 4092 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
19:32:12.0168 4092 KL1 - ok
19:32:12.0365 4092 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
19:32:12.0374 4092 kl2 - ok
19:32:12.0465 4092 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
19:32:12.0510 4092 KLIF - ok
19:32:12.0616 4092 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
19:32:12.0627 4092 KLIM6 - ok
19:32:12.0668 4092 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
19:32:12.0680 4092 klmouflt - ok
19:32:12.0709 4092 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
19:32:12.0724 4092 KSecDD - ok
19:32:12.0816 4092 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
19:32:12.0834 4092 KSecPkg - ok
19:32:12.0956 4092 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:32:13.0019 4092 lltdio - ok
19:32:13.0175 4092 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:32:13.0189 4092 LSI_FC - ok
19:32:13.0254 4092 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:32:13.0269 4092 LSI_SAS - ok
19:32:13.0355 4092 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:32:13.0384 4092 LSI_SAS2 - ok
19:32:13.0417 4092 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:32:13.0440 4092 LSI_SCSI - ok
19:32:13.0509 4092 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:32:13.0554 4092 luafv - ok
19:32:13.0636 4092 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
19:32:13.0697 4092 MBAMProtector - ok
19:32:13.0867 4092 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
19:32:13.0909 4092 MBAMSwissArmy - ok
19:32:13.0954 4092 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:32:13.0968 4092 megasas - ok
19:32:14.0289 4092 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:32:14.0313 4092 MegaSR - ok
19:32:14.0343 4092 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:32:14.0389 4092 Modem - ok
19:32:14.0524 4092 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:32:14.0556 4092 monitor - ok
19:32:14.0881 4092 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
19:32:14.0903 4092 mouclass - ok
19:32:14.0998 4092 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:32:15.0024 4092 mouhid - ok
19:32:15.0192 4092 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
19:32:15.0208 4092 mountmgr - ok
19:32:15.0235 4092 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
19:32:15.0251 4092 mpio - ok
19:32:15.0275 4092 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:32:15.0318 4092 mpsdrv - ok
19:32:15.0571 4092 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
19:32:15.0619 4092 MRxDAV - ok
19:32:15.0740 4092 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:32:15.0793 4092 mrxsmb - ok
19:32:15.0992 4092 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:32:16.0048 4092 mrxsmb10 - ok
19:32:16.0131 4092 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:32:16.0168 4092 mrxsmb20 - ok
19:32:16.0350 4092 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
19:32:16.0363 4092 msahci - ok
19:32:16.0380 4092 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
19:32:16.0398 4092 msdsm - ok
19:32:16.0436 4092 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:32:16.0482 4092 Msfs - ok
19:32:16.0500 4092 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:32:16.0548 4092 mshidkmdf - ok
19:32:16.0649 4092 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
19:32:16.0674 4092 msisadrv - ok
19:32:16.0795 4092 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:32:16.0834 4092 MSKSSRV - ok
19:32:16.0872 4092 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:32:16.0915 4092 MSPCLOCK - ok
19:32:17.0095 4092 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:32:17.0134 4092 MSPQM - ok
19:32:17.0159 4092 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:32:17.0175 4092 MsRPC - ok
19:32:17.0278 4092 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
19:32:17.0304 4092 mssmbios - ok
19:32:17.0342 4092 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:32:17.0386 4092 MSTEE - ok
19:32:17.0576 4092 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:32:17.0600 4092 MTConfig - ok
19:32:17.0622 4092 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:32:17.0639 4092 Mup - ok
19:32:17.0773 4092 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:32:17.0823 4092 NativeWifiP - ok
19:32:18.0118 4092 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
19:32:18.0146 4092 NDIS - ok
19:32:18.0245 4092 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:32:18.0318 4092 NdisCap - ok
19:32:18.0357 4092 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:32:18.0401 4092 NdisTapi - ok
19:32:18.0520 4092 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
19:32:18.0557 4092 Ndisuio - ok
19:32:18.0577 4092 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
19:32:18.0615 4092 NdisWan - ok
19:32:18.0635 4092 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
19:32:18.0671 4092 NDProxy - ok
19:32:18.0807 4092 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:32:18.0877 4092 NetBIOS - ok
19:32:18.0901 4092 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
19:32:18.0939 4092 NetBT - ok
19:32:19.0120 4092 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:32:19.0134 4092 nfrd960 - ok
19:32:19.0336 4092 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:32:19.0376 4092 Npfs - ok
19:32:19.0398 4092 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:32:19.0438 4092 nsiproxy - ok
19:32:19.0596 4092 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
19:32:19.0638 4092 Ntfs - ok
19:32:19.0739 4092 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:32:19.0822 4092 Null - ok
19:32:19.0866 4092 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
19:32:19.0899 4092 NVENETFD - ok
19:32:20.0474 4092 nvlddmkm (712d98d35e68d0006b121f4a3b8ee814) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:32:21.0014 4092 nvlddmkm - ok
19:32:21.0113 4092 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
19:32:21.0129 4092 nvraid - ok
19:32:21.0146 4092 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
19:32:21.0164 4092 nvstor - ok
19:32:21.0554 4092 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
19:32:21.0570 4092 nv_agp - ok
19:32:21.0585 4092 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
19:32:21.0617 4092 ohci1394 - ok
19:32:21.0810 4092 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:32:21.0839 4092 Parport - ok
19:32:21.0867 4092 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
19:32:21.0881 4092 partmgr - ok
19:32:21.0924 4092 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:32:21.0942 4092 Parvdm - ok
19:32:22.0041 4092 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
19:32:22.0081 4092 pci - ok
19:32:22.0101 4092 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
19:32:22.0115 4092 pciide - ok
19:32:22.0164 4092 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:32:22.0182 4092 pcmcia - ok
19:32:22.0396 4092 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:32:22.0409 4092 pcw - ok
19:32:22.0487 4092 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:32:22.0537 4092 PEAUTH - ok
19:32:22.0757 4092 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:32:22.0821 4092 PptpMiniport - ok
19:32:22.0943 4092 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:32:22.0986 4092 Processor - ok
19:32:23.0053 4092 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:32:23.0093 4092 Psched - ok
19:32:23.0459 4092 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:32:23.0516 4092 ql2300 - ok
19:32:23.0693 4092 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:32:23.0709 4092 ql40xx - ok
19:32:23.0731 4092 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:32:23.0761 4092 QWAVEdrv - ok
19:32:23.0929 4092 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:32:23.0970 4092 RasAcd - ok
19:32:24.0248 4092 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:32:24.0304 4092 RasAgileVpn - ok
19:32:24.0389 4092 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:32:24.0434 4092 Rasl2tp - ok
19:32:24.0473 4092 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:32:24.0518 4092 RasPppoe - ok
19:32:24.0701 4092 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:32:24.0758 4092 RasSstp - ok
19:32:24.0789 4092 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
19:32:24.0839 4092 rdbss - ok
19:32:24.0996 4092 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:32:25.0021 4092 rdpbus - ok
19:32:25.0045 4092 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:32:25.0092 4092 RDPCDD - ok
19:32:25.0246 4092 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
19:32:25.0311 4092 RDPDR - ok
19:32:25.0367 4092 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:32:25.0413 4092 RDPENCDD - ok
19:32:25.0761 4092 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:32:25.0822 4092 RDPREFMP - ok
19:32:25.0847 4092 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
19:32:25.0884 4092 RDPWD - ok
19:32:25.0929 4092 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
19:32:25.0946 4092 rdyboost - ok
19:32:26.0190 4092 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
19:32:26.0220 4092 RFCOMM - ok
19:32:26.0374 4092 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:32:26.0452 4092 rspndr - ok
19:32:26.0474 4092 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
19:32:26.0513 4092 s3cap - ok
19:32:26.0895 4092 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
19:32:26.0945 4092 sbp2port - ok
19:32:27.0047 4092 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
19:32:27.0085 4092 scfilter - ok
19:32:27.0244 4092 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:32:27.0307 4092 secdrv - ok
19:32:27.0478 4092 Sentinel (7e5c2c58fc4e3862e7bf88bfb809a9b0) C:\Windows\System32\Drivers\SENTINEL.SYS
19:32:27.0507 4092 Sentinel - ok
19:32:27.0700 4092 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:32:27.0735 4092 Serenum - ok
19:32:27.0770 4092 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:32:27.0796 4092 Serial - ok
19:32:27.0874 4092 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:32:27.0897 4092 sermouse - ok
19:32:27.0949 4092 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
19:32:27.0979 4092 sffdisk - ok
19:32:28.0393 4092 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:32:28.0424 4092 sffp_mmc - ok
19:32:28.0461 4092 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:32:28.0487 4092 sffp_sd - ok
19:32:28.0756 4092 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:32:28.0785 4092 sfloppy - ok
19:32:28.0830 4092 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
19:32:28.0845 4092 sisagp - ok
19:32:29.0355 4092 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:32:29.0373 4092 SiSRaid2 - ok
19:32:29.0410 4092 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:32:29.0424 4092 SiSRaid4 - ok
19:32:29.0513 4092 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:32:29.0555 4092 Smb - ok
19:32:29.0705 4092 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:32:29.0746 4092 spldr - ok
19:32:29.0834 4092 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
19:32:29.0834 4092 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
19:32:29.0838 4092 sptd ( LockedFile.Multi.Generic ) - warning
19:32:29.0838 4092 sptd - detected LockedFile.Multi.Generic (1)
19:32:29.0951 4092 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
19:32:30.0000 4092 srv - ok
19:32:30.0025 4092 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
19:32:30.0067 4092 srv2 - ok
19:32:30.0206 4092 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
19:32:30.0256 4092 srvnet - ok
19:32:30.0411 4092 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:32:30.0425 4092 stexstor - ok
19:32:30.0464 4092 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
19:32:30.0478 4092 storflt - ok
19:32:30.0895 4092 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
19:32:30.0918 4092 storvsc - ok
19:32:30.0947 4092 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
19:32:30.0959 4092 swenum - ok
19:32:31.0079 4092 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
19:32:31.0142 4092 taphss - ok
19:32:31.0342 4092 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
19:32:31.0395 4092 Tcpip - ok
19:32:31.0542 4092 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
19:32:31.0590 4092 TCPIP6 - ok
19:32:31.0923 4092 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
19:32:31.0974 4092 tcpipreg - ok
19:32:32.0001 4092 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
19:32:32.0049 4092 TDPIPE - ok
19:32:32.0610 4092 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
19:32:32.0650 4092 TDTCP - ok
19:32:32.0679 4092 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
19:32:32.0724 4092 tdx - ok
19:32:32.0977 4092 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
19:32:32.0995 4092 TermDD - ok
19:32:33.0426 4092 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:32:33.0470 4092 tssecsrv - ok
19:32:33.0601 4092 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
19:32:33.0652 4092 tunnel - ok
19:32:33.0803 4092 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:32:33.0817 4092 uagp35 - ok
19:32:33.0842 4092 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
19:32:33.0891 4092 udfs - ok
19:32:34.0242 4092 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:32:34.0257 4092 uliagpkx - ok
19:32:34.0292 4092 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
19:32:34.0310 4092 umbus - ok
19:32:34.0417 4092 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:32:34.0440 4092 UmPass - ok
19:32:34.0470 4092 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
19:32:34.0494 4092 usbccgp - ok
19:32:34.0600 4092 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
19:32:34.0651 4092 usbcir - ok
19:32:34.0670 4092 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
19:32:34.0697 4092 usbehci - ok
19:32:34.0886 4092 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
19:32:34.0920 4092 usbhub - ok
19:32:34.0937 4092 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
19:32:34.0969 4092 usbohci - ok
19:32:35.0054 4092 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:32:35.0075 4092 usbprint - ok
19:32:35.0095 4092 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:32:35.0128 4092 USBSTOR - ok
19:32:35.0146 4092 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
19:32:35.0173 4092 usbuhci - ok
19:32:35.0280 4092 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:32:35.0307 4092 vdrvroot - ok
19:32:35.0348 4092 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:32:35.0375 4092 vga - ok
19:32:35.0398 4092 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:32:35.0433 4092 VgaSave - ok
19:32:35.0749 4092 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
19:32:35.0778 4092 vhdmp - ok
19:32:35.0802 4092 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
19:32:35.0815 4092 viaagp - ok
19:32:35.0833 4092 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:32:35.0856 4092 ViaC7 - ok
19:32:36.0022 4092 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
19:32:36.0035 4092 viaide - ok
19:32:36.0113 4092 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
19:32:36.0130 4092 vmbus - ok
19:32:36.0210 4092 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
19:32:36.0250 4092 VMBusHID - ok
19:32:36.0282 4092 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
19:32:36.0300 4092 volmgr - ok
19:32:36.0328 4092 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:32:36.0348 4092 volmgrx - ok
19:32:36.0466 4092 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
19:32:36.0485 4092 volsnap - ok
19:32:36.0526 4092 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:32:36.0543 4092 vsmraid - ok
19:32:36.0567 4092 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:32:36.0593 4092 vwifibus - ok
19:32:36.0759 4092 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:32:36.0814 4092 WacomPen - ok
19:32:36.0841 4092 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:32:36.0887 4092 WANARP - ok
19:32:36.0896 4092 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:32:36.0934 4092 Wanarpv6 - ok
19:32:37.0075 4092 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:32:37.0089 4092 Wd - ok
19:32:37.0223 4092 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:32:37.0299 4092 Wdf01000 - ok
19:32:37.0470 4092 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:32:37.0507 4092 WfpLwf - ok
19:32:37.0525 4092 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:32:37.0539 4092 WIMMount - ok
19:32:37.0685 4092 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
19:32:37.0755 4092 WinUsb - ok
19:32:37.0905 4092 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:32:37.0930 4092 WmiAcpi - ok
19:32:37.0989 4092 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:32:38.0031 4092 ws2ifsl - ok
19:32:38.0159 4092 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
19:32:38.0196 4092 WudfPf - ok
19:32:38.0232 4092 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:32:38.0278 4092 WUDFRd - ok
19:32:38.0349 4092 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:32:38.0466 4092 \Device\Harddisk0\DR0 - ok
19:32:38.0492 4092 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:32:38.0725 4092 \Device\Harddisk1\DR1 - ok
19:32:38.0730 4092 Boot (0x1200) (54ec8eb9e79e6cf36d2e2ae6f4694f2f) \Device\Harddisk0\DR0\Partition0
19:32:38.0731 4092 \Device\Harddisk0\DR0\Partition0 - ok
19:32:38.0768 4092 Boot (0x1200) (e597917f4b7f0cce5a62842819a9ddb6) \Device\Harddisk0\DR0\Partition1
19:32:38.0769 4092 \Device\Harddisk0\DR0\Partition1 - ok
19:32:38.0787 4092 Boot (0x1200) (3775bdb24ef2159996026617304d6606) \Device\Harddisk0\DR0\Partition2
19:32:38.0788 4092 \Device\Harddisk0\DR0\Partition2 - ok
19:32:38.0813 4092 Boot (0x1200) (54e6b4cae5572425b573af22f5fbf235) \Device\Harddisk0\DR0\Partition3
19:32:38.0814 4092 \Device\Harddisk0\DR0\Partition3 - ok
19:32:38.0819 4092 Boot (0x1200) (8bab1da16e06722fb75ed5d2d0ac6d84) \Device\Harddisk1\DR1\Partition0
19:32:38.0820 4092 \Device\Harddisk1\DR1\Partition0 - ok
19:32:38.0847 4092 Boot (0x1200) (56cde52336759ed333a5d45c01ab92df) \Device\Harddisk1\DR1\Partition1
19:32:38.0848 4092 \Device\Harddisk1\DR1\Partition1 - ok
19:32:38.0849 4092 ============================================================
19:32:38.0849 4092 Scan finished
19:32:38.0849 4092 ============================================================
19:32:38.0891 1380 Detected object count: 2
19:32:38.0891 1380 Actual detected object count: 2
19:32:58.0025 1380 CSC ( LockedFile.Multi.Generic ) - skipped by user
19:32:58.0025 1380 CSC ( LockedFile.Multi.Generic ) - User select action: Skip
19:32:58.0034 1380 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:32:58.0034 1380 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#6 Příspěvek od **vyosek** » 07 bře 2012 19:37

sptd.sys je urcite FP - je to ovladac virtualnich mechanik, csc by mel byt tez OK, pokud tedy neni patchnuty haveti

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

MartiN182 · #7 Příspěvek od **MartiN182** » 07 bře 2012 20:32

Tak som postupoval podľa návodu, po chvíľke mi napísalo že musí rebootovať pc kvoli rootkit aktivite, alebo niečo v tomto zmysle, a niekoľko krát vôbec nechcel nabehnúť Windows, keď už písal "Welcome" tak sa znova resetol, teraz sa nachvílku zobrazila aj plocha, ale po chvíli sa zas sám resetuje..

#8 Příspěvek od **vyosek** » 07 bře 2012 20:35

Zkuste se prihlasit do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Zkuste tam aplikovat tohle http://anywhere.webrootcloudav.com/antizeroaccess.exe

MartiN182 · #9 Příspěvek od **MartiN182** » 07 bře 2012 21:13

Skúšam čo sa len dá, ale akosi sa mu nechce ani do toho núdzového režimu, keď sa dolu ukáže tlačítko štart tak sa zasekne..

#10 Příspěvek od **vyosek** » 07 bře 2012 21:23

Zkuste F8 a posledni znama funkcni konfigurace...jinak se pak muzem jeste pokus o opravu z nejakeho live CD...ono i na jinych svetovych forech leceni tohodle smejdu doporucuji spise formatem

MartiN182 · #11 Příspěvek od **MartiN182** » 07 bře 2012 21:37

Výborne, tá "posledná známa funkčná konfigurácia" zabrala

Takže čo teraz? predtým ako sa resetol po combofixe mi napísalo že sa uložil aj log ale nikde ho nevidím...

#12 Příspěvek od **vyosek** » 07 bře 2012 21:40

Mrknete do slozky c:\combofix, c:\qoobox nebo primo c:\combofix.txt

MartiN182 · #13 Příspěvek od **MartiN182** » 07 bře 2012 21:46

Pozeral som všetky tri možnosti a nikde nič, ani vyhľadávanie mi to nenašlo

#14 Příspěvek od **vyosek** » 07 bře 2012 21:50

Nevadi tedy...

AZA

vyosek píše: Zkuste tam aplikovat tohle http://anywhere.webrootcloudav.com/antizeroaccess.exe

MartiN182 · #15 Příspěvek od **MartiN182** » 07 bře 2012 21:58

Hotovo!

ale na 6 súborov mi to napísalo errory.. a výsledok prikladám v obrázku

VIRY.CZ

Abnow.com

Abnow.com

Re: Abnow.com

Re: Abnow.com

Re: Abnow.com

Re: Abnow.com

Re: Abnow.com

Re: Abnow.com

Re: Abnow.com

Re: Abnow.com

Re: Abnow.com

Re: Abnow.com

Re: Abnow.com

Re: Abnow.com

Re: Abnow.com

Re: Abnow.com