Prosím o pomoc s odstraněním Win32/Agent.SDG.Gen

[Lintner.T]

Dobrý den, měl bych na Vás prosbu. Dnes při kontrole PC NODem na mně vyskočila hláška:

Kód: Vybrat vše

MBR sektor 0. fyzického disku - Win32/Agent.SDG.Gen trojský kůň - výběr akce byl odložen na konec skenování

Poradí mi někdo, prosím, jak postupovat při jeho odstranění? Zde je log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Martina at 2012-04-14 09:59:28
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (39%) free of 25 GB
Total RAM: 1014 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:59:48, on 14.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Martina\Local Settings\Temporary Internet Files\Content.IE5\UUQP93P2\RSIT[1].exe
C:\Program Files\trend micro\Martina.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=nv1&s={searchTerms}&f=4
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe -update activex (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5544056063
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 5462 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-05-27 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-05-27 532480]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 3080264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2003-10-02 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2003-10-02 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-06-18 67584]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll

======List of files/folders created in the last 1 month======

2012-04-14 09:59:29 ----D---- C:\Program Files\trend micro
2012-04-14 09:59:28 ----D---- C:\rsit
2012-04-14 09:02:46 ----D---- C:\Program Files\ESET
2012-04-14 09:02:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2012-04-14 08:45:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-04-14 08:45:06 ----ASH---- C:\hiberfil.sys
2012-04-14 08:32:34 ----D---- C:\WINDOWS\CSC
2012-04-14 08:26:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2012-03-15 08:37:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2641653$
2012-03-15 08:37:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2621440$
2012-03-15 08:37:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2647518$

======List of files/folders modified in the last 1 month======

2012-04-14 09:59:29 ----RD---- C:\Program Files
2012-04-14 09:59:24 ----D---- C:\WINDOWS\Temp
2012-04-14 09:59:21 ----D---- C:\WINDOWS\Prefetch
2012-04-14 09:28:44 ----D---- C:\WINDOWS
2012-04-14 09:12:50 ----SHD---- C:\WINDOWS\Installer
2012-04-14 09:12:37 ----HD---- C:\WINDOWS\inf
2012-04-14 09:12:37 ----D---- C:\WINDOWS\system32\drivers
2012-04-14 09:12:31 ----D---- C:\WINDOWS\system32\CatRoot2
2012-04-14 08:51:07 ----D---- C:\WINDOWS\Debug
2012-04-14 08:49:42 ----D---- C:\WINDOWS\system32
2012-04-14 08:46:13 ----D---- C:\WINDOWS\SoftwareDistribution
2012-04-14 08:34:15 ----SHD---- C:\RECYCLER
2012-04-14 08:34:15 ----D---- C:\WINDOWS\Minidump
2012-04-14 08:28:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-04-14 08:28:12 ----D---- C:\Program Files\Internet Explorer
2012-04-14 08:27:49 ----HD---- C:\WINDOWS\$hf_mig$
2012-04-14 08:27:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-04-09 11:06:51 ----D---- C:\Program Files\Opera
2012-04-09 11:06:25 ----D---- C:\Documents and Settings\Martina\Data aplikací\Opera
2012-03-29 03:02:04 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-10-08 33847]
R3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164; C:\WINDOWS\system32\drivers\A302.sys [2003-10-08 11831]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-21 626204]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-08-05 121344]
R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2008-07-16 190465]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%; C:\WINDOWS\System32\Drivers\FUJ02E1.sys [2008-07-09 5632]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-10-08 93979]
R3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2008-07-16 5817]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-05-27 184544]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-09-12 3298432]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Lintner.T]

nedávej logy do k´du, blbě se luští.

Omlouvám se, tag "code" se vložil automaticky sám. Zde je log:
MBRScan v1.1.1

OS : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR : x86 Family 6 Model 13 Stepping 6, GenuineIntel
BOOT : Normal Boot
DATE : 2012/04/14 (ISO 8601) at 10:43:23
________________________________________________________________________________

Device\Harddisk0\DR0 74.53 Go [Fixed] ==> Possible Whistler MBR Code ==> PARTITION TABLE FAKED !!

MBR_MD5 : 3ECBB649DD3873B683AFAB54F4028847
MBR_SHA1 : 37449B5455D3CF958E81D0A2D452FCF2F3B63666

Device\Harddisk0\Partition1 24.41 Go 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 50.11 Go 0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

SystemStartOptions : NOEXECUTE=OPTIN FASTDETECT

________________________________________________________________________________

_______MBR \Device\Harddisk0\DR0

0x00000000 31 C0 8E D8 8E C0 8E D0 BC 00 7C BE 00 7C BF 00 1À.Ø.À.м.|¾.|¿.
0x00000010 06 B9 80 00 FC F3 66 A5 90 EA 1E 06 00 00 66 31 .¹..üóf¥.ê....f1
0x00000020 C0 BE BE 07 B1 04 90 FC 66 39 44 08 72 08 66 8B À¾¾.±..üf9D.r.f.
0x00000030 44 08 66 03 44 0C 83 C6 10 83 2E 86 06 04 E2 E8 D.f.D..Æ......âè
0x00000040 66 09 C0 74 46 66 83 C0 02 B9 40 00 BB 00 7C BF f.ÀtFf.À.¹@.».|¿
0x00000050 06 07 83 2E 86 06 04 E8 78 00 72 2F 66 68 83 C4 .......èx.r/fh.Ä
0x00000060 14 90 66 91 66 51 66 50 66 59 66 58 66 68 04 46 ..f.fQfPfYfXfh.F
0x00000070 E2 F9 66 68 80 FF D7 30 66 68 89 C3 B9 00 66 68 âùfh..×0fh.ù.fh
0x00000080 BE 00 7C 66 0F 83 78 75 90 FC E8 BE BE 07 B1 04 ¾.|f..xu.üè¾¾.±.
0x00000090 80 3C 80 74 13 38 2C 0F 85 9B 00 83 C6 10 E2 F0 .<.t.8,.....Æ.âð
0x000000A0 66 87 F1 66 87 CE CD 18 66 8B 44 08 89 E3 B9 01 f.ñf.ÎÍ.f.D..ã¹.
0x000000B0 00 E8 1E 00 73 0D 8B 4C 02 B8 01 02 CD 13 90 0F .è..s..L.¸..Í...
0x000000C0 82 8F 00 81 3E FE 7D 55 AA 0F 85 A7 00 EA 00 7C ....>þ}Uª..§.ê.|
0x000000D0 00 00 66 60 BB AA 55 B4 41 CD 13 73 04 F9 66 61 ..f`»ªU´AÍ.s.ùfa
0x000000E0 C3 81 FB 55 AA 75 F6 F6 C1 01 74 F1 66 61 66 60 Ã.ûUªuööÁ.tñfaf`
0x000000F0 90 6A 00 6A 00 66 50 06 53 51 6A 10 B4 42 89 E6 .j.j.fP.SQj.´B.æ
0x00000100 CD 13 61 66 61 C3 66 69 DB FD 43 03 00 66 81 C3 Í.afaÃfiÛýC..f.Ã
0x00000110 C3 9E 26 00 66 89 D8 66 C1 E8 10 66 25 FF 00 00 Ã.&.f.ØfÁè.f%...
0x00000120 00 C3 90 FC 5E AC 08 C0 74 FC 56 1E BB 07 00 B4 .Ã.ü^¬.ÀtüV.»..´
0x00000130 0E CD 10 1F EB EC 90 E8 E8 FF 49 6E 76 61 6C 69 .Í..ëì.èè.Invali
0x00000140 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 62 6C d partition tabl
0x00000150 65 00 E8 CD FF 45 72 72 6F 72 20 6C 6F 61 64 69 e.èÍ.Error loadi
0x00000160 6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 ng operating sys
0x00000170 74 65 6D 00 66 52 66 BA 37 03 00 00 66 5A E8 A1 tem.fRfº7...fZè¡
0x00000180 FF 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 74 69 .Missing operati
0x00000190 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00 00 00 ng system.......
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 00 00 00 89 09 8A 09 00 00 80 01 ................
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 74 3C 0D 03 00 FE ...þ..?...t<...þ
0x000001D0 FF FF 07 FE FF FF B3 3C 0D 03 0E A8 43 06 00 00 ...þ..³<...¨C...
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

__________________________16_BIT_ASM_CODE

0x0000 31c0 XOR AX, AX
0x0002 8ed8 MOV DS, AX
0x0004 8ec0 MOV ES, AX
0x0006 8ed0 MOV SS, AX
0x0008 bc 007c MOV SP, 0x7c00
0x000B be 007c MOV SI, 0x7c00
0x000E bf 0006 MOV DI, 0x600
0x0011 b9 8000 MOV CX, 0x80
0x0014 fc CLD
0x0015 f3 66 a5 REP MOVSD
0x0018 90 NOP
0x0019 ea 1e06 0000 JMP FAR 0x0:0x61e
0x001E 66 31c0 XOR EAX, EAX
0x0021 be be07 MOV SI, 0x7be
0x0024 b1 04 MOV CL, 0x4
0x0026 90 NOP
0x0027 fc CLD
0x0028 66 3944 08 CMP [SI+0x8], EAX
0x002C 72 08 JB 0x36
0x002E 66 8b44 08 MOV EAX, [SI+0x8]
0x0032 66 0344 0c ADD EAX, [SI+0xc]
0x0036 83c6 10 ADD SI, 0x10
0x0039 832e 8606 04 SUB WORD [0x686], 0x4
0x003E e2 e8 LOOP 0x28
0x0040 66 09c0 OR EAX, EAX
0x0043 74 46 JZ 0x8b
0x0045 66 83c0 02 ADD EAX, 0x2
0x0049 b9 4000 MOV CX, 0x40
0x004C bb 007c MOV BX, 0x7c00
0x004F bf 0607 MOV DI, 0x706
0x0052 832e 8606 04 SUB WORD [0x686], 0x4
0x0057 e8 7800 CALL 0xd2
0x005A 72 2f JB 0x8b
0x005C 66 68 83c41490 PUSH 0x9014c483
0x0062 66 91 XCHG ECX, EAX
0x0064 66 51 PUSH ECX
0x0066 66 50 PUSH EAX
0x0068 66 59 POP ECX
0x006A 66 58 POP EAX
0x006C 66 68 0446e2f9 PUSH 0xf9e24604
0x0072 66 68 80ffd730 PUSH 0x30d7ff80
0x0078 66 68 89c3b900 PUSH 0xb9c389
0x007E 66 68 be007c66 PUSH 0x667c00be
0x0084 0f83 7875 JAE 0x7600
0x0088 90 NOP
0x0089 fc CLD
0x008A e8 bebe CALL 0xbf4b
0x008D 07 POP ES
0x008E b1 04 MOV CL, 0x4
0x0090 803c 80 CMP BYTE [SI], 0x80
0x0093 74 13 JZ 0xa8
0x0095 382c CMP [SI], CH
0x0097 0f85 9b00 JNZ 0x136
0x009B 83c6 10 ADD SI, 0x10
0x009E e2 f0 LOOP 0x90
0x00A0 66 87f1 XCHG ECX, ESI
0x00A3 66 87ce XCHG ESI, ECX
0x00A6 cd 18 INT 0x18
0x00A8 66 8b44 08 MOV EAX, [SI+0x8]
0x00AC 89e3 MOV BX, SP
0x00AE b9 0100 MOV CX, 0x1
0x00B1 e8 1e00 CALL 0xd2
0x00B4 73 0d JAE 0xc3
0x00B6 8b4c 02 MOV CX, [SI+0x2]
0x00B9 b8 0102 MOV AX, 0x201
0x00BC cd 13 INT 0x13
0x00BE 90 NOP
0x00BF 0f82 8f00 JB 0x152
0x00C3 813e fe7d 55aa CMP WORD [0x7dfe], 0xaa55
0x00C9 0f85 a700 JNZ 0x174
0x00CD ea 007c 0000 JMP FAR 0x0:0x7c00
0x00D2 66 60 PUSHAD
0x00D4 bb aa55 MOV BX, 0x55aa
0x00D7 b4 41 MOV AH, 0x41
0x00D9 cd 13 INT 0x13
0x00DB 73 04 JAE 0xe1
0x00DD f9 STC
0x00DE 66 61 POPAD
0x00E0 c3 RET
0x00E1 81fb 55aa CMP BX, 0xaa55
0x00E5 75 f6 JNZ 0xdd
0x00E7 f6c1 01 TEST CL, 0x1
0x00EA 74 f1 JZ 0xdd
0x00EC 66 61 POPAD
0x00EE 66 60 PUSHAD
0x00F0 90 NOP
0x00F1 6a 00 PUSH 0x0
0x00F3 6a 00 PUSH 0x0
0x00F5 66 50 PUSH EAX
0x00F7 06 PUSH ES
0x00F8 53 PUSH BX
0x00F9 51 PUSH CX
0x00FA 6a 10 PUSH 0x10
0x00FC b4 42 MOV AH, 0x42
0x00FE 89e6 MOV SI, SP
0x0100 cd 13 INT 0x13
0x0102 61 POPA
0x0103 66 61 POPAD
0x0105 c3 RET
0x0106 66 69db fd430300IMUL EBX, EBX, 0x343fd
0x010D 66 81c3 c39e2600ADD EBX, 0x269ec3
0x0114 66 89d8 MOV EAX, EBX
0x0117 66 c1e8 10 SHR EAX, 0x10
0x011B 66 25 ff000000 AND EAX, 0xff
0x0121 c3 RET
0x0122 90 NOP
0x0123 fc CLD
0x0124 5e POP SI
0x0125 ac LODSB
0x0126 08c0 OR AL, AL
0x0128 74 fc JZ 0x126
0x012A 56 PUSH SI
0x012B 1e PUSH DS
0x012C bb 0700 MOV BX, 0x7
0x012F b4 0e MOV AH, 0xe
0x0131 cd 10 INT 0x10
0x0133 1f POP DS
0x0134 eb ec JMP 0x122
0x0136 90 NOP
0x0137 e8 e8ff CALL 0x122
0x013A 49 DEC CX
0x013B 6e OUTSB
0x013C 76 61 JBE 0x19f
0x013E 6c INSB
0x013F 6964 20 7061 IMUL SP, [SI+0x20], 0x6170
0x0144 72 74 JB 0x1ba
0x0146 6974 69 6f6e IMUL SI, [SI+0x69], 0x6e6f
0x014B 2074 61 AND [SI+0x61], DH
0x014E 626c 65 BOUND BP, [SI+0x65]
0x0151 00e8 ADD AL, CH
0x0153 cd ff INT 0xff
0x0155 45 INC BP
0x0156 72 72 JB 0x1ca
0x0158 6f OUTSW
0x0159 72 20 JB 0x17b
0x015B 6c INSB
0x015C 6f OUTSW
0x015D 61 POPA
0x015E 64 696e 67 206f IMUL BP, FS:[BP+0x67], 0x6f20
0x0164 70 65 JO 0x1cb
0x0166 72 61 JB 0x1c9
0x0168 74 69 JZ 0x1d3
0x016A 6e OUTSB
0x016B 67 2073 79 AND [EBX+0x79], DH
0x016F 73 74 JAE 0x1e5
0x0171 65 6d INS WORD GS:[DI], DX
0x0173 0066 52 ADD [BP+0x52], AH
0x0176 66 ba 37030000 MOV EDX, 0x337
0x017C 66 5a POP EDX
0x017E e8 a1ff CALL 0x122
0x0181 4d DEC BP
0x0182 6973 73 696e IMUL SI, [BP+DI+0x73], 0x6e69
0x0187 67 206f 70 AND [EDI+0x70], CH
0x018B 65 DB 0x65
0x018B 65 72 61 JB 0x1ef
0x018E 74 69 JZ 0x1f9
0x0190 6e OUTSB
0x0191 67 2073 79 AND [EBX+0x79], DH
0x0195 73 74 JAE 0x20b
0x0197 65 6d INS WORD GS:[DI], DX
0x0199 0000 ADD [BX+SI], AL
0x019B 0000 ADD [BX+SI], AL
0x019D 0000 ADD [BX+SI], AL
0x019F 0000 ADD [BX+SI], AL
0x01A1 0000 ADD [BX+SI], AL
0x01A3 0000 ADD [BX+SI], AL
0x01A5 0000 ADD [BX+SI], AL
0x01A7 0000 ADD [BX+SI], AL
0x01A9 0000 ADD [BX+SI], AL
0x01AB 0000 ADD [BX+SI], AL
0x01AD 0000 ADD [BX+SI], AL
0x01AF 0000 ADD [BX+SI], AL
0x01B1 0000 ADD [BX+SI], AL
0x01B3 0000 ADD [BX+SI], AL
0x01B5 0000 ADD [BX+SI], AL
0x01B7 0089 098a ADD [BX+DI-0x75f7], CL
0x01BB 0900 OR [BX+SI], AX
0x01BD 0080 0101 ADD [BX+SI+0x101], AL
0x01C1 0007 ADD [BX], AL
0x01C3 fe DB 0xfe
0x01C4 ff DB 0xff
0x01C5 ff DB 0xff
0x01C6 3f AAS
0x01C7 0000 ADD [BX+SI], AL
0x01C9 0074 3c ADD [SI+0x3c], DH
0x01CC 0d 0300 OR AX, 0x3
0x01CF fe DB 0xfe
0x01D0 ff DB 0xff
0x01D1 ff07 INC WORD [BX]
0x01D3 fe DB 0xfe
0x01D4 ff DB 0xff
0x01D5 ffb3 3c0d PUSH WORD [BP+DI+0xd3c]
0x01D9 030e a843 ADD CX, [0x43a8]
0x01DD 06 PUSH ES
0x01DE 0000 ADD [BX+SI], AL
0x01E0 0000 ADD [BX+SI], AL
0x01E2 0000 ADD [BX+SI], AL
0x01E4 0000 ADD [BX+SI], AL
0x01E6 0000 ADD [BX+SI], AL
0x01E8 0000 ADD [BX+SI], AL
0x01EA 0000 ADD [BX+SI], AL
0x01EC 0000 ADD [BX+SI], AL
0x01EE 0000 ADD [BX+SI], AL
0x01F0 0000 ADD [BX+SI], AL
0x01F2 0000 ADD [BX+SI], AL
0x01F4 0000 ADD [BX+SI], AL
0x01F6 0000 ADD [BX+SI], AL
0x01F8 0000 ADD [BX+SI], AL
0x01FA 0000 ADD [BX+SI], AL
0x01FC 0000 ADD [BX+SI], AL
0x01FE 55 PUSH BP
0x01FF aa STOSB

[Lintner.T]

aswMBR.txt:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-14 10:54:19
-----------------------------
10:54:19.171 OS Version: Windows 5.1.2600 Service Pack 3
10:54:19.171 Number of processors: 1 586 0xD06
10:54:19.171 ComputerName: NOTEBOOK-12BD37 UserName: Martina
10:54:19.562 Initialize success
10:54:25.340 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:54:25.340 Disk 0 Vendor: Size: 0MB BusType: 0
10:54:25.360 Disk 0 MBR read successfully
10:54:25.370 Disk 0 MBR scan
10:54:25.370 Disk 0 unknown MBR code
10:54:25.370 Disk 0 MBR hidden
10:54:25.370 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 24999 MB offset 63
10:54:25.400 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 51317 MB offset 51199155
10:54:25.420 Disk 0 scanning C:\WINDOWS\system32\drivers
10:54:34.984 Service scanning
10:54:42.655 Modules scanning
10:54:48.383 Disk 0 trace - called modules:
10:54:48.413 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:54:48.413 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8629fab8]
10:54:48.754 3 CLASSPNP.SYS[f766bfd7] -> nt!IofCallDriver -> \Device\0000006f[0x86347da0]
10:54:48.754 5 ACPI.sys[f75c2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8637c940]
10:54:48.764 Scan finished successfully
10:55:28.942 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Martina\Plocha\MBR.dat"
10:55:28.952 The log file has been saved successfully to "C:\Documents and Settings\Martina\Plocha\aswMBR.txt"

MBR.dat a MbrScan.log

[Lintner.T]

Žádný takový soubor se mi nikde nevytvořil. Hledáno pomocí vyhledávače, který je obsažen ve Windows.

[Lintner.T]

Zkus vyhledat všechny subory s příponou .mbr

Zkoušeno 2x, pokaždé bez úspěchu.

stáhni na plochu http://ad13.geekstogo.com/MBRCheck.exe

- spusť,
- v doss okně zadej "Y"
- zmáčkni 2
- zvol volbu 1 (tj. windows XP)

po restartu, informuj zdali nod nachází škodnou

Končí chybou, viz log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7B0B000 \WINDOWS\system32\KDCOM.DLL
0xF7A1B000 \WINDOWS\system32\BOOTVID.dll
0xF75BC000 ACPI.sys
0xF7B0D000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75AB000 pci.sys
0xF760B000 isapnp.sys
0xF761B000 ohci1394.sys
0xF762B000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A1F000 compbatt.sys
0xF7A23000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BD3000 pciide.sys
0xF788B000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7B0F000 intelide.sys
0xF758D000 pcmcia.sys
0xF763B000 MountMgr.sys
0xF756E000 ftdisk.sys
0xF7893000 PartMgr.sys
0xF764B000 VolSnap.sys
0xF7556000 atapi.sys
0xF765B000 disk.sys
0xF766B000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7536000 fltmgr.sys
0xF7524000 sr.sys
0xF750D000 KSecDD.sys
0xF74FA000 WudfPf.sys
0xF746D000 Ntfs.sys
0xF7440000 NDIS.sys
0xF7426000 Mup.sys
0xF77CB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF73B6000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF73A2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7903000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF737E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF790B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7B27000 \SystemRoot\system32\drivers\MbxStby.sys
0xF734F000 \SystemRoot\system32\drivers\o2mmb.sys
0xF7331000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF700B000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF77DB000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF77EB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF6FDD000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7B29000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7913000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF791B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77FB000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7AE3000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF780B000 \SystemRoot\system32\DRIVERS\smcirda.sys
0xF7AE7000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF6FC9000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7B2B000 \SystemRoot\System32\Drivers\FUJ02E1.sys
0xF781B000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF782B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF783B000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6FA6000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6F0F000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6EEB000 \SystemRoot\system32\drivers\portcls.sys
0xF784B000 \SystemRoot\system32\drivers\drmk.sys
0xF6E89000 \SystemRoot\system32\drivers\ALCXSENS.SYS
0xF7AF3000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7C05000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7923000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF792B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF785B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AFB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6E4A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF786B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF787B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF6E39000 \SystemRoot\system32\DRIVERS\psched.sys
0xF768B000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF793B000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7943000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF69C6000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF769B000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B2D000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6968000 \SystemRoot\system32\DRIVERS\update.sys
0xF73E9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76AB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE87F000 \SystemRoot\system32\drivers\ialmkchw.sys
0xEE861000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF76CB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B31000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D56000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B33000 \SystemRoot\System32\Drivers\Beep.SYS
0xEE841000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0xF7963000 \SystemRoot\system32\drivers\A302.sys
0xF770B000 \SystemRoot\system32\drivers\wA301a.sys
0xF796B000 \SystemRoot\System32\drivers\vga.sys
0xF7B37000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B39000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7973000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF797B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7AC3000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE80E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE7B5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE78D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE773000 \SystemRoot\system32\DRIVERS\epfwtdir.sys
0xEE751000 \SystemRoot\System32\drivers\afd.sys
0xF771B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEE726000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEE6B6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF772B000 \SystemRoot\System32\Drivers\Fips.SYS
0xEE5F0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF773B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF774B000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF776B000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEE5B0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B3F000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF695C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7983000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C6B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF073000 \SystemRoot\System32\ialmdd5.DLL
0xBF0EF000 \SystemRoot\System32\ATMFD.DLL
0xEE3CD000 \SystemRoot\system32\DRIVERS\eamon.sys
0xEE277000 \SystemRoot\system32\DRIVERS\irda.sys
0xEE3A9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEE05A000 \SystemRoot\system32\drivers\wdmaud.sys
0xEE4E8000 \SystemRoot\system32\drivers\sysaudio.sys
0xEDD2F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B17000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEDC87000 \SystemRoot\system32\DRIVERS\srv.sys
0xED8D6000 \SystemRoot\System32\Drivers\HTTP.sys
0xED7A6000 \??\C:\DOCUME~1\Martina\LOCALS~1\Temp\aswMBR.sys
0xED420000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 31):
0 System Idle Process
4 System
852 C:\WINDOWS\system32\smss.exe
900 csrss.exe
928 C:\WINDOWS\system32\winlogon.exe
972 C:\WINDOWS\system32\services.exe
984 C:\WINDOWS\system32\lsass.exe
1160 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1404 C:\WINDOWS\system32\svchost.exe
1448 C:\WINDOWS\system32\svchost.exe
1476 C:\WINDOWS\system32\svchost.exe
1568 svchost.exe
1716 svchost.exe
2000 C:\WINDOWS\system32\spoolsv.exe
140 scardsvr.exe
632 C:\WINDOWS\explorer.exe
760 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
776 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
792 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
396 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
828 C:\WINDOWS\system32\ctfmon.exe
868 C:\Program Files\Messenger\msmsgs.exe
1352 C:\WINDOWS\system32\svchost.exe
1364 svchost.exe
1492 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
1600 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
2248 alg.exe
264 C:\Program Files\Internet Explorer\iexplore.exe
648 C:\Program Files\Internet Explorer\iexplore.exe
3148 C:\Documents and Settings\Martina\Plocha\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000006`1a796600 (NTFS)

PhysicalDrive0 Model Number: ST9808211A, Rev: 3.00

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 8E32362A655637E51EC33E617D30621DECB8EBB5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 1
Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Error opening disk (2)!


Done!

[Lintner.T]

NOD vir stále nachází...

[Lintner.T]

Zde je log:

12:20:46.0128 3832 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
12:20:46.0398 3832 ============================================================
12:20:46.0398 3832 Current date / time: 2012/04/14 12:20:46.0398
12:20:46.0398 3832 SystemInfo:
12:20:46.0398 3832
12:20:46.0398 3832 OS Version: 5.1.2600 ServicePack: 3.0
12:20:46.0398 3832 Product type: Workstation
12:20:46.0398 3832 ComputerName: NOTEBOOK-12BD37
12:20:46.0398 3832 UserName: Martina
12:20:46.0398 3832 Windows directory: C:\WINDOWS
12:20:46.0398 3832 System windows directory: C:\WINDOWS
12:20:46.0398 3832 Processor architecture: Intel x86
12:20:46.0398 3832 Number of processors: 1
12:20:46.0398 3832 Page size: 0x1000
12:20:46.0398 3832 Boot type: Normal boot
12:20:46.0398 3832 ============================================================
12:20:49.0413 3832 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:20:49.0413 3832 \Device\Harddisk0\DR0:
12:20:49.0413 3832 MBR used
12:20:49.0413 3832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3C74
12:20:49.0413 3832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30D3CB3, BlocksNum 0x643A80E
12:20:49.0703 3832 Initialize success
12:20:49.0703 3832 ============================================================
12:21:14.0258 4012 ============================================================
12:21:14.0258 4012 Scan started
12:21:14.0258 4012 Mode: Manual; SigCheck; TDLFS;
12:21:14.0258 4012 ============================================================
12:21:14.0699 4012 Abiosdsk - ok
12:21:14.0719 4012 abp480n5 - ok
12:21:14.0769 4012 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:21:17.0853 4012 ACPI - ok
12:21:17.0944 4012 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:21:18.0184 4012 ACPIEC - ok
12:21:18.0224 4012 adpu160m - ok
12:21:18.0444 4012 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:21:18.0695 4012 aec - ok
12:21:18.0805 4012 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:21:18.0935 4012 AFD - ok
12:21:18.0955 4012 Aha154x - ok
12:21:18.0975 4012 aic78u2 - ok
12:21:19.0015 4012 aic78xx - ok
12:21:19.0155 4012 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
12:21:20.0067 4012 ALCXSENS - ok
12:21:20.0137 4012 ALCXWDM (5ff6f7e58c798f1474c0bbffc23cb78d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
12:21:20.0257 4012 ALCXWDM - ok
12:21:20.0307 4012 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
12:21:20.0437 4012 Alerter - ok
12:21:20.0487 4012 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
12:21:20.0627 4012 ALG - ok
12:21:20.0678 4012 AliIde - ok
12:21:20.0698 4012 amsint - ok
12:21:20.0748 4012 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
12:21:20.0908 4012 AppMgmt - ok
12:21:20.0948 4012 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:21:21.0128 4012 Arp1394 - ok
12:21:21.0148 4012 asc - ok
12:21:21.0158 4012 asc3350p - ok
12:21:21.0178 4012 asc3550 - ok
12:21:21.0258 4012 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:21:21.0268 4012 aspnet_state - ok
12:21:21.0318 4012 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:21:21.0489 4012 AsyncMac - ok
12:21:21.0549 4012 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:21:21.0699 4012 atapi - ok
12:21:21.0749 4012 Atdisk - ok
12:21:21.0799 4012 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:21:21.0949 4012 Atmarpc - ok
12:21:22.0029 4012 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
12:21:22.0180 4012 AudioSrv - ok
12:21:22.0240 4012 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:21:22.0420 4012 audstub - ok
12:21:22.0450 4012 b57w2k (3f09ac7cbef693554092664deef9ad00) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:21:22.0540 4012 b57w2k - ok
12:21:22.0580 4012 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:21:22.0730 4012 Beep - ok
12:21:22.0791 4012 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
12:21:23.0001 4012 BITS - ok
12:21:23.0051 4012 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
12:21:23.0191 4012 Browser - ok
12:21:23.0251 4012 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:21:23.0411 4012 cbidf2k - ok
12:21:23.0441 4012 cd20xrnt - ok
12:21:23.0502 4012 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:21:23.0632 4012 Cdaudio - ok
12:21:23.0682 4012 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:21:23.0822 4012 Cdfs - ok
12:21:23.0852 4012 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:21:24.0022 4012 Cdrom - ok
12:21:24.0072 4012 Changer - ok
12:21:24.0122 4012 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
12:21:24.0303 4012 CiSvc - ok
12:21:24.0373 4012 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
12:21:24.0543 4012 ClipSrv - ok
12:21:24.0723 4012 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:21:24.0773 4012 clr_optimization_v2.0.50727_32 - ok
12:21:24.0964 4012 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:21:24.0984 4012 clr_optimization_v4.0.30319_32 - ok
12:21:25.0024 4012 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:21:25.0204 4012 CmBatt - ok
12:21:25.0214 4012 CmdIde - ok
12:21:25.0244 4012 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:21:25.0434 4012 Compbatt - ok
12:21:25.0444 4012 COMSysApp - ok
12:21:25.0504 4012 CONAN (f9ba9dd6dad716758a51ef40b011e71c) C:\WINDOWS\system32\drivers\o2mmb.sys
12:21:25.0585 4012 CONAN - ok
12:21:25.0625 4012 Cpqarray - ok
12:21:25.0685 4012 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
12:21:25.0835 4012 CryptSvc - ok
12:21:25.0855 4012 dac2w2k - ok
12:21:25.0865 4012 dac960nt - ok
12:21:25.0995 4012 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
12:21:26.0175 4012 DcomLaunch - ok
12:21:26.0225 4012 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
12:21:26.0376 4012 Dhcp - ok
12:21:26.0406 4012 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:21:26.0676 4012 Disk - ok
12:21:26.0696 4012 dmadmin - ok
12:21:26.0836 4012 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
12:21:27.0157 4012 dmboot - ok
12:21:27.0287 4012 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
12:21:27.0567 4012 dmio - ok
12:21:27.0607 4012 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:21:27.0838 4012 dmload - ok
12:21:27.0918 4012 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
12:21:28.0078 4012 dmserver - ok
12:21:28.0118 4012 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:21:28.0268 4012 DMusic - ok
12:21:28.0318 4012 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
12:21:28.0399 4012 Dnscache - ok
12:21:28.0459 4012 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
12:21:28.0599 4012 Dot3svc - ok
12:21:28.0619 4012 dpti2o - ok
12:21:28.0709 4012 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:21:28.0869 4012 drmkaud - ok
12:21:28.0939 4012 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
12:21:29.0060 4012 eamon - ok
12:21:29.0110 4012 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
12:21:29.0270 4012 EapHost - ok
12:21:29.0460 4012 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
12:21:29.0540 4012 ehdrv - ok
12:21:30.0221 4012 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
12:21:30.0341 4012 ekrn - ok
12:21:30.0562 4012 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
12:21:30.0642 4012 epfwtdir - ok
12:21:30.0702 4012 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
12:21:30.0952 4012 ERSvc - ok
12:21:31.0002 4012 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
12:21:31.0032 4012 Eventlog - ok
12:21:31.0133 4012 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
12:21:31.0243 4012 EventSystem - ok
12:21:31.0313 4012 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:21:31.0463 4012 Fastfat - ok
12:21:31.0523 4012 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
12:21:31.0573 4012 FastUserSwitchingCompatibility - ok
12:21:31.0653 4012 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:21:31.0824 4012 Fdc - ok
12:21:31.0874 4012 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
12:21:32.0024 4012 Fips - ok
12:21:32.0074 4012 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:21:32.0234 4012 Flpydisk - ok
12:21:32.0474 4012 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:21:32.0645 4012 FltMgr - ok
12:21:33.0105 4012 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:21:33.0125 4012 FontCache3.0.0.0 - ok
12:21:33.0526 4012 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:21:33.0716 4012 Fs_Rec - ok
12:21:33.0897 4012 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:21:34.0117 4012 Ftdisk - ok
12:21:34.0207 4012 FUJ02E1 (c4942669fde5abd7bbe70027c9de1247) C:\WINDOWS\system32\Drivers\FUJ02E1.sys
12:21:34.0297 4012 FUJ02E1 - ok
12:21:34.0447 4012 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:21:34.0668 4012 Gpc - ok
12:21:34.0718 4012 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:21:34.0898 4012 helpsvc - ok
12:21:34.0928 4012 HidServ - ok
12:21:34.0998 4012 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
12:21:35.0138 4012 hkmsvc - ok
12:21:35.0168 4012 hpn - ok
12:21:35.0218 4012 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:21:35.0289 4012 HTTP - ok
12:21:35.0329 4012 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
12:21:35.0469 4012 HTTPFilter - ok
12:21:35.0489 4012 i2omgmt - ok
12:21:35.0509 4012 i2omp - ok
12:21:35.0559 4012 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:21:35.0729 4012 i8042prt - ok
12:21:35.0769 4012 ialm (b076eb745ec3c669d4ae953225366f1d) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:21:36.0330 4012 ialm - ok
12:21:36.0460 4012 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:21:36.0580 4012 idsvc - ok
12:21:36.0630 4012 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:21:36.0811 4012 Imapi - ok
12:21:36.0891 4012 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
12:21:37.0021 4012 ImapiService - ok
12:21:37.0041 4012 ini910u - ok
12:21:37.0081 4012 IntelIde (57d928e548b38502abba7a77a6eb7312) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:21:37.0241 4012 IntelIde - ok
12:21:37.0271 4012 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:21:37.0452 4012 intelppm - ok
12:21:37.0492 4012 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:21:37.0672 4012 Ip6Fw - ok
12:21:37.0702 4012 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:21:37.0902 4012 IpFilterDriver - ok
12:21:37.0922 4012 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:21:38.0083 4012 IpInIp - ok
12:21:38.0123 4012 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:21:38.0303 4012 IpNat - ok
12:21:38.0333 4012 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:21:38.0493 4012 IPSec - ok
12:21:38.0523 4012 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
12:21:38.0683 4012 irda - ok
12:21:38.0703 4012 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:21:38.0874 4012 IRENUM - ok
12:21:38.0924 4012 Irmon (8024ea8c5b2d2a4d201f418b0aadb804) C:\WINDOWS\System32\irmon.dll
12:21:39.0054 4012 Irmon - ok
12:21:39.0094 4012 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:21:39.0264 4012 isapnp - ok
12:21:39.0304 4012 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:21:39.0475 4012 Kbdclass - ok
12:21:39.0515 4012 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:21:39.0695 4012 kmixer - ok
12:21:39.0735 4012 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:21:39.0805 4012 KSecDD - ok
12:21:39.0845 4012 lanmanserver (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
12:21:39.0895 4012 lanmanserver - ok
12:21:39.0935 4012 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
12:21:39.0975 4012 lanmanworkstation - ok
12:21:39.0985 4012 lbrtfdc - ok
12:21:40.0065 4012 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
12:21:40.0196 4012 LmHosts - ok
12:21:40.0246 4012 MbxStby (27ff21e081ad85d8b29811f66dd002e5) C:\WINDOWS\system32\drivers\MbxStby.sys
12:21:40.0296 4012 MbxStby - ok
12:21:40.0386 4012 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
12:21:40.0406 4012 MDM - ok
12:21:40.0456 4012 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
12:21:40.0596 4012 Messenger - ok
12:21:40.0636 4012 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:21:40.0766 4012 mnmdd - ok
12:21:40.0796 4012 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
12:21:40.0947 4012 mnmsrvc - ok
12:21:40.0997 4012 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
12:21:41.0137 4012 Modem - ok
12:21:41.0177 4012 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:21:41.0347 4012 Mouclass - ok
12:21:41.0387 4012 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:21:41.0527 4012 MountMgr - ok
12:21:41.0548 4012 mraid35x - ok
12:21:41.0578 4012 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:21:41.0788 4012 MRxDAV - ok
12:21:41.0828 4012 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:21:41.0898 4012 MRxSmb - ok
12:21:41.0938 4012 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
12:21:42.0078 4012 MSDTC - ok
12:21:42.0118 4012 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:21:42.0259 4012 Msfs - ok
12:21:42.0269 4012 MSIServer - ok
12:21:42.0299 4012 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:21:42.0469 4012 MSKSSRV - ok
12:21:42.0489 4012 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:21:42.0639 4012 MSPCLOCK - ok
12:21:42.0659 4012 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:21:42.0819 4012 MSPQM - ok
12:21:42.0859 4012 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:21:43.0040 4012 mssmbios - ok
12:21:43.0080 4012 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:21:43.0120 4012 Mup - ok
12:21:43.0170 4012 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
12:21:43.0320 4012 napagent - ok
12:21:43.0360 4012 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:21:43.0510 4012 NDIS - ok
12:21:43.0550 4012 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:21:43.0590 4012 NdisTapi - ok
12:21:43.0620 4012 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:21:43.0791 4012 Ndisuio - ok
12:21:43.0801 4012 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:21:43.0971 4012 NdisWan - ok
12:21:44.0021 4012 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:21:44.0081 4012 NDProxy - ok
12:21:44.0111 4012 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:21:44.0281 4012 NetBIOS - ok
12:21:44.0322 4012 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:21:44.0482 4012 NetBT - ok
12:21:44.0532 4012 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
12:21:44.0672 4012 NetDDE - ok
12:21:44.0682 4012 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
12:21:44.0812 4012 NetDDEdsdm - ok
12:21:44.0852 4012 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:21:44.0982 4012 Netlogon - ok
12:21:45.0033 4012 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
12:21:45.0183 4012 Netman - ok
12:21:45.0283 4012 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:21:45.0293 4012 NetTcpPortSharing - ok
12:21:45.0353 4012 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:21:45.0523 4012 NIC1394 - ok
12:21:45.0583 4012 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
12:21:45.0613 4012 Nla - ok
12:21:45.0653 4012 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:21:45.0784 4012 Npfs - ok
12:21:45.0844 4012 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:21:46.0034 4012 Ntfs - ok
12:21:46.0074 4012 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:21:46.0194 4012 NtLmSsp - ok
12:21:46.0244 4012 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
12:21:46.0425 4012 NtmsSvc - ok
12:21:46.0465 4012 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:21:46.0615 4012 Null - ok
12:21:46.0675 4012 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:21:46.0845 4012 NwlnkFlt - ok
12:21:46.0855 4012 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:21:47.0045 4012 NwlnkFwd - ok
12:21:47.0095 4012 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:21:47.0286 4012 ohci1394 - ok
12:21:47.0326 4012 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
12:21:47.0476 4012 Parport - ok
12:21:47.0496 4012 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:21:47.0646 4012 PartMgr - ok
12:21:47.0676 4012 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
12:21:47.0827 4012 ParVdm - ok
12:21:47.0847 4012 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
12:21:48.0007 4012 PCI - ok
12:21:48.0027 4012 PCIDump - ok
12:21:48.0047 4012 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:21:48.0237 4012 PCIIde - ok
12:21:48.0277 4012 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:21:48.0477 4012 Pcmcia - ok
12:21:48.0487 4012 PDCOMP - ok
12:21:48.0508 4012 PDFRAME - ok
12:21:48.0528 4012 PDRELI - ok
12:21:48.0548 4012 PDRFRAME - ok
12:21:48.0558 4012 perc2 - ok
12:21:48.0578 4012 perc2hib - ok
12:21:48.0638 4012 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
12:21:48.0668 4012 PlugPlay - ok
12:21:48.0708 4012 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:21:48.0828 4012 PolicyAgent - ok
12:21:48.0868 4012 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:21:49.0038 4012 PptpMiniport - ok
12:21:49.0058 4012 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:21:49.0178 4012 ProtectedStorage - ok
12:21:49.0199 4012 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:21:49.0399 4012 PSched - ok
12:21:49.0439 4012 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:21:49.0609 4012 Ptilink - ok
12:21:49.0629 4012 ql1080 - ok
12:21:49.0639 4012 Ql10wnt - ok
12:21:49.0659 4012 ql12160 - ok
12:21:49.0679 4012 ql1240 - ok
12:21:49.0699 4012 ql1280 - ok
12:21:49.0719 4012 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:21:49.0900 4012 RasAcd - ok
12:21:49.0950 4012 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
12:21:50.0070 4012 RasAuto - ok
12:21:50.0130 4012 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
12:21:50.0240 4012 Rasirda - ok
12:21:50.0270 4012 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:21:50.0450 4012 Rasl2tp - ok
12:21:50.0480 4012 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
12:21:50.0611 4012 RasMan - ok
12:21:50.0661 4012 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:21:50.0811 4012 RasPppoe - ok
12:21:50.0831 4012 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:21:51.0011 4012 Raspti - ok
12:21:51.0081 4012 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:21:51.0322 4012 Rdbss - ok
12:21:51.0352 4012 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:21:51.0532 4012 RDPCDD - ok
12:21:51.0582 4012 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:21:51.0752 4012 rdpdr - ok
12:21:51.0812 4012 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:21:51.0872 4012 RDPWD - ok
12:21:51.0912 4012 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
12:21:52.0053 4012 RDSessMgr - ok
12:21:52.0093 4012 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:21:52.0263 4012 redbook - ok
12:21:52.0303 4012 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
12:21:52.0443 4012 RemoteAccess - ok
12:21:52.0483 4012 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
12:21:52.0603 4012 RemoteRegistry - ok
12:21:52.0653 4012 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
12:21:52.0784 4012 RpcLocator - ok
12:21:52.0844 4012 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
12:21:52.0864 4012 RpcSs - ok
12:21:52.0914 4012 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
12:21:53.0054 4012 RSVP - ok
12:21:53.0084 4012 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:21:53.0214 4012 SamSs - ok
12:21:53.0264 4012 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
12:21:53.0405 4012 SCardSvr - ok
12:21:53.0455 4012 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
12:21:53.0595 4012 Schedule - ok
12:21:53.0635 4012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:21:53.0795 4012 Secdrv - ok
12:21:53.0835 4012 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
12:21:53.0975 4012 seclogon - ok
12:21:54.0015 4012 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
12:21:54.0166 4012 SENS - ok
12:21:54.0196 4012 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:21:54.0346 4012 serenum - ok
12:21:54.0366 4012 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
12:21:54.0566 4012 Serial - ok
12:21:54.0616 4012 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:21:54.0757 4012 Sfloppy - ok
12:21:54.0807 4012 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
12:21:54.0987 4012 SharedAccess - ok
12:21:55.0057 4012 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
12:21:55.0077 4012 ShellHWDetection - ok
12:21:55.0097 4012 Simbad - ok
12:21:55.0137 4012 SMCIRDA (12224ac3a6fd3577036f038a0c03f2f5) C:\WINDOWS\system32\DRIVERS\smcirda.sys
12:21:55.0217 4012 SMCIRDA - ok
12:21:55.0237 4012 Sparrow - ok
12:21:55.0277 4012 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:21:55.0448 4012 splitter - ok
12:21:55.0498 4012 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:21:55.0548 4012 Spooler - ok
12:21:55.0588 4012 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
12:21:55.0748 4012 sr - ok
12:21:55.0798 4012 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
12:21:55.0948 4012 srservice - ok
12:21:56.0008 4012 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:21:56.0088 4012 Srv - ok
12:21:56.0138 4012 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
12:21:56.0279 4012 SSDPSRV - ok
12:21:56.0319 4012 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
12:21:56.0499 4012 stisvc - ok
12:21:56.0529 4012 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:21:56.0699 4012 swenum - ok
12:21:56.0739 4012 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:21:56.0940 4012 swmidi - ok
12:21:56.0960 4012 SwPrv - ok
12:21:56.0990 4012 symc810 - ok
12:21:57.0010 4012 symc8xx - ok
12:21:57.0020 4012 sym_hi - ok
12:21:57.0040 4012 sym_u3 - ok
12:21:57.0080 4012 SynTP (f05fc946694a4a0682c8cf035ae687a0) C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:21:57.0160 4012 SynTP - ok
12:21:57.0210 4012 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:21:57.0350 4012 sysaudio - ok
12:21:57.0460 4012 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
12:21:57.0601 4012 SysmonLog - ok
12:21:57.0631 4012 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
12:21:57.0781 4012 TapiSrv - ok
12:21:57.0831 4012 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:21:57.0901 4012 Tcpip - ok
12:21:57.0951 4012 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:21:58.0091 4012 TDPIPE - ok
12:21:58.0111 4012 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:21:58.0232 4012 TDTCP - ok
12:21:58.0262 4012 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:21:58.0472 4012 TermDD - ok
12:21:58.0552 4012 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
12:21:58.0702 4012 TermService - ok
12:21:58.0742 4012 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
12:21:58.0752 4012 Themes - ok
12:21:58.0802 4012 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\system32\tlntsvr.exe
12:21:58.0943 4012 TlntSvr - ok
12:21:58.0973 4012 TosIde - ok
12:21:59.0013 4012 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
12:21:59.0143 4012 TrkWks - ok
12:21:59.0213 4012 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:21:59.0353 4012 Udfs - ok
12:21:59.0383 4012 ultra - ok
12:21:59.0443 4012 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:21:59.0674 4012 Update - ok
12:21:59.0714 4012 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
12:21:59.0854 4012 upnphost - ok
12:21:59.0884 4012 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
12:22:00.0024 4012 UPS - ok
12:22:00.0084 4012 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:22:00.0244 4012 usbehci - ok
12:22:00.0294 4012 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:22:00.0465 4012 usbhub - ok
12:22:00.0505 4012 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:22:00.0675 4012 USBSTOR - ok
12:22:00.0715 4012 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:22:00.0865 4012 usbuhci - ok
12:22:00.0905 4012 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:22:01.0046 4012 VgaSave - ok
12:22:01.0066 4012 ViaIde - ok
12:22:01.0086 4012 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
12:22:01.0226 4012 VolSnap - ok
12:22:01.0266 4012 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
12:22:01.0406 4012 VSS - ok
12:22:01.0907 4012 w29n51 (9ee38ffcb4cbe5bee6c305700ddc4725) C:\WINDOWS\system32\DRIVERS\w29n51.sys
12:22:02.0397 4012 w29n51 - ok
12:22:02.0438 4012 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
12:22:02.0578 4012 W32Time - ok
12:22:02.0638 4012 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:22:02.0788 4012 Wanarp - ok
12:22:02.0808 4012 WDICA - ok
12:22:02.0838 4012 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:22:03.0008 4012 wdmaud - ok
12:22:03.0048 4012 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
12:22:03.0189 4012 WebClient - ok
12:22:03.0269 4012 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:22:03.0419 4012 winmgmt - ok
12:22:03.0549 4012 WinRM (4d34cedd74bdbf2b6a935eae3bf80543) C:\WINDOWS\system32\WsmSvc.dll
12:22:03.0709 4012 WinRM - ok
12:22:03.0749 4012 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:22:03.0950 4012 WmdmPmSN - ok
12:22:04.0010 4012 Wmi (0171cff34bba8c5977f18c48d8aef8c6) C:\WINDOWS\System32\advapi32.dll
12:22:04.0080 4012 Wmi - ok
12:22:04.0160 4012 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:22:04.0300 4012 WmiApSrv - ok
12:22:04.0440 4012 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:22:04.0651 4012 WMPNetworkSvc - ok
12:22:04.0711 4012 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:22:04.0731 4012 WpdUsb - ok
12:22:05.0081 4012 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:22:05.0141 4012 WPFFontCache_v0400 - ok
12:22:05.0292 4012 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
12:22:05.0532 4012 wscsvc - ok
12:22:05.0672 4012 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
12:22:05.0812 4012 wuauserv - ok
12:22:05.0872 4012 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:22:05.0933 4012 WudfPf - ok
12:22:06.0003 4012 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:22:06.0033 4012 WudfRd - ok
12:22:06.0103 4012 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:22:06.0143 4012 WudfSvc - ok
12:22:06.0233 4012 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
12:22:06.0403 4012 WZCSVC - ok
12:22:06.0473 4012 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
12:22:06.0614 4012 xmlprov - ok
12:22:06.0724 4012 {6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys
12:22:06.0774 4012 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
12:22:06.0824 4012 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys
12:22:06.0884 4012 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
12:22:06.0914 4012 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} (36e942c48ff453926dfc3956f5804e69) C:\WINDOWS\system32\drivers\wA301a.sys
12:22:06.0954 4012 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} - ok
12:22:06.0974 4012 {E6759E0C-470B-44DC-A4A1-627E68BB3A85} (255a0b9c167f3390dc940bb407a1d5d0) C:\WINDOWS\system32\drivers\A302.sys
12:22:07.0034 4012 {E6759E0C-470B-44DC-A4A1-627E68BB3A85} - ok
12:22:07.0064 4012 MBR (0x1B8) (cbe4828244370d6c01e9e5c600bd08b1) \Device\Harddisk0\DR0
12:22:07.0084 4012 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
12:22:07.0084 4012 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
12:22:07.0264 4012 Boot (0x1200) (cc2586a05a8ee3fb9d37880fc7cda68c) \Device\Harddisk0\DR0\Partition0
12:22:07.0264 4012 \Device\Harddisk0\DR0\Partition0 - ok
12:22:07.0295 4012 Boot (0x1200) (541cd7d89dbd6f946d4f3ad9fded0176) \Device\Harddisk0\DR0\Partition1
12:22:07.0335 4012 \Device\Harddisk0\DR0\Partition1 - ok
12:22:07.0345 4012 ============================================================
12:22:07.0345 4012 Scan finished
12:22:07.0345 4012 ============================================================
12:22:07.0465 3020 Detected object count: 1
12:22:07.0465 3020 Actual detected object count: 1
12:22:46.0541 3020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user
12:22:46.0541 3020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Skip

Teď se tak na 30 minut odmlčím...

[Lintner.T]

Vypadá to dobře. Mockrát děkuji za pomoc, jsem velkym dlužníkem!