podezřelé chování PC: Sám se vypne či zapne. Mám podezření na MB či zdroj. Dále se seká při hraní online her, nebo když jsem posílal něco na ftp... při nějakém přenosu. Nechápu.
LOG.txt:
Logfile of random's system information tool 1.09 (written by random/random)
Run by kundibal at 2012-03-16 19:08:33
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (12%) free of 25 GB
Total RAM: 3327 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:08:38, on 16.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17108)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Capsa.cz\DokanLibrary0.5.3\mounter.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
F:\INSTALl\System protection\PC CLEAN\HiJackThis_v2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\VITSOFT\Vit Registry Fix\Vit Registry Fix.exe
C:\Documents and Settings\kundibal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kundibal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kundibal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kundibal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kundibal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kundibal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\DOCUMENTS\Downloads\RSIT.exe
C:\Program Files\trend micro\kundibal.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=14672
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1135424515
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://uras.eu.sabmiller.com/dana-cach ... Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03A562CB-672B-4D8C-B254-66C00ADA9AE6}: NameServer = 192.168.10.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: DokanMounter - Unknown owner - C:\Program Files\Capsa.cz\DokanLibrary0.5.3\mounter.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - Unknown owner - D:\DB POKER\bin\pg_ctl.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 7932 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1035525444-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1035525444-725345543-1003UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 4220304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-04-18 818280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-12 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-07-12 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-04-18 818280]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2010-05-24 33747360]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-03-04 19968]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-04-18 3460784]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-02-10 15494464]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2012-02-10 108352]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 169984]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2011-06-04 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\kundibal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-03 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-02-28 1987976]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPSStartup]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVerQuick.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^kundibal^Start Menu^Programs^Startup^Warkeys Update.lnk]
C:\PROGRA~1\Warkeys\AUTOWA~1\AUTOHO~1\AUTOHO~1.EXE [2009-09-25 245248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 4220304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"E:\BACKUP\GAMES\Colonization.exe"="E:\BACKUP\GAMES\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization"
"E:\Program Files\Steam\steamapps\common\poxnora\LaunchPad.exe"="E:\Program Files\Steam\steamapps\common\poxnora\LaunchPad.exe:*:Enabled:PoxNora"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\Program Files\Steam\steamapps\steam210576\condition zero\hl.exe"="E:\Program Files\Steam\steamapps\steam210576\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero"
"C:\Program Files\BitTorrent\BitTorrent.exe"="C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent"
"E:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe"="E:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe:*:Enabled:Dota 2"
"E:\Program Files\Steam\steamapps\steam210576\counter-strike\hl.exe"="E:\Program Files\Steam\steamapps\steam210576\counter-strike\hl.exe:*:Enabled:Counter-Strike"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"MSVideo8"=VfWWDM32.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"VIDC.FMVC"=fmcodec.dll
======List of files/folders created in the last 1 month======
2012-03-16 19:08:33 ----D---- C:\rsit
2012-03-16 19:02:22 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2012-03-16 18:52:31 ----A---- C:\WINDOWS\isRS-000.tmp
2012-03-15 12:42:06 ----D---- C:\WINDOWS\Installer
2012-03-12 22:10:11 ----D---- C:\Documents and Settings\kundibal\Application Data\dvdcss
2012-03-12 19:24:01 ----A---- C:\WINDOWS\zip.exe
2012-03-12 19:24:01 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-03-12 19:24:01 ----A---- C:\WINDOWS\SWSC.exe
2012-03-12 19:24:01 ----A---- C:\WINDOWS\SWREG.exe
2012-03-12 19:24:01 ----A---- C:\WINDOWS\sed.exe
2012-03-12 19:24:01 ----A---- C:\WINDOWS\PEV.exe
2012-03-12 19:24:01 ----A---- C:\WINDOWS\NIRCMD.exe
2012-03-12 19:24:01 ----A---- C:\WINDOWS\MBR.exe
2012-03-12 19:24:01 ----A---- C:\WINDOWS\grep.exe
2012-03-12 19:23:52 ----D---- C:\WINDOWS\ERDNT
2012-03-12 19:23:50 ----SD---- C:\ComboFix
2012-03-12 19:23:44 ----D---- C:\Qoobox
2012-03-07 19:20:41 ----D---- C:\Documents and Settings\kundibal\Application Data\ElevatedDiagnostics
2012-03-07 19:17:56 ----D---- C:\WINDOWS\system32\windowspowershell
2012-03-07 19:17:54 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$
2012-03-07 18:54:52 ----D---- C:\Documents and Settings\kundibal\Application Data\Adobe
2012-03-05 21:08:02 ----D---- C:\Program Files\Blender Foundation
2012-03-05 17:23:30 ----D---- C:\Program Files\Lavalys
2012-03-05 17:17:00 ----D---- C:\Documents and Settings\kundibal\Application Data\FreeStone Group
2012-03-05 17:16:56 ----D---- C:\Program Files\Video Card Stability Test
2012-03-03 11:40:11 ----D---- C:\Documents and Settings\All Users\Application Data\RELOADED
2012-02-27 21:15:53 ----A---- C:\user.js
2012-02-27 21:15:49 ----D---- C:\Documents and Settings\All Users\Application Data\TheBflix
2012-02-27 21:15:00 ----D---- C:\Documents and Settings\All Users\Application Data\InstallMate
2012-02-25 09:39:41 ----D---- C:\NVIDIA
======List of files/folders modified in the last 1 month======
2012-03-16 19:08:38 ----D---- C:\Program Files\trend micro
2012-03-16 19:08:36 ----D---- C:\WINDOWS\Prefetch
2012-03-16 19:06:01 ----D---- C:\WINDOWS\system32
2012-03-16 19:06:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-16 19:03:58 ----ASH---- C:\boot.ini
2012-03-16 19:03:58 ----A---- C:\WINDOWS\win.ini
2012-03-16 19:03:58 ----A---- C:\WINDOWS\system.ini
2012-03-16 19:02:40 ----D---- C:\WINDOWS\system32\drivers
2012-03-16 19:02:32 ----D---- C:\WINDOWS\temp
2012-03-16 19:02:08 ----D---- C:\WINDOWS
2012-03-16 19:01:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-03-16 19:00:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-16 19:00:40 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-16 18:31:51 ----D---- C:\Documents and Settings\kundibal\Application Data\Capsa
2012-03-12 19:37:04 ----D---- C:\WINDOWS\Minidump
2012-03-12 19:31:12 ----D---- C:\WINDOWS\AppPatch
2012-03-12 19:31:09 ----D---- C:\Program Files\Common Files
2012-03-09 07:04:31 ----D---- C:\Documents and Settings\kundibal\Application Data\vlc
2012-03-08 09:32:41 ----D---- C:\Documents and Settings
2012-03-08 09:32:07 ----SHD---- C:\System Volume Information
2012-03-07 22:21:04 ----D---- C:\Documents and Settings\kundibal\Application Data\Winamp
2012-03-07 20:50:13 ----RSD---- C:\WINDOWS\assembly
2012-03-07 20:49:59 ----D---- C:\WINDOWS\Microsoft.NET
2012-03-07 19:25:35 ----D---- C:\Documents and Settings\kundibal\Application Data\BitTorrent
2012-03-07 19:20:45 ----RD---- C:\Program Files
2012-03-07 19:19:59 ----D---- C:\WINDOWS\system32\Restore
2012-03-07 19:18:18 ----HD---- C:\WINDOWS\inf
2012-03-07 19:17:58 ----D---- C:\WINDOWS\system32\config
2012-03-07 17:20:21 ----D---- C:\WINDOWS\Debug
2012-03-07 10:24:47 ----D---- C:\WINDOWS\system32\wbem
2012-03-05 19:25:34 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-03-05 18:58:24 ----D---- C:\Program Files\Geeks3D
2012-03-04 21:01:39 ----A---- C:\WINDOWS\NeroDigital.ini
2012-03-03 19:05:52 ----D---- C:\Program Files\PokerTracker 3
2012-03-03 19:05:40 ----D---- C:\Program Files\PokerStars
2012-02-29 12:59:04 ----D---- C:\Program Files\LogMeIn Hamachi
2012-02-28 20:21:11 ----SD---- C:\WINDOWS\Tasks
2012-02-28 20:08:01 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2012-02-28 19:30:48 ----D---- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
2012-02-26 12:27:34 ----D---- C:\Documents and Settings\kundibal\Application Data\NVIDIA
2012-02-25 09:44:33 ----D---- C:\Program Files\NVIDIA Corporation
2012-02-25 09:43:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-25 09:43:24 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-02-25 09:43:18 ----D---- C:\WINDOWS\Help
2012-02-25 09:43:18 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2012-02-17 17:45:42 ----D---- C:\Program Files\Magic Workstation
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-07-09 45200]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-03-26 717296]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-04-18 30680]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-04-18 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-04-18 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-04-18 307288]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-04-18 49240]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-12-21 94872]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-04-18 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-04-18 102488]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2011-10-21 279712]
R2 Dokan;Dokan; \??\C:\WINDOWS\system32\drivers\dokan.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-12-21 141264]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2011-10-21 25888]
R3 AR5211;TP-LINK Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-12-21 470048]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow; C:\WINDOWS\system32\DRIVERS\hidusbf.sys [2006-11-08 4544]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2009-05-20 38400]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-03-04 25214]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-03-04 37804]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-03-04 73134]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-15 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-02-10 13415040]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2010-05-15 2136224]
S3 akqjbbbi;akqjbbbi; C:\WINDOWS\system32\drivers\akqjbbbi.sys []
S3 AVerAF15DMBTH;AVerMedia A850 USB; C:\WINDOWS\System32\Drivers\AVerAF15DMBTH.sys [2010-05-06 569728]
S3 catchme;catchme; \??\C:\DOCUME~1\kundibal\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\E:\Garena\safedrv.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 RsFx0103;RsFx0103 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-04-18 42184]
R2 DokanMounter;DokanMounter; C:\Program Files\Capsa.cz\DokanLibrary0.5.3\mounter.exe [2010-08-29 22016]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-07-12 153376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-02-10 164160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 pgsql-8.3;PostgreSQL Database Server 8.3; D:\DB POKER\bin\pg_ctl.exe runservice -w -N pgsql-8.3 -D D:\DB POKER\data\ []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-05-07 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR []
S3 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR []
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]
-----------------EOF-----------------
INFO.TXT:
info.txt logfile of random's system information tool 1.09 2012-03-16 19:08:42
======Uninstall list======
-->MsiExec /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}
Adobe Color JA Extra Settings-->MsiExec.exe /I{D92B72E2-C854-4738-8ED6-4C3661CC17AE}
Adobe Color NA Extra Settings-->MsiExec.exe /I{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{ED95B55C-4759-4242-85DE-EAD1DA7AB090}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{AE6BE2FE-5D3D-4FA0-98BC-57B7B78493F4}
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}
Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -maintain plugin
Adobe Flash Professional CS5-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{CFC9F871-7C40-40B6-BE4A-B98A5B309716}"
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\b5ed30048e229c36945fd3d95860c0b\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{D6CD1A90-1421-4F19-AFD8-BE4E28A1D6D5}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\4977c84bcdc298c444ccfbdcccb660d\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{5178C1BB-1EB1-4468-894B-7DE964DDCAA2}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3-->C:\Program Files\Common Files\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Setup-->MsiExec.exe /I{0901FCE8-5415-4499-BBC8-1AA106DD66E2}
Adobe Setup-->MsiExec.exe /I{6EC3499F-025A-4EDB-A03D-AB3DC042051D}
Adobe Setup-->MsiExec.exe /I{739CE62B-2893-4D89-8BF8-9B4034633DB6}
Adobe Setup-->MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -runfromtemp -l0x0009 -removeonly
aTube Catcher-->C:\Program Files\DsNET Corp\aTube Catcher 2.0\uninstall.exe
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
BitTorrent-->"C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
Blender-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Bookworm Adventures Deluxe 1.00-->C:\Program Files\Games\Bookworm Adventures Deluxe\UNWISE.exe
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
Capsa.cz 1.1.13-->"C:\Program Files\Capsa.cz\unins000.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Counter-Strike: Condition Zero Deleted Scenes-->"E:\Program Files\Steam\steam.exe" steam://uninstall/100
Crystal Reports for Visual Studio-->MsiExec.exe /I{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}
DawnOfWar-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B}
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Dota 2-->"E:\Program Files\Steam\steam.exe" steam://uninstall/570
Dotfuscator Software Services - Community Edition-->MsiExec.exe /X{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}
Dungeon Keeper 2-->C:\WINDOWS\IsUninst.exe -fe:\backup\games\DK\Uninst.isu -c"e:\backup\games\DK\uninst.dll"
EVEREST Ultimate Edition v5.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Fraps (remove only)-->"C:\Program Files\fraps\uninstall.exe"
Garena 2010-->E:\Garena\uninst.exe
GPU Caps Viewer 1.14.5-->"C:\Program Files\Geeks3D\GPU_Caps_Viewer_v1.14.5\unins000.exe"
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HD Tune 2.55-->"C:\Program Files\HD Tune\unins000.exe"
HijackThis 2.0.0-->"F:\INSTALl\System protection\PC CLEAN\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF}
Last.fm 1.5.4.27091-->"C:\Program Files\Last.fm\unins000.exe"
Logitech MouseWare 9.76 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
LogMeIn Hamachi-->C:\WINDOWS\system32\\msiexec.exe /i {E2494AD8-314D-44F8-B39C-4358A60DC184} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{491DFBAA-77EF-4B06-8676-2FC66EEE049A}
LogMeIn Hamachi-->MsiExec.exe /I{E2494AD8-314D-44F8-B39C-4358A60DC184}
Magic ISO Maker v5.5 (build 0281)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Magic Set Editor 2.0.0-->"C:\Program Files\Magic Set Editor 2\unins000.exe"
Magic Workstation 0.94f-->"C:\Program Files\Magic Workstation\unins000.exe"
Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB2656353)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools-->MsiExec.exe /X{40416836-56CC-4C0E-A6AF-5C34BADCE483}
Microsoft ASP.NET MVC 2-->MsiExec.exe /X{1803A630-3C38-4D2B-9B9A-0CB37243539C}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{8FB1B528-E260-451E-9B55-E9152F94B80B}
Microsoft Help Viewer 1.0-->C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0\install.exe
Microsoft Help Viewer 1.0-->MsiExec.exe /X{47C39E4A-28F2-33B1-B9B7-97F24E52D917}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{047B0968-E622-4FAA-9B4B-121FA109EDDE}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{99ACCA38-6DD3-48A8-96AE-A283C9759279}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-0000-0000000FF1CE}" "{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00BA-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0117-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight 3 SDK-->MsiExec.exe /X{2012098D-EEE9-4769-8DD3-B038050854D4}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}
Microsoft SQL Server 2008 R2 Data-Tier Application Framework-->MsiExec.exe /I{0DDCEC37-369C-484B-B16D-B4413FD42FB9}
Microsoft SQL Server 2008 R2 Data-Tier Application Project-->MsiExec.exe /I{E5AE9031-79A5-4627-9641-BEFA82819B08}
Microsoft SQL Server 2008 R2 Management Objects-->MsiExec.exe /I{4E968D9C-21A7-4915-B698-F7AEB913541D}
Microsoft SQL Server 2008 R2 Transact-SQL Language Service-->MsiExec.exe /I{78C3657E-742C-40B1-9F53-E5A921D40F17}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}
Microsoft SQL Server 2008 Setup Support Files -->MsiExec.exe /X{D441BD04-E548-4F8E-97A4-1B66135BAAA8}
Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86
Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}
Microsoft SQL Server Database Publishing Wizard 1.4-->MsiExec.exe /I{ACE28263-76A4-4BF5-B6F4-8BD719595969}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft SQL Server System CLR Types-->MsiExec.exe /I{2A2F3AE8-246A-4252-BB26-1BEB45627074}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}
Microsoft Sync Framework Runtime v1.0 SP1 (x86)-->MsiExec.exe /I{C6DD625F-4B61-4561-8286-87CA0275CEA1}
Microsoft Sync Framework SDK v1.0 SP1-->MsiExec.exe /I{97CE8B73-AA5A-4987-A1BE-50DD1A187478}
Microsoft Sync Framework Services v1.0 SP1 (x86)-->MsiExec.exe /I{F990B526-8F7C-46E0-B1F1-6C893A8B478F}
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)-->MsiExec.exe /I{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}
Microsoft Team Foundation Server 2010 Object Model - ENU-->MsiExec.exe /I{6ED37A91-7710-3183-BE50-AB043FF6689E}
Microsoft Team Foundation Server 2010 Object Model - ENU-->MsiExec.exe /X{6ED37A91-7710-3183-BE50-AB043FF6689E}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974-->MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319-->MsiExec.exe /X{6A86554B-8928-30E4-A53C-D7337689134D}
Microsoft Visual F# 2.0 Runtime-->MsiExec.exe /X{729A3000-BC8A-3B74-BA5D-5068FE12D70C}
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools-->MsiExec.exe /X{14DD7530-CCD2-3798-B37D-3839ED6A441C}
Microsoft Visual Studio 2010 Office Developer Tools (x86)-->MsiExec.exe /X{035400A4-29BD-3723-BEED-E2718A68CDE0}
Microsoft Visual Studio 2010 Professional - ENU-->E:\Program Files\visual studio\Microsoft Visual Studio 2010 Professional - ENU\setup.exe
Microsoft Visual Studio 2010 SharePoint Developer Tools-->MsiExec.exe /X{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)-->MsiExec.exe /X{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}
Microsoft Visual Studio Macro Tools-->msiexec.exe /uninstall {6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}
Microsoft Visual Studio Macro Tools-->MsiExec.exe /X{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Microsoft XNA Framework Redistributable 1.0 Refresh-->MsiExec.exe /I{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}
Microsoft XNA Framework Redistributable 4.0-->MsiExec.exe /I{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}
Microsoft XNA Game Studio 4.0 (ARP entry)-->MsiExec.exe /I{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}
Microsoft XNA Game Studio 4.0 (Redists)-->MsiExec.exe /I{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}
Microsoft XNA Game Studio 4.0 (Shared Components)-->MsiExec.exe /I{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}
Microsoft XNA Game Studio 4.0 (Visual Studio)-->MsiExec.exe /I{8C496FBF-DB4A-468D-A3A1-15E127382218}
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)-->MsiExec.exe /I{01C79EF3-DE84-4B56-B638-8BEA0D507506}
Microsoft XNA Game Studio 4.0 Documentation-->MsiExec.exe /I{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}
Microsoft XNA Game Studio 4.0-->C:\Program Files\Microsoft XNA\XNA Game Studio\v4.0\Setup\Bootstrapper.exe en-US
Microsoft XNA Game Studio Platform Tools-->MsiExec.exe /I{0666E46E-A860-4353-BE6D-13AA72FABB57}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
MSVCRT Redists-->MsiExec.exe /I{7032B400-11EC-11E0-A9BF-0013D3D69929}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
MTG Card Images for Magic Workstation-->"C:\Program Files\Magic Workstation\unins002.exe"
MTG GamePack for Magic Workstation-->"C:\Program Files\Magic Workstation\unins001.exe"
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA GAME System Software 2.8.1-->MsiExec.exe /I{4F0C7CCF-5666-474B-B02E-AC514A95EC93}
NVIDIA Graphics Driver 295.73-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX System Software 9.10.0514-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX
NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
Paint.NET v3.5.10-->MsiExec.exe /X{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
PDF Settings-->MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}
PoxNora-->"E:\Program Files\Steam\steam.exe" steam://uninstall/201210
PxMergeModule-->MsiExec.exe /I{024521CF-C07E-4F8E-8481-0D75695E03AF}
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0405 -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
SAMSUNG USB Mobile Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {42A3562E-8B4E-39A4-B82D-CC12F82889E3} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Extended
Security Update for Windows Internet Explorer 7 (KB2647516)-->"C:\WINDOWS\ie7updates\KB2647516-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Service Pack 1 for SQL Server 2008 (KB968369)-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePack\setup.exe" /Action=RemovePatch /AllInstances
Sid Meier's Civilization IV Colonization-->C:\Program Files\InstallShield Installation Information\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}\setup.exe -runfromtemp -l0x0009 -removeonly
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}
StepMania (remove only)-->"C:\Program Files\StepMania\uninstall.exe"
Team Fortress 2-->"E:\Program Files\Steam\steam.exe" steam://uninstall/440
The Witcher Enhanced Edition-->"C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0009 -removeonly
Theme Hospital-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Bullfrog\Hospital\DeIsL2.isu"
Total Commander (Remove or Repair)-->F:\totalcmd\tcuninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD988F49-E1C8-3C84-9683-0448B6BB8E20} /parameterfolder Client
VIA Platforma Ovladače zařízení-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Video Card Stability Test-->C:\Program Files\Video Card Stability Test\uninstall.exe
VideoMach-->C:\Program Files\VideoMach\uninstall.exe
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /X{112C23F2-C036-4D40-BED4-0CB47BF5555C}
Vit Registry Fix 10 (remove only)-->C:\Program Files\VITSOFT\Vit Registry Fix\Uninstall.exe
VLC media player 1.1.11-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Warkeys 1.19.3.0b-->C:\Program Files\Warkeys\uninst.exe
Web Deployment Tool-->MsiExec.exe /I{0F37D969-1260-419E-B308-EF7D29ABDE20}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows PowerShell(TM) 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Wizardry 8 CZ-->E:\BACKUP\GAMES\wizardry 8\Wizardry 8\uninstall.exe
======Security center information======
AV: avast! Antivirus
======System event log======
Computer Name: BITCH
Event Code: 7031
Message: The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Record Number: 7356
Source Name: Service Control Manager
Time Written: 20120215070119.000000+060
Event Type: error
User:
Computer Name: BITCH
Event Code: 7000
Message: The PostgreSQL Database Server 8.3 service failed to start due to the following error:
The system cannot find the path specified.
Record Number: 7329
Source Name: Service Control Manager
Time Written: 20120215052430.000000+060
Event Type: error
User:
Computer Name: BITCH
Event Code: 7000
Message: The PostgreSQL Database Server 8.3 service failed to start due to the following error:
The system cannot find the path specified.
Record Number: 7293
Source Name: Service Control Manager
Time Written: 20120214105502.000000+060
Event Type: error
User:
Computer Name: BITCH
Event Code: 9
Message: The device, \Device\Ide\IdePort2, did not respond within the timeout period.
Record Number: 7289
Source Name: atapi
Time Written: 20120214071916.000000+060
Event Type: error
User:
Computer Name: BITCH
Event Code: 7000
Message: The PostgreSQL Database Server 8.3 service failed to start due to the following error:
The system cannot find the path specified.
Record Number: 7266
Source Name: Service Control Manager
Time Written: 20120214071227.000000+060
Event Type: error
User:
=====Application event log=====
Computer Name: BITCH
Event Code: 1001
Message:
Record Number: 2693
Source Name: MsiInstaller
Time Written: 20120223195227.000000+060
Event Type: warning
User: BITCH\kundibal
Computer Name: BITCH
Event Code: 1004
Message:
Record Number: 2692
Source Name: MsiInstaller
Time Written: 20120223195227.000000+060
Event Type: warning
User: BITCH\kundibal
Computer Name: BITCH
Event Code: 902
Message: The Software Protection service has started.
14.0.370.400
Record Number: 2499
Source Name: Office Software Protection Platform Service
Time Written: 20120221204807.000000+060
Event Type:
User:
Computer Name: BITCH
Event Code: 902
Message: The Software Protection service has started.
14.0.370.400
Record Number: 2456
Source Name: Office Software Protection Platform Service
Time Written: 20120220174642.000000+060
Event Type:
User:
Computer Name: BITCH
Event Code: 902
Message: The Software Protection service has started.
14.0.370.400
Record Number: 2265
Source Name: Office Software Protection Platform Service
Time Written: 20120218161749.000000+060
Event Type:
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\Program Files\Microsoft SQL Server\100\Tools\Binn;C:\Program Files\Microsoft SQL Server\100\DTS\Binn;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;%dokanPath%;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VS100COMNTOOLS"=E:\Program Files\visual studio\Common7\Tools\
"XNAGSShared"=C:\Program Files\Common Files\Microsoft Shared\XNA\
"XNAGSv4"=C:\Program Files\Microsoft XNA\XNA Game Studio\v4.0\
"dokanPath"=C:\Program Files\Capsa.cz\DokanLibrary0.5.3
-----------------EOF-----------------
Ještě v příloze minidump když mi padl PC pár dní zpátky. Bez přípony - nešlo jinak upnout.
Díky
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vypínání/zapínání PC. Sekání při datovém přenosu?
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Vypínání/zapínání PC. Sekání při datovém přenosu?
Tady je ten minidump
- Přílohy
-
- Mini031212-01.zip
- zmenit zip na dmp
- (64 KiB) Staženo 102 x
Re: Vypínání/zapínání PC. Sekání při datovém přenosu?
Dobrý večer 
kdo Vám poradil použít combofix?
Počítač používáte v práci nebo doma?
kdo Vám poradil použít combofix?
Počítač používáte v práci nebo doma?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Vypínání/zapínání PC. Sekání při datovém přenosu?
Známý, který jsem chodí. Vše jsem si předtím dobře zálohoval.
Počítač využívám doma. Semtam nějaká hra + programování. Jinak nebojte, VS je legální prof. verze licenci mám díky zaměstnání a Adobe je přítelkyně .
Počítač využívám doma. Semtam nějaká hra + programování. Jinak nebojte, VS je legální prof. verze licenci mám díky zaměstnání a Adobe je přítelkyně .
Re: Vypínání/zapínání PC. Sekání při datovém přenosu?
Prosím Ten dump s nepřejmenovanou koncovkou upněte na www.leteckaposta.cz, link vložte zde.
Nejde jen o to, že combofix Vám může zbořit systém. Ale zároveň smaže stopy po virech, takže já ted v logu ve rsitu nic nevidím. Log z combofixu máte? Měl by být na disku C.
Stáhněte TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
- a uložte ho na plochu.
- 2x klikněte na ikonu programu a spusťte
- dejte volbu Spustit kontrolu - pak potvrdte start sken
- pokud program najde infikovaný soubor, ukáže se Vám předvolená akce Cure, v tom případě potvrdte tlačítko Continue
- pokud bude chtít program restartovat počítač, klikněte na tlačítko Reboot Now
- pokud si restart nevyžádá, klikněte na tlačítko Report. Měl vy na Vás vyskočit log, obsah logu zkopírujte do svého topicu.
- pokud se log nezobrazí, je uložený ve Vašem kořenovém adresáři.
Nejde jen o to, že combofix Vám může zbořit systém. Ale zároveň smaže stopy po virech, takže já ted v logu ve rsitu nic nevidím. Log z combofixu máte? Měl by být na disku C.
Stáhněte TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe- a uložte ho na plochu.
- 2x klikněte na ikonu programu a spusťte
- dejte volbu Spustit kontrolu - pak potvrdte start sken
- pokud program najde infikovaný soubor, ukáže se Vám předvolená akce Cure, v tom případě potvrdte tlačítko Continue
- pokud bude chtít program restartovat počítač, klikněte na tlačítko Reboot Now
- pokud si restart nevyžádá, klikněte na tlačítko Report. Měl vy na Vás vyskočit log, obsah logu zkopírujte do svého topicu.
- pokud se log nezobrazí, je uložený ve Vašem kořenovém adresáři.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Vypínání/zapínání PC. Sekání při datovém přenosu?
Takže tady je minidump http://leteckaposta.cz/330677005
Log z combofixu nemám, při "fáze 48" jsem měl bsod, stejná chybová hláška jako při bsod viz dump. Bohužel dump z této bsod nemám.
Jinak sosl jsem a spustil TDSS Killer, trochu se liší od Vašeho popisu.
V change parameters jsem zaskrtl i dalsi dve moznosti a toto viz Report po scanu:
17:13:13.0375 2924 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
17:13:13.0796 2924 ============================================================
17:13:13.0796 2924 Current date / time: 2012/03/17 17:13:13.0796
17:13:13.0796 2924 SystemInfo:
17:13:13.0796 2924
17:13:13.0796 2924 OS Version: 5.1.2600 ServicePack: 3.0
17:13:13.0796 2924 Product type: Workstation
17:13:13.0796 2924 ComputerName: BITCH
17:13:13.0796 2924 UserName: kundibal
17:13:13.0796 2924 Windows directory: C:\WINDOWS
17:13:13.0796 2924 System windows directory: C:\WINDOWS
17:13:13.0796 2924 Processor architecture: Intel x86
17:13:13.0796 2924 Number of processors: 2
17:13:13.0796 2924 Page size: 0x1000
17:13:13.0796 2924 Boot type: Normal boot
17:13:13.0796 2924 ============================================================
17:13:15.0156 2924 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97695, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054
17:13:15.0171 2924 Drive \Device\Harddisk2\DR2 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:13:15.0171 2924 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:13:15.0187 2924 \Device\Harddisk0\DR0:
17:13:15.0187 2924 MBR used
17:13:15.0187 2924 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542E681
17:13:15.0187 2924 \Device\Harddisk2\DR2:
17:13:15.0187 2924 MBR used
17:13:15.0187 2924 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3C74
17:13:15.0203 2924 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x30D3CF2, BlocksNum 0x643690E
17:13:15.0203 2924 \Device\Harddisk1\DR1:
17:13:15.0203 2924 MBR used
17:13:15.0203 2924 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
17:13:15.0296 2924 Initialize success
17:13:15.0296 2924 ============================================================
17:14:00.0125 2952 ============================================================
17:14:00.0125 2952 Scan started
17:14:00.0125 2952 Mode: Manual; SigCheck; TDLFS;
17:14:00.0125 2952 ============================================================
17:14:00.0546 2952 Aavmker4 (78a4db23bb4e8d4349e164d1d90af73f) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:14:00.0656 2952 Aavmker4 - ok
17:14:00.0687 2952 Abiosdsk - ok
17:14:00.0718 2952 abp480n5 - ok
17:14:00.0765 2952 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:14:01.0390 2952 ACPI - ok
17:14:01.0500 2952 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:14:01.0593 2952 ACPIEC - ok
17:14:01.0625 2952 adpu160m - ok
17:14:01.0687 2952 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:14:01.0812 2952 aec - ok
17:14:01.0875 2952 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:14:01.0890 2952 AFD - ok
17:14:01.0906 2952 Aha154x - ok
17:14:01.0937 2952 aic78u2 - ok
17:14:01.0968 2952 aic78xx - ok
17:14:01.0984 2952 AliIde - ok
17:14:02.0015 2952 amsint - ok
17:14:02.0078 2952 AR5211 (3cb8e72b7c9887b42b90000e8cb1e7be) C:\WINDOWS\system32\DRIVERS\ar5211.sys
17:14:02.0093 2952 AR5211 ( UnsignedFile.Multi.Generic ) - warning
17:14:02.0093 2952 AR5211 - detected UnsignedFile.Multi.Generic (1)
17:14:02.0125 2952 asc - ok
17:14:02.0140 2952 asc3350p - ok
17:14:02.0171 2952 asc3550 - ok
17:14:02.0234 2952 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:14:02.0250 2952 aswFsBlk - ok
17:14:02.0296 2952 aswMon2 (2ce6da466687cbb3b97e59f8831a27cb) C:\WINDOWS\system32\drivers\aswMon2.sys
17:14:02.0296 2952 aswMon2 - ok
17:14:02.0328 2952 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\WINDOWS\system32\drivers\aswRdr.sys
17:14:02.0328 2952 aswRdr - ok
17:14:02.0375 2952 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\WINDOWS\system32\drivers\aswSnx.sys
17:14:02.0390 2952 aswSnx - ok
17:14:02.0437 2952 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\WINDOWS\system32\drivers\aswSP.sys
17:14:02.0453 2952 aswSP - ok
17:14:02.0484 2952 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\WINDOWS\system32\drivers\aswTdi.sys
17:14:02.0500 2952 aswTdi - ok
17:14:02.0546 2952 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:14:02.0687 2952 AsyncMac - ok
17:14:02.0718 2952 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:14:02.0859 2952 atapi - ok
17:14:02.0890 2952 Atdisk - ok
17:14:02.0937 2952 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
17:14:02.0953 2952 atksgt - ok
17:14:02.0984 2952 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:14:03.0093 2952 Atmarpc - ok
17:14:03.0140 2952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:14:03.0250 2952 audstub - ok
17:14:03.0312 2952 AVerAF15DMBTH (3e851cc6db0c07a8cc640fd03eb6fdae) C:\WINDOWS\system32\Drivers\AVerAF15DMBTH.sys
17:14:03.0375 2952 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - warning
17:14:03.0375 2952 AVerAF15DMBTH - detected UnsignedFile.Multi.Generic (1)
17:14:03.0421 2952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:14:03.0546 2952 Beep - ok
17:14:03.0578 2952 bjrvlvcn - ok
17:14:03.0671 2952 catchme - ok
17:14:03.0718 2952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:14:03.0859 2952 cbidf2k - ok
17:14:03.0968 2952 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:14:04.0093 2952 CCDECODE - ok
17:14:04.0125 2952 cd20xrnt - ok
17:14:04.0156 2952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:14:04.0265 2952 Cdaudio - ok
17:14:04.0328 2952 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:14:04.0437 2952 Cdfs - ok
17:14:04.0484 2952 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:14:04.0609 2952 Cdrom - ok
17:14:04.0640 2952 Changer - ok
17:14:04.0656 2952 CmdIde - ok
17:14:04.0687 2952 Cpqarray - ok
17:14:04.0703 2952 dac2w2k - ok
17:14:04.0734 2952 dac960nt - ok
17:14:04.0781 2952 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:14:04.0906 2952 Disk - ok
17:14:04.0953 2952 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:14:05.0109 2952 dmboot - ok
17:14:05.0156 2952 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:14:05.0281 2952 dmio - ok
17:14:05.0312 2952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:14:05.0453 2952 dmload - ok
17:14:05.0500 2952 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:14:05.0625 2952 DMusic - ok
17:14:05.0671 2952 Dokan (bf94acf77e2c7458d91d0bef8718eece) C:\WINDOWS\system32\drivers\dokan.sys
17:14:05.0671 2952 Dokan ( UnsignedFile.Multi.Generic ) - warning
17:14:05.0671 2952 Dokan - detected UnsignedFile.Multi.Generic (1)
17:14:05.0703 2952 dpti2o - ok
17:14:05.0750 2952 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:14:05.0859 2952 drmkaud - ok
17:14:05.0875 2952 dsNcAdpt - ok
17:14:05.0921 2952 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys
17:14:05.0937 2952 eamon - ok
17:14:05.0968 2952 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
17:14:05.0984 2952 ehdrv - ok
17:14:06.0000 2952 epfwtdir (aa0667eb9a92414abb784c101a6c7fec) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
17:14:06.0015 2952 epfwtdir - ok
17:14:06.0046 2952 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:14:06.0171 2952 Fastfat - ok
17:14:06.0203 2952 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:14:06.0328 2952 Fdc - ok
17:14:06.0359 2952 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:14:06.0484 2952 Fips - ok
17:14:06.0515 2952 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:14:06.0656 2952 Flpydisk - ok
17:14:06.0734 2952 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:14:06.0843 2952 FltMgr - ok
17:14:06.0906 2952 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
17:14:06.0921 2952 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
17:14:06.0921 2952 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
17:14:06.0953 2952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:14:07.0078 2952 Fs_Rec - ok
17:14:07.0109 2952 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:14:07.0234 2952 Ftdisk - ok
17:14:07.0250 2952 GGSAFERDriver - ok
17:14:07.0296 2952 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:14:07.0421 2952 Gpc - ok
17:14:07.0468 2952 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
17:14:07.0484 2952 hamachi - ok
17:14:07.0531 2952 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:14:07.0640 2952 HDAudBus - ok
17:14:07.0703 2952 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:14:07.0828 2952 hidusb - ok
17:14:07.0890 2952 hidusbf (34f0823be25aed4992fd9fcf587f50d5) C:\WINDOWS\system32\DRIVERS\hidusbf.sys
17:14:07.0890 2952 hidusbf ( UnsignedFile.Multi.Generic ) - warning
17:14:07.0890 2952 hidusbf - detected UnsignedFile.Multi.Generic (1)
17:14:07.0921 2952 hpn - ok
17:14:07.0984 2952 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:14:08.0015 2952 HTTP - ok
17:14:08.0046 2952 i2omgmt - ok
17:14:08.0078 2952 i2omp - ok
17:14:08.0140 2952 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:14:08.0250 2952 i8042prt - ok
17:14:08.0296 2952 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:14:08.0406 2952 Imapi - ok
17:14:08.0437 2952 ini910u - ok
17:14:08.0453 2952 IntelIde - ok
17:14:08.0515 2952 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:14:08.0625 2952 Ip6Fw - ok
17:14:08.0671 2952 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:14:08.0796 2952 IpFilterDriver - ok
17:14:08.0828 2952 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:14:08.0953 2952 IpInIp - ok
17:14:09.0015 2952 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:14:09.0156 2952 IpNat - ok
17:14:09.0203 2952 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:14:09.0312 2952 IPSec - ok
17:14:09.0375 2952 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:14:09.0437 2952 IRENUM - ok
17:14:09.0484 2952 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:14:09.0593 2952 isapnp - ok
17:14:09.0625 2952 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:14:09.0750 2952 Kbdclass - ok
17:14:09.0812 2952 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:14:09.0937 2952 kmixer - ok
17:14:10.0000 2952 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:14:10.0000 2952 KSecDD - ok
17:14:10.0046 2952 L1e (101457d884e3dd4636baefb9b7e7d3f3) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
17:14:10.0078 2952 L1e - ok
17:14:10.0093 2952 lbrtfdc - ok
17:14:10.0156 2952 LHidFlt2 (63b00a26f62572e0d58e6c8d3b32bf59) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
17:14:10.0156 2952 LHidFlt2 - ok
17:14:10.0218 2952 LHidUsb (ac05a1b5c66d693b1598fd83617d1820) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
17:14:10.0234 2952 LHidUsb - ok
17:14:10.0296 2952 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
17:14:10.0296 2952 lirsgt - ok
17:14:10.0343 2952 LMouFlt2 (03abef1a29addc98c32ed0f336b98e90) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
17:14:10.0359 2952 LMouFlt2 - ok
17:14:10.0390 2952 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
17:14:10.0406 2952 MBAMProtector - ok
17:14:10.0468 2952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:14:10.0578 2952 mnmdd - ok
17:14:10.0625 2952 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:14:10.0750 2952 Modem - ok
17:14:10.0843 2952 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
17:14:10.0937 2952 monfilt - ok
17:14:11.0000 2952 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:14:11.0109 2952 Mouclass - ok
17:14:11.0140 2952 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:14:11.0250 2952 mouhid - ok
17:14:11.0296 2952 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:14:11.0437 2952 MountMgr - ok
17:14:11.0484 2952 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
17:14:11.0625 2952 MPE - ok
17:14:11.0640 2952 mraid35x - ok
17:14:11.0671 2952 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:14:11.0796 2952 MRxDAV - ok
17:14:11.0859 2952 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:14:11.0906 2952 MRxSmb - ok
17:14:11.0937 2952 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:14:12.0062 2952 Msfs - ok
17:14:12.0125 2952 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:14:12.0250 2952 MSKSSRV - ok
17:14:12.0343 2952 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:14:12.0468 2952 MSPCLOCK - ok
17:14:12.0500 2952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:14:12.0640 2952 MSPQM - ok
17:14:12.0671 2952 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:14:12.0828 2952 mssmbios - ok
17:14:12.0875 2952 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:14:13.0015 2952 MSTEE - ok
17:14:13.0062 2952 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:14:13.0078 2952 MTsensor - ok
17:14:13.0109 2952 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:14:13.0125 2952 Mup - ok
17:14:13.0156 2952 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:14:13.0296 2952 NABTSFEC - ok
17:14:13.0343 2952 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:14:13.0484 2952 NDIS - ok
17:14:13.0531 2952 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:14:13.0640 2952 NdisIP - ok
17:14:13.0687 2952 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:14:13.0703 2952 NdisTapi - ok
17:14:13.0750 2952 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:14:13.0875 2952 Ndisuio - ok
17:14:13.0921 2952 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:14:14.0062 2952 NdisWan - ok
17:14:14.0109 2952 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:14:14.0125 2952 NDProxy - ok
17:14:14.0156 2952 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:14:14.0281 2952 NetBIOS - ok
17:14:14.0312 2952 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:14:14.0453 2952 NetBT - ok
17:14:14.0484 2952 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:14:14.0609 2952 Npfs - ok
17:14:14.0671 2952 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:14:14.0796 2952 Ntfs - ok
17:14:14.0843 2952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:14:14.0968 2952 Null - ok
17:14:15.0359 2952 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:14:15.0796 2952 nv - ok
17:14:15.0875 2952 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:14:16.0015 2952 NwlnkFlt - ok
17:14:16.0046 2952 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:14:16.0171 2952 NwlnkFwd - ok
17:14:16.0234 2952 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:14:16.0390 2952 Parport - ok
17:14:16.0421 2952 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:14:16.0546 2952 PartMgr - ok
17:14:16.0593 2952 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:14:16.0718 2952 ParVdm - ok
17:14:16.0765 2952 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:14:16.0906 2952 PCI - ok
17:14:16.0937 2952 PCIDump - ok
17:14:16.0984 2952 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:14:17.0109 2952 PCIIde - ok
17:14:17.0156 2952 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:14:17.0281 2952 Pcmcia - ok
17:14:17.0296 2952 PDCOMP - ok
17:14:17.0328 2952 PDFRAME - ok
17:14:17.0343 2952 PDRELI - ok
17:14:17.0375 2952 PDRFRAME - ok
17:14:17.0406 2952 perc2 - ok
17:14:17.0421 2952 perc2hib - ok
17:14:17.0468 2952 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:14:17.0578 2952 PptpMiniport - ok
17:14:17.0640 2952 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:14:17.0765 2952 Processor - ok
17:14:17.0781 2952 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:14:17.0890 2952 PSched - ok
17:14:17.0953 2952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:14:18.0062 2952 Ptilink - ok
17:14:18.0093 2952 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:14:18.0109 2952 PxHelp20 - ok
17:14:18.0125 2952 ql1080 - ok
17:14:18.0156 2952 Ql10wnt - ok
17:14:18.0187 2952 ql12160 - ok
17:14:18.0203 2952 ql1240 - ok
17:14:18.0234 2952 ql1280 - ok
17:14:18.0281 2952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:14:18.0390 2952 RasAcd - ok
17:14:18.0421 2952 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:14:18.0546 2952 Rasl2tp - ok
17:14:18.0562 2952 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:14:18.0703 2952 RasPppoe - ok
17:14:18.0718 2952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:14:18.0859 2952 Raspti - ok
17:14:18.0890 2952 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:14:19.0015 2952 Rdbss - ok
17:14:19.0046 2952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:14:19.0171 2952 RDPCDD - ok
17:14:19.0203 2952 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:14:19.0328 2952 rdpdr - ok
17:14:19.0390 2952 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:14:19.0406 2952 RDPWD - ok
17:14:19.0437 2952 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:14:19.0578 2952 redbook - ok
17:14:19.0593 2952 rootrepeal - ok
17:14:19.0671 2952 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
17:14:19.0671 2952 RsFx0103 - ok
17:14:19.0734 2952 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:14:19.0859 2952 rtl8139 - ok
17:14:19.0921 2952 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:14:19.0968 2952 Secdrv - ok
17:14:20.0031 2952 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:14:20.0156 2952 serenum - ok
17:14:20.0187 2952 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:14:20.0296 2952 Serial - ok
17:14:20.0328 2952 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:14:20.0453 2952 Sfloppy - ok
17:14:20.0468 2952 Simbad - ok
17:14:20.0531 2952 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:14:20.0656 2952 SLIP - ok
17:14:20.0687 2952 Sparrow - ok
17:14:20.0734 2952 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:14:20.0843 2952 splitter - ok
17:14:20.0906 2952 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
17:14:20.0906 2952 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
17:14:20.0906 2952 sptd ( LockedFile.Multi.Generic ) - warning
17:14:20.0906 2952 sptd - detected LockedFile.Multi.Generic (1)
17:14:20.0968 2952 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:14:21.0015 2952 sr - ok
17:14:21.0062 2952 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:14:21.0078 2952 Srv - ok
17:14:21.0140 2952 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
17:14:21.0140 2952 ss_bbus - ok
17:14:21.0187 2952 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
17:14:21.0203 2952 ss_bmdfl - ok
17:14:21.0234 2952 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
17:14:21.0250 2952 ss_bmdm - ok
17:14:21.0328 2952 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:14:21.0437 2952 streamip - ok
17:14:21.0484 2952 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:14:21.0593 2952 swenum - ok
17:14:21.0640 2952 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:14:21.0781 2952 swmidi - ok
17:14:21.0812 2952 symc810 - ok
17:14:21.0828 2952 symc8xx - ok
17:14:21.0859 2952 sym_hi - ok
17:14:21.0890 2952 sym_u3 - ok
17:14:21.0953 2952 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:14:22.0062 2952 sysaudio - ok
17:14:22.0140 2952 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:14:22.0187 2952 Tcpip - ok
17:14:22.0250 2952 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:14:22.0375 2952 TDPIPE - ok
17:14:22.0406 2952 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:14:22.0546 2952 TDTCP - ok
17:14:22.0593 2952 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:14:22.0718 2952 TermDD - ok
17:14:22.0750 2952 TosIde - ok
17:14:22.0812 2952 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:14:22.0953 2952 Udfs - ok
17:14:22.0968 2952 ultra - ok
17:14:23.0031 2952 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:14:23.0156 2952 Update - ok
17:14:23.0218 2952 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:14:23.0359 2952 usbccgp - ok
17:14:23.0406 2952 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:14:23.0531 2952 usbehci - ok
17:14:23.0562 2952 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:14:23.0687 2952 usbhub - ok
17:14:23.0718 2952 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:14:23.0828 2952 usbohci - ok
17:14:23.0875 2952 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:14:24.0015 2952 USBSTOR - ok
17:14:24.0046 2952 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:14:24.0171 2952 VgaSave - ok
17:14:24.0312 2952 VIAHdAudAddService (cbc1ce0a1fce0deed4f6f093be91d132) C:\WINDOWS\system32\drivers\viahduaa.sys
17:14:24.0375 2952 VIAHdAudAddService - ok
17:14:24.0421 2952 ViaIde - ok
17:14:24.0453 2952 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:14:24.0593 2952 VolSnap - ok
17:14:24.0640 2952 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:14:24.0765 2952 Wanarp - ok
17:14:24.0796 2952 WDICA - ok
17:14:24.0843 2952 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:14:24.0968 2952 wdmaud - ok
17:14:25.0031 2952 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:14:25.0140 2952 WmiAcpi - ok
17:14:25.0187 2952 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:14:25.0312 2952 WS2IFSL - ok
17:14:25.0375 2952 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:14:25.0484 2952 WSTCODEC - ok
17:14:25.0531 2952 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:14:25.0531 2952 WudfPf - ok
17:14:25.0578 2952 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:14:25.0578 2952 WudfRd - ok
17:14:25.0609 2952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:14:25.0656 2952 \Device\Harddisk0\DR0 - ok
17:14:25.0671 2952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
17:14:25.0906 2952 \Device\Harddisk2\DR2 ( TDSS File System ) - warning
17:14:25.0906 2952 \Device\Harddisk2\DR2 - detected TDSS File System (1)
17:14:25.0906 2952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:14:25.0968 2952 \Device\Harddisk1\DR1 - ok
17:14:25.0968 2952 Boot (0x1200) (57a5dc99b56e9005f2431a948e997904) \Device\Harddisk0\DR0\Partition0
17:14:25.0968 2952 \Device\Harddisk0\DR0\Partition0 - ok
17:14:25.0968 2952 Boot (0x1200) (8b1ec730cb92ce601529b2b77ef94f2e) \Device\Harddisk2\DR2\Partition0
17:14:25.0968 2952 \Device\Harddisk2\DR2\Partition0 - ok
17:14:25.0984 2952 Boot (0x1200) (be9dcdf9482ad37e6e4e0c93eece7738) \Device\Harddisk2\DR2\Partition1
17:14:25.0984 2952 \Device\Harddisk2\DR2\Partition1 - ok
17:14:25.0984 2952 Boot (0x1200) (67643b5bd28842b200c744127f5afd21) \Device\Harddisk1\DR1\Partition0
17:14:26.0000 2952 \Device\Harddisk1\DR1\Partition0 - ok
17:14:26.0000 2952 ============================================================
17:14:26.0000 2952 Scan finished
17:14:26.0000 2952 ============================================================
17:14:26.0109 3348 Detected object count: 7
17:14:26.0109 3348 Actual detected object count: 7
17:17:02.0328 3348 AR5211 ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:02.0343 3348 AR5211 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:02.0343 3348 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:02.0343 3348 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:02.0343 3348 Dokan ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:02.0343 3348 Dokan ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:02.0343 3348 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:02.0343 3348 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:02.0343 3348 hidusbf ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:02.0343 3348 hidusbf ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:02.0343 3348 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:17:02.0343 3348 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:17:02.0343 3348 \Device\Harddisk2\DR2 ( TDSS File System ) - skipped by user
17:17:02.0343 3348 \Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Skip
PS:
Jediné co z reportu "suspicious" poznám je
SPTD - Daemon Tools driver na virtual mechaniku?
Dokan - driver na souborovy system pro capsa.cz
FsUsbExDisk - nevím
hidusbf - ovladac na vyssi rate USB
Aver - od Aver jsem mel TVtuner, uz nemam odstanit ?
AR5211 - nevim
Log z combofixu nemám, při "fáze 48" jsem měl bsod, stejná chybová hláška jako při bsod viz dump. Bohužel dump z této bsod nemám.
Jinak sosl jsem a spustil TDSS Killer, trochu se liší od Vašeho popisu.
V change parameters jsem zaskrtl i dalsi dve moznosti a toto viz Report po scanu:
17:13:13.0375 2924 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
17:13:13.0796 2924 ============================================================
17:13:13.0796 2924 Current date / time: 2012/03/17 17:13:13.0796
17:13:13.0796 2924 SystemInfo:
17:13:13.0796 2924
17:13:13.0796 2924 OS Version: 5.1.2600 ServicePack: 3.0
17:13:13.0796 2924 Product type: Workstation
17:13:13.0796 2924 ComputerName: BITCH
17:13:13.0796 2924 UserName: kundibal
17:13:13.0796 2924 Windows directory: C:\WINDOWS
17:13:13.0796 2924 System windows directory: C:\WINDOWS
17:13:13.0796 2924 Processor architecture: Intel x86
17:13:13.0796 2924 Number of processors: 2
17:13:13.0796 2924 Page size: 0x1000
17:13:13.0796 2924 Boot type: Normal boot
17:13:13.0796 2924 ============================================================
17:13:15.0156 2924 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97695, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054
17:13:15.0171 2924 Drive \Device\Harddisk2\DR2 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:13:15.0171 2924 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:13:15.0187 2924 \Device\Harddisk0\DR0:
17:13:15.0187 2924 MBR used
17:13:15.0187 2924 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542E681
17:13:15.0187 2924 \Device\Harddisk2\DR2:
17:13:15.0187 2924 MBR used
17:13:15.0187 2924 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3C74
17:13:15.0203 2924 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x30D3CF2, BlocksNum 0x643690E
17:13:15.0203 2924 \Device\Harddisk1\DR1:
17:13:15.0203 2924 MBR used
17:13:15.0203 2924 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
17:13:15.0296 2924 Initialize success
17:13:15.0296 2924 ============================================================
17:14:00.0125 2952 ============================================================
17:14:00.0125 2952 Scan started
17:14:00.0125 2952 Mode: Manual; SigCheck; TDLFS;
17:14:00.0125 2952 ============================================================
17:14:00.0546 2952 Aavmker4 (78a4db23bb4e8d4349e164d1d90af73f) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:14:00.0656 2952 Aavmker4 - ok
17:14:00.0687 2952 Abiosdsk - ok
17:14:00.0718 2952 abp480n5 - ok
17:14:00.0765 2952 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:14:01.0390 2952 ACPI - ok
17:14:01.0500 2952 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:14:01.0593 2952 ACPIEC - ok
17:14:01.0625 2952 adpu160m - ok
17:14:01.0687 2952 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:14:01.0812 2952 aec - ok
17:14:01.0875 2952 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:14:01.0890 2952 AFD - ok
17:14:01.0906 2952 Aha154x - ok
17:14:01.0937 2952 aic78u2 - ok
17:14:01.0968 2952 aic78xx - ok
17:14:01.0984 2952 AliIde - ok
17:14:02.0015 2952 amsint - ok
17:14:02.0078 2952 AR5211 (3cb8e72b7c9887b42b90000e8cb1e7be) C:\WINDOWS\system32\DRIVERS\ar5211.sys
17:14:02.0093 2952 AR5211 ( UnsignedFile.Multi.Generic ) - warning
17:14:02.0093 2952 AR5211 - detected UnsignedFile.Multi.Generic (1)
17:14:02.0125 2952 asc - ok
17:14:02.0140 2952 asc3350p - ok
17:14:02.0171 2952 asc3550 - ok
17:14:02.0234 2952 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:14:02.0250 2952 aswFsBlk - ok
17:14:02.0296 2952 aswMon2 (2ce6da466687cbb3b97e59f8831a27cb) C:\WINDOWS\system32\drivers\aswMon2.sys
17:14:02.0296 2952 aswMon2 - ok
17:14:02.0328 2952 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\WINDOWS\system32\drivers\aswRdr.sys
17:14:02.0328 2952 aswRdr - ok
17:14:02.0375 2952 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\WINDOWS\system32\drivers\aswSnx.sys
17:14:02.0390 2952 aswSnx - ok
17:14:02.0437 2952 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\WINDOWS\system32\drivers\aswSP.sys
17:14:02.0453 2952 aswSP - ok
17:14:02.0484 2952 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\WINDOWS\system32\drivers\aswTdi.sys
17:14:02.0500 2952 aswTdi - ok
17:14:02.0546 2952 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:14:02.0687 2952 AsyncMac - ok
17:14:02.0718 2952 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:14:02.0859 2952 atapi - ok
17:14:02.0890 2952 Atdisk - ok
17:14:02.0937 2952 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
17:14:02.0953 2952 atksgt - ok
17:14:02.0984 2952 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:14:03.0093 2952 Atmarpc - ok
17:14:03.0140 2952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:14:03.0250 2952 audstub - ok
17:14:03.0312 2952 AVerAF15DMBTH (3e851cc6db0c07a8cc640fd03eb6fdae) C:\WINDOWS\system32\Drivers\AVerAF15DMBTH.sys
17:14:03.0375 2952 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - warning
17:14:03.0375 2952 AVerAF15DMBTH - detected UnsignedFile.Multi.Generic (1)
17:14:03.0421 2952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:14:03.0546 2952 Beep - ok
17:14:03.0578 2952 bjrvlvcn - ok
17:14:03.0671 2952 catchme - ok
17:14:03.0718 2952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:14:03.0859 2952 cbidf2k - ok
17:14:03.0968 2952 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:14:04.0093 2952 CCDECODE - ok
17:14:04.0125 2952 cd20xrnt - ok
17:14:04.0156 2952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:14:04.0265 2952 Cdaudio - ok
17:14:04.0328 2952 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:14:04.0437 2952 Cdfs - ok
17:14:04.0484 2952 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:14:04.0609 2952 Cdrom - ok
17:14:04.0640 2952 Changer - ok
17:14:04.0656 2952 CmdIde - ok
17:14:04.0687 2952 Cpqarray - ok
17:14:04.0703 2952 dac2w2k - ok
17:14:04.0734 2952 dac960nt - ok
17:14:04.0781 2952 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:14:04.0906 2952 Disk - ok
17:14:04.0953 2952 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:14:05.0109 2952 dmboot - ok
17:14:05.0156 2952 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:14:05.0281 2952 dmio - ok
17:14:05.0312 2952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:14:05.0453 2952 dmload - ok
17:14:05.0500 2952 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:14:05.0625 2952 DMusic - ok
17:14:05.0671 2952 Dokan (bf94acf77e2c7458d91d0bef8718eece) C:\WINDOWS\system32\drivers\dokan.sys
17:14:05.0671 2952 Dokan ( UnsignedFile.Multi.Generic ) - warning
17:14:05.0671 2952 Dokan - detected UnsignedFile.Multi.Generic (1)
17:14:05.0703 2952 dpti2o - ok
17:14:05.0750 2952 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:14:05.0859 2952 drmkaud - ok
17:14:05.0875 2952 dsNcAdpt - ok
17:14:05.0921 2952 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys
17:14:05.0937 2952 eamon - ok
17:14:05.0968 2952 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
17:14:05.0984 2952 ehdrv - ok
17:14:06.0000 2952 epfwtdir (aa0667eb9a92414abb784c101a6c7fec) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
17:14:06.0015 2952 epfwtdir - ok
17:14:06.0046 2952 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:14:06.0171 2952 Fastfat - ok
17:14:06.0203 2952 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:14:06.0328 2952 Fdc - ok
17:14:06.0359 2952 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:14:06.0484 2952 Fips - ok
17:14:06.0515 2952 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:14:06.0656 2952 Flpydisk - ok
17:14:06.0734 2952 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:14:06.0843 2952 FltMgr - ok
17:14:06.0906 2952 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
17:14:06.0921 2952 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
17:14:06.0921 2952 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
17:14:06.0953 2952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:14:07.0078 2952 Fs_Rec - ok
17:14:07.0109 2952 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:14:07.0234 2952 Ftdisk - ok
17:14:07.0250 2952 GGSAFERDriver - ok
17:14:07.0296 2952 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:14:07.0421 2952 Gpc - ok
17:14:07.0468 2952 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
17:14:07.0484 2952 hamachi - ok
17:14:07.0531 2952 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:14:07.0640 2952 HDAudBus - ok
17:14:07.0703 2952 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:14:07.0828 2952 hidusb - ok
17:14:07.0890 2952 hidusbf (34f0823be25aed4992fd9fcf587f50d5) C:\WINDOWS\system32\DRIVERS\hidusbf.sys
17:14:07.0890 2952 hidusbf ( UnsignedFile.Multi.Generic ) - warning
17:14:07.0890 2952 hidusbf - detected UnsignedFile.Multi.Generic (1)
17:14:07.0921 2952 hpn - ok
17:14:07.0984 2952 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:14:08.0015 2952 HTTP - ok
17:14:08.0046 2952 i2omgmt - ok
17:14:08.0078 2952 i2omp - ok
17:14:08.0140 2952 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:14:08.0250 2952 i8042prt - ok
17:14:08.0296 2952 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:14:08.0406 2952 Imapi - ok
17:14:08.0437 2952 ini910u - ok
17:14:08.0453 2952 IntelIde - ok
17:14:08.0515 2952 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:14:08.0625 2952 Ip6Fw - ok
17:14:08.0671 2952 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:14:08.0796 2952 IpFilterDriver - ok
17:14:08.0828 2952 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:14:08.0953 2952 IpInIp - ok
17:14:09.0015 2952 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:14:09.0156 2952 IpNat - ok
17:14:09.0203 2952 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:14:09.0312 2952 IPSec - ok
17:14:09.0375 2952 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:14:09.0437 2952 IRENUM - ok
17:14:09.0484 2952 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:14:09.0593 2952 isapnp - ok
17:14:09.0625 2952 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:14:09.0750 2952 Kbdclass - ok
17:14:09.0812 2952 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:14:09.0937 2952 kmixer - ok
17:14:10.0000 2952 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:14:10.0000 2952 KSecDD - ok
17:14:10.0046 2952 L1e (101457d884e3dd4636baefb9b7e7d3f3) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
17:14:10.0078 2952 L1e - ok
17:14:10.0093 2952 lbrtfdc - ok
17:14:10.0156 2952 LHidFlt2 (63b00a26f62572e0d58e6c8d3b32bf59) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
17:14:10.0156 2952 LHidFlt2 - ok
17:14:10.0218 2952 LHidUsb (ac05a1b5c66d693b1598fd83617d1820) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
17:14:10.0234 2952 LHidUsb - ok
17:14:10.0296 2952 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
17:14:10.0296 2952 lirsgt - ok
17:14:10.0343 2952 LMouFlt2 (03abef1a29addc98c32ed0f336b98e90) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
17:14:10.0359 2952 LMouFlt2 - ok
17:14:10.0390 2952 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
17:14:10.0406 2952 MBAMProtector - ok
17:14:10.0468 2952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:14:10.0578 2952 mnmdd - ok
17:14:10.0625 2952 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:14:10.0750 2952 Modem - ok
17:14:10.0843 2952 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
17:14:10.0937 2952 monfilt - ok
17:14:11.0000 2952 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:14:11.0109 2952 Mouclass - ok
17:14:11.0140 2952 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:14:11.0250 2952 mouhid - ok
17:14:11.0296 2952 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:14:11.0437 2952 MountMgr - ok
17:14:11.0484 2952 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
17:14:11.0625 2952 MPE - ok
17:14:11.0640 2952 mraid35x - ok
17:14:11.0671 2952 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:14:11.0796 2952 MRxDAV - ok
17:14:11.0859 2952 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:14:11.0906 2952 MRxSmb - ok
17:14:11.0937 2952 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:14:12.0062 2952 Msfs - ok
17:14:12.0125 2952 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:14:12.0250 2952 MSKSSRV - ok
17:14:12.0343 2952 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:14:12.0468 2952 MSPCLOCK - ok
17:14:12.0500 2952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:14:12.0640 2952 MSPQM - ok
17:14:12.0671 2952 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:14:12.0828 2952 mssmbios - ok
17:14:12.0875 2952 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:14:13.0015 2952 MSTEE - ok
17:14:13.0062 2952 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:14:13.0078 2952 MTsensor - ok
17:14:13.0109 2952 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:14:13.0125 2952 Mup - ok
17:14:13.0156 2952 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:14:13.0296 2952 NABTSFEC - ok
17:14:13.0343 2952 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:14:13.0484 2952 NDIS - ok
17:14:13.0531 2952 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:14:13.0640 2952 NdisIP - ok
17:14:13.0687 2952 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:14:13.0703 2952 NdisTapi - ok
17:14:13.0750 2952 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:14:13.0875 2952 Ndisuio - ok
17:14:13.0921 2952 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:14:14.0062 2952 NdisWan - ok
17:14:14.0109 2952 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:14:14.0125 2952 NDProxy - ok
17:14:14.0156 2952 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:14:14.0281 2952 NetBIOS - ok
17:14:14.0312 2952 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:14:14.0453 2952 NetBT - ok
17:14:14.0484 2952 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:14:14.0609 2952 Npfs - ok
17:14:14.0671 2952 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:14:14.0796 2952 Ntfs - ok
17:14:14.0843 2952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:14:14.0968 2952 Null - ok
17:14:15.0359 2952 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:14:15.0796 2952 nv - ok
17:14:15.0875 2952 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:14:16.0015 2952 NwlnkFlt - ok
17:14:16.0046 2952 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:14:16.0171 2952 NwlnkFwd - ok
17:14:16.0234 2952 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:14:16.0390 2952 Parport - ok
17:14:16.0421 2952 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:14:16.0546 2952 PartMgr - ok
17:14:16.0593 2952 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:14:16.0718 2952 ParVdm - ok
17:14:16.0765 2952 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:14:16.0906 2952 PCI - ok
17:14:16.0937 2952 PCIDump - ok
17:14:16.0984 2952 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:14:17.0109 2952 PCIIde - ok
17:14:17.0156 2952 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:14:17.0281 2952 Pcmcia - ok
17:14:17.0296 2952 PDCOMP - ok
17:14:17.0328 2952 PDFRAME - ok
17:14:17.0343 2952 PDRELI - ok
17:14:17.0375 2952 PDRFRAME - ok
17:14:17.0406 2952 perc2 - ok
17:14:17.0421 2952 perc2hib - ok
17:14:17.0468 2952 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:14:17.0578 2952 PptpMiniport - ok
17:14:17.0640 2952 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:14:17.0765 2952 Processor - ok
17:14:17.0781 2952 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:14:17.0890 2952 PSched - ok
17:14:17.0953 2952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:14:18.0062 2952 Ptilink - ok
17:14:18.0093 2952 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:14:18.0109 2952 PxHelp20 - ok
17:14:18.0125 2952 ql1080 - ok
17:14:18.0156 2952 Ql10wnt - ok
17:14:18.0187 2952 ql12160 - ok
17:14:18.0203 2952 ql1240 - ok
17:14:18.0234 2952 ql1280 - ok
17:14:18.0281 2952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:14:18.0390 2952 RasAcd - ok
17:14:18.0421 2952 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:14:18.0546 2952 Rasl2tp - ok
17:14:18.0562 2952 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:14:18.0703 2952 RasPppoe - ok
17:14:18.0718 2952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:14:18.0859 2952 Raspti - ok
17:14:18.0890 2952 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:14:19.0015 2952 Rdbss - ok
17:14:19.0046 2952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:14:19.0171 2952 RDPCDD - ok
17:14:19.0203 2952 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:14:19.0328 2952 rdpdr - ok
17:14:19.0390 2952 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:14:19.0406 2952 RDPWD - ok
17:14:19.0437 2952 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:14:19.0578 2952 redbook - ok
17:14:19.0593 2952 rootrepeal - ok
17:14:19.0671 2952 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
17:14:19.0671 2952 RsFx0103 - ok
17:14:19.0734 2952 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:14:19.0859 2952 rtl8139 - ok
17:14:19.0921 2952 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:14:19.0968 2952 Secdrv - ok
17:14:20.0031 2952 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:14:20.0156 2952 serenum - ok
17:14:20.0187 2952 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:14:20.0296 2952 Serial - ok
17:14:20.0328 2952 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:14:20.0453 2952 Sfloppy - ok
17:14:20.0468 2952 Simbad - ok
17:14:20.0531 2952 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:14:20.0656 2952 SLIP - ok
17:14:20.0687 2952 Sparrow - ok
17:14:20.0734 2952 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:14:20.0843 2952 splitter - ok
17:14:20.0906 2952 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
17:14:20.0906 2952 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
17:14:20.0906 2952 sptd ( LockedFile.Multi.Generic ) - warning
17:14:20.0906 2952 sptd - detected LockedFile.Multi.Generic (1)
17:14:20.0968 2952 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:14:21.0015 2952 sr - ok
17:14:21.0062 2952 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:14:21.0078 2952 Srv - ok
17:14:21.0140 2952 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
17:14:21.0140 2952 ss_bbus - ok
17:14:21.0187 2952 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
17:14:21.0203 2952 ss_bmdfl - ok
17:14:21.0234 2952 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
17:14:21.0250 2952 ss_bmdm - ok
17:14:21.0328 2952 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:14:21.0437 2952 streamip - ok
17:14:21.0484 2952 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:14:21.0593 2952 swenum - ok
17:14:21.0640 2952 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:14:21.0781 2952 swmidi - ok
17:14:21.0812 2952 symc810 - ok
17:14:21.0828 2952 symc8xx - ok
17:14:21.0859 2952 sym_hi - ok
17:14:21.0890 2952 sym_u3 - ok
17:14:21.0953 2952 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:14:22.0062 2952 sysaudio - ok
17:14:22.0140 2952 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:14:22.0187 2952 Tcpip - ok
17:14:22.0250 2952 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:14:22.0375 2952 TDPIPE - ok
17:14:22.0406 2952 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:14:22.0546 2952 TDTCP - ok
17:14:22.0593 2952 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:14:22.0718 2952 TermDD - ok
17:14:22.0750 2952 TosIde - ok
17:14:22.0812 2952 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:14:22.0953 2952 Udfs - ok
17:14:22.0968 2952 ultra - ok
17:14:23.0031 2952 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:14:23.0156 2952 Update - ok
17:14:23.0218 2952 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:14:23.0359 2952 usbccgp - ok
17:14:23.0406 2952 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:14:23.0531 2952 usbehci - ok
17:14:23.0562 2952 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:14:23.0687 2952 usbhub - ok
17:14:23.0718 2952 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:14:23.0828 2952 usbohci - ok
17:14:23.0875 2952 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:14:24.0015 2952 USBSTOR - ok
17:14:24.0046 2952 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:14:24.0171 2952 VgaSave - ok
17:14:24.0312 2952 VIAHdAudAddService (cbc1ce0a1fce0deed4f6f093be91d132) C:\WINDOWS\system32\drivers\viahduaa.sys
17:14:24.0375 2952 VIAHdAudAddService - ok
17:14:24.0421 2952 ViaIde - ok
17:14:24.0453 2952 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:14:24.0593 2952 VolSnap - ok
17:14:24.0640 2952 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:14:24.0765 2952 Wanarp - ok
17:14:24.0796 2952 WDICA - ok
17:14:24.0843 2952 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:14:24.0968 2952 wdmaud - ok
17:14:25.0031 2952 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:14:25.0140 2952 WmiAcpi - ok
17:14:25.0187 2952 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:14:25.0312 2952 WS2IFSL - ok
17:14:25.0375 2952 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:14:25.0484 2952 WSTCODEC - ok
17:14:25.0531 2952 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:14:25.0531 2952 WudfPf - ok
17:14:25.0578 2952 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:14:25.0578 2952 WudfRd - ok
17:14:25.0609 2952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:14:25.0656 2952 \Device\Harddisk0\DR0 - ok
17:14:25.0671 2952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
17:14:25.0906 2952 \Device\Harddisk2\DR2 ( TDSS File System ) - warning
17:14:25.0906 2952 \Device\Harddisk2\DR2 - detected TDSS File System (1)
17:14:25.0906 2952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:14:25.0968 2952 \Device\Harddisk1\DR1 - ok
17:14:25.0968 2952 Boot (0x1200) (57a5dc99b56e9005f2431a948e997904) \Device\Harddisk0\DR0\Partition0
17:14:25.0968 2952 \Device\Harddisk0\DR0\Partition0 - ok
17:14:25.0968 2952 Boot (0x1200) (8b1ec730cb92ce601529b2b77ef94f2e) \Device\Harddisk2\DR2\Partition0
17:14:25.0968 2952 \Device\Harddisk2\DR2\Partition0 - ok
17:14:25.0984 2952 Boot (0x1200) (be9dcdf9482ad37e6e4e0c93eece7738) \Device\Harddisk2\DR2\Partition1
17:14:25.0984 2952 \Device\Harddisk2\DR2\Partition1 - ok
17:14:25.0984 2952 Boot (0x1200) (67643b5bd28842b200c744127f5afd21) \Device\Harddisk1\DR1\Partition0
17:14:26.0000 2952 \Device\Harddisk1\DR1\Partition0 - ok
17:14:26.0000 2952 ============================================================
17:14:26.0000 2952 Scan finished
17:14:26.0000 2952 ============================================================
17:14:26.0109 3348 Detected object count: 7
17:14:26.0109 3348 Actual detected object count: 7
17:17:02.0328 3348 AR5211 ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:02.0343 3348 AR5211 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:02.0343 3348 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:02.0343 3348 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:02.0343 3348 Dokan ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:02.0343 3348 Dokan ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:02.0343 3348 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:02.0343 3348 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:02.0343 3348 hidusbf ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:02.0343 3348 hidusbf ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:02.0343 3348 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:17:02.0343 3348 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:17:02.0343 3348 \Device\Harddisk2\DR2 ( TDSS File System ) - skipped by user
17:17:02.0343 3348 \Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Skip
PS:
Jediné co z reportu "suspicious" poznám je
SPTD - Daemon Tools driver na virtual mechaniku?
Dokan - driver na souborovy system pro capsa.cz
FsUsbExDisk - nevím
hidusbf - ovladac na vyssi rate USB
Aver - od Aver jsem mel TVtuner, uz nemam odstanit ?
AR5211 - nevim
Re: Vypínání/zapínání PC. Sekání při datovém přenosu?
Na dump ten nekouknu, nejsem u svého pc.
Máte tam pěknou potvoru, rootkita TDSS.
Máte tam pěknou potvoru, rootkita TDSS.
vyosek píše:
- Ukoncete vsechny programy
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Pockejte na dokonceni PreScanu
- Zvolte moznost Prohledat (scan)
- Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Vypínání/zapínání PC. Sekání při datovém přenosu?
RogueKiller V7.3.1 [03/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: kundibal [Admin rights]
Mode: Scan -- Date: 03/17/2012 21:57:44
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 5 ¤¤¤
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3320620AS +++++
--- User ---
[MBR] 0d5042f8689668c196c7fe6e7c8de20d
[BSP] d19af4eddeca007fdce9913b4d3d5b5b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305244 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD3200JS-63PDB1 +++++
--- User ---
[MBR] 4afb9005cffff188ea60da997fd1bdf9
[BSP] 271139afabcce979652f030bac56718c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: WDC WD800JB-00ETA0 +++++
--- User ---
[MBR] feae3003caf1d816bac254095d89c2b1
[BSP] 8e32c701c58ec603a3c76f06986da3a8 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 24999 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 51199155 | Size: 51309 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: kundibal [Admin rights]
Mode: Scan -- Date: 03/17/2012 21:57:44
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 5 ¤¤¤
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3320620AS +++++
--- User ---
[MBR] 0d5042f8689668c196c7fe6e7c8de20d
[BSP] d19af4eddeca007fdce9913b4d3d5b5b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305244 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD3200JS-63PDB1 +++++
--- User ---
[MBR] 4afb9005cffff188ea60da997fd1bdf9
[BSP] 271139afabcce979652f030bac56718c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: WDC WD800JB-00ETA0 +++++
--- User ---
[MBR] feae3003caf1d816bac254095d89c2b1
[BSP] 8e32c701c58ec603a3c76f06986da3a8 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 24999 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 51199155 | Size: 51309 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Re: Vypínání/zapínání PC. Sekání při datovém přenosu?
Zazálohujte si důležitá data, pro jistotu Spusťte combofix podle tohoto návoduhttp://www.bleepingcomputer.com/combofi ... t-combofix
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Vypínání/zapínání PC. Sekání při datovém přenosu?
Další věc co PC dělá - po bootu do windows nejde spustit Chrome, ani jiné věci. Např. internet explorer jde. Ale nespustím např. ten Chrome, nebo jsem chtěl síťové připojení spustit - nic. Jen se vidím proces v taskmanageru a nic. Po cca minutě začne HDD něco chroustat a potom jde vše normálně.
Combofix zase BSOD - http://leteckaposta.cz/844091509 dump.
Tak jsem ho spustil v safe modu:
ComboFix 12-03-17.01 - kundibal 18.03.2012 7:42.4.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3327.2879 [GMT 1:00]
Spuštěný z: e:\documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{F232C87C-6E92-4775-8210-DFE90B7777D9}\PostBuild.exe
c:\documents and settings\kundibal\WINDOWS
c:\windows\m
c:\windows\m\KB2544521-IE7\spuninst\spuninst.exe
c:\windows\m\KB2544521-IE7\spuninst\spuninst.inf
c:\windows\m\KB2544521-IE7\spuninst\spuninst.txt
c:\windows\m\KB2544521-IE7\spuninst\updspapi.dll
c:\windows\m\KB2544521-IE7\vgx.dll
c:\windows\m\KB2559049-IE7\advpack.dll
c:\windows\m\KB2559049-IE7\advpack.dll.000
c:\windows\m\KB2559049-IE7\corpol.dll
c:\windows\m\KB2559049-IE7\dxtmsft.dll
c:\windows\m\KB2559049-IE7\dxtrans.dll
c:\windows\m\KB2559049-IE7\extmgr.dll
c:\windows\m\KB2559049-IE7\html.iec
c:\windows\m\KB2559049-IE7\icardie.dll
c:\windows\m\KB2559049-IE7\icardie.dll.000
c:\windows\m\KB2559049-IE7\ie4uinit.exe
c:\windows\m\KB2559049-IE7\ieakeng.dll
c:\windows\m\KB2559049-IE7\ieaksie.dll
c:\windows\m\KB2559049-IE7\ieakui.dll
c:\windows\m\KB2559049-IE7\ieapfltr.dat
c:\windows\m\KB2559049-IE7\ieapfltr.dll
c:\windows\m\KB2559049-IE7\ieapfltr.dll.000
c:\windows\m\KB2559049-IE7\iedkcs32.dll
c:\windows\m\KB2559049-IE7\ieencode.dll
c:\windows\m\KB2559049-IE7\ieframe.dll
c:\windows\m\KB2559049-IE7\ieframe.dll.000
c:\windows\m\KB2559049-IE7\ieframe.dll.mui
c:\windows\m\KB2559049-IE7\ieframe.dll.mui.000
c:\windows\m\KB2559049-IE7\iepeers.dll
c:\windows\m\KB2559049-IE7\iernonce.dll
c:\windows\m\KB2559049-IE7\iertutil.dll
c:\windows\m\KB2559049-IE7\iertutil.dll.000
c:\windows\m\KB2559049-IE7\ieudinit.exe
c:\windows\m\KB2559049-IE7\iexplore.exe
c:\windows\m\KB2559049-IE7\inetcpl.cpl
c:\windows\m\KB2559049-IE7\jsproxy.dll
c:\windows\m\KB2559049-IE7\msfeeds.dll
c:\windows\m\KB2559049-IE7\msfeeds.dll.000
c:\windows\m\KB2559049-IE7\msfeedsbs.dll
c:\windows\m\KB2559049-IE7\msfeedsbs.dll.000
c:\windows\m\KB2559049-IE7\mshtml.dll
c:\windows\m\KB2559049-IE7\mshtml.dll.000
c:\windows\m\KB2559049-IE7\mshtmled.dll
c:\windows\m\KB2559049-IE7\msrating.dll
c:\windows\m\KB2559049-IE7\mstime.dll
c:\windows\m\KB2559049-IE7\occache.dll
c:\windows\m\KB2559049-IE7\pngfilt.dll
c:\windows\m\KB2559049-IE7\reg00002
c:\windows\m\KB2559049-IE7\reg00003
c:\windows\m\KB2559049-IE7\reg00004
c:\windows\m\KB2559049-IE7\reg00005
c:\windows\m\KB2559049-IE7\reg00006
c:\windows\m\KB2559049-IE7\reg00007
c:\windows\m\KB2559049-IE7\reg00008
c:\windows\m\KB2559049-IE7\reg00009
c:\windows\m\KB2559049-IE7\reg00010
c:\windows\m\KB2559049-IE7\reg00011
c:\windows\m\KB2559049-IE7\reg00012
c:\windows\m\KB2559049-IE7\reg00013
c:\windows\m\KB2559049-IE7\reg00014
c:\windows\m\KB2559049-IE7\reg00015
c:\windows\m\KB2559049-IE7\reg00016
c:\windows\m\KB2559049-IE7\reg00017
c:\windows\m\KB2559049-IE7\reg00018
c:\windows\m\KB2559049-IE7\reg00019
c:\windows\m\KB2559049-IE7\reg00020
c:\windows\m\KB2559049-IE7\reg00021
c:\windows\m\KB2559049-IE7\reg00022
c:\windows\m\KB2559049-IE7\spuninst\spuninst.exe
c:\windows\m\KB2559049-IE7\spuninst\spuninst.inf
c:\windows\m\KB2559049-IE7\spuninst\spuninst.txt
c:\windows\m\KB2559049-IE7\spuninst\updspapi.dll
c:\windows\m\KB2559049-IE7\url.dll
c:\windows\m\KB2559049-IE7\url.dll.000
c:\windows\m\KB2559049-IE7\urlmon.dll
c:\windows\m\KB2559049-IE7\urlmon.dll.000
c:\windows\m\KB2559049-IE7\webcheck.dll
c:\windows\m\KB2559049-IE7\webcheck.dll.000
c:\windows\m\KB2559049-IE7\wininet.dll
c:\windows\m\KB2559049-IE7\wininet.dll.000
c:\windows\m\KB2586448-IE7\advpack.dll
c:\windows\m\KB2586448-IE7\corpol.dll
c:\windows\m\KB2586448-IE7\dxtmsft.dll
c:\windows\m\KB2586448-IE7\dxtrans.dll
c:\windows\m\KB2586448-IE7\extmgr.dll
c:\windows\m\KB2586448-IE7\html.iec
c:\windows\m\KB2586448-IE7\icardie.dll
c:\windows\m\KB2586448-IE7\ie4uinit.exe
c:\windows\m\KB2586448-IE7\ieakeng.dll
c:\windows\m\KB2586448-IE7\ieaksie.dll
c:\windows\m\KB2586448-IE7\ieakui.dll
c:\windows\m\KB2586448-IE7\ieapfltr.dll
c:\windows\m\KB2586448-IE7\iedkcs32.dll
c:\windows\m\KB2586448-IE7\ieencode.dll
c:\windows\m\KB2586448-IE7\ieframe.dll
c:\windows\m\KB2586448-IE7\ieframe.dll.mui
c:\windows\m\KB2586448-IE7\iepeers.dll
c:\windows\m\KB2586448-IE7\iernonce.dll
c:\windows\m\KB2586448-IE7\iertutil.dll
c:\windows\m\KB2586448-IE7\ieudinit.exe
c:\windows\m\KB2586448-IE7\iexplore.exe
c:\windows\m\KB2586448-IE7\inetcpl.cpl
c:\windows\m\KB2586448-IE7\jsproxy.dll
c:\windows\m\KB2586448-IE7\msfeeds.dll
c:\windows\m\KB2586448-IE7\msfeedsbs.dll
c:\windows\m\KB2586448-IE7\mshtml.dll
c:\windows\m\KB2586448-IE7\mshtmled.dll
c:\windows\m\KB2586448-IE7\msrating.dll
c:\windows\m\KB2586448-IE7\mstime.dll
c:\windows\m\KB2586448-IE7\occache.dll
c:\windows\m\KB2586448-IE7\pngfilt.dll
c:\windows\m\KB2586448-IE7\reg00002
c:\windows\m\KB2586448-IE7\reg00003
c:\windows\m\KB2586448-IE7\reg00004
c:\windows\m\KB2586448-IE7\reg00005
c:\windows\m\KB2586448-IE7\reg00006
c:\windows\m\KB2586448-IE7\reg00007
c:\windows\m\KB2586448-IE7\reg00008
c:\windows\m\KB2586448-IE7\reg00009
c:\windows\m\KB2586448-IE7\reg00010
c:\windows\m\KB2586448-IE7\reg00011
c:\windows\m\KB2586448-IE7\reg00012
c:\windows\m\KB2586448-IE7\reg00013
c:\windows\m\KB2586448-IE7\reg00014
c:\windows\m\KB2586448-IE7\reg00015
c:\windows\m\KB2586448-IE7\reg00016
c:\windows\m\KB2586448-IE7\reg00017
c:\windows\m\KB2586448-IE7\reg00018
c:\windows\m\KB2586448-IE7\reg00019
c:\windows\m\KB2586448-IE7\reg00020
c:\windows\m\KB2586448-IE7\reg00021
c:\windows\m\KB2586448-IE7\reg00022
c:\windows\m\KB2586448-IE7\spuninst\spuninst.exe
c:\windows\m\KB2586448-IE7\spuninst\spuninst.inf
c:\windows\m\KB2586448-IE7\spuninst\spuninst.txt
c:\windows\m\KB2586448-IE7\spuninst\updspapi.dll
c:\windows\m\KB2586448-IE7\url.dll
c:\windows\m\KB2586448-IE7\urlmon.dll
c:\windows\m\KB2586448-IE7\webcheck.dll
c:\windows\m\KB2586448-IE7\wininet.dll
c:\windows\m\KB2618444-IE7\advpack.dll
c:\windows\m\KB2618444-IE7\corpol.dll
c:\windows\m\KB2618444-IE7\dxtmsft.dll
c:\windows\m\KB2618444-IE7\dxtrans.dll
c:\windows\m\KB2618444-IE7\extmgr.dll
c:\windows\m\KB2618444-IE7\icardie.dll
c:\windows\m\KB2618444-IE7\ie4uinit.exe
c:\windows\m\KB2618444-IE7\ieakeng.dll
c:\windows\m\KB2618444-IE7\ieaksie.dll
c:\windows\m\KB2618444-IE7\ieakui.dll
c:\windows\m\KB2618444-IE7\ieapfltr.dll
c:\windows\m\KB2618444-IE7\iedkcs32.dll
c:\windows\m\KB2618444-IE7\ieencode.dll
c:\windows\m\KB2618444-IE7\ieframe.dll
c:\windows\m\KB2618444-IE7\ieframe.dll.mui
c:\windows\m\KB2618444-IE7\iepeers.dll
c:\windows\m\KB2618444-IE7\iernonce.dll
c:\windows\m\KB2618444-IE7\iertutil.dll
c:\windows\m\KB2618444-IE7\ieudinit.exe
c:\windows\m\KB2618444-IE7\iexplore.exe
c:\windows\m\KB2618444-IE7\inetcpl.cpl
c:\windows\m\KB2618444-IE7\jsproxy.dll
c:\windows\m\KB2618444-IE7\msfeeds.dll
c:\windows\m\KB2618444-IE7\msfeedsbs.dll
c:\windows\m\KB2618444-IE7\mshtml.dll
c:\windows\m\KB2618444-IE7\mshtmled.dll
c:\windows\m\KB2618444-IE7\msrating.dll
c:\windows\m\KB2618444-IE7\mstime.dll
c:\windows\m\KB2618444-IE7\occache.dll
c:\windows\m\KB2618444-IE7\pngfilt.dll
c:\windows\m\KB2618444-IE7\reg00002
c:\windows\m\KB2618444-IE7\reg00003
c:\windows\m\KB2618444-IE7\reg00004
c:\windows\m\KB2618444-IE7\reg00005
c:\windows\m\KB2618444-IE7\reg00006
c:\windows\m\KB2618444-IE7\reg00007
c:\windows\m\KB2618444-IE7\reg00008
c:\windows\m\KB2618444-IE7\reg00009
c:\windows\m\KB2618444-IE7\reg00010
c:\windows\m\KB2618444-IE7\reg00011
c:\windows\m\KB2618444-IE7\reg00012
c:\windows\m\KB2618444-IE7\reg00013
c:\windows\m\KB2618444-IE7\reg00014
c:\windows\m\KB2618444-IE7\reg00015
c:\windows\m\KB2618444-IE7\reg00016
c:\windows\m\KB2618444-IE7\reg00017
c:\windows\m\KB2618444-IE7\reg00018
c:\windows\m\KB2618444-IE7\reg00019
c:\windows\m\KB2618444-IE7\reg00020
c:\windows\m\KB2618444-IE7\reg00021
c:\windows\m\KB2618444-IE7\reg00022
c:\windows\m\KB2618444-IE7\spuninst\spuninst.exe
c:\windows\m\KB2618444-IE7\spuninst\spuninst.inf
c:\windows\m\KB2618444-IE7\spuninst\spuninst.txt
c:\windows\m\KB2618444-IE7\spuninst\updspapi.dll
c:\windows\m\KB2618444-IE7\url.dll
c:\windows\m\KB2618444-IE7\urlmon.dll
c:\windows\m\KB2618444-IE7\webcheck.dll
c:\windows\m\KB2618444-IE7\wininet.dll
c:\windows\m\KB982381-IE7\advpack.dll
c:\windows\m\KB982381-IE7\corpol.dll
c:\windows\m\KB982381-IE7\dxtmsft.dll
c:\windows\m\KB982381-IE7\dxtrans.dll
c:\windows\m\KB982381-IE7\extmgr.dll
c:\windows\m\KB982381-IE7\html.iec
c:\windows\m\KB982381-IE7\icardie.dll
c:\windows\m\KB982381-IE7\ie4uinit.exe
c:\windows\m\KB982381-IE7\ieakeng.dll
c:\windows\m\KB982381-IE7\ieaksie.dll
c:\windows\m\KB982381-IE7\ieakui.dll
c:\windows\m\KB982381-IE7\ieapfltr.dat
c:\windows\m\KB982381-IE7\ieapfltr.dll
c:\windows\m\KB982381-IE7\iedkcs32.dll
c:\windows\m\KB982381-IE7\ieencode.dll
c:\windows\m\KB982381-IE7\ieframe.dll
c:\windows\m\KB982381-IE7\ieframe.dll.mui
c:\windows\m\KB982381-IE7\iepeers.dll
c:\windows\m\KB982381-IE7\iernonce.dll
c:\windows\m\KB982381-IE7\iertutil.dll
c:\windows\m\KB982381-IE7\ieudinit.exe
c:\windows\m\KB982381-IE7\iexplore.exe
c:\windows\m\KB982381-IE7\inetcpl.cpl
c:\windows\m\KB982381-IE7\jsproxy.dll
c:\windows\m\KB982381-IE7\msfeeds.dll
c:\windows\m\KB982381-IE7\msfeedsbs.dll
c:\windows\m\KB982381-IE7\mshtml.dll
c:\windows\m\KB982381-IE7\mshtmled.dll
c:\windows\m\KB982381-IE7\msrating.dll
c:\windows\m\KB982381-IE7\mstime.dll
c:\windows\m\KB982381-IE7\occache.dll
c:\windows\m\KB982381-IE7\pngfilt.dll
c:\windows\m\KB982381-IE7\reg00002
c:\windows\m\KB982381-IE7\reg00003
c:\windows\m\KB982381-IE7\reg00004
c:\windows\m\KB982381-IE7\reg00005
c:\windows\m\KB982381-IE7\reg00006
c:\windows\m\KB982381-IE7\reg00007
c:\windows\m\KB982381-IE7\reg00008
c:\windows\m\KB982381-IE7\reg00009
c:\windows\m\KB982381-IE7\reg00010
c:\windows\m\KB982381-IE7\reg00011
c:\windows\m\KB982381-IE7\reg00012
c:\windows\m\KB982381-IE7\reg00013
c:\windows\m\KB982381-IE7\reg00014
c:\windows\m\KB982381-IE7\reg00015
c:\windows\m\KB982381-IE7\reg00017
c:\windows\m\KB982381-IE7\spuninst\spuninst.exe
c:\windows\m\KB982381-IE7\spuninst\spuninst.inf
c:\windows\m\KB982381-IE7\spuninst\spuninst.txt
c:\windows\m\KB982381-IE7\spuninst\updspapi.dll
c:\windows\m\KB982381-IE7\url.dll
c:\windows\m\KB982381-IE7\urlmon.dll
c:\windows\m\KB982381-IE7\webcheck.dll
c:\windows\m\KB982381-IE7\wininet.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\_000116_.tmp.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET1BA.tmp
c:\windows\system32\SET1BC.tmp
c:\windows\system32\SET1C8.tmp
.
-- Předchozí spuštění --
.
Nakažená kopie c:\windows\system32\drivers\ntfs.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{6C6A3ACC-3069-46F6-92F1-4B1C1B8282E8}\RP254\A0111988.sys
.
--------
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-18 do 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-16 18:08 . 2012-03-16 18:08 -------- d-----w- C:\rsit
2012-03-15 11:42 . 2012-03-15 11:42 -------- d-----w- c:\windows\Installer
2012-03-12 21:10 . 2012-03-15 19:23 -------- d-----w- c:\documents and settings\kundibal\Application Data\dvdcss
2012-03-08 08:32 . 2012-03-08 08:32 -------- d-----w- c:\documents and settings\postgres
2012-03-07 18:20 . 2012-03-07 18:20 -------- d-----w- c:\documents and settings\kundibal\Application Data\ElevatedDiagnostics
2012-03-05 20:10 . 2012-03-05 20:10 -------- d-----w- c:\documents and settings\kundibal\.thumbnails
2012-03-05 20:08 . 2012-03-05 20:08 -------- d-----w- c:\program files\Blender Foundation
2012-03-05 16:23 . 2012-03-05 16:23 -------- d-----w- c:\program files\Lavalys
2012-03-05 16:17 . 2012-03-05 16:17 -------- d-----w- c:\documents and settings\kundibal\Application Data\FreeStone Group
2012-03-05 16:16 . 2012-03-05 16:16 -------- d-----w- c:\program files\Video Card Stability Test
2012-03-03 10:40 . 2012-03-03 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\RELOADED
2012-02-27 20:15 . 2012-02-27 20:15 1492 ----a-w- C:\user.js
2012-02-27 20:15 . 2012-03-07 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\TheBflix
2012-02-27 20:15 . 2012-02-27 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-02-25 08:39 . 2012-02-25 08:39 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 07:11 . 2011-07-20 05:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-10 04:10 . 2011-03-26 10:23 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:10 . 2011-03-26 10:23 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:10 . 2011-03-26 10:23 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:10 . 2011-03-26 10:23 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:10 . 2011-03-26 10:23 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:10 . 2011-03-26 10:23 18620416 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-10 04:10 . 2011-03-26 10:23 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:10 . 2011-03-26 10:23 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-10 04:10 . 2011-03-26 10:23 2292224 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:10 . 2011-03-26 10:23 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:10 . 2011-03-26 10:23 13415040 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-10 03:04 . 2010-10-16 11:05 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-10 03:04 . 2010-10-16 11:05 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-10 03:04 . 2010-10-16 11:05 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-10 03:04 . 2010-10-16 11:05 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:04 . 2010-10-16 11:05 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-12 16:53 . 2008-04-13 23:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 07:50 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-04 17:18 . 2011-08-04 16:13 1834688 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-12-19 08:13 . 2008-04-14 03:42 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:13 . 2008-04-14 03:42 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:13 . 2008-04-14 03:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:13 . 2008-04-14 03:41 17408 ----a-w- c:\windows\system32\corpol.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-05-24 33747360]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 19968]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-10 15494464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-10 108352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVerQuick.lnk]
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^kundibal^Start Menu^Programs^Startup^Warkeys Update.lnk]
backup=c:\windows\pss\Warkeys Update.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2011-06-04 07:40 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-04-03 16:35 136176 ----atw- c:\documents and settings\kundibal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-28 16:38 1987976 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\poxnora\\LaunchPad.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"e:\\Program Files\\Steam\\steamapps\\steam210576\\condition zero\\hl.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"=
"e:\\Program Files\\Steam\\steamapps\\steam210576\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:mysql
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.3.2011 11:23 717296]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [20.12.2011 19:47 4544]
S0 bjrvlvcn;bjrvlvcn;c:\windows\system32\drivers\pmvy.sys --> c:\windows\system32\drivers\pmvy.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.5.2011 16:53 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.5.2011 16:53 307288]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 14:04 115008]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 12:47 94872]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.5.2011 16:53 19544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [19.1.2012 17:09 84608]
S2 DokanMounter;DokanMounter;c:\program files\Capsa.cz\dokanLibrary0.5.3\mounter.exe [19.1.2012 17:09 22016]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [4.6.2011 8:27 233472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8.5.2011 10:36 652360]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;"d:\db poker\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "d:\db poker\data\" --> d:\db poker\bin\pg_ctl.exe [?]
S3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\drivers\AVerAF15DMBTH.sys [3.6.2011 19:54 569728]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4.6.2011 8:27 36608]
S3 GGSAFERDriver;GGSAFER Driver;\??\e:\garena\safedrv.sys --> e:\garena\safedrv.sys [?]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 17:38 1373576]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8.5.2011 10:36 20464]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [27.12.2010 23:50 31124344]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [4.6.2011 8:28 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [4.6.2011 8:28 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [4.6.2011 8:28 121856]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [26.3.2011 11:24 2136224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.7.2009 4:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.3.2009 2:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.3.2009 2:23 366936]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - PARPORT
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1035525444-725345543-1003Core.job
- c:\documents and settings\kundibal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-03 16:35]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1035525444-725345543-1003UA.job
- c:\documents and settings\kundibal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-03 16:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=14672
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-18 08:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-1035525444-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:df,04,24,1a,58,25,42,a3,81,39,82,eb,7a,b7,cc,97,4d,0f,2a,04,f6,
e5,ca,c3,1d,77,58,57,25,c8,22,ec,13,4d,c2,59,dd,fd,e9,a2,24,b5,18,30,82,61,\
"rkeysecu"=hex:93,fb,26,f0,5f,97,92,2b,75,48,ee,0f,22,71,1c,c3
.
Celkový čas: 2012-03-18 08:04:37
ComboFix-quarantined-files.txt 2012-03-18 07:04
.
Před spuštěním: 1 591 140 352 bytes free
Po spuštění: 1 521 152 000 bytes free
.
- - End Of File - - C999DD0C08E5574C0BDD4CBD599CB6F0
spustil jsem TDSSkiller znovu a log stejný
08:15:00.0593 1912 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
08:15:00.0687 1912 ============================================================
08:15:00.0687 1912 Current date / time: 2012/03/18 08:15:00.0687
08:15:00.0687 1912 SystemInfo:
08:15:00.0687 1912
08:15:00.0687 1912 OS Version: 5.1.2600 ServicePack: 3.0
08:15:00.0687 1912 Product type: Workstation
08:15:00.0687 1912 ComputerName: BITCH
08:15:00.0687 1912 UserName: kundibal
08:15:00.0687 1912 Windows directory: C:\WINDOWS
08:15:00.0687 1912 System windows directory: C:\WINDOWS
08:15:00.0687 1912 Processor architecture: Intel x86
08:15:00.0687 1912 Number of processors: 2
08:15:00.0687 1912 Page size: 0x1000
08:15:00.0687 1912 Boot type: Normal boot
08:15:00.0687 1912 ============================================================
08:15:01.0843 1912 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97695, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054
08:15:01.0859 1912 Drive \Device\Harddisk2\DR2 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:15:01.0859 1912 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:15:01.0859 1912 \Device\Harddisk0\DR0:
08:15:01.0875 1912 MBR used
08:15:01.0875 1912 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542E681
08:15:01.0875 1912 \Device\Harddisk2\DR2:
08:15:01.0875 1912 MBR used
08:15:01.0875 1912 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3C74
08:15:01.0890 1912 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x30D3CF2, BlocksNum 0x643690E
08:15:01.0890 1912 \Device\Harddisk1\DR1:
08:15:01.0890 1912 MBR used
08:15:01.0890 1912 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
08:15:01.0984 1912 Initialize success
08:15:01.0984 1912 ============================================================
08:15:05.0906 2980 ============================================================
08:15:05.0906 2980 Scan started
08:15:05.0906 2980 Mode: Manual;
08:15:05.0906 2980 ============================================================
08:15:07.0031 2980 Aavmker4 (78a4db23bb4e8d4349e164d1d90af73f) C:\WINDOWS\system32\drivers\Aavmker4.sys
08:15:07.0031 2980 Aavmker4 - ok
08:15:07.0093 2980 Abiosdsk - ok
08:15:07.0125 2980 abp480n5 - ok
08:15:07.0171 2980 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:15:07.0171 2980 ACPI - ok
08:15:07.0218 2980 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:15:07.0218 2980 ACPIEC - ok
08:15:07.0250 2980 adpu160m - ok
08:15:07.0296 2980 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:15:07.0296 2980 aec - ok
08:15:07.0359 2980 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:15:07.0359 2980 AFD - ok
08:15:07.0390 2980 Aha154x - ok
08:15:07.0406 2980 aic78u2 - ok
08:15:07.0437 2980 aic78xx - ok
08:15:07.0453 2980 AliIde - ok
08:15:07.0468 2980 amsint - ok
08:15:07.0562 2980 AR5211 (3cb8e72b7c9887b42b90000e8cb1e7be) C:\WINDOWS\system32\DRIVERS\ar5211.sys
08:15:07.0562 2980 AR5211 - ok
08:15:07.0578 2980 asc - ok
08:15:07.0609 2980 asc3350p - ok
08:15:07.0640 2980 asc3550 - ok
08:15:07.0671 2980 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:15:07.0671 2980 aswFsBlk - ok
08:15:07.0703 2980 aswMon2 (2ce6da466687cbb3b97e59f8831a27cb) C:\WINDOWS\system32\drivers\aswMon2.sys
08:15:07.0703 2980 aswMon2 - ok
08:15:07.0734 2980 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\WINDOWS\system32\drivers\aswRdr.sys
08:15:07.0734 2980 aswRdr - ok
08:15:07.0781 2980 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\WINDOWS\system32\drivers\aswSnx.sys
08:15:07.0781 2980 aswSnx - ok
08:15:07.0828 2980 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\WINDOWS\system32\drivers\aswSP.sys
08:15:07.0828 2980 aswSP - ok
08:15:07.0859 2980 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\WINDOWS\system32\drivers\aswTdi.sys
08:15:07.0859 2980 aswTdi - ok
08:15:07.0921 2980 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:15:07.0921 2980 AsyncMac - ok
08:15:07.0953 2980 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:15:07.0953 2980 atapi - ok
08:15:07.0984 2980 Atdisk - ok
08:15:08.0031 2980 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
08:15:08.0046 2980 atksgt - ok
08:15:08.0078 2980 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:15:08.0078 2980 Atmarpc - ok
08:15:08.0125 2980 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:15:08.0125 2980 audstub - ok
08:15:08.0203 2980 AVerAF15DMBTH (3e851cc6db0c07a8cc640fd03eb6fdae) C:\WINDOWS\system32\Drivers\AVerAF15DMBTH.sys
08:15:08.0203 2980 AVerAF15DMBTH - ok
08:15:08.0218 2980 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:15:08.0218 2980 Beep - ok
08:15:08.0250 2980 bjrvlvcn - ok
08:15:08.0328 2980 catchme - ok
08:15:08.0359 2980 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:15:08.0359 2980 cbidf2k - ok
08:15:08.0406 2980 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:15:08.0406 2980 CCDECODE - ok
08:15:08.0421 2980 cd20xrnt - ok
08:15:08.0453 2980 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:15:08.0453 2980 Cdaudio - ok
08:15:08.0484 2980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:15:08.0484 2980 Cdfs - ok
08:15:08.0484 2980 Scan interrupted by user!
08:15:08.0484 2980 Scan interrupted by user!
08:15:08.0484 2980 Scan interrupted by user!
08:15:08.0484 2980 ============================================================
08:15:08.0484 2980 Scan finished
08:15:08.0484 2980 ============================================================
08:15:08.0484 2972 Detected object count: 0
08:15:08.0484 2972 Actual detected object count: 0
08:15:08.0921 2840 ============================================================
08:15:08.0921 2840 Scan started
08:15:08.0921 2840 Mode: Manual; SigCheck; TDLFS;
08:15:08.0921 2840 ============================================================
08:15:09.0156 2840 Aavmker4 (78a4db23bb4e8d4349e164d1d90af73f) C:\WINDOWS\system32\drivers\Aavmker4.sys
08:15:09.0250 2840 Aavmker4 - ok
08:15:09.0281 2840 Abiosdsk - ok
08:15:09.0312 2840 abp480n5 - ok
08:15:09.0359 2840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:15:09.0468 2840 ACPI - ok
08:15:09.0515 2840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:15:09.0625 2840 ACPIEC - ok
08:15:09.0640 2840 adpu160m - ok
08:15:09.0703 2840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:15:09.0812 2840 aec - ok
08:15:09.0859 2840 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:15:09.0875 2840 AFD - ok
08:15:09.0906 2840 Aha154x - ok
08:15:09.0921 2840 aic78u2 - ok
08:15:09.0953 2840 aic78xx - ok
08:15:09.0984 2840 AliIde - ok
08:15:10.0000 2840 amsint - ok
08:15:10.0062 2840 AR5211 (3cb8e72b7c9887b42b90000e8cb1e7be) C:\WINDOWS\system32\DRIVERS\ar5211.sys
08:15:10.0078 2840 AR5211 ( UnsignedFile.Multi.Generic ) - warning
08:15:10.0078 2840 AR5211 - detected UnsignedFile.Multi.Generic (1)
08:15:10.0109 2840 asc - ok
08:15:10.0125 2840 asc3350p - ok
08:15:10.0156 2840 asc3550 - ok
08:15:10.0234 2840 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:15:10.0250 2840 aswFsBlk - ok
08:15:10.0281 2840 aswMon2 (2ce6da466687cbb3b97e59f8831a27cb) C:\WINDOWS\system32\drivers\aswMon2.sys
08:15:10.0296 2840 aswMon2 - ok
08:15:10.0312 2840 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\WINDOWS\system32\drivers\aswRdr.sys
08:15:10.0328 2840 aswRdr - ok
08:15:10.0359 2840 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\WINDOWS\system32\drivers\aswSnx.sys
08:15:10.0375 2840 aswSnx - ok
08:15:10.0421 2840 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\WINDOWS\system32\drivers\aswSP.sys
08:15:10.0437 2840 aswSP - ok
08:15:10.0468 2840 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\WINDOWS\system32\drivers\aswTdi.sys
08:15:10.0484 2840 aswTdi - ok
08:15:10.0515 2840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:15:10.0640 2840 AsyncMac - ok
08:15:10.0671 2840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:15:10.0796 2840 atapi - ok
08:15:10.0828 2840 Atdisk - ok
08:15:10.0890 2840 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
08:15:10.0906 2840 atksgt - ok
08:15:10.0937 2840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:15:11.0062 2840 Atmarpc - ok
08:15:11.0109 2840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:15:11.0234 2840 audstub - ok
08:15:11.0312 2840 AVerAF15DMBTH (3e851cc6db0c07a8cc640fd03eb6fdae) C:\WINDOWS\system32\Drivers\AVerAF15DMBTH.sys
08:15:11.0343 2840 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - warning
08:15:11.0343 2840 AVerAF15DMBTH - detected UnsignedFile.Multi.Generic (1)
08:15:11.0375 2840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:15:11.0500 2840 Beep - ok
08:15:11.0531 2840 bjrvlvcn - ok
08:15:11.0609 2840 catchme - ok
08:15:11.0656 2840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:15:11.0781 2840 cbidf2k - ok
08:15:11.0843 2840 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:15:11.0968 2840 CCDECODE - ok
08:15:12.0000 2840 cd20xrnt - ok
08:15:12.0031 2840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:15:12.0140 2840 Cdaudio - ok
08:15:12.0203 2840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:15:12.0328 2840 Cdfs - ok
08:15:12.0390 2840 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:15:12.0515 2840 Cdrom - ok
08:15:12.0531 2840 Changer - ok
08:15:12.0562 2840 CmdIde - ok
08:15:12.0593 2840 Cpqarray - ok
08:15:12.0609 2840 dac2w2k - ok
08:15:12.0625 2840 dac960nt - ok
08:15:12.0640 2840 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:15:12.0796 2840 Disk - ok
08:15:12.0843 2840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:15:12.0968 2840 dmboot - ok
08:15:13.0015 2840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:15:13.0140 2840 dmio - ok
08:15:13.0171 2840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:15:13.0296 2840 dmload - ok
08:15:13.0359 2840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:15:13.0484 2840 DMusic - ok
08:15:13.0515 2840 Dokan (bf94acf77e2c7458d91d0bef8718eece) C:\WINDOWS\system32\drivers\dokan.sys
08:15:13.0531 2840 Dokan ( UnsignedFile.Multi.Generic ) - warning
08:15:13.0531 2840 Dokan - detected UnsignedFile.Multi.Generic (1)
08:15:13.0562 2840 dpti2o - ok
08:15:13.0609 2840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:15:13.0734 2840 drmkaud - ok
08:15:13.0765 2840 dsNcAdpt - ok
08:15:13.0796 2840 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys
08:15:13.0812 2840 eamon - ok
08:15:13.0859 2840 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
08:15:13.0859 2840 ehdrv - ok
08:15:13.0890 2840 epfwtdir (aa0667eb9a92414abb784c101a6c7fec) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
08:15:13.0906 2840 epfwtdir - ok
08:15:13.0953 2840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:15:14.0093 2840 Fastfat - ok
08:15:14.0125 2840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:15:14.0250 2840 Fdc - ok
08:15:14.0281 2840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:15:14.0406 2840 Fips - ok
08:15:14.0437 2840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:15:14.0562 2840 Flpydisk - ok
08:15:14.0609 2840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:15:14.0718 2840 FltMgr - ok
08:15:14.0765 2840 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
08:15:14.0765 2840 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
08:15:14.0765 2840 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
08:15:14.0843 2840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:15:14.0968 2840 Fs_Rec - ok
08:15:15.0015 2840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:15:15.0140 2840 Ftdisk - ok
08:15:15.0156 2840 GGSAFERDriver - ok
08:15:15.0187 2840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:15:15.0312 2840 Gpc - ok
08:15:15.0359 2840 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
08:15:15.0375 2840 hamachi - ok
08:15:15.0421 2840 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:15:15.0546 2840 HDAudBus - ok
08:15:15.0593 2840 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:15:15.0718 2840 hidusb - ok
08:15:15.0750 2840 hidusbf (34f0823be25aed4992fd9fcf587f50d5) C:\WINDOWS\system32\DRIVERS\hidusbf.sys
08:15:15.0750 2840 hidusbf ( UnsignedFile.Multi.Generic ) - warning
08:15:15.0750 2840 hidusbf - detected UnsignedFile.Multi.Generic (1)
08:15:15.0781 2840 hpn - ok
08:15:15.0828 2840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:15:15.0843 2840 HTTP - ok
08:15:15.0875 2840 i2omgmt - ok
08:15:15.0921 2840 i2omp - ok
08:15:15.0953 2840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:15:16.0062 2840 i8042prt - ok
08:15:16.0093 2840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:15:16.0234 2840 Imapi - ok
08:15:16.0250 2840 ini910u - ok
08:15:16.0265 2840 IntelIde - ok
08:15:16.0312 2840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:15:16.0437 2840 Ip6Fw - ok
08:15:16.0484 2840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:15:16.0593 2840 IpFilterDriver - ok
08:15:16.0625 2840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:15:16.0734 2840 IpInIp - ok
08:15:16.0765 2840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:15:16.0890 2840 IpNat - ok
08:15:16.0906 2840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:15:17.0046 2840 IPSec - ok
08:15:17.0093 2840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:15:17.0156 2840 IRENUM - ok
08:15:17.0218 2840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:15:17.0328 2840 isapnp - ok
08:15:17.0390 2840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:15:17.0500 2840 Kbdclass - ok
08:15:17.0562 2840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:15:17.0687 2840 kmixer - ok
08:15:17.0734 2840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:15:17.0750 2840 KSecDD - ok
08:15:17.0796 2840 L1e (101457d884e3dd4636baefb9b7e7d3f3) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
08:15:17.0812 2840 L1e - ok
08:15:17.0843 2840 lbrtfdc - ok
08:15:17.0906 2840 LHidFlt2 (63b00a26f62572e0d58e6c8d3b32bf59) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
08:15:17.0921 2840 LHidFlt2 - ok
08:15:17.0968 2840 LHidUsb (ac05a1b5c66d693b1598fd83617d1820) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
08:15:17.0968 2840 LHidUsb - ok
08:15:18.0000 2840 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
08:15:18.0015 2840 lirsgt - ok
08:15:18.0078 2840 LMouFlt2 (03abef1a29addc98c32ed0f336b98e90) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
08:15:18.0109 2840 LMouFlt2 - ok
08:15:18.0156 2840 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
08:15:18.0156 2840 MBAMProtector - ok
08:15:18.0218 2840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:15:18.0343 2840 mnmdd - ok
08:15:18.0390 2840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:15:18.0515 2840 Modem - ok
08:15:18.0593 2840 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
08:15:18.0671 2840 monfilt - ok
08:15:18.0718 2840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:15:18.0828 2840 Mouclass - ok
08:15:18.0859 2840 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:15:18.0984 2840 mouhid - ok
08:15:19.0000 2840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:15:19.0109 2840 MountMgr - ok
08:15:19.0187 2840 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
08:15:19.0296 2840 MPE - ok
08:15:19.0328 2840 mraid35x - ok
08:15:19.0359 2840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:15:19.0500 2840 MRxDAV - ok
08:15:19.0546 2840 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:15:19.0593 2840 MRxSmb - ok
08:15:19.0609 2840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:15:19.0750 2840 Msfs - ok
08:15:19.0796 2840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:15:19.0921 2840 MSKSSRV - ok
08:15:19.0968 2840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:15:20.0078 2840 MSPCLOCK - ok
08:15:20.0109 2840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:15:20.0234 2840 MSPQM - ok
08:15:20.0281 2840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:15:20.0390 2840 mssmbios - ok
08:15:20.0453 2840 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:15:20.0578 2840 MSTEE - ok
08:15:20.0609 2840 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
08:15:20.0625 2840 MTsensor - ok
08:15:20.0656 2840 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:15:20.0671 2840 Mup - ok
08:15:20.0703 2840 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:15:20.0828 2840 NABTSFEC - ok
08:15:20.0875 2840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:15:21.0000 2840 NDIS - ok
08:15:21.0031 2840 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:15:21.0140 2840 NdisIP - ok
08:15:21.0187 2840 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:15:21.0187 2840 NdisTapi - ok
08:15:21.0234 2840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:15:21.0390 2840 Ndisuio - ok
08:15:21.0421 2840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:15:21.0531 2840 NdisWan - ok
08:15:21.0578 2840 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:15:21.0578 2840 NDProxy - ok
08:15:21.0625 2840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:15:21.0734 2840 NetBIOS - ok
08:15:21.0765 2840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:15:21.0875 2840 NetBT - ok
08:15:21.0906 2840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:15:22.0015 2840 Npfs - ok
08:15:22.0093 2840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:15:22.0218 2840 Ntfs - ok
08:15:22.0265 2840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:15:22.0390 2840 Null - ok
08:15:22.0765 2840 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:15:23.0093 2840 nv - ok
08:15:23.0171 2840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:15:23.0281 2840 NwlnkFlt - ok
08:15:23.0312 2840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:15:23.0437 2840 NwlnkFwd - ok
08:15:23.0515 2840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
08:15:23.0625 2840 Parport - ok
08:15:23.0656 2840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:15:23.0781 2840 PartMgr - ok
08:15:23.0828 2840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:15:23.0937 2840 ParVdm - ok
08:15:23.0984 2840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:15:24.0093 2840 PCI - ok
08:15:24.0125 2840 PCIDump - ok
08:15:24.0156 2840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:15:24.0281 2840 PCIIde - ok
08:15:24.0328 2840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:15:24.0453 2840 Pcmcia - ok
08:15:24.0468 2840 PDCOMP - ok
08:15:24.0500 2840 PDFRAME - ok
08:15:24.0515 2840 PDRELI - ok
08:15:24.0546 2840 PDRFRAME - ok
08:15:24.0562 2840 perc2 - ok
08:15:24.0593 2840 perc2hib - ok
08:15:24.0640 2840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:15:24.0750 2840 PptpMiniport - ok
08:15:24.0796 2840 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:15:24.0921 2840 Processor - ok
08:15:24.0953 2840 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:15:25.0062 2840 PSched - ok
08:15:25.0093 2840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:15:25.0203 2840 Ptilink - ok
08:15:25.0250 2840 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:15:25.0265 2840 PxHelp20 - ok
08:15:25.0281 2840 ql1080 - ok
08:15:25.0312 2840 Ql10wnt - ok
08:15:25.0328 2840 ql12160 - ok
08:15:25.0359 2840 ql1240 - ok
08:15:25.0390 2840 ql1280 - ok
08:15:25.0390 2840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:15:25.0531 2840 RasAcd - ok
08:15:25.0546 2840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:15:25.0671 2840 Rasl2tp - ok
08:15:25.0703 2840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:15:25.0812 2840 RasPppoe - ok
08:15:25.0828 2840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:15:25.0953 2840 Raspti - ok
08:15:25.0984 2840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:15:26.0093 2840 Rdbss - ok
08:15:26.0109 2840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:15:26.0234 2840 RDPCDD - ok
08:15:26.0281 2840 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:15:26.0390 2840 rdpdr - ok
08:15:26.0437 2840 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:15:26.0453 2840 RDPWD - ok
08:15:26.0468 2840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:15:26.0625 2840 redbook - ok
08:15:26.0671 2840 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
08:15:26.0687 2840 RsFx0103 - ok
08:15:26.0750 2840 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
08:15:26.0859 2840 rtl8139 - ok
08:15:26.0906 2840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:15:26.0953 2840 Secdrv - ok
08:15:27.0000 2840 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:15:27.0109 2840 serenum - ok
08:15:27.0125 2840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:15:27.0250 2840 Serial - ok
08:15:27.0296 2840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:15:27.0406 2840 Sfloppy - ok
08:15:27.0437 2840 Simbad - ok
08:15:27.0484 2840 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:15:27.0593 2840 SLIP - ok
08:15:27.0609 2840 Sparrow - ok
08:15:27.0687 2840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:15:27.0796 2840 splitter - ok
08:15:27.0859 2840 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
08:15:27.0859 2840 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
08:15:27.0859 2840 sptd ( LockedFile.Multi.Generic ) - warning
08:15:27.0859 2840 sptd - detected LockedFile.Multi.Generic (1)
08:15:27.0906 2840 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:15:27.0953 2840 sr - ok
08:15:28.0000 2840 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:15:28.0031 2840 Srv - ok
08:15:28.0093 2840 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
08:15:28.0109 2840 ss_bbus - ok
08:15:28.0156 2840 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
08:15:28.0156 2840 ss_bmdfl - ok
08:15:28.0203 2840 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
08:15:28.0218 2840 ss_bmdm - ok
08:15:28.0265 2840 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:15:28.0375 2840 streamip - ok
08:15:28.0437 2840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:15:28.0546 2840 swenum - ok
08:15:28.0609 2840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:15:28.0703 2840 swmidi - ok
08:15:28.0750 2840 symc810 - ok
08:15:28.0765 2840 symc8xx - ok
08:15:28.0796 2840 sym_hi - ok
08:15:28.0812 2840 sym_u3 - ok
08:15:28.0859 2840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:15:28.0984 2840 sysaudio - ok
08:15:29.0046 2840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:15:29.0062 2840 Tcpip - ok
08:15:29.0125 2840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:15:29.0234 2840 TDPIPE - ok
08:15:29.0265 2840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:15:29.0375 2840 TDTCP - ok
08:15:29.0437 2840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:15:29.0531 2840 TermDD - ok
08:15:29.0562 2840 TosIde - ok
08:15:29.0625 2840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:15:29.0718 2840 Udfs - ok
08:15:29.0734 2840 ultra - ok
08:15:29.0828 2840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:15:29.0953 2840 Update - ok
08:15:30.0000 2840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:15:30.0109 2840 usbccgp - ok
08:15:30.0171 2840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:15:30.0281 2840 usbehci - ok
08:15:30.0312 2840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:15:30.0421 2840 usbhub - ok
08:15:30.0453 2840 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:15:30.0546 2840 usbohci - ok
08:15:30.0593 2840 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:15:30.0718 2840 USBSTOR - ok
08:15:30.0765 2840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:15:30.0859 2840 VgaSave - ok
08:15:30.0984 2840 VIAHdAudAddService (cbc1ce0a1fce0deed4f6f093be91d132) C:\WINDOWS\system32\drivers\viahduaa.sys
08:15:31.0046 2840 VIAHdAudAddService - ok
08:15:31.0078 2840 ViaIde - ok
08:15:31.0109 2840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:15:31.0218 2840 VolSnap - ok
08:15:31.0265 2840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:15:31.0375 2840 Wanarp - ok
08:15:31.0390 2840 WDICA - ok
08:15:31.0453 2840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:15:31.0562 2840 wdmaud - ok
08:15:31.0609 2840 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:15:31.0718 2840 WmiAcpi - ok
08:15:31.0781 2840 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:15:31.0890 2840 WS2IFSL - ok
08:15:31.0906 2840 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:15:32.0046 2840 WSTCODEC - ok
08:15:32.0093 2840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:15:32.0109 2840 WudfPf - ok
08:15:32.0140 2840 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:15:32.0156 2840 WudfRd - ok
08:15:32.0171 2840 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:15:32.0218 2840 \Device\Harddisk0\DR0 - ok
08:15:32.0234 2840 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
08:15:32.0406 2840 \Device\Harddisk2\DR2 ( TDSS File System ) - warning
08:15:32.0406 2840 \Device\Harddisk2\DR2 - detected TDSS File System (1)
08:15:32.0406 2840 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
08:15:32.0437 2840 \Device\Harddisk1\DR1 - ok
08:15:32.0437 2840 Boot (0x1200) (57a5dc99b56e9005f2431a948e997904) \Device\Harddisk0\DR0\Partition0
08:15:32.0437 2840 \Device\Harddisk0\DR0\Partition0 - ok
08:15:32.0437 2840 Boot (0x1200) (8b1ec730cb92ce601529b2b77ef94f2e) \Device\Harddisk2\DR2\Partition0
08:15:32.0437 2840 \Device\Harddisk2\DR2\Partition0 - ok
08:15:32.0468 2840 Boot (0x1200) (be9dcdf9482ad37e6e4e0c93eece7738) \Device\Harddisk2\DR2\Partition1
08:15:32.0468 2840 \Device\Harddisk2\DR2\Partition1 - ok
08:15:32.0468 2840 Boot (0x1200) (67643b5bd28842b200c744127f5afd21) \Device\Harddisk1\DR1\Partition0
08:15:32.0468 2840 \Device\Harddisk1\DR1\Partition0 - ok
08:15:32.0468 2840 ============================================================
08:15:32.0468 2840 Scan finished
08:15:32.0468 2840 ============================================================
08:15:32.0578 3056 Detected object count: 7
08:15:32.0578 3056 Actual detected object count: 7
08:15:36.0640 3056 AR5211 ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0640 3056 AR5211 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0640 3056 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0640 3056 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0640 3056 Dokan ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0640 3056 Dokan ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0640 3056 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0640 3056 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0656 3056 hidusbf ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0656 3056 hidusbf ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0656 3056 sptd ( LockedFile.Multi.Generic ) - skipped by user
08:15:36.0656 3056 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
08:15:36.0656 3056 \Device\Harddisk2\DR2 ( TDSS File System ) - skipped by user
08:15:36.0656 3056 \Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Skip
Combofix zase BSOD - http://leteckaposta.cz/844091509 dump.
Tak jsem ho spustil v safe modu:
ComboFix 12-03-17.01 - kundibal 18.03.2012 7:42.4.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3327.2879 [GMT 1:00]
Spuštěný z: e:\documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{F232C87C-6E92-4775-8210-DFE90B7777D9}\PostBuild.exe
c:\documents and settings\kundibal\WINDOWS
c:\windows\m
c:\windows\m\KB2544521-IE7\spuninst\spuninst.exe
c:\windows\m\KB2544521-IE7\spuninst\spuninst.inf
c:\windows\m\KB2544521-IE7\spuninst\spuninst.txt
c:\windows\m\KB2544521-IE7\spuninst\updspapi.dll
c:\windows\m\KB2544521-IE7\vgx.dll
c:\windows\m\KB2559049-IE7\advpack.dll
c:\windows\m\KB2559049-IE7\advpack.dll.000
c:\windows\m\KB2559049-IE7\corpol.dll
c:\windows\m\KB2559049-IE7\dxtmsft.dll
c:\windows\m\KB2559049-IE7\dxtrans.dll
c:\windows\m\KB2559049-IE7\extmgr.dll
c:\windows\m\KB2559049-IE7\html.iec
c:\windows\m\KB2559049-IE7\icardie.dll
c:\windows\m\KB2559049-IE7\icardie.dll.000
c:\windows\m\KB2559049-IE7\ie4uinit.exe
c:\windows\m\KB2559049-IE7\ieakeng.dll
c:\windows\m\KB2559049-IE7\ieaksie.dll
c:\windows\m\KB2559049-IE7\ieakui.dll
c:\windows\m\KB2559049-IE7\ieapfltr.dat
c:\windows\m\KB2559049-IE7\ieapfltr.dll
c:\windows\m\KB2559049-IE7\ieapfltr.dll.000
c:\windows\m\KB2559049-IE7\iedkcs32.dll
c:\windows\m\KB2559049-IE7\ieencode.dll
c:\windows\m\KB2559049-IE7\ieframe.dll
c:\windows\m\KB2559049-IE7\ieframe.dll.000
c:\windows\m\KB2559049-IE7\ieframe.dll.mui
c:\windows\m\KB2559049-IE7\ieframe.dll.mui.000
c:\windows\m\KB2559049-IE7\iepeers.dll
c:\windows\m\KB2559049-IE7\iernonce.dll
c:\windows\m\KB2559049-IE7\iertutil.dll
c:\windows\m\KB2559049-IE7\iertutil.dll.000
c:\windows\m\KB2559049-IE7\ieudinit.exe
c:\windows\m\KB2559049-IE7\iexplore.exe
c:\windows\m\KB2559049-IE7\inetcpl.cpl
c:\windows\m\KB2559049-IE7\jsproxy.dll
c:\windows\m\KB2559049-IE7\msfeeds.dll
c:\windows\m\KB2559049-IE7\msfeeds.dll.000
c:\windows\m\KB2559049-IE7\msfeedsbs.dll
c:\windows\m\KB2559049-IE7\msfeedsbs.dll.000
c:\windows\m\KB2559049-IE7\mshtml.dll
c:\windows\m\KB2559049-IE7\mshtml.dll.000
c:\windows\m\KB2559049-IE7\mshtmled.dll
c:\windows\m\KB2559049-IE7\msrating.dll
c:\windows\m\KB2559049-IE7\mstime.dll
c:\windows\m\KB2559049-IE7\occache.dll
c:\windows\m\KB2559049-IE7\pngfilt.dll
c:\windows\m\KB2559049-IE7\reg00002
c:\windows\m\KB2559049-IE7\reg00003
c:\windows\m\KB2559049-IE7\reg00004
c:\windows\m\KB2559049-IE7\reg00005
c:\windows\m\KB2559049-IE7\reg00006
c:\windows\m\KB2559049-IE7\reg00007
c:\windows\m\KB2559049-IE7\reg00008
c:\windows\m\KB2559049-IE7\reg00009
c:\windows\m\KB2559049-IE7\reg00010
c:\windows\m\KB2559049-IE7\reg00011
c:\windows\m\KB2559049-IE7\reg00012
c:\windows\m\KB2559049-IE7\reg00013
c:\windows\m\KB2559049-IE7\reg00014
c:\windows\m\KB2559049-IE7\reg00015
c:\windows\m\KB2559049-IE7\reg00016
c:\windows\m\KB2559049-IE7\reg00017
c:\windows\m\KB2559049-IE7\reg00018
c:\windows\m\KB2559049-IE7\reg00019
c:\windows\m\KB2559049-IE7\reg00020
c:\windows\m\KB2559049-IE7\reg00021
c:\windows\m\KB2559049-IE7\reg00022
c:\windows\m\KB2559049-IE7\spuninst\spuninst.exe
c:\windows\m\KB2559049-IE7\spuninst\spuninst.inf
c:\windows\m\KB2559049-IE7\spuninst\spuninst.txt
c:\windows\m\KB2559049-IE7\spuninst\updspapi.dll
c:\windows\m\KB2559049-IE7\url.dll
c:\windows\m\KB2559049-IE7\url.dll.000
c:\windows\m\KB2559049-IE7\urlmon.dll
c:\windows\m\KB2559049-IE7\urlmon.dll.000
c:\windows\m\KB2559049-IE7\webcheck.dll
c:\windows\m\KB2559049-IE7\webcheck.dll.000
c:\windows\m\KB2559049-IE7\wininet.dll
c:\windows\m\KB2559049-IE7\wininet.dll.000
c:\windows\m\KB2586448-IE7\advpack.dll
c:\windows\m\KB2586448-IE7\corpol.dll
c:\windows\m\KB2586448-IE7\dxtmsft.dll
c:\windows\m\KB2586448-IE7\dxtrans.dll
c:\windows\m\KB2586448-IE7\extmgr.dll
c:\windows\m\KB2586448-IE7\html.iec
c:\windows\m\KB2586448-IE7\icardie.dll
c:\windows\m\KB2586448-IE7\ie4uinit.exe
c:\windows\m\KB2586448-IE7\ieakeng.dll
c:\windows\m\KB2586448-IE7\ieaksie.dll
c:\windows\m\KB2586448-IE7\ieakui.dll
c:\windows\m\KB2586448-IE7\ieapfltr.dll
c:\windows\m\KB2586448-IE7\iedkcs32.dll
c:\windows\m\KB2586448-IE7\ieencode.dll
c:\windows\m\KB2586448-IE7\ieframe.dll
c:\windows\m\KB2586448-IE7\ieframe.dll.mui
c:\windows\m\KB2586448-IE7\iepeers.dll
c:\windows\m\KB2586448-IE7\iernonce.dll
c:\windows\m\KB2586448-IE7\iertutil.dll
c:\windows\m\KB2586448-IE7\ieudinit.exe
c:\windows\m\KB2586448-IE7\iexplore.exe
c:\windows\m\KB2586448-IE7\inetcpl.cpl
c:\windows\m\KB2586448-IE7\jsproxy.dll
c:\windows\m\KB2586448-IE7\msfeeds.dll
c:\windows\m\KB2586448-IE7\msfeedsbs.dll
c:\windows\m\KB2586448-IE7\mshtml.dll
c:\windows\m\KB2586448-IE7\mshtmled.dll
c:\windows\m\KB2586448-IE7\msrating.dll
c:\windows\m\KB2586448-IE7\mstime.dll
c:\windows\m\KB2586448-IE7\occache.dll
c:\windows\m\KB2586448-IE7\pngfilt.dll
c:\windows\m\KB2586448-IE7\reg00002
c:\windows\m\KB2586448-IE7\reg00003
c:\windows\m\KB2586448-IE7\reg00004
c:\windows\m\KB2586448-IE7\reg00005
c:\windows\m\KB2586448-IE7\reg00006
c:\windows\m\KB2586448-IE7\reg00007
c:\windows\m\KB2586448-IE7\reg00008
c:\windows\m\KB2586448-IE7\reg00009
c:\windows\m\KB2586448-IE7\reg00010
c:\windows\m\KB2586448-IE7\reg00011
c:\windows\m\KB2586448-IE7\reg00012
c:\windows\m\KB2586448-IE7\reg00013
c:\windows\m\KB2586448-IE7\reg00014
c:\windows\m\KB2586448-IE7\reg00015
c:\windows\m\KB2586448-IE7\reg00016
c:\windows\m\KB2586448-IE7\reg00017
c:\windows\m\KB2586448-IE7\reg00018
c:\windows\m\KB2586448-IE7\reg00019
c:\windows\m\KB2586448-IE7\reg00020
c:\windows\m\KB2586448-IE7\reg00021
c:\windows\m\KB2586448-IE7\reg00022
c:\windows\m\KB2586448-IE7\spuninst\spuninst.exe
c:\windows\m\KB2586448-IE7\spuninst\spuninst.inf
c:\windows\m\KB2586448-IE7\spuninst\spuninst.txt
c:\windows\m\KB2586448-IE7\spuninst\updspapi.dll
c:\windows\m\KB2586448-IE7\url.dll
c:\windows\m\KB2586448-IE7\urlmon.dll
c:\windows\m\KB2586448-IE7\webcheck.dll
c:\windows\m\KB2586448-IE7\wininet.dll
c:\windows\m\KB2618444-IE7\advpack.dll
c:\windows\m\KB2618444-IE7\corpol.dll
c:\windows\m\KB2618444-IE7\dxtmsft.dll
c:\windows\m\KB2618444-IE7\dxtrans.dll
c:\windows\m\KB2618444-IE7\extmgr.dll
c:\windows\m\KB2618444-IE7\icardie.dll
c:\windows\m\KB2618444-IE7\ie4uinit.exe
c:\windows\m\KB2618444-IE7\ieakeng.dll
c:\windows\m\KB2618444-IE7\ieaksie.dll
c:\windows\m\KB2618444-IE7\ieakui.dll
c:\windows\m\KB2618444-IE7\ieapfltr.dll
c:\windows\m\KB2618444-IE7\iedkcs32.dll
c:\windows\m\KB2618444-IE7\ieencode.dll
c:\windows\m\KB2618444-IE7\ieframe.dll
c:\windows\m\KB2618444-IE7\ieframe.dll.mui
c:\windows\m\KB2618444-IE7\iepeers.dll
c:\windows\m\KB2618444-IE7\iernonce.dll
c:\windows\m\KB2618444-IE7\iertutil.dll
c:\windows\m\KB2618444-IE7\ieudinit.exe
c:\windows\m\KB2618444-IE7\iexplore.exe
c:\windows\m\KB2618444-IE7\inetcpl.cpl
c:\windows\m\KB2618444-IE7\jsproxy.dll
c:\windows\m\KB2618444-IE7\msfeeds.dll
c:\windows\m\KB2618444-IE7\msfeedsbs.dll
c:\windows\m\KB2618444-IE7\mshtml.dll
c:\windows\m\KB2618444-IE7\mshtmled.dll
c:\windows\m\KB2618444-IE7\msrating.dll
c:\windows\m\KB2618444-IE7\mstime.dll
c:\windows\m\KB2618444-IE7\occache.dll
c:\windows\m\KB2618444-IE7\pngfilt.dll
c:\windows\m\KB2618444-IE7\reg00002
c:\windows\m\KB2618444-IE7\reg00003
c:\windows\m\KB2618444-IE7\reg00004
c:\windows\m\KB2618444-IE7\reg00005
c:\windows\m\KB2618444-IE7\reg00006
c:\windows\m\KB2618444-IE7\reg00007
c:\windows\m\KB2618444-IE7\reg00008
c:\windows\m\KB2618444-IE7\reg00009
c:\windows\m\KB2618444-IE7\reg00010
c:\windows\m\KB2618444-IE7\reg00011
c:\windows\m\KB2618444-IE7\reg00012
c:\windows\m\KB2618444-IE7\reg00013
c:\windows\m\KB2618444-IE7\reg00014
c:\windows\m\KB2618444-IE7\reg00015
c:\windows\m\KB2618444-IE7\reg00016
c:\windows\m\KB2618444-IE7\reg00017
c:\windows\m\KB2618444-IE7\reg00018
c:\windows\m\KB2618444-IE7\reg00019
c:\windows\m\KB2618444-IE7\reg00020
c:\windows\m\KB2618444-IE7\reg00021
c:\windows\m\KB2618444-IE7\reg00022
c:\windows\m\KB2618444-IE7\spuninst\spuninst.exe
c:\windows\m\KB2618444-IE7\spuninst\spuninst.inf
c:\windows\m\KB2618444-IE7\spuninst\spuninst.txt
c:\windows\m\KB2618444-IE7\spuninst\updspapi.dll
c:\windows\m\KB2618444-IE7\url.dll
c:\windows\m\KB2618444-IE7\urlmon.dll
c:\windows\m\KB2618444-IE7\webcheck.dll
c:\windows\m\KB2618444-IE7\wininet.dll
c:\windows\m\KB982381-IE7\advpack.dll
c:\windows\m\KB982381-IE7\corpol.dll
c:\windows\m\KB982381-IE7\dxtmsft.dll
c:\windows\m\KB982381-IE7\dxtrans.dll
c:\windows\m\KB982381-IE7\extmgr.dll
c:\windows\m\KB982381-IE7\html.iec
c:\windows\m\KB982381-IE7\icardie.dll
c:\windows\m\KB982381-IE7\ie4uinit.exe
c:\windows\m\KB982381-IE7\ieakeng.dll
c:\windows\m\KB982381-IE7\ieaksie.dll
c:\windows\m\KB982381-IE7\ieakui.dll
c:\windows\m\KB982381-IE7\ieapfltr.dat
c:\windows\m\KB982381-IE7\ieapfltr.dll
c:\windows\m\KB982381-IE7\iedkcs32.dll
c:\windows\m\KB982381-IE7\ieencode.dll
c:\windows\m\KB982381-IE7\ieframe.dll
c:\windows\m\KB982381-IE7\ieframe.dll.mui
c:\windows\m\KB982381-IE7\iepeers.dll
c:\windows\m\KB982381-IE7\iernonce.dll
c:\windows\m\KB982381-IE7\iertutil.dll
c:\windows\m\KB982381-IE7\ieudinit.exe
c:\windows\m\KB982381-IE7\iexplore.exe
c:\windows\m\KB982381-IE7\inetcpl.cpl
c:\windows\m\KB982381-IE7\jsproxy.dll
c:\windows\m\KB982381-IE7\msfeeds.dll
c:\windows\m\KB982381-IE7\msfeedsbs.dll
c:\windows\m\KB982381-IE7\mshtml.dll
c:\windows\m\KB982381-IE7\mshtmled.dll
c:\windows\m\KB982381-IE7\msrating.dll
c:\windows\m\KB982381-IE7\mstime.dll
c:\windows\m\KB982381-IE7\occache.dll
c:\windows\m\KB982381-IE7\pngfilt.dll
c:\windows\m\KB982381-IE7\reg00002
c:\windows\m\KB982381-IE7\reg00003
c:\windows\m\KB982381-IE7\reg00004
c:\windows\m\KB982381-IE7\reg00005
c:\windows\m\KB982381-IE7\reg00006
c:\windows\m\KB982381-IE7\reg00007
c:\windows\m\KB982381-IE7\reg00008
c:\windows\m\KB982381-IE7\reg00009
c:\windows\m\KB982381-IE7\reg00010
c:\windows\m\KB982381-IE7\reg00011
c:\windows\m\KB982381-IE7\reg00012
c:\windows\m\KB982381-IE7\reg00013
c:\windows\m\KB982381-IE7\reg00014
c:\windows\m\KB982381-IE7\reg00015
c:\windows\m\KB982381-IE7\reg00017
c:\windows\m\KB982381-IE7\spuninst\spuninst.exe
c:\windows\m\KB982381-IE7\spuninst\spuninst.inf
c:\windows\m\KB982381-IE7\spuninst\spuninst.txt
c:\windows\m\KB982381-IE7\spuninst\updspapi.dll
c:\windows\m\KB982381-IE7\url.dll
c:\windows\m\KB982381-IE7\urlmon.dll
c:\windows\m\KB982381-IE7\webcheck.dll
c:\windows\m\KB982381-IE7\wininet.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\_000116_.tmp.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET1BA.tmp
c:\windows\system32\SET1BC.tmp
c:\windows\system32\SET1C8.tmp
.
-- Předchozí spuštění --
.
Nakažená kopie c:\windows\system32\drivers\ntfs.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{6C6A3ACC-3069-46F6-92F1-4B1C1B8282E8}\RP254\A0111988.sys
.
--------
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-18 do 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-16 18:08 . 2012-03-16 18:08 -------- d-----w- C:\rsit
2012-03-15 11:42 . 2012-03-15 11:42 -------- d-----w- c:\windows\Installer
2012-03-12 21:10 . 2012-03-15 19:23 -------- d-----w- c:\documents and settings\kundibal\Application Data\dvdcss
2012-03-08 08:32 . 2012-03-08 08:32 -------- d-----w- c:\documents and settings\postgres
2012-03-07 18:20 . 2012-03-07 18:20 -------- d-----w- c:\documents and settings\kundibal\Application Data\ElevatedDiagnostics
2012-03-05 20:10 . 2012-03-05 20:10 -------- d-----w- c:\documents and settings\kundibal\.thumbnails
2012-03-05 20:08 . 2012-03-05 20:08 -------- d-----w- c:\program files\Blender Foundation
2012-03-05 16:23 . 2012-03-05 16:23 -------- d-----w- c:\program files\Lavalys
2012-03-05 16:17 . 2012-03-05 16:17 -------- d-----w- c:\documents and settings\kundibal\Application Data\FreeStone Group
2012-03-05 16:16 . 2012-03-05 16:16 -------- d-----w- c:\program files\Video Card Stability Test
2012-03-03 10:40 . 2012-03-03 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\RELOADED
2012-02-27 20:15 . 2012-02-27 20:15 1492 ----a-w- C:\user.js
2012-02-27 20:15 . 2012-03-07 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\TheBflix
2012-02-27 20:15 . 2012-02-27 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-02-25 08:39 . 2012-02-25 08:39 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 07:11 . 2011-07-20 05:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-10 04:10 . 2011-03-26 10:23 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:10 . 2011-03-26 10:23 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:10 . 2011-03-26 10:23 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:10 . 2011-03-26 10:23 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:10 . 2011-03-26 10:23 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:10 . 2011-03-26 10:23 18620416 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-10 04:10 . 2011-03-26 10:23 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:10 . 2011-03-26 10:23 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-10 04:10 . 2011-03-26 10:23 2292224 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:10 . 2011-03-26 10:23 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:10 . 2011-03-26 10:23 13415040 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-10 03:04 . 2010-10-16 11:05 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-10 03:04 . 2010-10-16 11:05 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-10 03:04 . 2010-10-16 11:05 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-10 03:04 . 2010-10-16 11:05 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:04 . 2010-10-16 11:05 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-12 16:53 . 2008-04-13 23:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 07:50 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-04 17:18 . 2011-08-04 16:13 1834688 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-12-19 08:13 . 2008-04-14 03:42 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:13 . 2008-04-14 03:42 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:13 . 2008-04-14 03:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:13 . 2008-04-14 03:41 17408 ----a-w- c:\windows\system32\corpol.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-05-24 33747360]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 19968]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-10 15494464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-10 108352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVerQuick.lnk]
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^kundibal^Start Menu^Programs^Startup^Warkeys Update.lnk]
backup=c:\windows\pss\Warkeys Update.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2011-06-04 07:40 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-04-03 16:35 136176 ----atw- c:\documents and settings\kundibal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-28 16:38 1987976 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\poxnora\\LaunchPad.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"e:\\Program Files\\Steam\\steamapps\\steam210576\\condition zero\\hl.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"=
"e:\\Program Files\\Steam\\steamapps\\steam210576\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:mysql
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.3.2011 11:23 717296]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [20.12.2011 19:47 4544]
S0 bjrvlvcn;bjrvlvcn;c:\windows\system32\drivers\pmvy.sys --> c:\windows\system32\drivers\pmvy.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.5.2011 16:53 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.5.2011 16:53 307288]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 14:04 115008]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 12:47 94872]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.5.2011 16:53 19544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [19.1.2012 17:09 84608]
S2 DokanMounter;DokanMounter;c:\program files\Capsa.cz\dokanLibrary0.5.3\mounter.exe [19.1.2012 17:09 22016]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [4.6.2011 8:27 233472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8.5.2011 10:36 652360]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;"d:\db poker\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "d:\db poker\data\" --> d:\db poker\bin\pg_ctl.exe [?]
S3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\drivers\AVerAF15DMBTH.sys [3.6.2011 19:54 569728]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4.6.2011 8:27 36608]
S3 GGSAFERDriver;GGSAFER Driver;\??\e:\garena\safedrv.sys --> e:\garena\safedrv.sys [?]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 17:38 1373576]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8.5.2011 10:36 20464]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [27.12.2010 23:50 31124344]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [4.6.2011 8:28 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [4.6.2011 8:28 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [4.6.2011 8:28 121856]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [26.3.2011 11:24 2136224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.7.2009 4:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.3.2009 2:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.3.2009 2:23 366936]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - PARPORT
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1035525444-725345543-1003Core.job
- c:\documents and settings\kundibal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-03 16:35]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1035525444-725345543-1003UA.job
- c:\documents and settings\kundibal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-03 16:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=14672
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-18 08:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-1035525444-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:df,04,24,1a,58,25,42,a3,81,39,82,eb,7a,b7,cc,97,4d,0f,2a,04,f6,
e5,ca,c3,1d,77,58,57,25,c8,22,ec,13,4d,c2,59,dd,fd,e9,a2,24,b5,18,30,82,61,\
"rkeysecu"=hex:93,fb,26,f0,5f,97,92,2b,75,48,ee,0f,22,71,1c,c3
.
Celkový čas: 2012-03-18 08:04:37
ComboFix-quarantined-files.txt 2012-03-18 07:04
.
Před spuštěním: 1 591 140 352 bytes free
Po spuštění: 1 521 152 000 bytes free
.
- - End Of File - - C999DD0C08E5574C0BDD4CBD599CB6F0
spustil jsem TDSSkiller znovu a log stejný
08:15:00.0593 1912 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
08:15:00.0687 1912 ============================================================
08:15:00.0687 1912 Current date / time: 2012/03/18 08:15:00.0687
08:15:00.0687 1912 SystemInfo:
08:15:00.0687 1912
08:15:00.0687 1912 OS Version: 5.1.2600 ServicePack: 3.0
08:15:00.0687 1912 Product type: Workstation
08:15:00.0687 1912 ComputerName: BITCH
08:15:00.0687 1912 UserName: kundibal
08:15:00.0687 1912 Windows directory: C:\WINDOWS
08:15:00.0687 1912 System windows directory: C:\WINDOWS
08:15:00.0687 1912 Processor architecture: Intel x86
08:15:00.0687 1912 Number of processors: 2
08:15:00.0687 1912 Page size: 0x1000
08:15:00.0687 1912 Boot type: Normal boot
08:15:00.0687 1912 ============================================================
08:15:01.0843 1912 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97695, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054
08:15:01.0859 1912 Drive \Device\Harddisk2\DR2 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:15:01.0859 1912 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:15:01.0859 1912 \Device\Harddisk0\DR0:
08:15:01.0875 1912 MBR used
08:15:01.0875 1912 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542E681
08:15:01.0875 1912 \Device\Harddisk2\DR2:
08:15:01.0875 1912 MBR used
08:15:01.0875 1912 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3C74
08:15:01.0890 1912 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x30D3CF2, BlocksNum 0x643690E
08:15:01.0890 1912 \Device\Harddisk1\DR1:
08:15:01.0890 1912 MBR used
08:15:01.0890 1912 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
08:15:01.0984 1912 Initialize success
08:15:01.0984 1912 ============================================================
08:15:05.0906 2980 ============================================================
08:15:05.0906 2980 Scan started
08:15:05.0906 2980 Mode: Manual;
08:15:05.0906 2980 ============================================================
08:15:07.0031 2980 Aavmker4 (78a4db23bb4e8d4349e164d1d90af73f) C:\WINDOWS\system32\drivers\Aavmker4.sys
08:15:07.0031 2980 Aavmker4 - ok
08:15:07.0093 2980 Abiosdsk - ok
08:15:07.0125 2980 abp480n5 - ok
08:15:07.0171 2980 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:15:07.0171 2980 ACPI - ok
08:15:07.0218 2980 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:15:07.0218 2980 ACPIEC - ok
08:15:07.0250 2980 adpu160m - ok
08:15:07.0296 2980 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:15:07.0296 2980 aec - ok
08:15:07.0359 2980 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:15:07.0359 2980 AFD - ok
08:15:07.0390 2980 Aha154x - ok
08:15:07.0406 2980 aic78u2 - ok
08:15:07.0437 2980 aic78xx - ok
08:15:07.0453 2980 AliIde - ok
08:15:07.0468 2980 amsint - ok
08:15:07.0562 2980 AR5211 (3cb8e72b7c9887b42b90000e8cb1e7be) C:\WINDOWS\system32\DRIVERS\ar5211.sys
08:15:07.0562 2980 AR5211 - ok
08:15:07.0578 2980 asc - ok
08:15:07.0609 2980 asc3350p - ok
08:15:07.0640 2980 asc3550 - ok
08:15:07.0671 2980 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:15:07.0671 2980 aswFsBlk - ok
08:15:07.0703 2980 aswMon2 (2ce6da466687cbb3b97e59f8831a27cb) C:\WINDOWS\system32\drivers\aswMon2.sys
08:15:07.0703 2980 aswMon2 - ok
08:15:07.0734 2980 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\WINDOWS\system32\drivers\aswRdr.sys
08:15:07.0734 2980 aswRdr - ok
08:15:07.0781 2980 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\WINDOWS\system32\drivers\aswSnx.sys
08:15:07.0781 2980 aswSnx - ok
08:15:07.0828 2980 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\WINDOWS\system32\drivers\aswSP.sys
08:15:07.0828 2980 aswSP - ok
08:15:07.0859 2980 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\WINDOWS\system32\drivers\aswTdi.sys
08:15:07.0859 2980 aswTdi - ok
08:15:07.0921 2980 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:15:07.0921 2980 AsyncMac - ok
08:15:07.0953 2980 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:15:07.0953 2980 atapi - ok
08:15:07.0984 2980 Atdisk - ok
08:15:08.0031 2980 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
08:15:08.0046 2980 atksgt - ok
08:15:08.0078 2980 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:15:08.0078 2980 Atmarpc - ok
08:15:08.0125 2980 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:15:08.0125 2980 audstub - ok
08:15:08.0203 2980 AVerAF15DMBTH (3e851cc6db0c07a8cc640fd03eb6fdae) C:\WINDOWS\system32\Drivers\AVerAF15DMBTH.sys
08:15:08.0203 2980 AVerAF15DMBTH - ok
08:15:08.0218 2980 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:15:08.0218 2980 Beep - ok
08:15:08.0250 2980 bjrvlvcn - ok
08:15:08.0328 2980 catchme - ok
08:15:08.0359 2980 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:15:08.0359 2980 cbidf2k - ok
08:15:08.0406 2980 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:15:08.0406 2980 CCDECODE - ok
08:15:08.0421 2980 cd20xrnt - ok
08:15:08.0453 2980 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:15:08.0453 2980 Cdaudio - ok
08:15:08.0484 2980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:15:08.0484 2980 Cdfs - ok
08:15:08.0484 2980 Scan interrupted by user!
08:15:08.0484 2980 Scan interrupted by user!
08:15:08.0484 2980 Scan interrupted by user!
08:15:08.0484 2980 ============================================================
08:15:08.0484 2980 Scan finished
08:15:08.0484 2980 ============================================================
08:15:08.0484 2972 Detected object count: 0
08:15:08.0484 2972 Actual detected object count: 0
08:15:08.0921 2840 ============================================================
08:15:08.0921 2840 Scan started
08:15:08.0921 2840 Mode: Manual; SigCheck; TDLFS;
08:15:08.0921 2840 ============================================================
08:15:09.0156 2840 Aavmker4 (78a4db23bb4e8d4349e164d1d90af73f) C:\WINDOWS\system32\drivers\Aavmker4.sys
08:15:09.0250 2840 Aavmker4 - ok
08:15:09.0281 2840 Abiosdsk - ok
08:15:09.0312 2840 abp480n5 - ok
08:15:09.0359 2840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:15:09.0468 2840 ACPI - ok
08:15:09.0515 2840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:15:09.0625 2840 ACPIEC - ok
08:15:09.0640 2840 adpu160m - ok
08:15:09.0703 2840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:15:09.0812 2840 aec - ok
08:15:09.0859 2840 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:15:09.0875 2840 AFD - ok
08:15:09.0906 2840 Aha154x - ok
08:15:09.0921 2840 aic78u2 - ok
08:15:09.0953 2840 aic78xx - ok
08:15:09.0984 2840 AliIde - ok
08:15:10.0000 2840 amsint - ok
08:15:10.0062 2840 AR5211 (3cb8e72b7c9887b42b90000e8cb1e7be) C:\WINDOWS\system32\DRIVERS\ar5211.sys
08:15:10.0078 2840 AR5211 ( UnsignedFile.Multi.Generic ) - warning
08:15:10.0078 2840 AR5211 - detected UnsignedFile.Multi.Generic (1)
08:15:10.0109 2840 asc - ok
08:15:10.0125 2840 asc3350p - ok
08:15:10.0156 2840 asc3550 - ok
08:15:10.0234 2840 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:15:10.0250 2840 aswFsBlk - ok
08:15:10.0281 2840 aswMon2 (2ce6da466687cbb3b97e59f8831a27cb) C:\WINDOWS\system32\drivers\aswMon2.sys
08:15:10.0296 2840 aswMon2 - ok
08:15:10.0312 2840 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\WINDOWS\system32\drivers\aswRdr.sys
08:15:10.0328 2840 aswRdr - ok
08:15:10.0359 2840 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\WINDOWS\system32\drivers\aswSnx.sys
08:15:10.0375 2840 aswSnx - ok
08:15:10.0421 2840 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\WINDOWS\system32\drivers\aswSP.sys
08:15:10.0437 2840 aswSP - ok
08:15:10.0468 2840 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\WINDOWS\system32\drivers\aswTdi.sys
08:15:10.0484 2840 aswTdi - ok
08:15:10.0515 2840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:15:10.0640 2840 AsyncMac - ok
08:15:10.0671 2840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:15:10.0796 2840 atapi - ok
08:15:10.0828 2840 Atdisk - ok
08:15:10.0890 2840 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
08:15:10.0906 2840 atksgt - ok
08:15:10.0937 2840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:15:11.0062 2840 Atmarpc - ok
08:15:11.0109 2840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:15:11.0234 2840 audstub - ok
08:15:11.0312 2840 AVerAF15DMBTH (3e851cc6db0c07a8cc640fd03eb6fdae) C:\WINDOWS\system32\Drivers\AVerAF15DMBTH.sys
08:15:11.0343 2840 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - warning
08:15:11.0343 2840 AVerAF15DMBTH - detected UnsignedFile.Multi.Generic (1)
08:15:11.0375 2840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:15:11.0500 2840 Beep - ok
08:15:11.0531 2840 bjrvlvcn - ok
08:15:11.0609 2840 catchme - ok
08:15:11.0656 2840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:15:11.0781 2840 cbidf2k - ok
08:15:11.0843 2840 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:15:11.0968 2840 CCDECODE - ok
08:15:12.0000 2840 cd20xrnt - ok
08:15:12.0031 2840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:15:12.0140 2840 Cdaudio - ok
08:15:12.0203 2840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:15:12.0328 2840 Cdfs - ok
08:15:12.0390 2840 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:15:12.0515 2840 Cdrom - ok
08:15:12.0531 2840 Changer - ok
08:15:12.0562 2840 CmdIde - ok
08:15:12.0593 2840 Cpqarray - ok
08:15:12.0609 2840 dac2w2k - ok
08:15:12.0625 2840 dac960nt - ok
08:15:12.0640 2840 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:15:12.0796 2840 Disk - ok
08:15:12.0843 2840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:15:12.0968 2840 dmboot - ok
08:15:13.0015 2840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:15:13.0140 2840 dmio - ok
08:15:13.0171 2840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:15:13.0296 2840 dmload - ok
08:15:13.0359 2840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:15:13.0484 2840 DMusic - ok
08:15:13.0515 2840 Dokan (bf94acf77e2c7458d91d0bef8718eece) C:\WINDOWS\system32\drivers\dokan.sys
08:15:13.0531 2840 Dokan ( UnsignedFile.Multi.Generic ) - warning
08:15:13.0531 2840 Dokan - detected UnsignedFile.Multi.Generic (1)
08:15:13.0562 2840 dpti2o - ok
08:15:13.0609 2840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:15:13.0734 2840 drmkaud - ok
08:15:13.0765 2840 dsNcAdpt - ok
08:15:13.0796 2840 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys
08:15:13.0812 2840 eamon - ok
08:15:13.0859 2840 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
08:15:13.0859 2840 ehdrv - ok
08:15:13.0890 2840 epfwtdir (aa0667eb9a92414abb784c101a6c7fec) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
08:15:13.0906 2840 epfwtdir - ok
08:15:13.0953 2840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:15:14.0093 2840 Fastfat - ok
08:15:14.0125 2840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:15:14.0250 2840 Fdc - ok
08:15:14.0281 2840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:15:14.0406 2840 Fips - ok
08:15:14.0437 2840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:15:14.0562 2840 Flpydisk - ok
08:15:14.0609 2840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:15:14.0718 2840 FltMgr - ok
08:15:14.0765 2840 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
08:15:14.0765 2840 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
08:15:14.0765 2840 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
08:15:14.0843 2840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:15:14.0968 2840 Fs_Rec - ok
08:15:15.0015 2840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:15:15.0140 2840 Ftdisk - ok
08:15:15.0156 2840 GGSAFERDriver - ok
08:15:15.0187 2840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:15:15.0312 2840 Gpc - ok
08:15:15.0359 2840 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
08:15:15.0375 2840 hamachi - ok
08:15:15.0421 2840 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:15:15.0546 2840 HDAudBus - ok
08:15:15.0593 2840 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:15:15.0718 2840 hidusb - ok
08:15:15.0750 2840 hidusbf (34f0823be25aed4992fd9fcf587f50d5) C:\WINDOWS\system32\DRIVERS\hidusbf.sys
08:15:15.0750 2840 hidusbf ( UnsignedFile.Multi.Generic ) - warning
08:15:15.0750 2840 hidusbf - detected UnsignedFile.Multi.Generic (1)
08:15:15.0781 2840 hpn - ok
08:15:15.0828 2840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:15:15.0843 2840 HTTP - ok
08:15:15.0875 2840 i2omgmt - ok
08:15:15.0921 2840 i2omp - ok
08:15:15.0953 2840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:15:16.0062 2840 i8042prt - ok
08:15:16.0093 2840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:15:16.0234 2840 Imapi - ok
08:15:16.0250 2840 ini910u - ok
08:15:16.0265 2840 IntelIde - ok
08:15:16.0312 2840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:15:16.0437 2840 Ip6Fw - ok
08:15:16.0484 2840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:15:16.0593 2840 IpFilterDriver - ok
08:15:16.0625 2840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:15:16.0734 2840 IpInIp - ok
08:15:16.0765 2840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:15:16.0890 2840 IpNat - ok
08:15:16.0906 2840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:15:17.0046 2840 IPSec - ok
08:15:17.0093 2840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:15:17.0156 2840 IRENUM - ok
08:15:17.0218 2840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:15:17.0328 2840 isapnp - ok
08:15:17.0390 2840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:15:17.0500 2840 Kbdclass - ok
08:15:17.0562 2840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:15:17.0687 2840 kmixer - ok
08:15:17.0734 2840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:15:17.0750 2840 KSecDD - ok
08:15:17.0796 2840 L1e (101457d884e3dd4636baefb9b7e7d3f3) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
08:15:17.0812 2840 L1e - ok
08:15:17.0843 2840 lbrtfdc - ok
08:15:17.0906 2840 LHidFlt2 (63b00a26f62572e0d58e6c8d3b32bf59) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
08:15:17.0921 2840 LHidFlt2 - ok
08:15:17.0968 2840 LHidUsb (ac05a1b5c66d693b1598fd83617d1820) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
08:15:17.0968 2840 LHidUsb - ok
08:15:18.0000 2840 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
08:15:18.0015 2840 lirsgt - ok
08:15:18.0078 2840 LMouFlt2 (03abef1a29addc98c32ed0f336b98e90) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
08:15:18.0109 2840 LMouFlt2 - ok
08:15:18.0156 2840 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
08:15:18.0156 2840 MBAMProtector - ok
08:15:18.0218 2840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:15:18.0343 2840 mnmdd - ok
08:15:18.0390 2840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:15:18.0515 2840 Modem - ok
08:15:18.0593 2840 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
08:15:18.0671 2840 monfilt - ok
08:15:18.0718 2840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:15:18.0828 2840 Mouclass - ok
08:15:18.0859 2840 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:15:18.0984 2840 mouhid - ok
08:15:19.0000 2840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:15:19.0109 2840 MountMgr - ok
08:15:19.0187 2840 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
08:15:19.0296 2840 MPE - ok
08:15:19.0328 2840 mraid35x - ok
08:15:19.0359 2840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:15:19.0500 2840 MRxDAV - ok
08:15:19.0546 2840 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:15:19.0593 2840 MRxSmb - ok
08:15:19.0609 2840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:15:19.0750 2840 Msfs - ok
08:15:19.0796 2840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:15:19.0921 2840 MSKSSRV - ok
08:15:19.0968 2840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:15:20.0078 2840 MSPCLOCK - ok
08:15:20.0109 2840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:15:20.0234 2840 MSPQM - ok
08:15:20.0281 2840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:15:20.0390 2840 mssmbios - ok
08:15:20.0453 2840 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:15:20.0578 2840 MSTEE - ok
08:15:20.0609 2840 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
08:15:20.0625 2840 MTsensor - ok
08:15:20.0656 2840 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:15:20.0671 2840 Mup - ok
08:15:20.0703 2840 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:15:20.0828 2840 NABTSFEC - ok
08:15:20.0875 2840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:15:21.0000 2840 NDIS - ok
08:15:21.0031 2840 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:15:21.0140 2840 NdisIP - ok
08:15:21.0187 2840 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:15:21.0187 2840 NdisTapi - ok
08:15:21.0234 2840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:15:21.0390 2840 Ndisuio - ok
08:15:21.0421 2840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:15:21.0531 2840 NdisWan - ok
08:15:21.0578 2840 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:15:21.0578 2840 NDProxy - ok
08:15:21.0625 2840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:15:21.0734 2840 NetBIOS - ok
08:15:21.0765 2840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:15:21.0875 2840 NetBT - ok
08:15:21.0906 2840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:15:22.0015 2840 Npfs - ok
08:15:22.0093 2840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:15:22.0218 2840 Ntfs - ok
08:15:22.0265 2840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:15:22.0390 2840 Null - ok
08:15:22.0765 2840 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:15:23.0093 2840 nv - ok
08:15:23.0171 2840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:15:23.0281 2840 NwlnkFlt - ok
08:15:23.0312 2840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:15:23.0437 2840 NwlnkFwd - ok
08:15:23.0515 2840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
08:15:23.0625 2840 Parport - ok
08:15:23.0656 2840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:15:23.0781 2840 PartMgr - ok
08:15:23.0828 2840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:15:23.0937 2840 ParVdm - ok
08:15:23.0984 2840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:15:24.0093 2840 PCI - ok
08:15:24.0125 2840 PCIDump - ok
08:15:24.0156 2840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:15:24.0281 2840 PCIIde - ok
08:15:24.0328 2840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:15:24.0453 2840 Pcmcia - ok
08:15:24.0468 2840 PDCOMP - ok
08:15:24.0500 2840 PDFRAME - ok
08:15:24.0515 2840 PDRELI - ok
08:15:24.0546 2840 PDRFRAME - ok
08:15:24.0562 2840 perc2 - ok
08:15:24.0593 2840 perc2hib - ok
08:15:24.0640 2840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:15:24.0750 2840 PptpMiniport - ok
08:15:24.0796 2840 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:15:24.0921 2840 Processor - ok
08:15:24.0953 2840 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:15:25.0062 2840 PSched - ok
08:15:25.0093 2840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:15:25.0203 2840 Ptilink - ok
08:15:25.0250 2840 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:15:25.0265 2840 PxHelp20 - ok
08:15:25.0281 2840 ql1080 - ok
08:15:25.0312 2840 Ql10wnt - ok
08:15:25.0328 2840 ql12160 - ok
08:15:25.0359 2840 ql1240 - ok
08:15:25.0390 2840 ql1280 - ok
08:15:25.0390 2840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:15:25.0531 2840 RasAcd - ok
08:15:25.0546 2840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:15:25.0671 2840 Rasl2tp - ok
08:15:25.0703 2840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:15:25.0812 2840 RasPppoe - ok
08:15:25.0828 2840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:15:25.0953 2840 Raspti - ok
08:15:25.0984 2840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:15:26.0093 2840 Rdbss - ok
08:15:26.0109 2840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:15:26.0234 2840 RDPCDD - ok
08:15:26.0281 2840 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:15:26.0390 2840 rdpdr - ok
08:15:26.0437 2840 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:15:26.0453 2840 RDPWD - ok
08:15:26.0468 2840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:15:26.0625 2840 redbook - ok
08:15:26.0671 2840 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
08:15:26.0687 2840 RsFx0103 - ok
08:15:26.0750 2840 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
08:15:26.0859 2840 rtl8139 - ok
08:15:26.0906 2840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:15:26.0953 2840 Secdrv - ok
08:15:27.0000 2840 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:15:27.0109 2840 serenum - ok
08:15:27.0125 2840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:15:27.0250 2840 Serial - ok
08:15:27.0296 2840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:15:27.0406 2840 Sfloppy - ok
08:15:27.0437 2840 Simbad - ok
08:15:27.0484 2840 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:15:27.0593 2840 SLIP - ok
08:15:27.0609 2840 Sparrow - ok
08:15:27.0687 2840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:15:27.0796 2840 splitter - ok
08:15:27.0859 2840 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
08:15:27.0859 2840 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
08:15:27.0859 2840 sptd ( LockedFile.Multi.Generic ) - warning
08:15:27.0859 2840 sptd - detected LockedFile.Multi.Generic (1)
08:15:27.0906 2840 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:15:27.0953 2840 sr - ok
08:15:28.0000 2840 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:15:28.0031 2840 Srv - ok
08:15:28.0093 2840 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
08:15:28.0109 2840 ss_bbus - ok
08:15:28.0156 2840 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
08:15:28.0156 2840 ss_bmdfl - ok
08:15:28.0203 2840 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
08:15:28.0218 2840 ss_bmdm - ok
08:15:28.0265 2840 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:15:28.0375 2840 streamip - ok
08:15:28.0437 2840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:15:28.0546 2840 swenum - ok
08:15:28.0609 2840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:15:28.0703 2840 swmidi - ok
08:15:28.0750 2840 symc810 - ok
08:15:28.0765 2840 symc8xx - ok
08:15:28.0796 2840 sym_hi - ok
08:15:28.0812 2840 sym_u3 - ok
08:15:28.0859 2840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:15:28.0984 2840 sysaudio - ok
08:15:29.0046 2840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:15:29.0062 2840 Tcpip - ok
08:15:29.0125 2840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:15:29.0234 2840 TDPIPE - ok
08:15:29.0265 2840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:15:29.0375 2840 TDTCP - ok
08:15:29.0437 2840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:15:29.0531 2840 TermDD - ok
08:15:29.0562 2840 TosIde - ok
08:15:29.0625 2840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:15:29.0718 2840 Udfs - ok
08:15:29.0734 2840 ultra - ok
08:15:29.0828 2840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:15:29.0953 2840 Update - ok
08:15:30.0000 2840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:15:30.0109 2840 usbccgp - ok
08:15:30.0171 2840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:15:30.0281 2840 usbehci - ok
08:15:30.0312 2840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:15:30.0421 2840 usbhub - ok
08:15:30.0453 2840 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:15:30.0546 2840 usbohci - ok
08:15:30.0593 2840 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:15:30.0718 2840 USBSTOR - ok
08:15:30.0765 2840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:15:30.0859 2840 VgaSave - ok
08:15:30.0984 2840 VIAHdAudAddService (cbc1ce0a1fce0deed4f6f093be91d132) C:\WINDOWS\system32\drivers\viahduaa.sys
08:15:31.0046 2840 VIAHdAudAddService - ok
08:15:31.0078 2840 ViaIde - ok
08:15:31.0109 2840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:15:31.0218 2840 VolSnap - ok
08:15:31.0265 2840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:15:31.0375 2840 Wanarp - ok
08:15:31.0390 2840 WDICA - ok
08:15:31.0453 2840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:15:31.0562 2840 wdmaud - ok
08:15:31.0609 2840 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:15:31.0718 2840 WmiAcpi - ok
08:15:31.0781 2840 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:15:31.0890 2840 WS2IFSL - ok
08:15:31.0906 2840 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:15:32.0046 2840 WSTCODEC - ok
08:15:32.0093 2840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:15:32.0109 2840 WudfPf - ok
08:15:32.0140 2840 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:15:32.0156 2840 WudfRd - ok
08:15:32.0171 2840 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:15:32.0218 2840 \Device\Harddisk0\DR0 - ok
08:15:32.0234 2840 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
08:15:32.0406 2840 \Device\Harddisk2\DR2 ( TDSS File System ) - warning
08:15:32.0406 2840 \Device\Harddisk2\DR2 - detected TDSS File System (1)
08:15:32.0406 2840 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
08:15:32.0437 2840 \Device\Harddisk1\DR1 - ok
08:15:32.0437 2840 Boot (0x1200) (57a5dc99b56e9005f2431a948e997904) \Device\Harddisk0\DR0\Partition0
08:15:32.0437 2840 \Device\Harddisk0\DR0\Partition0 - ok
08:15:32.0437 2840 Boot (0x1200) (8b1ec730cb92ce601529b2b77ef94f2e) \Device\Harddisk2\DR2\Partition0
08:15:32.0437 2840 \Device\Harddisk2\DR2\Partition0 - ok
08:15:32.0468 2840 Boot (0x1200) (be9dcdf9482ad37e6e4e0c93eece7738) \Device\Harddisk2\DR2\Partition1
08:15:32.0468 2840 \Device\Harddisk2\DR2\Partition1 - ok
08:15:32.0468 2840 Boot (0x1200) (67643b5bd28842b200c744127f5afd21) \Device\Harddisk1\DR1\Partition0
08:15:32.0468 2840 \Device\Harddisk1\DR1\Partition0 - ok
08:15:32.0468 2840 ============================================================
08:15:32.0468 2840 Scan finished
08:15:32.0468 2840 ============================================================
08:15:32.0578 3056 Detected object count: 7
08:15:32.0578 3056 Actual detected object count: 7
08:15:36.0640 3056 AR5211 ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0640 3056 AR5211 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0640 3056 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0640 3056 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0640 3056 Dokan ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0640 3056 Dokan ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0640 3056 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0640 3056 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0656 3056 hidusbf ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0656 3056 hidusbf ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0656 3056 sptd ( LockedFile.Multi.Generic ) - skipped by user
08:15:36.0656 3056 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
08:15:36.0656 3056 \Device\Harddisk2\DR2 ( TDSS File System ) - skipped by user
08:15:36.0656 3056 \Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Skip
Re: Vypínání/zapínání PC. Sekání při datovém přenosu?
Další věc co PC dělá - po bootu do windows nejde spustit Chrome, ani jiné věci. Např. internet explorer jde. Ale nespustím např. ten Chrome, nebo jsem chtěl síťové připojení spustit - nic. Jen se vidím proces v taskmanageru a nic. Po cca minutě začne HDD něco chroustat a potom jde vše normálně.
Combofix zase BSOD - http://leteckaposta.cz/844091509 dump.
Tak jsem ho spustil v safe modu:
ComboFix 12-03-17.01 - kundibal 18.03.2012 7:42.4.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3327.2879 [GMT 1:00]
Spuštěný z: e:\documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{F232C87C-6E92-4775-8210-DFE90B7777D9}\PostBuild.exe
c:\documents and settings\kundibal\WINDOWS
c:\windows\m
c:\windows\m\KB2544521-IE7\spuninst\spuninst.exe
c:\windows\m\KB2544521-IE7\spuninst\spuninst.inf
c:\windows\m\KB2544521-IE7\spuninst\spuninst.txt
c:\windows\m\KB2544521-IE7\spuninst\updspapi.dll
c:\windows\m\KB2544521-IE7\vgx.dll
c:\windows\m\KB2559049-IE7\advpack.dll
c:\windows\m\KB2559049-IE7\advpack.dll.000
c:\windows\m\KB2559049-IE7\corpol.dll
c:\windows\m\KB2559049-IE7\dxtmsft.dll
c:\windows\m\KB2559049-IE7\dxtrans.dll
c:\windows\m\KB2559049-IE7\extmgr.dll
c:\windows\m\KB2559049-IE7\html.iec
c:\windows\m\KB2559049-IE7\icardie.dll
c:\windows\m\KB2559049-IE7\icardie.dll.000
c:\windows\m\KB2559049-IE7\ie4uinit.exe
c:\windows\m\KB2559049-IE7\ieakeng.dll
c:\windows\m\KB2559049-IE7\ieaksie.dll
c:\windows\m\KB2559049-IE7\ieakui.dll
c:\windows\m\KB2559049-IE7\ieapfltr.dat
c:\windows\m\KB2559049-IE7\ieapfltr.dll
c:\windows\m\KB2559049-IE7\ieapfltr.dll.000
c:\windows\m\KB2559049-IE7\iedkcs32.dll
c:\windows\m\KB2559049-IE7\ieencode.dll
c:\windows\m\KB2559049-IE7\ieframe.dll
c:\windows\m\KB2559049-IE7\ieframe.dll.000
c:\windows\m\KB2559049-IE7\ieframe.dll.mui
c:\windows\m\KB2559049-IE7\ieframe.dll.mui.000
c:\windows\m\KB2559049-IE7\iepeers.dll
c:\windows\m\KB2559049-IE7\iernonce.dll
c:\windows\m\KB2559049-IE7\iertutil.dll
c:\windows\m\KB2559049-IE7\iertutil.dll.000
c:\windows\m\KB2559049-IE7\ieudinit.exe
c:\windows\m\KB2559049-IE7\iexplore.exe
c:\windows\m\KB2559049-IE7\inetcpl.cpl
c:\windows\m\KB2559049-IE7\jsproxy.dll
c:\windows\m\KB2559049-IE7\msfeeds.dll
c:\windows\m\KB2559049-IE7\msfeeds.dll.000
c:\windows\m\KB2559049-IE7\msfeedsbs.dll
c:\windows\m\KB2559049-IE7\msfeedsbs.dll.000
c:\windows\m\KB2559049-IE7\mshtml.dll
c:\windows\m\KB2559049-IE7\mshtml.dll.000
c:\windows\m\KB2559049-IE7\mshtmled.dll
c:\windows\m\KB2559049-IE7\msrating.dll
c:\windows\m\KB2559049-IE7\mstime.dll
c:\windows\m\KB2559049-IE7\occache.dll
c:\windows\m\KB2559049-IE7\pngfilt.dll
c:\windows\m\KB2559049-IE7\reg00002
c:\windows\m\KB2559049-IE7\reg00003
c:\windows\m\KB2559049-IE7\reg00004
c:\windows\m\KB2559049-IE7\reg00005
c:\windows\m\KB2559049-IE7\reg00006
c:\windows\m\KB2559049-IE7\reg00007
c:\windows\m\KB2559049-IE7\reg00008
c:\windows\m\KB2559049-IE7\reg00009
c:\windows\m\KB2559049-IE7\reg00010
c:\windows\m\KB2559049-IE7\reg00011
c:\windows\m\KB2559049-IE7\reg00012
c:\windows\m\KB2559049-IE7\reg00013
c:\windows\m\KB2559049-IE7\reg00014
c:\windows\m\KB2559049-IE7\reg00015
c:\windows\m\KB2559049-IE7\reg00016
c:\windows\m\KB2559049-IE7\reg00017
c:\windows\m\KB2559049-IE7\reg00018
c:\windows\m\KB2559049-IE7\reg00019
c:\windows\m\KB2559049-IE7\reg00020
c:\windows\m\KB2559049-IE7\reg00021
c:\windows\m\KB2559049-IE7\reg00022
c:\windows\m\KB2559049-IE7\spuninst\spuninst.exe
c:\windows\m\KB2559049-IE7\spuninst\spuninst.inf
c:\windows\m\KB2559049-IE7\spuninst\spuninst.txt
c:\windows\m\KB2559049-IE7\spuninst\updspapi.dll
c:\windows\m\KB2559049-IE7\url.dll
c:\windows\m\KB2559049-IE7\url.dll.000
c:\windows\m\KB2559049-IE7\urlmon.dll
c:\windows\m\KB2559049-IE7\urlmon.dll.000
c:\windows\m\KB2559049-IE7\webcheck.dll
c:\windows\m\KB2559049-IE7\webcheck.dll.000
c:\windows\m\KB2559049-IE7\wininet.dll
c:\windows\m\KB2559049-IE7\wininet.dll.000
c:\windows\m\KB2586448-IE7\advpack.dll
c:\windows\m\KB2586448-IE7\corpol.dll
c:\windows\m\KB2586448-IE7\dxtmsft.dll
c:\windows\m\KB2586448-IE7\dxtrans.dll
c:\windows\m\KB2586448-IE7\extmgr.dll
c:\windows\m\KB2586448-IE7\html.iec
c:\windows\m\KB2586448-IE7\icardie.dll
c:\windows\m\KB2586448-IE7\ie4uinit.exe
c:\windows\m\KB2586448-IE7\ieakeng.dll
c:\windows\m\KB2586448-IE7\ieaksie.dll
c:\windows\m\KB2586448-IE7\ieakui.dll
c:\windows\m\KB2586448-IE7\ieapfltr.dll
c:\windows\m\KB2586448-IE7\iedkcs32.dll
c:\windows\m\KB2586448-IE7\ieencode.dll
c:\windows\m\KB2586448-IE7\ieframe.dll
c:\windows\m\KB2586448-IE7\ieframe.dll.mui
c:\windows\m\KB2586448-IE7\iepeers.dll
c:\windows\m\KB2586448-IE7\iernonce.dll
c:\windows\m\KB2586448-IE7\iertutil.dll
c:\windows\m\KB2586448-IE7\ieudinit.exe
c:\windows\m\KB2586448-IE7\iexplore.exe
c:\windows\m\KB2586448-IE7\inetcpl.cpl
c:\windows\m\KB2586448-IE7\jsproxy.dll
c:\windows\m\KB2586448-IE7\msfeeds.dll
c:\windows\m\KB2586448-IE7\msfeedsbs.dll
c:\windows\m\KB2586448-IE7\mshtml.dll
c:\windows\m\KB2586448-IE7\mshtmled.dll
c:\windows\m\KB2586448-IE7\msrating.dll
c:\windows\m\KB2586448-IE7\mstime.dll
c:\windows\m\KB2586448-IE7\occache.dll
c:\windows\m\KB2586448-IE7\pngfilt.dll
c:\windows\m\KB2586448-IE7\reg00002
c:\windows\m\KB2586448-IE7\reg00003
c:\windows\m\KB2586448-IE7\reg00004
c:\windows\m\KB2586448-IE7\reg00005
c:\windows\m\KB2586448-IE7\reg00006
c:\windows\m\KB2586448-IE7\reg00007
c:\windows\m\KB2586448-IE7\reg00008
c:\windows\m\KB2586448-IE7\reg00009
c:\windows\m\KB2586448-IE7\reg00010
c:\windows\m\KB2586448-IE7\reg00011
c:\windows\m\KB2586448-IE7\reg00012
c:\windows\m\KB2586448-IE7\reg00013
c:\windows\m\KB2586448-IE7\reg00014
c:\windows\m\KB2586448-IE7\reg00015
c:\windows\m\KB2586448-IE7\reg00016
c:\windows\m\KB2586448-IE7\reg00017
c:\windows\m\KB2586448-IE7\reg00018
c:\windows\m\KB2586448-IE7\reg00019
c:\windows\m\KB2586448-IE7\reg00020
c:\windows\m\KB2586448-IE7\reg00021
c:\windows\m\KB2586448-IE7\reg00022
c:\windows\m\KB2586448-IE7\spuninst\spuninst.exe
c:\windows\m\KB2586448-IE7\spuninst\spuninst.inf
c:\windows\m\KB2586448-IE7\spuninst\spuninst.txt
c:\windows\m\KB2586448-IE7\spuninst\updspapi.dll
c:\windows\m\KB2586448-IE7\url.dll
c:\windows\m\KB2586448-IE7\urlmon.dll
c:\windows\m\KB2586448-IE7\webcheck.dll
c:\windows\m\KB2586448-IE7\wininet.dll
c:\windows\m\KB2618444-IE7\advpack.dll
c:\windows\m\KB2618444-IE7\corpol.dll
c:\windows\m\KB2618444-IE7\dxtmsft.dll
c:\windows\m\KB2618444-IE7\dxtrans.dll
c:\windows\m\KB2618444-IE7\extmgr.dll
c:\windows\m\KB2618444-IE7\icardie.dll
c:\windows\m\KB2618444-IE7\ie4uinit.exe
c:\windows\m\KB2618444-IE7\ieakeng.dll
c:\windows\m\KB2618444-IE7\ieaksie.dll
c:\windows\m\KB2618444-IE7\ieakui.dll
c:\windows\m\KB2618444-IE7\ieapfltr.dll
c:\windows\m\KB2618444-IE7\iedkcs32.dll
c:\windows\m\KB2618444-IE7\ieencode.dll
c:\windows\m\KB2618444-IE7\ieframe.dll
c:\windows\m\KB2618444-IE7\ieframe.dll.mui
c:\windows\m\KB2618444-IE7\iepeers.dll
c:\windows\m\KB2618444-IE7\iernonce.dll
c:\windows\m\KB2618444-IE7\iertutil.dll
c:\windows\m\KB2618444-IE7\ieudinit.exe
c:\windows\m\KB2618444-IE7\iexplore.exe
c:\windows\m\KB2618444-IE7\inetcpl.cpl
c:\windows\m\KB2618444-IE7\jsproxy.dll
c:\windows\m\KB2618444-IE7\msfeeds.dll
c:\windows\m\KB2618444-IE7\msfeedsbs.dll
c:\windows\m\KB2618444-IE7\mshtml.dll
c:\windows\m\KB2618444-IE7\mshtmled.dll
c:\windows\m\KB2618444-IE7\msrating.dll
c:\windows\m\KB2618444-IE7\mstime.dll
c:\windows\m\KB2618444-IE7\occache.dll
c:\windows\m\KB2618444-IE7\pngfilt.dll
c:\windows\m\KB2618444-IE7\reg00002
c:\windows\m\KB2618444-IE7\reg00003
c:\windows\m\KB2618444-IE7\reg00004
c:\windows\m\KB2618444-IE7\reg00005
c:\windows\m\KB2618444-IE7\reg00006
c:\windows\m\KB2618444-IE7\reg00007
c:\windows\m\KB2618444-IE7\reg00008
c:\windows\m\KB2618444-IE7\reg00009
c:\windows\m\KB2618444-IE7\reg00010
c:\windows\m\KB2618444-IE7\reg00011
c:\windows\m\KB2618444-IE7\reg00012
c:\windows\m\KB2618444-IE7\reg00013
c:\windows\m\KB2618444-IE7\reg00014
c:\windows\m\KB2618444-IE7\reg00015
c:\windows\m\KB2618444-IE7\reg00016
c:\windows\m\KB2618444-IE7\reg00017
c:\windows\m\KB2618444-IE7\reg00018
c:\windows\m\KB2618444-IE7\reg00019
c:\windows\m\KB2618444-IE7\reg00020
c:\windows\m\KB2618444-IE7\reg00021
c:\windows\m\KB2618444-IE7\reg00022
c:\windows\m\KB2618444-IE7\spuninst\spuninst.exe
c:\windows\m\KB2618444-IE7\spuninst\spuninst.inf
c:\windows\m\KB2618444-IE7\spuninst\spuninst.txt
c:\windows\m\KB2618444-IE7\spuninst\updspapi.dll
c:\windows\m\KB2618444-IE7\url.dll
c:\windows\m\KB2618444-IE7\urlmon.dll
c:\windows\m\KB2618444-IE7\webcheck.dll
c:\windows\m\KB2618444-IE7\wininet.dll
c:\windows\m\KB982381-IE7\advpack.dll
c:\windows\m\KB982381-IE7\corpol.dll
c:\windows\m\KB982381-IE7\dxtmsft.dll
c:\windows\m\KB982381-IE7\dxtrans.dll
c:\windows\m\KB982381-IE7\extmgr.dll
c:\windows\m\KB982381-IE7\html.iec
c:\windows\m\KB982381-IE7\icardie.dll
c:\windows\m\KB982381-IE7\ie4uinit.exe
c:\windows\m\KB982381-IE7\ieakeng.dll
c:\windows\m\KB982381-IE7\ieaksie.dll
c:\windows\m\KB982381-IE7\ieakui.dll
c:\windows\m\KB982381-IE7\ieapfltr.dat
c:\windows\m\KB982381-IE7\ieapfltr.dll
c:\windows\m\KB982381-IE7\iedkcs32.dll
c:\windows\m\KB982381-IE7\ieencode.dll
c:\windows\m\KB982381-IE7\ieframe.dll
c:\windows\m\KB982381-IE7\ieframe.dll.mui
c:\windows\m\KB982381-IE7\iepeers.dll
c:\windows\m\KB982381-IE7\iernonce.dll
c:\windows\m\KB982381-IE7\iertutil.dll
c:\windows\m\KB982381-IE7\ieudinit.exe
c:\windows\m\KB982381-IE7\iexplore.exe
c:\windows\m\KB982381-IE7\inetcpl.cpl
c:\windows\m\KB982381-IE7\jsproxy.dll
c:\windows\m\KB982381-IE7\msfeeds.dll
c:\windows\m\KB982381-IE7\msfeedsbs.dll
c:\windows\m\KB982381-IE7\mshtml.dll
c:\windows\m\KB982381-IE7\mshtmled.dll
c:\windows\m\KB982381-IE7\msrating.dll
c:\windows\m\KB982381-IE7\mstime.dll
c:\windows\m\KB982381-IE7\occache.dll
c:\windows\m\KB982381-IE7\pngfilt.dll
c:\windows\m\KB982381-IE7\reg00002
c:\windows\m\KB982381-IE7\reg00003
c:\windows\m\KB982381-IE7\reg00004
c:\windows\m\KB982381-IE7\reg00005
c:\windows\m\KB982381-IE7\reg00006
c:\windows\m\KB982381-IE7\reg00007
c:\windows\m\KB982381-IE7\reg00008
c:\windows\m\KB982381-IE7\reg00009
c:\windows\m\KB982381-IE7\reg00010
c:\windows\m\KB982381-IE7\reg00011
c:\windows\m\KB982381-IE7\reg00012
c:\windows\m\KB982381-IE7\reg00013
c:\windows\m\KB982381-IE7\reg00014
c:\windows\m\KB982381-IE7\reg00015
c:\windows\m\KB982381-IE7\reg00017
c:\windows\m\KB982381-IE7\spuninst\spuninst.exe
c:\windows\m\KB982381-IE7\spuninst\spuninst.inf
c:\windows\m\KB982381-IE7\spuninst\spuninst.txt
c:\windows\m\KB982381-IE7\spuninst\updspapi.dll
c:\windows\m\KB982381-IE7\url.dll
c:\windows\m\KB982381-IE7\urlmon.dll
c:\windows\m\KB982381-IE7\webcheck.dll
c:\windows\m\KB982381-IE7\wininet.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\_000116_.tmp.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET1BA.tmp
c:\windows\system32\SET1BC.tmp
c:\windows\system32\SET1C8.tmp
.
-- Předchozí spuštění --
.
Nakažená kopie c:\windows\system32\drivers\ntfs.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{6C6A3ACC-3069-46F6-92F1-4B1C1B8282E8}\RP254\A0111988.sys
.
--------
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-18 do 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-16 18:08 . 2012-03-16 18:08 -------- d-----w- C:\rsit
2012-03-15 11:42 . 2012-03-15 11:42 -------- d-----w- c:\windows\Installer
2012-03-12 21:10 . 2012-03-15 19:23 -------- d-----w- c:\documents and settings\kundibal\Application Data\dvdcss
2012-03-08 08:32 . 2012-03-08 08:32 -------- d-----w- c:\documents and settings\postgres
2012-03-07 18:20 . 2012-03-07 18:20 -------- d-----w- c:\documents and settings\kundibal\Application Data\ElevatedDiagnostics
2012-03-05 20:10 . 2012-03-05 20:10 -------- d-----w- c:\documents and settings\kundibal\.thumbnails
2012-03-05 20:08 . 2012-03-05 20:08 -------- d-----w- c:\program files\Blender Foundation
2012-03-05 16:23 . 2012-03-05 16:23 -------- d-----w- c:\program files\Lavalys
2012-03-05 16:17 . 2012-03-05 16:17 -------- d-----w- c:\documents and settings\kundibal\Application Data\FreeStone Group
2012-03-05 16:16 . 2012-03-05 16:16 -------- d-----w- c:\program files\Video Card Stability Test
2012-03-03 10:40 . 2012-03-03 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\RELOADED
2012-02-27 20:15 . 2012-02-27 20:15 1492 ----a-w- C:\user.js
2012-02-27 20:15 . 2012-03-07 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\TheBflix
2012-02-27 20:15 . 2012-02-27 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-02-25 08:39 . 2012-02-25 08:39 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 07:11 . 2011-07-20 05:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-10 04:10 . 2011-03-26 10:23 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:10 . 2011-03-26 10:23 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:10 . 2011-03-26 10:23 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:10 . 2011-03-26 10:23 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:10 . 2011-03-26 10:23 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:10 . 2011-03-26 10:23 18620416 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-10 04:10 . 2011-03-26 10:23 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:10 . 2011-03-26 10:23 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-10 04:10 . 2011-03-26 10:23 2292224 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:10 . 2011-03-26 10:23 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:10 . 2011-03-26 10:23 13415040 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-10 03:04 . 2010-10-16 11:05 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-10 03:04 . 2010-10-16 11:05 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-10 03:04 . 2010-10-16 11:05 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-10 03:04 . 2010-10-16 11:05 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:04 . 2010-10-16 11:05 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-12 16:53 . 2008-04-13 23:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 07:50 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-04 17:18 . 2011-08-04 16:13 1834688 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-12-19 08:13 . 2008-04-14 03:42 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:13 . 2008-04-14 03:42 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:13 . 2008-04-14 03:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:13 . 2008-04-14 03:41 17408 ----a-w- c:\windows\system32\corpol.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-05-24 33747360]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 19968]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-10 15494464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-10 108352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVerQuick.lnk]
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^kundibal^Start Menu^Programs^Startup^Warkeys Update.lnk]
backup=c:\windows\pss\Warkeys Update.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2011-06-04 07:40 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-04-03 16:35 136176 ----atw- c:\documents and settings\kundibal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-28 16:38 1987976 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\poxnora\\LaunchPad.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"e:\\Program Files\\Steam\\steamapps\\steam210576\\condition zero\\hl.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"=
"e:\\Program Files\\Steam\\steamapps\\steam210576\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:mysql
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.3.2011 11:23 717296]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [20.12.2011 19:47 4544]
S0 bjrvlvcn;bjrvlvcn;c:\windows\system32\drivers\pmvy.sys --> c:\windows\system32\drivers\pmvy.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.5.2011 16:53 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.5.2011 16:53 307288]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 14:04 115008]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 12:47 94872]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.5.2011 16:53 19544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [19.1.2012 17:09 84608]
S2 DokanMounter;DokanMounter;c:\program files\Capsa.cz\dokanLibrary0.5.3\mounter.exe [19.1.2012 17:09 22016]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [4.6.2011 8:27 233472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8.5.2011 10:36 652360]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;"d:\db poker\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "d:\db poker\data\" --> d:\db poker\bin\pg_ctl.exe [?]
S3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\drivers\AVerAF15DMBTH.sys [3.6.2011 19:54 569728]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4.6.2011 8:27 36608]
S3 GGSAFERDriver;GGSAFER Driver;\??\e:\garena\safedrv.sys --> e:\garena\safedrv.sys [?]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 17:38 1373576]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8.5.2011 10:36 20464]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [27.12.2010 23:50 31124344]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [4.6.2011 8:28 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [4.6.2011 8:28 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [4.6.2011 8:28 121856]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [26.3.2011 11:24 2136224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.7.2009 4:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.3.2009 2:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.3.2009 2:23 366936]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - PARPORT
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1035525444-725345543-1003Core.job
- c:\documents and settings\kundibal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-03 16:35]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1035525444-725345543-1003UA.job
- c:\documents and settings\kundibal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-03 16:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=14672
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-18 08:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-1035525444-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:df,04,24,1a,58,25,42,a3,81,39,82,eb,7a,b7,cc,97,4d,0f,2a,04,f6,
e5,ca,c3,1d,77,58,57,25,c8,22,ec,13,4d,c2,59,dd,fd,e9,a2,24,b5,18,30,82,61,\
"rkeysecu"=hex:93,fb,26,f0,5f,97,92,2b,75,48,ee,0f,22,71,1c,c3
.
Celkový čas: 2012-03-18 08:04:37
ComboFix-quarantined-files.txt 2012-03-18 07:04
.
Před spuštěním: 1 591 140 352 bytes free
Po spuštění: 1 521 152 000 bytes free
.
- - End Of File - - C999DD0C08E5574C0BDD4CBD599CB6F0
spustil jsem TDSSkiller znovu a log stejný
08:15:00.0593 1912 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
08:15:00.0687 1912 ============================================================
08:15:00.0687 1912 Current date / time: 2012/03/18 08:15:00.0687
08:15:00.0687 1912 SystemInfo:
08:15:00.0687 1912
08:15:00.0687 1912 OS Version: 5.1.2600 ServicePack: 3.0
08:15:00.0687 1912 Product type: Workstation
08:15:00.0687 1912 ComputerName: BITCH
08:15:00.0687 1912 UserName: kundibal
08:15:00.0687 1912 Windows directory: C:\WINDOWS
08:15:00.0687 1912 System windows directory: C:\WINDOWS
08:15:00.0687 1912 Processor architecture: Intel x86
08:15:00.0687 1912 Number of processors: 2
08:15:00.0687 1912 Page size: 0x1000
08:15:00.0687 1912 Boot type: Normal boot
08:15:00.0687 1912 ============================================================
08:15:01.0843 1912 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97695, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054
08:15:01.0859 1912 Drive \Device\Harddisk2\DR2 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:15:01.0859 1912 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:15:01.0859 1912 \Device\Harddisk0\DR0:
08:15:01.0875 1912 MBR used
08:15:01.0875 1912 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542E681
08:15:01.0875 1912 \Device\Harddisk2\DR2:
08:15:01.0875 1912 MBR used
08:15:01.0875 1912 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3C74
08:15:01.0890 1912 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x30D3CF2, BlocksNum 0x643690E
08:15:01.0890 1912 \Device\Harddisk1\DR1:
08:15:01.0890 1912 MBR used
08:15:01.0890 1912 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
08:15:01.0984 1912 Initialize success
08:15:01.0984 1912 ============================================================
08:15:05.0906 2980 ============================================================
08:15:05.0906 2980 Scan started
08:15:05.0906 2980 Mode: Manual;
08:15:05.0906 2980 ============================================================
08:15:07.0031 2980 Aavmker4 (78a4db23bb4e8d4349e164d1d90af73f) C:\WINDOWS\system32\drivers\Aavmker4.sys
08:15:07.0031 2980 Aavmker4 - ok
08:15:07.0093 2980 Abiosdsk - ok
08:15:07.0125 2980 abp480n5 - ok
08:15:07.0171 2980 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:15:07.0171 2980 ACPI - ok
08:15:07.0218 2980 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:15:07.0218 2980 ACPIEC - ok
08:15:07.0250 2980 adpu160m - ok
08:15:07.0296 2980 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:15:07.0296 2980 aec - ok
08:15:07.0359 2980 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:15:07.0359 2980 AFD - ok
08:15:07.0390 2980 Aha154x - ok
08:15:07.0406 2980 aic78u2 - ok
08:15:07.0437 2980 aic78xx - ok
08:15:07.0453 2980 AliIde - ok
08:15:07.0468 2980 amsint - ok
08:15:07.0562 2980 AR5211 (3cb8e72b7c9887b42b90000e8cb1e7be) C:\WINDOWS\system32\DRIVERS\ar5211.sys
08:15:07.0562 2980 AR5211 - ok
08:15:07.0578 2980 asc - ok
08:15:07.0609 2980 asc3350p - ok
08:15:07.0640 2980 asc3550 - ok
08:15:07.0671 2980 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:15:07.0671 2980 aswFsBlk - ok
08:15:07.0703 2980 aswMon2 (2ce6da466687cbb3b97e59f8831a27cb) C:\WINDOWS\system32\drivers\aswMon2.sys
08:15:07.0703 2980 aswMon2 - ok
08:15:07.0734 2980 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\WINDOWS\system32\drivers\aswRdr.sys
08:15:07.0734 2980 aswRdr - ok
08:15:07.0781 2980 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\WINDOWS\system32\drivers\aswSnx.sys
08:15:07.0781 2980 aswSnx - ok
08:15:07.0828 2980 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\WINDOWS\system32\drivers\aswSP.sys
08:15:07.0828 2980 aswSP - ok
08:15:07.0859 2980 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\WINDOWS\system32\drivers\aswTdi.sys
08:15:07.0859 2980 aswTdi - ok
08:15:07.0921 2980 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:15:07.0921 2980 AsyncMac - ok
08:15:07.0953 2980 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:15:07.0953 2980 atapi - ok
08:15:07.0984 2980 Atdisk - ok
08:15:08.0031 2980 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
08:15:08.0046 2980 atksgt - ok
08:15:08.0078 2980 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:15:08.0078 2980 Atmarpc - ok
08:15:08.0125 2980 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:15:08.0125 2980 audstub - ok
08:15:08.0203 2980 AVerAF15DMBTH (3e851cc6db0c07a8cc640fd03eb6fdae) C:\WINDOWS\system32\Drivers\AVerAF15DMBTH.sys
08:15:08.0203 2980 AVerAF15DMBTH - ok
08:15:08.0218 2980 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:15:08.0218 2980 Beep - ok
08:15:08.0250 2980 bjrvlvcn - ok
08:15:08.0328 2980 catchme - ok
08:15:08.0359 2980 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:15:08.0359 2980 cbidf2k - ok
08:15:08.0406 2980 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:15:08.0406 2980 CCDECODE - ok
08:15:08.0421 2980 cd20xrnt - ok
08:15:08.0453 2980 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:15:08.0453 2980 Cdaudio - ok
08:15:08.0484 2980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:15:08.0484 2980 Cdfs - ok
08:15:08.0484 2980 Scan interrupted by user!
08:15:08.0484 2980 Scan interrupted by user!
08:15:08.0484 2980 Scan interrupted by user!
08:15:08.0484 2980 ============================================================
08:15:08.0484 2980 Scan finished
08:15:08.0484 2980 ============================================================
08:15:08.0484 2972 Detected object count: 0
08:15:08.0484 2972 Actual detected object count: 0
08:15:08.0921 2840 ============================================================
08:15:08.0921 2840 Scan started
08:15:08.0921 2840 Mode: Manual; SigCheck; TDLFS;
08:15:08.0921 2840 ============================================================
08:15:09.0156 2840 Aavmker4 (78a4db23bb4e8d4349e164d1d90af73f) C:\WINDOWS\system32\drivers\Aavmker4.sys
08:15:09.0250 2840 Aavmker4 - ok
08:15:09.0281 2840 Abiosdsk - ok
08:15:09.0312 2840 abp480n5 - ok
08:15:09.0359 2840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:15:09.0468 2840 ACPI - ok
08:15:09.0515 2840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:15:09.0625 2840 ACPIEC - ok
08:15:09.0640 2840 adpu160m - ok
08:15:09.0703 2840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:15:09.0812 2840 aec - ok
08:15:09.0859 2840 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:15:09.0875 2840 AFD - ok
08:15:09.0906 2840 Aha154x - ok
08:15:09.0921 2840 aic78u2 - ok
08:15:09.0953 2840 aic78xx - ok
08:15:09.0984 2840 AliIde - ok
08:15:10.0000 2840 amsint - ok
08:15:10.0062 2840 AR5211 (3cb8e72b7c9887b42b90000e8cb1e7be) C:\WINDOWS\system32\DRIVERS\ar5211.sys
08:15:10.0078 2840 AR5211 ( UnsignedFile.Multi.Generic ) - warning
08:15:10.0078 2840 AR5211 - detected UnsignedFile.Multi.Generic (1)
08:15:10.0109 2840 asc - ok
08:15:10.0125 2840 asc3350p - ok
08:15:10.0156 2840 asc3550 - ok
08:15:10.0234 2840 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:15:10.0250 2840 aswFsBlk - ok
08:15:10.0281 2840 aswMon2 (2ce6da466687cbb3b97e59f8831a27cb) C:\WINDOWS\system32\drivers\aswMon2.sys
08:15:10.0296 2840 aswMon2 - ok
08:15:10.0312 2840 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\WINDOWS\system32\drivers\aswRdr.sys
08:15:10.0328 2840 aswRdr - ok
08:15:10.0359 2840 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\WINDOWS\system32\drivers\aswSnx.sys
08:15:10.0375 2840 aswSnx - ok
08:15:10.0421 2840 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\WINDOWS\system32\drivers\aswSP.sys
08:15:10.0437 2840 aswSP - ok
08:15:10.0468 2840 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\WINDOWS\system32\drivers\aswTdi.sys
08:15:10.0484 2840 aswTdi - ok
08:15:10.0515 2840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:15:10.0640 2840 AsyncMac - ok
08:15:10.0671 2840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:15:10.0796 2840 atapi - ok
08:15:10.0828 2840 Atdisk - ok
08:15:10.0890 2840 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
08:15:10.0906 2840 atksgt - ok
08:15:10.0937 2840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:15:11.0062 2840 Atmarpc - ok
08:15:11.0109 2840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:15:11.0234 2840 audstub - ok
08:15:11.0312 2840 AVerAF15DMBTH (3e851cc6db0c07a8cc640fd03eb6fdae) C:\WINDOWS\system32\Drivers\AVerAF15DMBTH.sys
08:15:11.0343 2840 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - warning
08:15:11.0343 2840 AVerAF15DMBTH - detected UnsignedFile.Multi.Generic (1)
08:15:11.0375 2840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:15:11.0500 2840 Beep - ok
08:15:11.0531 2840 bjrvlvcn - ok
08:15:11.0609 2840 catchme - ok
08:15:11.0656 2840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:15:11.0781 2840 cbidf2k - ok
08:15:11.0843 2840 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:15:11.0968 2840 CCDECODE - ok
08:15:12.0000 2840 cd20xrnt - ok
08:15:12.0031 2840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:15:12.0140 2840 Cdaudio - ok
08:15:12.0203 2840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:15:12.0328 2840 Cdfs - ok
08:15:12.0390 2840 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:15:12.0515 2840 Cdrom - ok
08:15:12.0531 2840 Changer - ok
08:15:12.0562 2840 CmdIde - ok
08:15:12.0593 2840 Cpqarray - ok
08:15:12.0609 2840 dac2w2k - ok
08:15:12.0625 2840 dac960nt - ok
08:15:12.0640 2840 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:15:12.0796 2840 Disk - ok
08:15:12.0843 2840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:15:12.0968 2840 dmboot - ok
08:15:13.0015 2840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:15:13.0140 2840 dmio - ok
08:15:13.0171 2840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:15:13.0296 2840 dmload - ok
08:15:13.0359 2840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:15:13.0484 2840 DMusic - ok
08:15:13.0515 2840 Dokan (bf94acf77e2c7458d91d0bef8718eece) C:\WINDOWS\system32\drivers\dokan.sys
08:15:13.0531 2840 Dokan ( UnsignedFile.Multi.Generic ) - warning
08:15:13.0531 2840 Dokan - detected UnsignedFile.Multi.Generic (1)
08:15:13.0562 2840 dpti2o - ok
08:15:13.0609 2840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:15:13.0734 2840 drmkaud - ok
08:15:13.0765 2840 dsNcAdpt - ok
08:15:13.0796 2840 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys
08:15:13.0812 2840 eamon - ok
08:15:13.0859 2840 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
08:15:13.0859 2840 ehdrv - ok
08:15:13.0890 2840 epfwtdir (aa0667eb9a92414abb784c101a6c7fec) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
08:15:13.0906 2840 epfwtdir - ok
08:15:13.0953 2840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:15:14.0093 2840 Fastfat - ok
08:15:14.0125 2840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:15:14.0250 2840 Fdc - ok
08:15:14.0281 2840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:15:14.0406 2840 Fips - ok
08:15:14.0437 2840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:15:14.0562 2840 Flpydisk - ok
08:15:14.0609 2840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:15:14.0718 2840 FltMgr - ok
08:15:14.0765 2840 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
08:15:14.0765 2840 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
08:15:14.0765 2840 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
08:15:14.0843 2840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:15:14.0968 2840 Fs_Rec - ok
08:15:15.0015 2840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:15:15.0140 2840 Ftdisk - ok
08:15:15.0156 2840 GGSAFERDriver - ok
08:15:15.0187 2840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:15:15.0312 2840 Gpc - ok
08:15:15.0359 2840 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
08:15:15.0375 2840 hamachi - ok
08:15:15.0421 2840 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:15:15.0546 2840 HDAudBus - ok
08:15:15.0593 2840 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:15:15.0718 2840 hidusb - ok
08:15:15.0750 2840 hidusbf (34f0823be25aed4992fd9fcf587f50d5) C:\WINDOWS\system32\DRIVERS\hidusbf.sys
08:15:15.0750 2840 hidusbf ( UnsignedFile.Multi.Generic ) - warning
08:15:15.0750 2840 hidusbf - detected UnsignedFile.Multi.Generic (1)
08:15:15.0781 2840 hpn - ok
08:15:15.0828 2840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:15:15.0843 2840 HTTP - ok
08:15:15.0875 2840 i2omgmt - ok
08:15:15.0921 2840 i2omp - ok
08:15:15.0953 2840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:15:16.0062 2840 i8042prt - ok
08:15:16.0093 2840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:15:16.0234 2840 Imapi - ok
08:15:16.0250 2840 ini910u - ok
08:15:16.0265 2840 IntelIde - ok
08:15:16.0312 2840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:15:16.0437 2840 Ip6Fw - ok
08:15:16.0484 2840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:15:16.0593 2840 IpFilterDriver - ok
08:15:16.0625 2840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:15:16.0734 2840 IpInIp - ok
08:15:16.0765 2840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:15:16.0890 2840 IpNat - ok
08:15:16.0906 2840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:15:17.0046 2840 IPSec - ok
08:15:17.0093 2840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:15:17.0156 2840 IRENUM - ok
08:15:17.0218 2840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:15:17.0328 2840 isapnp - ok
08:15:17.0390 2840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:15:17.0500 2840 Kbdclass - ok
08:15:17.0562 2840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:15:17.0687 2840 kmixer - ok
08:15:17.0734 2840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:15:17.0750 2840 KSecDD - ok
08:15:17.0796 2840 L1e (101457d884e3dd4636baefb9b7e7d3f3) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
08:15:17.0812 2840 L1e - ok
08:15:17.0843 2840 lbrtfdc - ok
08:15:17.0906 2840 LHidFlt2 (63b00a26f62572e0d58e6c8d3b32bf59) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
08:15:17.0921 2840 LHidFlt2 - ok
08:15:17.0968 2840 LHidUsb (ac05a1b5c66d693b1598fd83617d1820) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
08:15:17.0968 2840 LHidUsb - ok
08:15:18.0000 2840 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
08:15:18.0015 2840 lirsgt - ok
08:15:18.0078 2840 LMouFlt2 (03abef1a29addc98c32ed0f336b98e90) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
08:15:18.0109 2840 LMouFlt2 - ok
08:15:18.0156 2840 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
08:15:18.0156 2840 MBAMProtector - ok
08:15:18.0218 2840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:15:18.0343 2840 mnmdd - ok
08:15:18.0390 2840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:15:18.0515 2840 Modem - ok
08:15:18.0593 2840 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
08:15:18.0671 2840 monfilt - ok
08:15:18.0718 2840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:15:18.0828 2840 Mouclass - ok
08:15:18.0859 2840 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:15:18.0984 2840 mouhid - ok
08:15:19.0000 2840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:15:19.0109 2840 MountMgr - ok
08:15:19.0187 2840 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
08:15:19.0296 2840 MPE - ok
08:15:19.0328 2840 mraid35x - ok
08:15:19.0359 2840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:15:19.0500 2840 MRxDAV - ok
08:15:19.0546 2840 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:15:19.0593 2840 MRxSmb - ok
08:15:19.0609 2840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:15:19.0750 2840 Msfs - ok
08:15:19.0796 2840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:15:19.0921 2840 MSKSSRV - ok
08:15:19.0968 2840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:15:20.0078 2840 MSPCLOCK - ok
08:15:20.0109 2840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:15:20.0234 2840 MSPQM - ok
08:15:20.0281 2840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:15:20.0390 2840 mssmbios - ok
08:15:20.0453 2840 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:15:20.0578 2840 MSTEE - ok
08:15:20.0609 2840 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
08:15:20.0625 2840 MTsensor - ok
08:15:20.0656 2840 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:15:20.0671 2840 Mup - ok
08:15:20.0703 2840 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:15:20.0828 2840 NABTSFEC - ok
08:15:20.0875 2840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:15:21.0000 2840 NDIS - ok
08:15:21.0031 2840 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:15:21.0140 2840 NdisIP - ok
08:15:21.0187 2840 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:15:21.0187 2840 NdisTapi - ok
08:15:21.0234 2840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:15:21.0390 2840 Ndisuio - ok
08:15:21.0421 2840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:15:21.0531 2840 NdisWan - ok
08:15:21.0578 2840 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:15:21.0578 2840 NDProxy - ok
08:15:21.0625 2840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:15:21.0734 2840 NetBIOS - ok
08:15:21.0765 2840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:15:21.0875 2840 NetBT - ok
08:15:21.0906 2840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:15:22.0015 2840 Npfs - ok
08:15:22.0093 2840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:15:22.0218 2840 Ntfs - ok
08:15:22.0265 2840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:15:22.0390 2840 Null - ok
08:15:22.0765 2840 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:15:23.0093 2840 nv - ok
08:15:23.0171 2840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:15:23.0281 2840 NwlnkFlt - ok
08:15:23.0312 2840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:15:23.0437 2840 NwlnkFwd - ok
08:15:23.0515 2840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
08:15:23.0625 2840 Parport - ok
08:15:23.0656 2840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:15:23.0781 2840 PartMgr - ok
08:15:23.0828 2840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:15:23.0937 2840 ParVdm - ok
08:15:23.0984 2840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:15:24.0093 2840 PCI - ok
08:15:24.0125 2840 PCIDump - ok
08:15:24.0156 2840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:15:24.0281 2840 PCIIde - ok
08:15:24.0328 2840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:15:24.0453 2840 Pcmcia - ok
08:15:24.0468 2840 PDCOMP - ok
08:15:24.0500 2840 PDFRAME - ok
08:15:24.0515 2840 PDRELI - ok
08:15:24.0546 2840 PDRFRAME - ok
08:15:24.0562 2840 perc2 - ok
08:15:24.0593 2840 perc2hib - ok
08:15:24.0640 2840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:15:24.0750 2840 PptpMiniport - ok
08:15:24.0796 2840 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:15:24.0921 2840 Processor - ok
08:15:24.0953 2840 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:15:25.0062 2840 PSched - ok
08:15:25.0093 2840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:15:25.0203 2840 Ptilink - ok
08:15:25.0250 2840 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:15:25.0265 2840 PxHelp20 - ok
08:15:25.0281 2840 ql1080 - ok
08:15:25.0312 2840 Ql10wnt - ok
08:15:25.0328 2840 ql12160 - ok
08:15:25.0359 2840 ql1240 - ok
08:15:25.0390 2840 ql1280 - ok
08:15:25.0390 2840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:15:25.0531 2840 RasAcd - ok
08:15:25.0546 2840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:15:25.0671 2840 Rasl2tp - ok
08:15:25.0703 2840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:15:25.0812 2840 RasPppoe - ok
08:15:25.0828 2840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:15:25.0953 2840 Raspti - ok
08:15:25.0984 2840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:15:26.0093 2840 Rdbss - ok
08:15:26.0109 2840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:15:26.0234 2840 RDPCDD - ok
08:15:26.0281 2840 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:15:26.0390 2840 rdpdr - ok
08:15:26.0437 2840 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:15:26.0453 2840 RDPWD - ok
08:15:26.0468 2840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:15:26.0625 2840 redbook - ok
08:15:26.0671 2840 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
08:15:26.0687 2840 RsFx0103 - ok
08:15:26.0750 2840 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
08:15:26.0859 2840 rtl8139 - ok
08:15:26.0906 2840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:15:26.0953 2840 Secdrv - ok
08:15:27.0000 2840 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:15:27.0109 2840 serenum - ok
08:15:27.0125 2840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:15:27.0250 2840 Serial - ok
08:15:27.0296 2840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:15:27.0406 2840 Sfloppy - ok
08:15:27.0437 2840 Simbad - ok
08:15:27.0484 2840 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:15:27.0593 2840 SLIP - ok
08:15:27.0609 2840 Sparrow - ok
08:15:27.0687 2840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:15:27.0796 2840 splitter - ok
08:15:27.0859 2840 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
08:15:27.0859 2840 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
08:15:27.0859 2840 sptd ( LockedFile.Multi.Generic ) - warning
08:15:27.0859 2840 sptd - detected LockedFile.Multi.Generic (1)
08:15:27.0906 2840 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:15:27.0953 2840 sr - ok
08:15:28.0000 2840 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:15:28.0031 2840 Srv - ok
08:15:28.0093 2840 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
08:15:28.0109 2840 ss_bbus - ok
08:15:28.0156 2840 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
08:15:28.0156 2840 ss_bmdfl - ok
08:15:28.0203 2840 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
08:15:28.0218 2840 ss_bmdm - ok
08:15:28.0265 2840 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:15:28.0375 2840 streamip - ok
08:15:28.0437 2840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:15:28.0546 2840 swenum - ok
08:15:28.0609 2840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:15:28.0703 2840 swmidi - ok
08:15:28.0750 2840 symc810 - ok
08:15:28.0765 2840 symc8xx - ok
08:15:28.0796 2840 sym_hi - ok
08:15:28.0812 2840 sym_u3 - ok
08:15:28.0859 2840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:15:28.0984 2840 sysaudio - ok
08:15:29.0046 2840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:15:29.0062 2840 Tcpip - ok
08:15:29.0125 2840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:15:29.0234 2840 TDPIPE - ok
08:15:29.0265 2840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:15:29.0375 2840 TDTCP - ok
08:15:29.0437 2840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:15:29.0531 2840 TermDD - ok
08:15:29.0562 2840 TosIde - ok
08:15:29.0625 2840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:15:29.0718 2840 Udfs - ok
08:15:29.0734 2840 ultra - ok
08:15:29.0828 2840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:15:29.0953 2840 Update - ok
08:15:30.0000 2840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:15:30.0109 2840 usbccgp - ok
08:15:30.0171 2840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:15:30.0281 2840 usbehci - ok
08:15:30.0312 2840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:15:30.0421 2840 usbhub - ok
08:15:30.0453 2840 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:15:30.0546 2840 usbohci - ok
08:15:30.0593 2840 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:15:30.0718 2840 USBSTOR - ok
08:15:30.0765 2840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:15:30.0859 2840 VgaSave - ok
08:15:30.0984 2840 VIAHdAudAddService (cbc1ce0a1fce0deed4f6f093be91d132) C:\WINDOWS\system32\drivers\viahduaa.sys
08:15:31.0046 2840 VIAHdAudAddService - ok
08:15:31.0078 2840 ViaIde - ok
08:15:31.0109 2840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:15:31.0218 2840 VolSnap - ok
08:15:31.0265 2840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:15:31.0375 2840 Wanarp - ok
08:15:31.0390 2840 WDICA - ok
08:15:31.0453 2840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:15:31.0562 2840 wdmaud - ok
08:15:31.0609 2840 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:15:31.0718 2840 WmiAcpi - ok
08:15:31.0781 2840 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:15:31.0890 2840 WS2IFSL - ok
08:15:31.0906 2840 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:15:32.0046 2840 WSTCODEC - ok
08:15:32.0093 2840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:15:32.0109 2840 WudfPf - ok
08:15:32.0140 2840 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:15:32.0156 2840 WudfRd - ok
08:15:32.0171 2840 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:15:32.0218 2840 \Device\Harddisk0\DR0 - ok
08:15:32.0234 2840 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
08:15:32.0406 2840 \Device\Harddisk2\DR2 ( TDSS File System ) - warning
08:15:32.0406 2840 \Device\Harddisk2\DR2 - detected TDSS File System (1)
08:15:32.0406 2840 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
08:15:32.0437 2840 \Device\Harddisk1\DR1 - ok
08:15:32.0437 2840 Boot (0x1200) (57a5dc99b56e9005f2431a948e997904) \Device\Harddisk0\DR0\Partition0
08:15:32.0437 2840 \Device\Harddisk0\DR0\Partition0 - ok
08:15:32.0437 2840 Boot (0x1200) (8b1ec730cb92ce601529b2b77ef94f2e) \Device\Harddisk2\DR2\Partition0
08:15:32.0437 2840 \Device\Harddisk2\DR2\Partition0 - ok
08:15:32.0468 2840 Boot (0x1200) (be9dcdf9482ad37e6e4e0c93eece7738) \Device\Harddisk2\DR2\Partition1
08:15:32.0468 2840 \Device\Harddisk2\DR2\Partition1 - ok
08:15:32.0468 2840 Boot (0x1200) (67643b5bd28842b200c744127f5afd21) \Device\Harddisk1\DR1\Partition0
08:15:32.0468 2840 \Device\Harddisk1\DR1\Partition0 - ok
08:15:32.0468 2840 ============================================================
08:15:32.0468 2840 Scan finished
08:15:32.0468 2840 ============================================================
08:15:32.0578 3056 Detected object count: 7
08:15:32.0578 3056 Actual detected object count: 7
08:15:36.0640 3056 AR5211 ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0640 3056 AR5211 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0640 3056 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0640 3056 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0640 3056 Dokan ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0640 3056 Dokan ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0640 3056 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0640 3056 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0656 3056 hidusbf ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0656 3056 hidusbf ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0656 3056 sptd ( LockedFile.Multi.Generic ) - skipped by user
08:15:36.0656 3056 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
08:15:36.0656 3056 \Device\Harddisk2\DR2 ( TDSS File System ) - skipped by user
08:15:36.0656 3056 \Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Skip
Combofix zase BSOD - http://leteckaposta.cz/844091509 dump.
Tak jsem ho spustil v safe modu:
ComboFix 12-03-17.01 - kundibal 18.03.2012 7:42.4.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3327.2879 [GMT 1:00]
Spuštěný z: e:\documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{F232C87C-6E92-4775-8210-DFE90B7777D9}\PostBuild.exe
c:\documents and settings\kundibal\WINDOWS
c:\windows\m
c:\windows\m\KB2544521-IE7\spuninst\spuninst.exe
c:\windows\m\KB2544521-IE7\spuninst\spuninst.inf
c:\windows\m\KB2544521-IE7\spuninst\spuninst.txt
c:\windows\m\KB2544521-IE7\spuninst\updspapi.dll
c:\windows\m\KB2544521-IE7\vgx.dll
c:\windows\m\KB2559049-IE7\advpack.dll
c:\windows\m\KB2559049-IE7\advpack.dll.000
c:\windows\m\KB2559049-IE7\corpol.dll
c:\windows\m\KB2559049-IE7\dxtmsft.dll
c:\windows\m\KB2559049-IE7\dxtrans.dll
c:\windows\m\KB2559049-IE7\extmgr.dll
c:\windows\m\KB2559049-IE7\html.iec
c:\windows\m\KB2559049-IE7\icardie.dll
c:\windows\m\KB2559049-IE7\icardie.dll.000
c:\windows\m\KB2559049-IE7\ie4uinit.exe
c:\windows\m\KB2559049-IE7\ieakeng.dll
c:\windows\m\KB2559049-IE7\ieaksie.dll
c:\windows\m\KB2559049-IE7\ieakui.dll
c:\windows\m\KB2559049-IE7\ieapfltr.dat
c:\windows\m\KB2559049-IE7\ieapfltr.dll
c:\windows\m\KB2559049-IE7\ieapfltr.dll.000
c:\windows\m\KB2559049-IE7\iedkcs32.dll
c:\windows\m\KB2559049-IE7\ieencode.dll
c:\windows\m\KB2559049-IE7\ieframe.dll
c:\windows\m\KB2559049-IE7\ieframe.dll.000
c:\windows\m\KB2559049-IE7\ieframe.dll.mui
c:\windows\m\KB2559049-IE7\ieframe.dll.mui.000
c:\windows\m\KB2559049-IE7\iepeers.dll
c:\windows\m\KB2559049-IE7\iernonce.dll
c:\windows\m\KB2559049-IE7\iertutil.dll
c:\windows\m\KB2559049-IE7\iertutil.dll.000
c:\windows\m\KB2559049-IE7\ieudinit.exe
c:\windows\m\KB2559049-IE7\iexplore.exe
c:\windows\m\KB2559049-IE7\inetcpl.cpl
c:\windows\m\KB2559049-IE7\jsproxy.dll
c:\windows\m\KB2559049-IE7\msfeeds.dll
c:\windows\m\KB2559049-IE7\msfeeds.dll.000
c:\windows\m\KB2559049-IE7\msfeedsbs.dll
c:\windows\m\KB2559049-IE7\msfeedsbs.dll.000
c:\windows\m\KB2559049-IE7\mshtml.dll
c:\windows\m\KB2559049-IE7\mshtml.dll.000
c:\windows\m\KB2559049-IE7\mshtmled.dll
c:\windows\m\KB2559049-IE7\msrating.dll
c:\windows\m\KB2559049-IE7\mstime.dll
c:\windows\m\KB2559049-IE7\occache.dll
c:\windows\m\KB2559049-IE7\pngfilt.dll
c:\windows\m\KB2559049-IE7\reg00002
c:\windows\m\KB2559049-IE7\reg00003
c:\windows\m\KB2559049-IE7\reg00004
c:\windows\m\KB2559049-IE7\reg00005
c:\windows\m\KB2559049-IE7\reg00006
c:\windows\m\KB2559049-IE7\reg00007
c:\windows\m\KB2559049-IE7\reg00008
c:\windows\m\KB2559049-IE7\reg00009
c:\windows\m\KB2559049-IE7\reg00010
c:\windows\m\KB2559049-IE7\reg00011
c:\windows\m\KB2559049-IE7\reg00012
c:\windows\m\KB2559049-IE7\reg00013
c:\windows\m\KB2559049-IE7\reg00014
c:\windows\m\KB2559049-IE7\reg00015
c:\windows\m\KB2559049-IE7\reg00016
c:\windows\m\KB2559049-IE7\reg00017
c:\windows\m\KB2559049-IE7\reg00018
c:\windows\m\KB2559049-IE7\reg00019
c:\windows\m\KB2559049-IE7\reg00020
c:\windows\m\KB2559049-IE7\reg00021
c:\windows\m\KB2559049-IE7\reg00022
c:\windows\m\KB2559049-IE7\spuninst\spuninst.exe
c:\windows\m\KB2559049-IE7\spuninst\spuninst.inf
c:\windows\m\KB2559049-IE7\spuninst\spuninst.txt
c:\windows\m\KB2559049-IE7\spuninst\updspapi.dll
c:\windows\m\KB2559049-IE7\url.dll
c:\windows\m\KB2559049-IE7\url.dll.000
c:\windows\m\KB2559049-IE7\urlmon.dll
c:\windows\m\KB2559049-IE7\urlmon.dll.000
c:\windows\m\KB2559049-IE7\webcheck.dll
c:\windows\m\KB2559049-IE7\webcheck.dll.000
c:\windows\m\KB2559049-IE7\wininet.dll
c:\windows\m\KB2559049-IE7\wininet.dll.000
c:\windows\m\KB2586448-IE7\advpack.dll
c:\windows\m\KB2586448-IE7\corpol.dll
c:\windows\m\KB2586448-IE7\dxtmsft.dll
c:\windows\m\KB2586448-IE7\dxtrans.dll
c:\windows\m\KB2586448-IE7\extmgr.dll
c:\windows\m\KB2586448-IE7\html.iec
c:\windows\m\KB2586448-IE7\icardie.dll
c:\windows\m\KB2586448-IE7\ie4uinit.exe
c:\windows\m\KB2586448-IE7\ieakeng.dll
c:\windows\m\KB2586448-IE7\ieaksie.dll
c:\windows\m\KB2586448-IE7\ieakui.dll
c:\windows\m\KB2586448-IE7\ieapfltr.dll
c:\windows\m\KB2586448-IE7\iedkcs32.dll
c:\windows\m\KB2586448-IE7\ieencode.dll
c:\windows\m\KB2586448-IE7\ieframe.dll
c:\windows\m\KB2586448-IE7\ieframe.dll.mui
c:\windows\m\KB2586448-IE7\iepeers.dll
c:\windows\m\KB2586448-IE7\iernonce.dll
c:\windows\m\KB2586448-IE7\iertutil.dll
c:\windows\m\KB2586448-IE7\ieudinit.exe
c:\windows\m\KB2586448-IE7\iexplore.exe
c:\windows\m\KB2586448-IE7\inetcpl.cpl
c:\windows\m\KB2586448-IE7\jsproxy.dll
c:\windows\m\KB2586448-IE7\msfeeds.dll
c:\windows\m\KB2586448-IE7\msfeedsbs.dll
c:\windows\m\KB2586448-IE7\mshtml.dll
c:\windows\m\KB2586448-IE7\mshtmled.dll
c:\windows\m\KB2586448-IE7\msrating.dll
c:\windows\m\KB2586448-IE7\mstime.dll
c:\windows\m\KB2586448-IE7\occache.dll
c:\windows\m\KB2586448-IE7\pngfilt.dll
c:\windows\m\KB2586448-IE7\reg00002
c:\windows\m\KB2586448-IE7\reg00003
c:\windows\m\KB2586448-IE7\reg00004
c:\windows\m\KB2586448-IE7\reg00005
c:\windows\m\KB2586448-IE7\reg00006
c:\windows\m\KB2586448-IE7\reg00007
c:\windows\m\KB2586448-IE7\reg00008
c:\windows\m\KB2586448-IE7\reg00009
c:\windows\m\KB2586448-IE7\reg00010
c:\windows\m\KB2586448-IE7\reg00011
c:\windows\m\KB2586448-IE7\reg00012
c:\windows\m\KB2586448-IE7\reg00013
c:\windows\m\KB2586448-IE7\reg00014
c:\windows\m\KB2586448-IE7\reg00015
c:\windows\m\KB2586448-IE7\reg00016
c:\windows\m\KB2586448-IE7\reg00017
c:\windows\m\KB2586448-IE7\reg00018
c:\windows\m\KB2586448-IE7\reg00019
c:\windows\m\KB2586448-IE7\reg00020
c:\windows\m\KB2586448-IE7\reg00021
c:\windows\m\KB2586448-IE7\reg00022
c:\windows\m\KB2586448-IE7\spuninst\spuninst.exe
c:\windows\m\KB2586448-IE7\spuninst\spuninst.inf
c:\windows\m\KB2586448-IE7\spuninst\spuninst.txt
c:\windows\m\KB2586448-IE7\spuninst\updspapi.dll
c:\windows\m\KB2586448-IE7\url.dll
c:\windows\m\KB2586448-IE7\urlmon.dll
c:\windows\m\KB2586448-IE7\webcheck.dll
c:\windows\m\KB2586448-IE7\wininet.dll
c:\windows\m\KB2618444-IE7\advpack.dll
c:\windows\m\KB2618444-IE7\corpol.dll
c:\windows\m\KB2618444-IE7\dxtmsft.dll
c:\windows\m\KB2618444-IE7\dxtrans.dll
c:\windows\m\KB2618444-IE7\extmgr.dll
c:\windows\m\KB2618444-IE7\icardie.dll
c:\windows\m\KB2618444-IE7\ie4uinit.exe
c:\windows\m\KB2618444-IE7\ieakeng.dll
c:\windows\m\KB2618444-IE7\ieaksie.dll
c:\windows\m\KB2618444-IE7\ieakui.dll
c:\windows\m\KB2618444-IE7\ieapfltr.dll
c:\windows\m\KB2618444-IE7\iedkcs32.dll
c:\windows\m\KB2618444-IE7\ieencode.dll
c:\windows\m\KB2618444-IE7\ieframe.dll
c:\windows\m\KB2618444-IE7\ieframe.dll.mui
c:\windows\m\KB2618444-IE7\iepeers.dll
c:\windows\m\KB2618444-IE7\iernonce.dll
c:\windows\m\KB2618444-IE7\iertutil.dll
c:\windows\m\KB2618444-IE7\ieudinit.exe
c:\windows\m\KB2618444-IE7\iexplore.exe
c:\windows\m\KB2618444-IE7\inetcpl.cpl
c:\windows\m\KB2618444-IE7\jsproxy.dll
c:\windows\m\KB2618444-IE7\msfeeds.dll
c:\windows\m\KB2618444-IE7\msfeedsbs.dll
c:\windows\m\KB2618444-IE7\mshtml.dll
c:\windows\m\KB2618444-IE7\mshtmled.dll
c:\windows\m\KB2618444-IE7\msrating.dll
c:\windows\m\KB2618444-IE7\mstime.dll
c:\windows\m\KB2618444-IE7\occache.dll
c:\windows\m\KB2618444-IE7\pngfilt.dll
c:\windows\m\KB2618444-IE7\reg00002
c:\windows\m\KB2618444-IE7\reg00003
c:\windows\m\KB2618444-IE7\reg00004
c:\windows\m\KB2618444-IE7\reg00005
c:\windows\m\KB2618444-IE7\reg00006
c:\windows\m\KB2618444-IE7\reg00007
c:\windows\m\KB2618444-IE7\reg00008
c:\windows\m\KB2618444-IE7\reg00009
c:\windows\m\KB2618444-IE7\reg00010
c:\windows\m\KB2618444-IE7\reg00011
c:\windows\m\KB2618444-IE7\reg00012
c:\windows\m\KB2618444-IE7\reg00013
c:\windows\m\KB2618444-IE7\reg00014
c:\windows\m\KB2618444-IE7\reg00015
c:\windows\m\KB2618444-IE7\reg00016
c:\windows\m\KB2618444-IE7\reg00017
c:\windows\m\KB2618444-IE7\reg00018
c:\windows\m\KB2618444-IE7\reg00019
c:\windows\m\KB2618444-IE7\reg00020
c:\windows\m\KB2618444-IE7\reg00021
c:\windows\m\KB2618444-IE7\reg00022
c:\windows\m\KB2618444-IE7\spuninst\spuninst.exe
c:\windows\m\KB2618444-IE7\spuninst\spuninst.inf
c:\windows\m\KB2618444-IE7\spuninst\spuninst.txt
c:\windows\m\KB2618444-IE7\spuninst\updspapi.dll
c:\windows\m\KB2618444-IE7\url.dll
c:\windows\m\KB2618444-IE7\urlmon.dll
c:\windows\m\KB2618444-IE7\webcheck.dll
c:\windows\m\KB2618444-IE7\wininet.dll
c:\windows\m\KB982381-IE7\advpack.dll
c:\windows\m\KB982381-IE7\corpol.dll
c:\windows\m\KB982381-IE7\dxtmsft.dll
c:\windows\m\KB982381-IE7\dxtrans.dll
c:\windows\m\KB982381-IE7\extmgr.dll
c:\windows\m\KB982381-IE7\html.iec
c:\windows\m\KB982381-IE7\icardie.dll
c:\windows\m\KB982381-IE7\ie4uinit.exe
c:\windows\m\KB982381-IE7\ieakeng.dll
c:\windows\m\KB982381-IE7\ieaksie.dll
c:\windows\m\KB982381-IE7\ieakui.dll
c:\windows\m\KB982381-IE7\ieapfltr.dat
c:\windows\m\KB982381-IE7\ieapfltr.dll
c:\windows\m\KB982381-IE7\iedkcs32.dll
c:\windows\m\KB982381-IE7\ieencode.dll
c:\windows\m\KB982381-IE7\ieframe.dll
c:\windows\m\KB982381-IE7\ieframe.dll.mui
c:\windows\m\KB982381-IE7\iepeers.dll
c:\windows\m\KB982381-IE7\iernonce.dll
c:\windows\m\KB982381-IE7\iertutil.dll
c:\windows\m\KB982381-IE7\ieudinit.exe
c:\windows\m\KB982381-IE7\iexplore.exe
c:\windows\m\KB982381-IE7\inetcpl.cpl
c:\windows\m\KB982381-IE7\jsproxy.dll
c:\windows\m\KB982381-IE7\msfeeds.dll
c:\windows\m\KB982381-IE7\msfeedsbs.dll
c:\windows\m\KB982381-IE7\mshtml.dll
c:\windows\m\KB982381-IE7\mshtmled.dll
c:\windows\m\KB982381-IE7\msrating.dll
c:\windows\m\KB982381-IE7\mstime.dll
c:\windows\m\KB982381-IE7\occache.dll
c:\windows\m\KB982381-IE7\pngfilt.dll
c:\windows\m\KB982381-IE7\reg00002
c:\windows\m\KB982381-IE7\reg00003
c:\windows\m\KB982381-IE7\reg00004
c:\windows\m\KB982381-IE7\reg00005
c:\windows\m\KB982381-IE7\reg00006
c:\windows\m\KB982381-IE7\reg00007
c:\windows\m\KB982381-IE7\reg00008
c:\windows\m\KB982381-IE7\reg00009
c:\windows\m\KB982381-IE7\reg00010
c:\windows\m\KB982381-IE7\reg00011
c:\windows\m\KB982381-IE7\reg00012
c:\windows\m\KB982381-IE7\reg00013
c:\windows\m\KB982381-IE7\reg00014
c:\windows\m\KB982381-IE7\reg00015
c:\windows\m\KB982381-IE7\reg00017
c:\windows\m\KB982381-IE7\spuninst\spuninst.exe
c:\windows\m\KB982381-IE7\spuninst\spuninst.inf
c:\windows\m\KB982381-IE7\spuninst\spuninst.txt
c:\windows\m\KB982381-IE7\spuninst\updspapi.dll
c:\windows\m\KB982381-IE7\url.dll
c:\windows\m\KB982381-IE7\urlmon.dll
c:\windows\m\KB982381-IE7\webcheck.dll
c:\windows\m\KB982381-IE7\wininet.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\_000116_.tmp.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET1BA.tmp
c:\windows\system32\SET1BC.tmp
c:\windows\system32\SET1C8.tmp
.
-- Předchozí spuštění --
.
Nakažená kopie c:\windows\system32\drivers\ntfs.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{6C6A3ACC-3069-46F6-92F1-4B1C1B8282E8}\RP254\A0111988.sys
.
--------
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-18 do 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-16 18:08 . 2012-03-16 18:08 -------- d-----w- C:\rsit
2012-03-15 11:42 . 2012-03-15 11:42 -------- d-----w- c:\windows\Installer
2012-03-12 21:10 . 2012-03-15 19:23 -------- d-----w- c:\documents and settings\kundibal\Application Data\dvdcss
2012-03-08 08:32 . 2012-03-08 08:32 -------- d-----w- c:\documents and settings\postgres
2012-03-07 18:20 . 2012-03-07 18:20 -------- d-----w- c:\documents and settings\kundibal\Application Data\ElevatedDiagnostics
2012-03-05 20:10 . 2012-03-05 20:10 -------- d-----w- c:\documents and settings\kundibal\.thumbnails
2012-03-05 20:08 . 2012-03-05 20:08 -------- d-----w- c:\program files\Blender Foundation
2012-03-05 16:23 . 2012-03-05 16:23 -------- d-----w- c:\program files\Lavalys
2012-03-05 16:17 . 2012-03-05 16:17 -------- d-----w- c:\documents and settings\kundibal\Application Data\FreeStone Group
2012-03-05 16:16 . 2012-03-05 16:16 -------- d-----w- c:\program files\Video Card Stability Test
2012-03-03 10:40 . 2012-03-03 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\RELOADED
2012-02-27 20:15 . 2012-02-27 20:15 1492 ----a-w- C:\user.js
2012-02-27 20:15 . 2012-03-07 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\TheBflix
2012-02-27 20:15 . 2012-02-27 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-02-25 08:39 . 2012-02-25 08:39 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 07:11 . 2011-07-20 05:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-10 04:10 . 2011-03-26 10:23 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:10 . 2011-03-26 10:23 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:10 . 2011-03-26 10:23 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:10 . 2011-03-26 10:23 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:10 . 2011-03-26 10:23 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:10 . 2011-03-26 10:23 18620416 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-10 04:10 . 2011-03-26 10:23 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:10 . 2011-03-26 10:23 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-10 04:10 . 2011-03-26 10:23 2292224 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:10 . 2011-03-26 10:23 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:10 . 2011-03-26 10:23 13415040 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-10 03:04 . 2010-10-16 11:05 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-10 03:04 . 2010-10-16 11:05 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-10 03:04 . 2010-10-16 11:05 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-10 03:04 . 2010-10-16 11:05 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:04 . 2010-10-16 11:05 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-12 16:53 . 2008-04-13 23:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 07:50 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-04 17:18 . 2011-08-04 16:13 1834688 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-12-19 08:13 . 2008-04-14 03:42 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:13 . 2008-04-14 03:42 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:13 . 2008-04-14 03:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:13 . 2008-04-14 03:41 17408 ----a-w- c:\windows\system32\corpol.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-05-24 33747360]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 19968]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-10 15494464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-10 108352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVerQuick.lnk]
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^kundibal^Start Menu^Programs^Startup^Warkeys Update.lnk]
backup=c:\windows\pss\Warkeys Update.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2011-06-04 07:40 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-04-03 16:35 136176 ----atw- c:\documents and settings\kundibal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-28 16:38 1987976 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\poxnora\\LaunchPad.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"e:\\Program Files\\Steam\\steamapps\\steam210576\\condition zero\\hl.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"=
"e:\\Program Files\\Steam\\steamapps\\steam210576\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:mysql
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.3.2011 11:23 717296]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [20.12.2011 19:47 4544]
S0 bjrvlvcn;bjrvlvcn;c:\windows\system32\drivers\pmvy.sys --> c:\windows\system32\drivers\pmvy.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.5.2011 16:53 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.5.2011 16:53 307288]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 14:04 115008]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 12:47 94872]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.5.2011 16:53 19544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [19.1.2012 17:09 84608]
S2 DokanMounter;DokanMounter;c:\program files\Capsa.cz\dokanLibrary0.5.3\mounter.exe [19.1.2012 17:09 22016]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [4.6.2011 8:27 233472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8.5.2011 10:36 652360]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;"d:\db poker\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "d:\db poker\data\" --> d:\db poker\bin\pg_ctl.exe [?]
S3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\drivers\AVerAF15DMBTH.sys [3.6.2011 19:54 569728]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4.6.2011 8:27 36608]
S3 GGSAFERDriver;GGSAFER Driver;\??\e:\garena\safedrv.sys --> e:\garena\safedrv.sys [?]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 17:38 1373576]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8.5.2011 10:36 20464]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [27.12.2010 23:50 31124344]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [4.6.2011 8:28 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [4.6.2011 8:28 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [4.6.2011 8:28 121856]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [26.3.2011 11:24 2136224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.7.2009 4:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.3.2009 2:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.3.2009 2:23 366936]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - PARPORT
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1035525444-725345543-1003Core.job
- c:\documents and settings\kundibal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-03 16:35]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1035525444-725345543-1003UA.job
- c:\documents and settings\kundibal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-03 16:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=14672
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-18 08:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-1035525444-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:df,04,24,1a,58,25,42,a3,81,39,82,eb,7a,b7,cc,97,4d,0f,2a,04,f6,
e5,ca,c3,1d,77,58,57,25,c8,22,ec,13,4d,c2,59,dd,fd,e9,a2,24,b5,18,30,82,61,\
"rkeysecu"=hex:93,fb,26,f0,5f,97,92,2b,75,48,ee,0f,22,71,1c,c3
.
Celkový čas: 2012-03-18 08:04:37
ComboFix-quarantined-files.txt 2012-03-18 07:04
.
Před spuštěním: 1 591 140 352 bytes free
Po spuštění: 1 521 152 000 bytes free
.
- - End Of File - - C999DD0C08E5574C0BDD4CBD599CB6F0
spustil jsem TDSSkiller znovu a log stejný
08:15:00.0593 1912 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
08:15:00.0687 1912 ============================================================
08:15:00.0687 1912 Current date / time: 2012/03/18 08:15:00.0687
08:15:00.0687 1912 SystemInfo:
08:15:00.0687 1912
08:15:00.0687 1912 OS Version: 5.1.2600 ServicePack: 3.0
08:15:00.0687 1912 Product type: Workstation
08:15:00.0687 1912 ComputerName: BITCH
08:15:00.0687 1912 UserName: kundibal
08:15:00.0687 1912 Windows directory: C:\WINDOWS
08:15:00.0687 1912 System windows directory: C:\WINDOWS
08:15:00.0687 1912 Processor architecture: Intel x86
08:15:00.0687 1912 Number of processors: 2
08:15:00.0687 1912 Page size: 0x1000
08:15:00.0687 1912 Boot type: Normal boot
08:15:00.0687 1912 ============================================================
08:15:01.0843 1912 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97695, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054
08:15:01.0859 1912 Drive \Device\Harddisk2\DR2 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:15:01.0859 1912 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:15:01.0859 1912 \Device\Harddisk0\DR0:
08:15:01.0875 1912 MBR used
08:15:01.0875 1912 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542E681
08:15:01.0875 1912 \Device\Harddisk2\DR2:
08:15:01.0875 1912 MBR used
08:15:01.0875 1912 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3C74
08:15:01.0890 1912 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x30D3CF2, BlocksNum 0x643690E
08:15:01.0890 1912 \Device\Harddisk1\DR1:
08:15:01.0890 1912 MBR used
08:15:01.0890 1912 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
08:15:01.0984 1912 Initialize success
08:15:01.0984 1912 ============================================================
08:15:05.0906 2980 ============================================================
08:15:05.0906 2980 Scan started
08:15:05.0906 2980 Mode: Manual;
08:15:05.0906 2980 ============================================================
08:15:07.0031 2980 Aavmker4 (78a4db23bb4e8d4349e164d1d90af73f) C:\WINDOWS\system32\drivers\Aavmker4.sys
08:15:07.0031 2980 Aavmker4 - ok
08:15:07.0093 2980 Abiosdsk - ok
08:15:07.0125 2980 abp480n5 - ok
08:15:07.0171 2980 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:15:07.0171 2980 ACPI - ok
08:15:07.0218 2980 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:15:07.0218 2980 ACPIEC - ok
08:15:07.0250 2980 adpu160m - ok
08:15:07.0296 2980 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:15:07.0296 2980 aec - ok
08:15:07.0359 2980 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:15:07.0359 2980 AFD - ok
08:15:07.0390 2980 Aha154x - ok
08:15:07.0406 2980 aic78u2 - ok
08:15:07.0437 2980 aic78xx - ok
08:15:07.0453 2980 AliIde - ok
08:15:07.0468 2980 amsint - ok
08:15:07.0562 2980 AR5211 (3cb8e72b7c9887b42b90000e8cb1e7be) C:\WINDOWS\system32\DRIVERS\ar5211.sys
08:15:07.0562 2980 AR5211 - ok
08:15:07.0578 2980 asc - ok
08:15:07.0609 2980 asc3350p - ok
08:15:07.0640 2980 asc3550 - ok
08:15:07.0671 2980 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:15:07.0671 2980 aswFsBlk - ok
08:15:07.0703 2980 aswMon2 (2ce6da466687cbb3b97e59f8831a27cb) C:\WINDOWS\system32\drivers\aswMon2.sys
08:15:07.0703 2980 aswMon2 - ok
08:15:07.0734 2980 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\WINDOWS\system32\drivers\aswRdr.sys
08:15:07.0734 2980 aswRdr - ok
08:15:07.0781 2980 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\WINDOWS\system32\drivers\aswSnx.sys
08:15:07.0781 2980 aswSnx - ok
08:15:07.0828 2980 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\WINDOWS\system32\drivers\aswSP.sys
08:15:07.0828 2980 aswSP - ok
08:15:07.0859 2980 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\WINDOWS\system32\drivers\aswTdi.sys
08:15:07.0859 2980 aswTdi - ok
08:15:07.0921 2980 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:15:07.0921 2980 AsyncMac - ok
08:15:07.0953 2980 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:15:07.0953 2980 atapi - ok
08:15:07.0984 2980 Atdisk - ok
08:15:08.0031 2980 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
08:15:08.0046 2980 atksgt - ok
08:15:08.0078 2980 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:15:08.0078 2980 Atmarpc - ok
08:15:08.0125 2980 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:15:08.0125 2980 audstub - ok
08:15:08.0203 2980 AVerAF15DMBTH (3e851cc6db0c07a8cc640fd03eb6fdae) C:\WINDOWS\system32\Drivers\AVerAF15DMBTH.sys
08:15:08.0203 2980 AVerAF15DMBTH - ok
08:15:08.0218 2980 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:15:08.0218 2980 Beep - ok
08:15:08.0250 2980 bjrvlvcn - ok
08:15:08.0328 2980 catchme - ok
08:15:08.0359 2980 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:15:08.0359 2980 cbidf2k - ok
08:15:08.0406 2980 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:15:08.0406 2980 CCDECODE - ok
08:15:08.0421 2980 cd20xrnt - ok
08:15:08.0453 2980 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:15:08.0453 2980 Cdaudio - ok
08:15:08.0484 2980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:15:08.0484 2980 Cdfs - ok
08:15:08.0484 2980 Scan interrupted by user!
08:15:08.0484 2980 Scan interrupted by user!
08:15:08.0484 2980 Scan interrupted by user!
08:15:08.0484 2980 ============================================================
08:15:08.0484 2980 Scan finished
08:15:08.0484 2980 ============================================================
08:15:08.0484 2972 Detected object count: 0
08:15:08.0484 2972 Actual detected object count: 0
08:15:08.0921 2840 ============================================================
08:15:08.0921 2840 Scan started
08:15:08.0921 2840 Mode: Manual; SigCheck; TDLFS;
08:15:08.0921 2840 ============================================================
08:15:09.0156 2840 Aavmker4 (78a4db23bb4e8d4349e164d1d90af73f) C:\WINDOWS\system32\drivers\Aavmker4.sys
08:15:09.0250 2840 Aavmker4 - ok
08:15:09.0281 2840 Abiosdsk - ok
08:15:09.0312 2840 abp480n5 - ok
08:15:09.0359 2840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:15:09.0468 2840 ACPI - ok
08:15:09.0515 2840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:15:09.0625 2840 ACPIEC - ok
08:15:09.0640 2840 adpu160m - ok
08:15:09.0703 2840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:15:09.0812 2840 aec - ok
08:15:09.0859 2840 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:15:09.0875 2840 AFD - ok
08:15:09.0906 2840 Aha154x - ok
08:15:09.0921 2840 aic78u2 - ok
08:15:09.0953 2840 aic78xx - ok
08:15:09.0984 2840 AliIde - ok
08:15:10.0000 2840 amsint - ok
08:15:10.0062 2840 AR5211 (3cb8e72b7c9887b42b90000e8cb1e7be) C:\WINDOWS\system32\DRIVERS\ar5211.sys
08:15:10.0078 2840 AR5211 ( UnsignedFile.Multi.Generic ) - warning
08:15:10.0078 2840 AR5211 - detected UnsignedFile.Multi.Generic (1)
08:15:10.0109 2840 asc - ok
08:15:10.0125 2840 asc3350p - ok
08:15:10.0156 2840 asc3550 - ok
08:15:10.0234 2840 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:15:10.0250 2840 aswFsBlk - ok
08:15:10.0281 2840 aswMon2 (2ce6da466687cbb3b97e59f8831a27cb) C:\WINDOWS\system32\drivers\aswMon2.sys
08:15:10.0296 2840 aswMon2 - ok
08:15:10.0312 2840 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\WINDOWS\system32\drivers\aswRdr.sys
08:15:10.0328 2840 aswRdr - ok
08:15:10.0359 2840 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\WINDOWS\system32\drivers\aswSnx.sys
08:15:10.0375 2840 aswSnx - ok
08:15:10.0421 2840 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\WINDOWS\system32\drivers\aswSP.sys
08:15:10.0437 2840 aswSP - ok
08:15:10.0468 2840 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\WINDOWS\system32\drivers\aswTdi.sys
08:15:10.0484 2840 aswTdi - ok
08:15:10.0515 2840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:15:10.0640 2840 AsyncMac - ok
08:15:10.0671 2840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:15:10.0796 2840 atapi - ok
08:15:10.0828 2840 Atdisk - ok
08:15:10.0890 2840 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
08:15:10.0906 2840 atksgt - ok
08:15:10.0937 2840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:15:11.0062 2840 Atmarpc - ok
08:15:11.0109 2840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:15:11.0234 2840 audstub - ok
08:15:11.0312 2840 AVerAF15DMBTH (3e851cc6db0c07a8cc640fd03eb6fdae) C:\WINDOWS\system32\Drivers\AVerAF15DMBTH.sys
08:15:11.0343 2840 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - warning
08:15:11.0343 2840 AVerAF15DMBTH - detected UnsignedFile.Multi.Generic (1)
08:15:11.0375 2840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:15:11.0500 2840 Beep - ok
08:15:11.0531 2840 bjrvlvcn - ok
08:15:11.0609 2840 catchme - ok
08:15:11.0656 2840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:15:11.0781 2840 cbidf2k - ok
08:15:11.0843 2840 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:15:11.0968 2840 CCDECODE - ok
08:15:12.0000 2840 cd20xrnt - ok
08:15:12.0031 2840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:15:12.0140 2840 Cdaudio - ok
08:15:12.0203 2840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:15:12.0328 2840 Cdfs - ok
08:15:12.0390 2840 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:15:12.0515 2840 Cdrom - ok
08:15:12.0531 2840 Changer - ok
08:15:12.0562 2840 CmdIde - ok
08:15:12.0593 2840 Cpqarray - ok
08:15:12.0609 2840 dac2w2k - ok
08:15:12.0625 2840 dac960nt - ok
08:15:12.0640 2840 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:15:12.0796 2840 Disk - ok
08:15:12.0843 2840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:15:12.0968 2840 dmboot - ok
08:15:13.0015 2840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:15:13.0140 2840 dmio - ok
08:15:13.0171 2840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:15:13.0296 2840 dmload - ok
08:15:13.0359 2840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:15:13.0484 2840 DMusic - ok
08:15:13.0515 2840 Dokan (bf94acf77e2c7458d91d0bef8718eece) C:\WINDOWS\system32\drivers\dokan.sys
08:15:13.0531 2840 Dokan ( UnsignedFile.Multi.Generic ) - warning
08:15:13.0531 2840 Dokan - detected UnsignedFile.Multi.Generic (1)
08:15:13.0562 2840 dpti2o - ok
08:15:13.0609 2840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:15:13.0734 2840 drmkaud - ok
08:15:13.0765 2840 dsNcAdpt - ok
08:15:13.0796 2840 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys
08:15:13.0812 2840 eamon - ok
08:15:13.0859 2840 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
08:15:13.0859 2840 ehdrv - ok
08:15:13.0890 2840 epfwtdir (aa0667eb9a92414abb784c101a6c7fec) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
08:15:13.0906 2840 epfwtdir - ok
08:15:13.0953 2840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:15:14.0093 2840 Fastfat - ok
08:15:14.0125 2840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:15:14.0250 2840 Fdc - ok
08:15:14.0281 2840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:15:14.0406 2840 Fips - ok
08:15:14.0437 2840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:15:14.0562 2840 Flpydisk - ok
08:15:14.0609 2840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:15:14.0718 2840 FltMgr - ok
08:15:14.0765 2840 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
08:15:14.0765 2840 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
08:15:14.0765 2840 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
08:15:14.0843 2840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:15:14.0968 2840 Fs_Rec - ok
08:15:15.0015 2840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:15:15.0140 2840 Ftdisk - ok
08:15:15.0156 2840 GGSAFERDriver - ok
08:15:15.0187 2840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:15:15.0312 2840 Gpc - ok
08:15:15.0359 2840 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
08:15:15.0375 2840 hamachi - ok
08:15:15.0421 2840 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:15:15.0546 2840 HDAudBus - ok
08:15:15.0593 2840 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:15:15.0718 2840 hidusb - ok
08:15:15.0750 2840 hidusbf (34f0823be25aed4992fd9fcf587f50d5) C:\WINDOWS\system32\DRIVERS\hidusbf.sys
08:15:15.0750 2840 hidusbf ( UnsignedFile.Multi.Generic ) - warning
08:15:15.0750 2840 hidusbf - detected UnsignedFile.Multi.Generic (1)
08:15:15.0781 2840 hpn - ok
08:15:15.0828 2840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:15:15.0843 2840 HTTP - ok
08:15:15.0875 2840 i2omgmt - ok
08:15:15.0921 2840 i2omp - ok
08:15:15.0953 2840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:15:16.0062 2840 i8042prt - ok
08:15:16.0093 2840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:15:16.0234 2840 Imapi - ok
08:15:16.0250 2840 ini910u - ok
08:15:16.0265 2840 IntelIde - ok
08:15:16.0312 2840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:15:16.0437 2840 Ip6Fw - ok
08:15:16.0484 2840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:15:16.0593 2840 IpFilterDriver - ok
08:15:16.0625 2840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:15:16.0734 2840 IpInIp - ok
08:15:16.0765 2840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:15:16.0890 2840 IpNat - ok
08:15:16.0906 2840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:15:17.0046 2840 IPSec - ok
08:15:17.0093 2840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:15:17.0156 2840 IRENUM - ok
08:15:17.0218 2840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:15:17.0328 2840 isapnp - ok
08:15:17.0390 2840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:15:17.0500 2840 Kbdclass - ok
08:15:17.0562 2840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:15:17.0687 2840 kmixer - ok
08:15:17.0734 2840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:15:17.0750 2840 KSecDD - ok
08:15:17.0796 2840 L1e (101457d884e3dd4636baefb9b7e7d3f3) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
08:15:17.0812 2840 L1e - ok
08:15:17.0843 2840 lbrtfdc - ok
08:15:17.0906 2840 LHidFlt2 (63b00a26f62572e0d58e6c8d3b32bf59) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
08:15:17.0921 2840 LHidFlt2 - ok
08:15:17.0968 2840 LHidUsb (ac05a1b5c66d693b1598fd83617d1820) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
08:15:17.0968 2840 LHidUsb - ok
08:15:18.0000 2840 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
08:15:18.0015 2840 lirsgt - ok
08:15:18.0078 2840 LMouFlt2 (03abef1a29addc98c32ed0f336b98e90) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
08:15:18.0109 2840 LMouFlt2 - ok
08:15:18.0156 2840 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
08:15:18.0156 2840 MBAMProtector - ok
08:15:18.0218 2840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:15:18.0343 2840 mnmdd - ok
08:15:18.0390 2840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:15:18.0515 2840 Modem - ok
08:15:18.0593 2840 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
08:15:18.0671 2840 monfilt - ok
08:15:18.0718 2840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:15:18.0828 2840 Mouclass - ok
08:15:18.0859 2840 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:15:18.0984 2840 mouhid - ok
08:15:19.0000 2840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:15:19.0109 2840 MountMgr - ok
08:15:19.0187 2840 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
08:15:19.0296 2840 MPE - ok
08:15:19.0328 2840 mraid35x - ok
08:15:19.0359 2840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:15:19.0500 2840 MRxDAV - ok
08:15:19.0546 2840 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:15:19.0593 2840 MRxSmb - ok
08:15:19.0609 2840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:15:19.0750 2840 Msfs - ok
08:15:19.0796 2840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:15:19.0921 2840 MSKSSRV - ok
08:15:19.0968 2840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:15:20.0078 2840 MSPCLOCK - ok
08:15:20.0109 2840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:15:20.0234 2840 MSPQM - ok
08:15:20.0281 2840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:15:20.0390 2840 mssmbios - ok
08:15:20.0453 2840 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:15:20.0578 2840 MSTEE - ok
08:15:20.0609 2840 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
08:15:20.0625 2840 MTsensor - ok
08:15:20.0656 2840 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:15:20.0671 2840 Mup - ok
08:15:20.0703 2840 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:15:20.0828 2840 NABTSFEC - ok
08:15:20.0875 2840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:15:21.0000 2840 NDIS - ok
08:15:21.0031 2840 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:15:21.0140 2840 NdisIP - ok
08:15:21.0187 2840 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:15:21.0187 2840 NdisTapi - ok
08:15:21.0234 2840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:15:21.0390 2840 Ndisuio - ok
08:15:21.0421 2840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:15:21.0531 2840 NdisWan - ok
08:15:21.0578 2840 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:15:21.0578 2840 NDProxy - ok
08:15:21.0625 2840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:15:21.0734 2840 NetBIOS - ok
08:15:21.0765 2840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:15:21.0875 2840 NetBT - ok
08:15:21.0906 2840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:15:22.0015 2840 Npfs - ok
08:15:22.0093 2840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:15:22.0218 2840 Ntfs - ok
08:15:22.0265 2840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:15:22.0390 2840 Null - ok
08:15:22.0765 2840 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:15:23.0093 2840 nv - ok
08:15:23.0171 2840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:15:23.0281 2840 NwlnkFlt - ok
08:15:23.0312 2840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:15:23.0437 2840 NwlnkFwd - ok
08:15:23.0515 2840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
08:15:23.0625 2840 Parport - ok
08:15:23.0656 2840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:15:23.0781 2840 PartMgr - ok
08:15:23.0828 2840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:15:23.0937 2840 ParVdm - ok
08:15:23.0984 2840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:15:24.0093 2840 PCI - ok
08:15:24.0125 2840 PCIDump - ok
08:15:24.0156 2840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:15:24.0281 2840 PCIIde - ok
08:15:24.0328 2840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:15:24.0453 2840 Pcmcia - ok
08:15:24.0468 2840 PDCOMP - ok
08:15:24.0500 2840 PDFRAME - ok
08:15:24.0515 2840 PDRELI - ok
08:15:24.0546 2840 PDRFRAME - ok
08:15:24.0562 2840 perc2 - ok
08:15:24.0593 2840 perc2hib - ok
08:15:24.0640 2840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:15:24.0750 2840 PptpMiniport - ok
08:15:24.0796 2840 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:15:24.0921 2840 Processor - ok
08:15:24.0953 2840 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:15:25.0062 2840 PSched - ok
08:15:25.0093 2840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:15:25.0203 2840 Ptilink - ok
08:15:25.0250 2840 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:15:25.0265 2840 PxHelp20 - ok
08:15:25.0281 2840 ql1080 - ok
08:15:25.0312 2840 Ql10wnt - ok
08:15:25.0328 2840 ql12160 - ok
08:15:25.0359 2840 ql1240 - ok
08:15:25.0390 2840 ql1280 - ok
08:15:25.0390 2840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:15:25.0531 2840 RasAcd - ok
08:15:25.0546 2840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:15:25.0671 2840 Rasl2tp - ok
08:15:25.0703 2840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:15:25.0812 2840 RasPppoe - ok
08:15:25.0828 2840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:15:25.0953 2840 Raspti - ok
08:15:25.0984 2840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:15:26.0093 2840 Rdbss - ok
08:15:26.0109 2840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:15:26.0234 2840 RDPCDD - ok
08:15:26.0281 2840 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:15:26.0390 2840 rdpdr - ok
08:15:26.0437 2840 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:15:26.0453 2840 RDPWD - ok
08:15:26.0468 2840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:15:26.0625 2840 redbook - ok
08:15:26.0671 2840 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
08:15:26.0687 2840 RsFx0103 - ok
08:15:26.0750 2840 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
08:15:26.0859 2840 rtl8139 - ok
08:15:26.0906 2840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:15:26.0953 2840 Secdrv - ok
08:15:27.0000 2840 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:15:27.0109 2840 serenum - ok
08:15:27.0125 2840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:15:27.0250 2840 Serial - ok
08:15:27.0296 2840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:15:27.0406 2840 Sfloppy - ok
08:15:27.0437 2840 Simbad - ok
08:15:27.0484 2840 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:15:27.0593 2840 SLIP - ok
08:15:27.0609 2840 Sparrow - ok
08:15:27.0687 2840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:15:27.0796 2840 splitter - ok
08:15:27.0859 2840 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
08:15:27.0859 2840 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
08:15:27.0859 2840 sptd ( LockedFile.Multi.Generic ) - warning
08:15:27.0859 2840 sptd - detected LockedFile.Multi.Generic (1)
08:15:27.0906 2840 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:15:27.0953 2840 sr - ok
08:15:28.0000 2840 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:15:28.0031 2840 Srv - ok
08:15:28.0093 2840 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
08:15:28.0109 2840 ss_bbus - ok
08:15:28.0156 2840 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
08:15:28.0156 2840 ss_bmdfl - ok
08:15:28.0203 2840 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
08:15:28.0218 2840 ss_bmdm - ok
08:15:28.0265 2840 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:15:28.0375 2840 streamip - ok
08:15:28.0437 2840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:15:28.0546 2840 swenum - ok
08:15:28.0609 2840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:15:28.0703 2840 swmidi - ok
08:15:28.0750 2840 symc810 - ok
08:15:28.0765 2840 symc8xx - ok
08:15:28.0796 2840 sym_hi - ok
08:15:28.0812 2840 sym_u3 - ok
08:15:28.0859 2840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:15:28.0984 2840 sysaudio - ok
08:15:29.0046 2840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:15:29.0062 2840 Tcpip - ok
08:15:29.0125 2840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:15:29.0234 2840 TDPIPE - ok
08:15:29.0265 2840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:15:29.0375 2840 TDTCP - ok
08:15:29.0437 2840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:15:29.0531 2840 TermDD - ok
08:15:29.0562 2840 TosIde - ok
08:15:29.0625 2840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:15:29.0718 2840 Udfs - ok
08:15:29.0734 2840 ultra - ok
08:15:29.0828 2840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:15:29.0953 2840 Update - ok
08:15:30.0000 2840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:15:30.0109 2840 usbccgp - ok
08:15:30.0171 2840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:15:30.0281 2840 usbehci - ok
08:15:30.0312 2840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:15:30.0421 2840 usbhub - ok
08:15:30.0453 2840 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:15:30.0546 2840 usbohci - ok
08:15:30.0593 2840 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:15:30.0718 2840 USBSTOR - ok
08:15:30.0765 2840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:15:30.0859 2840 VgaSave - ok
08:15:30.0984 2840 VIAHdAudAddService (cbc1ce0a1fce0deed4f6f093be91d132) C:\WINDOWS\system32\drivers\viahduaa.sys
08:15:31.0046 2840 VIAHdAudAddService - ok
08:15:31.0078 2840 ViaIde - ok
08:15:31.0109 2840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:15:31.0218 2840 VolSnap - ok
08:15:31.0265 2840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:15:31.0375 2840 Wanarp - ok
08:15:31.0390 2840 WDICA - ok
08:15:31.0453 2840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:15:31.0562 2840 wdmaud - ok
08:15:31.0609 2840 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:15:31.0718 2840 WmiAcpi - ok
08:15:31.0781 2840 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:15:31.0890 2840 WS2IFSL - ok
08:15:31.0906 2840 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:15:32.0046 2840 WSTCODEC - ok
08:15:32.0093 2840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:15:32.0109 2840 WudfPf - ok
08:15:32.0140 2840 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:15:32.0156 2840 WudfRd - ok
08:15:32.0171 2840 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:15:32.0218 2840 \Device\Harddisk0\DR0 - ok
08:15:32.0234 2840 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
08:15:32.0406 2840 \Device\Harddisk2\DR2 ( TDSS File System ) - warning
08:15:32.0406 2840 \Device\Harddisk2\DR2 - detected TDSS File System (1)
08:15:32.0406 2840 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
08:15:32.0437 2840 \Device\Harddisk1\DR1 - ok
08:15:32.0437 2840 Boot (0x1200) (57a5dc99b56e9005f2431a948e997904) \Device\Harddisk0\DR0\Partition0
08:15:32.0437 2840 \Device\Harddisk0\DR0\Partition0 - ok
08:15:32.0437 2840 Boot (0x1200) (8b1ec730cb92ce601529b2b77ef94f2e) \Device\Harddisk2\DR2\Partition0
08:15:32.0437 2840 \Device\Harddisk2\DR2\Partition0 - ok
08:15:32.0468 2840 Boot (0x1200) (be9dcdf9482ad37e6e4e0c93eece7738) \Device\Harddisk2\DR2\Partition1
08:15:32.0468 2840 \Device\Harddisk2\DR2\Partition1 - ok
08:15:32.0468 2840 Boot (0x1200) (67643b5bd28842b200c744127f5afd21) \Device\Harddisk1\DR1\Partition0
08:15:32.0468 2840 \Device\Harddisk1\DR1\Partition0 - ok
08:15:32.0468 2840 ============================================================
08:15:32.0468 2840 Scan finished
08:15:32.0468 2840 ============================================================
08:15:32.0578 3056 Detected object count: 7
08:15:32.0578 3056 Actual detected object count: 7
08:15:36.0640 3056 AR5211 ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0640 3056 AR5211 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0640 3056 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0640 3056 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0640 3056 Dokan ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0640 3056 Dokan ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0640 3056 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0640 3056 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0656 3056 hidusbf ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:36.0656 3056 hidusbf ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:36.0656 3056 sptd ( LockedFile.Multi.Generic ) - skipped by user
08:15:36.0656 3056 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
08:15:36.0656 3056 \Device\Harddisk2\DR2 ( TDSS File System ) - skipped by user
08:15:36.0656 3056 \Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Skip
Re: Vypínání/zapínání PC. Sekání při datovém přenosu?
Spusťte znovu RogueKiller.
Omlouvám se za pozdní reakce, dnes odpoledne nebo večer už tu budu.
Bsod způsobuje asi driver od combofixu
Omlouvám se za pozdní reakce, dnes odpoledne nebo večer už tu budu.
Bsod způsobuje asi driver od combofixu
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Vypínání/zapínání PC. Sekání při datovém přenosu?
Spustil jsem hned po combofixu, viz předchozí příspěvek, ale spustím znovu Mám dát skip u TDSS nebo Delete(nevím presne ted co je uvedeno za volbu).
Díky
Mám dát skip u TDSS nebo Delete(nevím presne ted co je uvedeno za volbu).Díky
Re: Vypínání/zapínání PC. Sekání při datovém přenosu?
Ne, já myslela tento program
[/quote]vyosek píše:
- Ukoncete vsechny programy
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Pockejte na dokonceni PreScanu
- Zvolte moznost Prohledat (scan)
- Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Vypínání/zapínání PC. Sekání při datovém přenosu?
RogueKiller V7.3.1 [03/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: kundibal [Admin rights]
Mode: Scan -- Date: 03/19/2012 20:29:20
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3320620AS +++++
--- User ---
[MBR] 0d5042f8689668c196c7fe6e7c8de20d
[BSP] d19af4eddeca007fdce9913b4d3d5b5b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305244 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD3200JS-63PDB1 +++++
--- User ---
[MBR] 4afb9005cffff188ea60da997fd1bdf9
[BSP] 271139afabcce979652f030bac56718c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: WDC WD800JB-00ETA0 +++++
--- User ---
[MBR] feae3003caf1d816bac254095d89c2b1
[BSP] 8e32c701c58ec603a3c76f06986da3a8 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 24999 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 51199155 | Size: 51309 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: kundibal [Admin rights]
Mode: Scan -- Date: 03/19/2012 20:29:20
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFCB40)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3320620AS +++++
--- User ---
[MBR] 0d5042f8689668c196c7fe6e7c8de20d
[BSP] d19af4eddeca007fdce9913b4d3d5b5b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305244 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD3200JS-63PDB1 +++++
--- User ---
[MBR] 4afb9005cffff188ea60da997fd1bdf9
[BSP] 271139afabcce979652f030bac56718c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: WDC WD800JB-00ETA0 +++++
--- User ---
[MBR] feae3003caf1d816bac254095d89c2b1
[BSP] 8e32c701c58ec603a3c76f06986da3a8 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 24999 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 51199155 | Size: 51309 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Přispějete na provoz fóra?