Prosím o kontrolu a pomoc při odstranění havěti

Zpráva

Max_cz · #1 Příspěvek od **Max_cz** » 20 srp 2012 13:54

Zdravím,

dostal se mi do ruky ntb od tchýně, Microsoft security essentials našel vir PWS:Win32/Sinowal.gen!Y nejde ho vymazat, neustále si vytváří nové a nové adresáře.

Zde přikládám log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Zárubová at 2012-08-20 14:51:43
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 114 GB (75%) free of 153 GB
Total RAM: 1789 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:51:49, on 20.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Documents and Settings\Zárubová\Local Settings\Data aplikací\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Zárubová\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Documents and Settings\Zárubová\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zárubová\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zárubová\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zárubová\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Zárubová.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Zárubová\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlý začátek s aplikací HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WirelessSelector.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8050 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3108614290-2758116532-1028969002-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3108614290-2758116532-1028969002-1005UA.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Zárubová\Data aplikací\Mozilla\Firefox\Profiles\0js5c2on.default

prefs.js - "browser.startup.homepage" - "seznam.cz"
prefs.js - "extensions.enabledItems" - "fe_3.6@nokia.com:1.7.56.205, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.338]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.338]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.338]
"Description"=6.0.12.338
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppl3260.dll
nprpjplug.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Zárubová\Data aplikací\Mozilla\Firefox\Profiles\0js5c2on.default\extensions\
synchronize@nokia.suite

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-08-10 16384000]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SiSPower"=SiSPower.dll,ModeAgent []
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-05-10 864256]
"TouchPadHotKey"=C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe [2007-08-13 364544]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"TkBellExe"=C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe -osboot []
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-07-10 188416]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2009-01-16 1473536]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"BtTray"=C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2008-07-09 229888]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 931200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Zárubová\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-07-24 136176]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
""= []
"NokiaSuite.exe"=C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [2012-05-16 1084840]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Rychlý začátek s aplikací HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe

C:\Documents and Settings\Zárubová\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.LEAD"=LCODCCMP.DLL

======List of files/folders created in the last 1 month======

2012-08-20 14:51:43 ----D---- C:\rsit
2012-08-20 14:51:43 ----D---- C:\Program Files\trend micro
2012-08-20 14:33:48 ----A---- C:\WINDOWS\system32\drivers\oosllbpr.sys
2012-08-18 05:25:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$
2012-08-18 05:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2731847$
2012-08-18 05:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2705219$
2012-08-18 05:15:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2723135$

======List of files/folders modified in the last 1 month======

2012-08-20 14:51:48 ----D---- C:\WINDOWS\Prefetch
2012-08-20 14:51:43 ----RD---- C:\Program Files
2012-08-20 14:41:07 ----D---- C:\WINDOWS\Temp
2012-08-20 14:40:20 ----SD---- C:\WINDOWS\Tasks
2012-08-20 14:33:48 ----D---- C:\WINDOWS\system32\drivers
2012-08-20 14:33:10 ----A---- C:\WINDOWS\system32\LOCALSERVICE.INI
2012-08-20 14:32:55 ----D---- C:\WINDOWS
2012-08-20 14:32:44 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-20 14:32:35 ----A---- C:\WINDOWS\system32\bscs.ini
2012-08-20 00:12:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-18 09:18:57 ----D---- C:\WINDOWS\system32
2012-08-18 05:25:04 ----HD---- C:\WINDOWS\inf
2012-08-18 05:25:02 ----RSHD---- C:\WINDOWS\system32\dllcache
2012-08-18 05:24:56 ----SHD---- C:\WINDOWS\Installer
2012-08-18 05:24:51 ----HD---- C:\Config.Msi
2012-08-18 05:24:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-08-18 05:24:23 ----A---- C:\WINDOWS\imsins.BAK
2012-08-18 05:24:17 ----HD---- C:\WINDOWS\$hf_mig$
2012-08-18 05:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2012-08-18 05:14:25 ----D---- C:\Program Files\Internet Explorer
2012-08-12 17:37:22 ----A---- C:\WINDOWS\wincmd.ini
2012-08-10 16:44:03 ----D---- C:\Program Files\Mozilla Firefox
2012-08-04 22:45:19 ----D---- C:\AtorzA
2012-07-30 00:02:19 ----A---- C:\WINDOWS\system32\REMOTEDEVICE.INI
2012-07-29 23:53:27 ----A---- C:\WINDOWS\system32\LOCALDEVICE.INI
2012-07-28 00:35:55 ----D---- C:\fotky

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BtHidBus;Bluetooth HID Bus Service; C:\WINDOWS\System32\Drivers\BtHidBus.sys [2008-01-21 21512]
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2012-03-20 171064]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-08-19 46080]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2007-08-03 18688]
R2 zntport;NTPort Library Driver; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-06-21 547072]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2008-01-21 14600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-08-10 4603904]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-01-21 26248]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2007-08-03 321536]
R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2007-05-16 42368]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-05-10 208576]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2008-01-21 14856]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2008-01-21 29960]
R3 xcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\drivers\xcpip.sys []
R3 xpsec;Ovladač IPSEC; C:\WINDOWS\system32\drivers\xpsec.sys []
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 oosllbpr;oosllbpr; \??\C:\WINDOWS\system32\drivers\oosllbpr.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2008-03-06 38920]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 djhf.sys;djhf.sys; \??\C:\WINDOWS\system32\drivers\djhf.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-04-22 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2007-02-12 277784]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-07-09 775168]
R2 BsMobileCS;BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-06-04 143467]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 11552]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2008-06-04 69735]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-04-22 720936]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Díky za kontrolu a pomoc

#2 Příspěvek od **vyosek** » 20 srp 2012 14:00

Zdravim a pekny den preji

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Max_cz · #3 Příspěvek od **Max_cz** » 20 srp 2012 14:14

Rogue Killer log

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v: Normální režim
Uživatel: Zárubová [Práva správce]
Mód: Kontrola -- Datum: 08/20/2012 15:13:35

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[Faked.Drv][FAKED] atapi.sys : c:\windows\system32\drivers\atapi.sys --> CANNOT FIX

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : Root.MBR ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543216L9A300 +++++
--- User ---
[MBR] 466f0a9e3a5fecd8a25de2a39ee4cd88
[BSP] dcc679d2b750cc5052826061c97f540b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 176723d48ce2ad654ea5e32a250d1d24
[BSP] 162473f044473ca123d191e3f9bc031d : Whistler/Sinowal MBR Code!
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

Max_cz · #4 Příspěvek od **Max_cz** » 20 srp 2012 14:16

MbrScan log

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 6 Model 15 Stepping 13, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/08/20 (ISO 8601) at 15:15:59
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __Hitachi HTS543216L9A300 (FB2OC40C)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	149.1 Go  [Fixed] ==> Unknown MBR Code

MBR_MD5   : 176723D48CE2AD654EA5E32A250D1D24
MBR_SHA1  : 1D0DD264C2CB329CABBBBDCC96AB6B1E7D21537D

Device\Harddisk0\Partition1	149.0 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xA6F76000
SIZE    : 96.0 Ko

DRIVER  : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xBA628000
SIZE    : 8.0 Ko

DRIVER  : C:\WINDOWS\system32\drivers\xpsec.sys => Invisible on the disk
ADDRESS : 0xA6BF3000
SIZE    : 76.0 Ko

DRIVER  : C:\WINDOWS\system32\drivers\xcpip.sys => Invisible on the disk
ADDRESS : 0xA6AAA000
SIZE    : 356.0 Ko

SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT

________________________________________________________________________________

_____FAKED   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D8 8E C0 8E D0 BC 00 7C BE 1A 7C BF 00   3À.Ø.À.Ð¼.|¾.|¿.
0x00000010   06 B9 E6 01 50 57 FC F3 A4 CB BE A4 07 B1 04 90   .¹æ.PWüó¤Ë¾¤.±..
0x00000020   80 3C 80 74 0D 38 2C 0F 85 C0 00 83 C6 10 E2 F0   .<.t.8,..À..Æ.âð
0x00000030   CD 18 66 8B 44 08 8B 14 89 E3 B9 01 00 E8 64 00   Í.f.D....ã¹..èd.
0x00000040   73 0C 8B 4C 02 B8 01 02 CD 13 0F 82 B8 00 B9 55   s..L.¸..Í...¸.¹U
0x00000050   AA 2B 0E FE 7D 0F 85 CF 00 66 B8 00 00 00 00 66   ª+.þ}..Ï.f¸....f
0x00000060   39 44 08 72 08 66 8B 44 08 66 03 44 0C 83 C6 10   9D.r.f.D.f.D..Æ.
0x00000070   81 FE E4 07 72 E9 66 09 C0 74 1E B9 09 00 81 C3   .þä.réf.Àt.¹...Ã
0x00000080   00 02 E8 1F 00 72 12 89 DE 81 C6 0C 02 8D 54 F4   ..è..r..Þ.Æ...Tô
0x00000090   66 81 3C 75 2F F3 A4 74 05 EA 00 7C 00 00 89 DE   f.<u/ó¤t.ê.|...Þ
0x000000A0   FF D2 EB F5 66 60 B2 80 BB AA 55 B4 41 CD 13 73   .Òëõf`².»ªU´AÍ.s
0x000000B0   04 F9 66 61 C3 81 FB 55 AA 75 F6 F6 C1 01 74 F1   .ùfaÃ.ûUªuööÁ.tñ
0x000000C0   66 61 66 60 6A 00 6A 00 66 50 06 53 51 6A 10 B4   faf`j.j.fP.SQj.´
0x000000D0   42 89 E6 CD 13 61 66 61 C3 5E AC 08 C0 74 FC 56   B.æÍ.afaÃ^¬.ÀtüV
0x000000E0   1E BB 07 00 B4 0E CD 10 1F EB EE E8 EB FF 49 6E   .»..´.Í..ëîèë.In
0x000000F0   76 61 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20   valid partition 
0x00000100   74 61 62 6C 65 00 E8 D0 FF 45 72 72 6F 72 20 6C   table.èÐ.Error l
0x00000110   6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E 67   oading operating
0x00000120   20 73 79 73 74 65 6D 00 E8 AE FF 4D 69 73 73 69    system.è®.Missi
0x00000130   6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73   ng operating sys
0x00000140   74 65 6D 00 00 00 00 00 00 00 00 00 00 00 00 00   tem.............
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 5D 3C 4C C9 00 00 80 01   .....,Dc]<LÉ....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 C1 4B A1 12 00 00   ...þ..?...ÁK¡...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__ORIGINAL   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖaùÃInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 5D 3C 4C C9 00 00 80 01   .....,Dc]<LÉ....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 C1 4B A1 12 00 00   ...þ..?...ÁK¡...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

Max_cz · #5 Příspěvek od **Max_cz** » 20 srp 2012 14:18

TDSSKiller log

15:18:22.0203 0944 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
15:18:22.0546 0944 ============================================================
15:18:22.0546 0944 Current date / time: 2012/08/20 15:18:22.0546
15:18:22.0546 0944 SystemInfo:
15:18:22.0546 0944
15:18:22.0546 0944 OS Version: 5.1.2600 ServicePack: 3.0
15:18:22.0546 0944 Product type: Workstation
15:18:22.0546 0944 ComputerName: ZARUBOVA_NT
15:18:22.0546 0944 UserName: Zárubová
15:18:22.0546 0944 Windows directory: C:\WINDOWS
15:18:22.0546 0944 System windows directory: C:\WINDOWS
15:18:22.0546 0944 Processor architecture: Intel x86
15:18:22.0546 0944 Number of processors: 2
15:18:22.0546 0944 Page size: 0x1000
15:18:22.0546 0944 Boot type: Normal boot
15:18:22.0546 0944 ============================================================
15:18:25.0125 0944 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020
15:18:25.0125 0944 ============================================================
15:18:25.0125 0944 \Device\Harddisk0\DR0:
15:18:25.0125 0944 MBR partitions:
15:18:25.0125 0944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
15:18:25.0125 0944 ============================================================
15:18:25.0125 0944 C: <-> \Device\Harddisk0\DR0\Partition1
15:18:25.0125 0944 ============================================================
15:18:26.0609 0944 Initialize success
15:18:26.0609 0944 ============================================================
15:18:40.0359 1616 ============================================================
15:18:40.0359 1616 Scan started
15:18:40.0359 1616 Mode: Manual; SigCheck; TDLFS;
15:18:40.0359 1616 ============================================================
15:18:41.0093 1616 ================ Scan services =============================
15:18:41.0296 1616 Abiosdsk - ok
15:18:41.0312 1616 [ 6abb91494fe6c59089b9336452ab2ea3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:18:41.0531 1616 abp480n5 - ok
15:18:41.0593 1616 [ 4fe34f1f3126b61fcc6b2043aa8112c9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:18:41.0734 1616 ACPI - ok
15:18:41.0750 1616 [ afdff022a01f0b11c776f0860c3b282f ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:18:41.0953 1616 ACPIEC - ok
15:18:41.0968 1616 [ 9a11864873da202c996558b2106b0bbc ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:18:42.0109 1616 adpu160m - ok
15:18:42.0125 1616 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:18:42.0250 1616 aec - ok
15:18:42.0312 1616 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:18:42.0390 1616 AFD - ok
15:18:42.0421 1616 [ 03a7e0922acfe1b07d5db2eeb0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:18:42.0562 1616 agpCPQ - ok
15:18:42.0609 1616 [ c23ea9b5f46c7f7910db3eab648ff013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:18:42.0687 1616 Aha154x - ok
15:18:42.0703 1616 [ 19dd0fb48b0c18892f70e2e7d61a1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:18:42.0843 1616 aic78u2 - ok
15:18:42.0859 1616 [ b7fe594a7468aa0132deb03fb8e34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:18:42.0984 1616 aic78xx - ok
15:18:43.0062 1616 [ e0a6fa244b8624d78fe5ff6f56a33bae ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:18:43.0187 1616 Alerter - ok
15:18:43.0218 1616 [ 88842de939a827577bf24243699ac80a ] ALG C:\WINDOWS\System32\alg.exe
15:18:43.0343 1616 ALG - ok
15:18:43.0375 1616 [ 1140ab9938809700b46bb88e46d72a96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
15:18:43.0531 1616 AliIde - ok
15:18:43.0687 1616 [ cb08aed0de2dd889a8a820cd8082d83c ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:18:43.0875 1616 alim1541 - ok
15:18:43.0968 1616 [ 95b4fb835e28aa1336ceeb07fd5b9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:18:44.0156 1616 amdagp - ok
15:18:44.0171 1616 [ 3980814f8027d27ea003e2e3d9d4f604 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
15:18:44.0375 1616 AmdK7 - ok
15:18:44.0406 1616 [ 79f5add8d24bd6893f2903a3e2f3fad6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
15:18:44.0484 1616 amsint - ok
15:18:44.0515 1616 [ 6b8e7a90e576d4fe308f97c69060a171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:18:44.0656 1616 AppMgmt - ok
15:18:44.0718 1616 [ 9108f38c07f4953ea4ee89243e787cad ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
15:18:44.0765 1616 AR5211 - ok
15:18:44.0812 1616 [ 62d318e9a0c8fc9b780008e724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
15:18:44.0921 1616 asc - ok
15:18:44.0937 1616 [ 69eb0cc7714b32896ccbfd5edcbea447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:18:45.0015 1616 asc3350p - ok
15:18:45.0015 1616 [ 5d8de112aa0254b907861e9e9c31d597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:18:45.0156 1616 asc3550 - ok
15:18:45.0234 1616 [ e1a1206a4fb19b675e947b29ccd25fba ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
15:18:45.0250 1616 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
15:18:45.0250 1616 aspnet_state - detected UnsignedFile.Multi.Generic (1)
15:18:45.0296 1616 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:18:45.0453 1616 AsyncMac - ok
15:18:45.0484 1616 [ 850c544201c26ca8371c7678ebb0d871 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:18:45.0484 1616 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\atapi.sys. Real md5: 850c544201c26ca8371c7678ebb0d871, Fake md5: 43769e974a1c5105171652f38e6cb8e2
15:18:45.0484 1616 atapi ( ForgedFile.Multi.Generic ) - warning
15:18:45.0484 1616 atapi - detected ForgedFile.Multi.Generic (1)
15:18:45.0484 1616 Atdisk - ok
15:18:45.0515 1616 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:18:45.0812 1616 Atmarpc - ok
15:18:45.0859 1616 [ de31b88962a8645dba5a37b993e7b0f1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:18:45.0984 1616 AudioSrv - ok
15:18:46.0031 1616 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:18:46.0171 1616 audstub - ok
15:18:46.0218 1616 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:18:46.0515 1616 Beep - ok
15:18:46.0593 1616 [ 19395d092fd85ddc2d9c7729cf5a2ac8 ] BITS C:\WINDOWS\system32\qmgr.dll
15:18:47.0000 1616 BITS - ok
15:18:47.0156 1616 [ 3c0d557d62d35d2738f7daac323e35ab ] BlueSoleilCS C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
15:18:47.0218 1616 BlueSoleilCS ( UnsignedFile.Multi.Generic ) - warning
15:18:47.0218 1616 BlueSoleilCS - detected UnsignedFile.Multi.Generic (1)
15:18:47.0265 1616 [ 89e739bba5f636297ea5b5f811189e06 ] Browser C:\WINDOWS\System32\browser.dll
15:18:47.0359 1616 Browser - ok
15:18:47.0468 1616 [ 76762d169ffc6727359fd58c8fc00487 ] BsHelpCS C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
15:18:47.0531 1616 BsHelpCS ( UnsignedFile.Multi.Generic ) - warning
15:18:47.0531 1616 BsHelpCS - detected UnsignedFile.Multi.Generic (1)
15:18:47.0593 1616 [ 9c2600c566ba40953fdf4d886d47fb94 ] BsMobileCS C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
15:18:47.0609 1616 BsMobileCS ( UnsignedFile.Multi.Generic ) - warning
15:18:47.0609 1616 BsMobileCS - detected UnsignedFile.Multi.Generic (1)
15:18:47.0640 1616 [ 32ccf60f6e491a2a931a63e928677403 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
15:18:47.0734 1616 BT - ok
15:18:47.0875 1616 [ 34031372274933839c842473623be5ee ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys
15:18:47.0890 1616 Btcsrusb - ok
15:18:47.0968 1616 [ b279426e3c0c344893ed78a613a73bde ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
15:18:48.0078 1616 BthEnum - ok
15:18:48.0093 1616 [ fcf500c9e89e193e038dcfcdba6aa032 ] BtHidBus C:\WINDOWS\system32\Drivers\BtHidBus.sys
15:18:48.0109 1616 BtHidBus - ok
15:18:48.0125 1616 [ 80602b8746d3738f5886ce3d67ef06b6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
15:18:48.0250 1616 BthPan - ok
15:18:48.0312 1616 [ f338662a6c1fc11dd9508f6dff2c06a2 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
15:18:48.0343 1616 BTHPORT - ok
15:18:48.0375 1616 [ 70ca4b3f634c9dca200832f8da76e009 ] BthServ C:\WINDOWS\System32\bthserv.dll
15:18:48.0515 1616 BthServ - ok
15:18:48.0515 1616 [ 61364cd71ef63b0f038b7e9df00f1efa ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
15:18:48.0640 1616 BTHUSB - ok
15:18:48.0656 1616 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:18:48.0828 1616 cbidf - ok
15:18:48.0828 1616 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:18:48.0968 1616 cbidf2k - ok
15:18:48.0968 1616 [ f3ec03299634490e97bbce94cd2954c7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:18:49.0062 1616 cd20xrnt - ok
15:18:49.0125 1616 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:18:49.0250 1616 Cdaudio - ok
15:18:49.0296 1616 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:18:49.0437 1616 Cdfs - ok
15:18:49.0468 1616 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:18:49.0593 1616 Cdrom - ok
15:18:49.0593 1616 Changer - ok
15:18:49.0687 1616 [ e390dc1d7c461d7d56ec53402f329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:18:49.0828 1616 CiSvc - ok
15:18:49.0984 1616 [ 064507a8dfa8c5c7e2ffddd3e6f424fa ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:18:50.0093 1616 ClipSrv - ok
15:18:50.0125 1616 [ 0f6c187d38d98f8df904589a5f94d411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:18:50.0281 1616 CmBatt - ok
15:18:50.0359 1616 [ 964d0f042aca51d5644779eb9d9ee40f ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:18:50.0515 1616 CmdIde - ok
15:18:50.0515 1616 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:18:50.0718 1616 Compbatt - ok
15:18:50.0718 1616 COMSysApp - ok
15:18:50.0734 1616 [ 3ee529119eed34cd212a215e8c40d4b6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:18:50.0859 1616 Cpqarray - ok
15:18:50.0890 1616 [ f3ab0933cbd166d271992f411c27ccaf ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:18:51.0218 1616 CryptSvc - ok
15:18:51.0234 1616 [ e550e7418984b65a78299d248f0a7f36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:18:51.0390 1616 dac2w2k - ok
15:18:51.0406 1616 [ 683789caa3864eb46125ae86ff677d34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:18:51.0531 1616 dac960nt - ok
15:18:51.0578 1616 [ be27674d1cbc3214aec84b4336a38bbf ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:18:51.0609 1616 DcomLaunch - ok
15:18:51.0656 1616 [ 8c9a53e285ac5e6704844d0459ec85be ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:18:51.0828 1616 Dhcp - ok
15:18:51.0875 1616 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:18:52.0046 1616 Disk - ok
15:18:52.0046 1616 djhf.sys - ok
15:18:52.0062 1616 dmadmin - ok
15:18:52.0109 1616 [ db5fd2bf5b07dc54bfcb3664ff05bd7c ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:18:52.0296 1616 dmboot - ok
15:18:52.0359 1616 [ fff1720af51171f32f1ead5cf71f2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:18:52.0531 1616 dmio - ok
15:18:52.0578 1616 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:18:52.0875 1616 dmload - ok
15:18:52.0937 1616 [ 2bfefe9e865655a76982f050450b9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:18:53.0062 1616 dmserver - ok
15:18:53.0093 1616 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:18:53.0203 1616 DMusic - ok
15:18:53.0265 1616 [ dfaa406bf19f4ee806a6f8d4342137f7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:18:53.0296 1616 Dnscache - ok
15:18:53.0343 1616 [ 4a3e2bd20157a0946751229e92eb8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:18:53.0468 1616 Dot3svc - ok
15:18:53.0484 1616 [ 40f3b93b4e5b0126f2f5c0a7a5e22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:18:53.0609 1616 dpti2o - ok
15:18:53.0625 1616 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:18:53.0765 1616 drmkaud - ok
15:18:53.0781 1616 [ 0887d9c2be8d940778cad1e3b85f2a41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:18:53.0890 1616 EapHost - ok
15:18:54.0000 1616 [ a2a4912798f2be706abadd3d30800d16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:18:54.0140 1616 ERSvc - ok
15:18:54.0187 1616 [ 9ef697af07bb8dd82c3b02ca953a95b7 ] Eventlog C:\WINDOWS\system32\services.exe
15:18:54.0218 1616 Eventlog - ok
15:18:54.0265 1616 [ a371f11ef07653591c8de26afb13ce7f ] EventSystem C:\WINDOWS\system32\es.dll
15:18:54.0296 1616 EventSystem - ok
15:18:54.0343 1616 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:18:54.0468 1616 Fastfat - ok
15:18:54.0500 1616 [ ee9a2b9ea968a792a053c9d1a86bf870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:18:54.0546 1616 FastUserSwitchingCompatibility - ok
15:18:54.0578 1616 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
15:18:54.0750 1616 Fdc - ok
15:18:54.0781 1616 [ e9648254056bce81a85380c0c3647dc4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
15:18:54.0968 1616 FETNDIS - ok
15:18:55.0046 1616 [ ac366695a0796560aa37215ad5762aaf ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:18:55.0250 1616 Fips - ok
15:18:55.0281 1616 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
15:18:55.0421 1616 Flpydisk - ok
15:18:55.0453 1616 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:18:55.0578 1616 FltMgr - ok
15:18:55.0593 1616 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:18:55.0734 1616 Fs_Rec - ok
15:18:55.0750 1616 [ 4e664d8541db4a66b73a24257e322e1f ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:18:55.0984 1616 Ftdisk - ok
15:18:56.0000 1616 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:18:56.0093 1616 Gpc - ok
15:18:56.0109 1616 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:18:56.0484 1616 HDAudBus - ok
15:18:56.0578 1616 [ fcfe31fb75f8a6295b6b0af87a626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:18:56.0781 1616 helpsvc - ok
15:18:56.0796 1616 [ 00e25ee90166b3e1be6e74aebf858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:18:57.0000 1616 HidServ - ok
15:18:57.0078 1616 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:18:57.0281 1616 HidUsb - ok
15:18:57.0312 1616 [ 7a6b320928f86bc851530d63c82965d9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:18:57.0515 1616 hkmsvc - ok
15:18:57.0593 1616 [ b028377dea0546a5fcfba928a8aefae0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
15:18:57.0796 1616 hpn - ok
15:18:57.0906 1616 [ 30ca91e657cede2f95359d6ef186f650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:18:57.0968 1616 HPZid412 - ok
15:18:57.0984 1616 [ efd31afa752aa7c7bbb57bcbe2b01c78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:18:58.0015 1616 HPZipr12 - ok
15:18:58.0015 1616 [ 7ac43c38ca8fd7ed0b0a4466f753e06e ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:18:58.0046 1616 HPZius12 - ok
15:18:58.0109 1616 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:18:58.0156 1616 HTTP - ok
15:18:58.0203 1616 [ 58fe2f2da3bc5573f4a35b3760d3125f ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:18:58.0421 1616 HTTPFilter - ok
15:18:58.0453 1616 [ 9368670bd426ebea5e8b18a62416ec28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
15:18:58.0671 1616 i2omgmt - ok
15:18:58.0765 1616 [ f10863bf1ccc290babd1a09188ae49e0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:18:58.0906 1616 i2omp - ok
15:18:58.0937 1616 [ c528e27945367191e7bae364930b6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:18:59.0046 1616 i8042prt - ok
15:18:59.0093 1616 [ fd7f9d74c2b35dbda400804a3f5ed5d8 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
15:18:59.0125 1616 iaStor - ok
15:18:59.0140 1616 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:18:59.0281 1616 Imapi - ok
15:18:59.0390 1616 [ f7b93aafad33b2320954c17e26c8d361 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:18:59.0531 1616 ImapiService - ok
15:18:59.0546 1616 [ 4a40e045faee58631fd8d91afc620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:18:59.0703 1616 ini910u - ok
15:18:59.0921 1616 [ 8f924588c272fdaa28cf31a9bbc21a72 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:19:00.0109 1616 IntcAzAudAddService - ok
15:19:00.0156 1616 [ 57d928e548b38502abba7a77a6eb7312 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:19:00.0281 1616 IntelIde - ok
15:19:00.0359 1616 [ 27b290d632af2cf3cf40bfddb7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:19:00.0484 1616 intelppm - ok
15:19:00.0515 1616 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:19:00.0625 1616 Ip6Fw - ok
15:19:00.0671 1616 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:19:00.0843 1616 IpFilterDriver - ok
15:19:00.0875 1616 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:19:01.0078 1616 IpInIp - ok
15:19:01.0109 1616 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:19:01.0250 1616 IpNat - ok
15:19:01.0265 1616 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:19:01.0406 1616 IPSec - ok
15:19:01.0453 1616 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:19:01.0718 1616 IRENUM - ok
15:19:01.0812 1616 [ cc9f8a2d60aed1a51a3ac34c59b987ae ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:19:01.0937 1616 isapnp - ok
15:19:01.0984 1616 [ d53d7ed7d85a18b0cd4626b88b6da52a ] IvtBtBUs C:\WINDOWS\system32\Drivers\IvtBtBus.sys
15:19:01.0984 1616 IvtBtBUs - ok
15:19:02.0015 1616 [ 1b6162fe7f66b1a71a4b70f941c4aa9b ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:19:02.0171 1616 Kbdclass - ok
15:19:02.0250 1616 [ 86c8f23616c6c6e5b2776901c17b945b ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:19:02.0390 1616 kbdhid - ok
15:19:02.0437 1616 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:19:02.0562 1616 kmixer - ok
15:19:02.0687 1616 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:19:02.0765 1616 KSecDD - ok
15:19:02.0828 1616 [ 3428e8f86f8add36b42fb23542c7b3e4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:19:02.0921 1616 lanmanserver - ok
15:19:03.0000 1616 [ 936c1d110232d23b621cb0196e4f80f0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:19:03.0078 1616 lanmanworkstation - ok
15:19:03.0093 1616 lbrtfdc - ok
15:19:03.0187 1616 [ 0ab159f536e3e8f7f07113702a07cca5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:19:03.0375 1616 LmHosts - ok
15:19:03.0484 1616 [ 4f74184920b2d6e33024409b4c5c57c1 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
15:19:03.0531 1616 McciCMService ( UnsignedFile.Multi.Generic ) - warning
15:19:03.0531 1616 McciCMService - detected UnsignedFile.Multi.Generic (1)
15:19:03.0578 1616 [ 221cd1c815b8a6b79389c3f5d1018de8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:19:03.0703 1616 Messenger - ok
15:19:03.0750 1616 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:19:03.0890 1616 mnmdd - ok
15:19:03.0984 1616 [ 9a57d046f88f4b69751b11fd40088a61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:19:04.0250 1616 mnmsrvc - ok
15:19:04.0296 1616 [ 44032b0c6d9954d3fd26438330b99ee7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:19:04.0484 1616 Modem - ok
15:19:04.0578 1616 [ 4cb582831dbde63ce43b45d771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:19:04.0765 1616 Mouclass - ok
15:19:04.0796 1616 [ bb269eba740737ab749b214d568b6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:19:05.0000 1616 mouhid - ok
15:19:05.0046 1616 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:19:05.0187 1616 MountMgr - ok
15:19:05.0312 1616 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:19:05.0328 1616 MozillaMaintenance - ok
15:19:05.0359 1616 [ d993bea500e7382dc4e760bf4f35efcb ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:19:05.0390 1616 MpFilter - ok
15:19:05.0546 1616 [ a69630d039c38018689190234f866d77 ] MpKsl6d491b62 c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7C46F667-CB02-4072-8F67-F8B24806C576}\MpKsl6d491b62.sys
15:19:05.0562 1616 MpKsl6d491b62 - ok
15:19:05.0593 1616 [ 3f4bb95e5a44f3be34824e8e7caf0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:19:05.0734 1616 mraid35x - ok
15:19:05.0765 1616 [ 9bd4dcb5412921864a7aacdedfbd1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
15:19:05.0796 1616 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
15:19:05.0796 1616 MREMP50 - detected UnsignedFile.Multi.Generic (1)
15:19:05.0812 1616 MREMP50a64 - ok
15:19:05.0828 1616 MREMPR5 - ok
15:19:05.0843 1616 MRENDIS5 - ok
15:19:05.0875 1616 [ 07c02c892e8e1a72d6bf35004f0e9c5e ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
15:19:05.0906 1616 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
15:19:05.0906 1616 MRESP50 - detected UnsignedFile.Multi.Generic (1)
15:19:05.0906 1616 MRESP50a64 - ok
15:19:05.0953 1616 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:19:06.0093 1616 MRxDAV - ok
15:19:06.0156 1616 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:19:06.0203 1616 MRxSmb - ok
15:19:06.0250 1616 [ 6db4d1521caba9a5ffab54ade0ae867d ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:19:06.0390 1616 MSDTC - ok
15:19:06.0406 1616 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:19:06.0515 1616 Msfs - ok
15:19:06.0531 1616 MSIServer - ok
15:19:06.0562 1616 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:19:06.0671 1616 MSKSSRV - ok
15:19:06.0765 1616 [ 24516bf4e12a46cb67302e2cdcb8cddf ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:19:06.0781 1616 MsMpSvc - ok
15:19:06.0812 1616 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:19:06.0937 1616 MSPCLOCK - ok
15:19:06.0953 1616 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:19:07.0093 1616 MSPQM - ok
15:19:07.0109 1616 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:19:07.0250 1616 mssmbios - ok
15:19:07.0296 1616 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:19:07.0359 1616 Mup - ok
15:19:07.0406 1616 [ 6ea362e9db03d44f6b996f4d8be237e9 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:19:07.0531 1616 napagent - ok
15:19:07.0593 1616 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:19:07.0718 1616 NDIS - ok
15:19:07.0781 1616 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:19:07.0812 1616 NdisTapi - ok
15:19:07.0859 1616 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:19:08.0000 1616 Ndisuio - ok
15:19:08.0015 1616 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:19:08.0140 1616 NdisWan - ok
15:19:08.0203 1616 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:19:08.0250 1616 NDProxy - ok
15:19:08.0281 1616 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:19:08.0406 1616 NetBIOS - ok
15:19:08.0453 1616 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:19:08.0578 1616 NetBT - ok
15:19:08.0625 1616 [ 933de774986ec85e48210c44ab431de6 ] NetDDE C:\WINDOWS\system32\netdde.exe
15:19:08.0796 1616 NetDDE - ok
15:19:08.0796 1616 [ 933de774986ec85e48210c44ab431de6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:19:08.0921 1616 NetDDEdsdm - ok
15:19:08.0953 1616 [ ed0a176354487ceed65b80a7148ab739 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:19:09.0078 1616 Netlogon - ok
15:19:09.0125 1616 [ 72e1e9e2977be08bdeedb6d8fd9d4d40 ] Netman C:\WINDOWS\System32\netman.dll
15:19:09.0234 1616 Netman - ok
15:19:09.0265 1616 [ 39ee7c3bfbc64ba87cc8cf67386e814c ] Nla C:\WINDOWS\System32\mswsock.dll
15:19:09.0296 1616 Nla - ok
15:19:09.0312 1616 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:19:09.0421 1616 Npfs - ok
15:19:09.0484 1616 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:19:09.0625 1616 Ntfs - ok
15:19:09.0656 1616 [ ed0a176354487ceed65b80a7148ab739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:19:09.0765 1616 NtLmSsp - ok
15:19:09.0859 1616 [ 023dd70573d644f3d9c8b1258a7bfd08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:19:10.0000 1616 NtmsSvc - ok
15:19:10.0046 1616 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
15:19:10.0203 1616 Null - ok
15:19:10.0234 1616 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:19:10.0390 1616 NwlnkFlt - ok
15:19:10.0406 1616 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:19:10.0546 1616 NwlnkFwd - ok
15:19:10.0687 1616 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:19:10.0703 1616 odserv - ok
15:19:10.0750 1616 [ dd0a8b0aa7791691ff597334708d9e8f ] oosllbpr C:\WINDOWS\system32\drivers\oosllbpr.sys
15:19:10.0765 1616 oosllbpr - ok
15:19:10.0796 1616 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:19:10.0812 1616 ose - ok
15:19:10.0859 1616 [ 46f8db73b4a53e543f8e371dc7c75bae ] Parport C:\WINDOWS\system32\drivers\Parport.sys
15:19:10.0968 1616 Parport - ok
15:19:11.0015 1616 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:19:11.0171 1616 PartMgr - ok
15:19:11.0250 1616 [ 1fae19d0457176318bba4a8795656ebc ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:19:11.0437 1616 ParVdm - ok
15:19:11.0484 1616 [ fd2041e9ba03db7764b2248f02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
15:19:11.0500 1616 pccsmcfd - ok
15:19:11.0515 1616 [ 6ce351d149cb4befc702951e471e1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:19:11.0671 1616 PCI - ok
15:19:11.0687 1616 PCIDump - ok
15:19:11.0703 1616 [ 2da4ec85e0ea7a45c6b2a05820492d5a ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:19:11.0890 1616 PCIIde - ok
15:19:11.0906 1616 [ 4fc31e6c19a5ce5198b1abff94cae758 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:19:12.0515 1616 Pcmcia - ok
15:19:12.0531 1616 PDCOMP - ok
15:19:12.0546 1616 PDFRAME - ok
15:19:12.0562 1616 PDRELI - ok
15:19:12.0578 1616 PDRFRAME - ok
15:19:12.0609 1616 [ 6c14b9c19ba84f73d3a86dba11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
15:19:12.0859 1616 perc2 - ok
15:19:12.0875 1616 [ f50f7c27f131afe7beba13e14a3b9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:19:13.0015 1616 perc2hib - ok
15:19:13.0078 1616 [ 9ef697af07bb8dd82c3b02ca953a95b7 ] PlugPlay C:\WINDOWS\system32\services.exe
15:19:13.0093 1616 PlugPlay - ok
15:19:13.0140 1616 [ 2d091a99624fb9e7eef0a86d872ec0c3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
15:19:13.0171 1616 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:19:13.0171 1616 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:19:13.0171 1616 [ ed0a176354487ceed65b80a7148ab739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:19:13.0296 1616 PolicyAgent - ok
15:19:13.0343 1616 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:19:13.0468 1616 PptpMiniport - ok
15:19:13.0484 1616 [ ed0a176354487ceed65b80a7148ab739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:19:13.0609 1616 ProtectedStorage - ok
15:19:13.0625 1616 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:19:13.0750 1616 PSched - ok
15:19:13.0843 1616 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:19:14.0000 1616 Ptilink - ok
15:19:14.0062 1616 [ 0457e25bb122b854e267cf552dcdc370 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:19:14.0062 1616 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
15:19:14.0062 1616 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
15:19:14.0093 1616 [ 0a63fb54039eb5662433caba3b26dba7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:19:14.0250 1616 ql1080 - ok
15:19:14.0265 1616 [ 6503449e1d43a0ff0201ad5cb1b8c706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:19:14.0468 1616 Ql10wnt - ok
15:19:14.0484 1616 [ 156ed0ef20c15114ca097a34a30d8a01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:19:14.0625 1616 ql12160 - ok
15:19:14.0640 1616 [ 70f016bebde6d29e864c1230a07cc5e6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:19:14.0812 1616 ql1240 - ok
15:19:14.0828 1616 [ 907f0aeea6bc451011611e732bd31fcf ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:19:14.0953 1616 ql1280 - ok
15:19:15.0031 1616 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:19:15.0156 1616 RasAcd - ok
15:19:15.0250 1616 [ 2b5e44ea009f2f374b980e1e9a70635d ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:19:15.0359 1616 RasAuto - ok
15:19:15.0406 1616 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:19:15.0546 1616 Rasl2tp - ok
15:19:15.0656 1616 [ d57554c664b64604bd1ee13ea2c07e77 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:19:15.0828 1616 RasMan - ok
15:19:15.0843 1616 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:19:15.0984 1616 RasPppoe - ok
15:19:16.0062 1616 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:19:16.0218 1616 Raspti - ok
15:19:16.0250 1616 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:19:16.0406 1616 Rdbss - ok
15:19:16.0437 1616 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:19:16.0625 1616 RDPCDD - ok
15:19:16.0640 1616 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:19:16.0750 1616 rdpdr - ok
15:19:16.0796 1616 [ 43af5212bd8fb5ba6eed9754358bd8f7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:19:16.0890 1616 RDPWD - ok
15:19:16.0937 1616 [ c0d9d9711cb74ee9bc66353d8cbdab0e ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:19:17.0062 1616 RDSessMgr - ok
15:19:17.0093 1616 [ 611bfd220305be3a85ae876ea47d4aa5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:19:17.0203 1616 redbook - ok
15:19:17.0250 1616 [ 127c26b5371651043450e52542099aba ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:19:17.0390 1616 RemoteAccess - ok
15:19:17.0453 1616 [ 8f31505484a190d5b22274708799f4ec ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:19:17.0734 1616 RemoteRegistry - ok
15:19:17.0765 1616 [ 851c30df2807fcfa21e4c681a7d6440e ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
15:19:17.0906 1616 RFCOMM - ok
15:19:17.0984 1616 [ d8b0b4ade32574b2d9c5cc34dc0dbbe7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
15:19:18.0140 1616 ROOTMODEM - ok
15:19:18.0187 1616 [ 718b3bdc0bc3c2f7d065a53d26202af9 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:19:18.0312 1616 RpcLocator - ok
15:19:18.0359 1616 [ be27674d1cbc3214aec84b4336a38bbf ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:19:18.0375 1616 RpcSs - ok
15:19:18.0406 1616 [ 09ab2e71e58b078038e3bfdba7ffc984 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:19:18.0546 1616 RSVP - ok
15:19:18.0562 1616 [ 0dbcc071a268e0340a2ba6bdd98bace4 ] S3SavageNB C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
15:19:18.0656 1616 S3SavageNB - ok
15:19:18.0671 1616 [ ed0a176354487ceed65b80a7148ab739 ] SamSs C:\WINDOWS\system32\lsass.exe
15:19:18.0781 1616 SamSs - ok
15:19:18.0828 1616 [ 410046e401eb11e1e6749e9deea41d4a ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:19:18.0968 1616 SCardSvr - ok
15:19:19.0093 1616 [ 3ff232a7731621b8902d81d42418c93c ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:19:19.0218 1616 Schedule - ok
15:19:19.0250 1616 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:19:19.0437 1616 Secdrv - ok
15:19:19.0484 1616 [ 477e2c3cc5e4a0d635bcb0ea8dcac3c6 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:19:19.0625 1616 seclogon - ok
15:19:19.0640 1616 [ a530b75c10c23c9ab28fdb6ce719e21f ] SENS C:\WINDOWS\system32\sens.dll
15:19:19.0843 1616 SENS - ok
15:19:19.0875 1616 [ b842729337c9b921615c40d3c1a1af96 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
15:19:20.0062 1616 Serial - ok
15:19:20.0171 1616 [ c15b813f2fdb44f87f23312472c6e790 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
15:19:20.0203 1616 ServiceLayer - ok
15:19:20.0234 1616 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:19:20.0375 1616 Sfloppy - ok
15:19:20.0421 1616 [ f58faca9621d2db01bd0927d9a0a208e ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:19:20.0593 1616 SharedAccess - ok
15:19:20.0656 1616 [ ee9a2b9ea968a792a053c9d1a86bf870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:19:20.0687 1616 ShellHWDetection - ok
15:19:20.0703 1616 Simbad - ok
15:19:20.0750 1616 [ 69611b2ffa1c48b7dfe86c8c12500ddb ] SiS315 C:\WINDOWS\system32\DRIVERS\sisgrp.sys
15:19:20.0796 1616 SiS315 - ok
15:19:20.0843 1616 [ ded793c377fa132912b4381043a4d554 ] SiSGbeXP C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys
15:19:20.0890 1616 SiSGbeXP - ok
15:19:20.0937 1616 [ b701c7f3c816e9d72f733e792df6bf0a ] SiSkp C:\WINDOWS\system32\DRIVERS\srvkp.sys
15:19:20.0968 1616 SiSkp - ok
15:19:21.0000 1616 [ 83c0f71f86d3bdaf915685f3d568b20e ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:19:21.0078 1616 Sparrow - ok
15:19:21.0093 1616 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:19:21.0250 1616 splitter - ok
15:19:21.0343 1616 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:19:21.0390 1616 Spooler - ok
15:19:21.0437 1616 [ 94610c8653635e4459316a0050d55ce7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:19:21.0671 1616 sr - ok
15:19:21.0750 1616 [ 35b91147124f64ac8081a2edb9ea4dee ] srservice C:\WINDOWS\system32\srsvc.dll
15:19:21.0937 1616 srservice - ok
15:19:22.0046 1616 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:19:22.0125 1616 Srv - ok
15:19:22.0203 1616 [ becd5271dc4e3b7c3d035f790fcbc1e5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:19:22.0390 1616 SSDPSRV - ok
15:19:22.0421 1616 [ c1cdd9275f6a115bb0ae1d55d8d27ba6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:19:22.0625 1616 stisvc - ok
15:19:22.0671 1616 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:19:22.0937 1616 swenum - ok
15:19:22.0953 1616 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:19:23.0078 1616 swmidi - ok
15:19:23.0093 1616 SwPrv - ok
15:19:23.0125 1616 [ 1ff3217614018630d0a6758630fc698c ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
15:19:23.0281 1616 symc810 - ok
15:19:23.0296 1616 [ 070e001d95cf725186ef8b20335f933c ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:19:23.0484 1616 symc8xx - ok
15:19:23.0500 1616 [ 80ac1c4abbe2df3b738bf15517a51f2c ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:19:23.0640 1616 sym_hi - ok
15:19:23.0640 1616 [ bf4fab949a382a8e105f46ebb4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:19:23.0781 1616 sym_u3 - ok
15:19:23.0812 1616 [ 76d8be42d50455c7c8446b8ff1bfb9e0 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:19:23.0843 1616 SynTP - ok
15:19:23.0890 1616 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:19:24.0015 1616 sysaudio - ok
15:19:24.0046 1616 [ ce06f01b88ace199a1bf460cac29c110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:19:24.0171 1616 SysmonLog - ok
15:19:24.0203 1616 [ c2546cd7a398476f9df5614b2ae160e8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:19:24.0328 1616 TapiSrv - ok
15:19:24.0453 1616 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:19:24.0484 1616 Tcpip - ok
15:19:24.0515 1616 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:19:24.0656 1616 TDPIPE - ok
15:19:24.0718 1616 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:19:24.0843 1616 TDTCP - ok
15:19:24.0875 1616 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:19:25.0078 1616 TermDD - ok
15:19:25.0140 1616 [ a75dd6fc3dbee4fff5ebc9f2c28bb66e ] TermService C:\WINDOWS\System32\termsrv.dll
15:19:25.0343 1616 TermService - ok
15:19:25.0375 1616 [ ee9a2b9ea968a792a053c9d1a86bf870 ] Themes C:\WINDOWS\System32\shsvcs.dll
15:19:25.0453 1616 Themes - ok
15:19:25.0515 1616 [ cd0cc7b167d78043a41c98d4921efb54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:19:25.0734 1616 TlntSvr - ok
15:19:25.0781 1616 [ fd4fd7d6fda5c019ed86025d7be1510f ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
15:19:25.0937 1616 TosIde - ok
15:19:25.0984 1616 [ 38853304ccb938d30e0c4cde8d2c2a8a ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:19:26.0093 1616 TrkWks - ok
15:19:26.0140 1616 [ d85938f272d1bcf3db3a31fc0a048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
15:19:26.0281 1616 uagp35 - ok
15:19:26.0375 1616 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:19:26.0562 1616 Udfs - ok
15:19:26.0593 1616 [ 1b698a51cd528d8da4ffaed66dfc51b9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
15:19:26.0687 1616 ultra - ok
15:19:26.0718 1616 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:19:26.0859 1616 Update - ok
15:19:26.0890 1616 [ 651bd90dcee5b7bdc74a2eb7c9266f9e ] upnphost C:\WINDOWS\System32\upnphost.dll
15:19:27.0031 1616 upnphost - ok
15:19:27.0062 1616 [ 20a0f6a11959e92908717d09e87d670d ] UPS C:\WINDOWS\System32\ups.exe
15:19:27.0281 1616 UPS - ok
15:19:27.0390 1616 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:19:27.0515 1616 usbccgp - ok
15:19:27.0546 1616 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:19:27.0671 1616 usbehci - ok
15:19:27.0781 1616 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:19:28.0171 1616 usbhub - ok
15:19:28.0187 1616 [ 0daecce65366ea32b162f85f07c6753b ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:19:28.0312 1616 usbohci - ok
15:19:28.0359 1616 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:19:28.0500 1616 usbprint - ok
15:19:28.0531 1616 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:19:28.0656 1616 usbscan - ok
15:19:28.0671 1616 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:19:28.0796 1616 USBSTOR - ok
15:19:28.0828 1616 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:19:28.0968 1616 usbuhci - ok
15:19:29.0000 1616 [ 0955553090e0a88614e5b8a02af9324c ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys
15:19:29.0015 1616 VComm - ok
15:19:29.0078 1616 [ ebf022ec5b0e15b4c225f28031e4123a ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys
15:19:29.0078 1616 VcommMgr - ok
15:19:29.0109 1616 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:19:29.0265 1616 VgaSave - ok
15:19:29.0281 1616 [ 754292ce5848b3738281b4f3607eaef4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:19:29.0421 1616 viaagp - ok
15:19:29.0468 1616 [ 3b3efcda263b8ac14fdf9cbdd0791b2e ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
15:19:29.0734 1616 ViaIde - ok
15:19:29.0765 1616 [ 28a4b296b47782173c346e376cb374d1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:19:30.0031 1616 VolSnap - ok
15:19:30.0250 1616 [ d6ba1a63d9e00933f1cd2a885573afb2 ] VSS C:\WINDOWS\System32\vssvc.exe
15:19:30.0421 1616 VSS - ok
15:19:30.0484 1616 [ fa4e1cdba256787f2149f4aad07bc91f ] W32Time C:\WINDOWS\system32\w32time.dll
15:19:30.0671 1616 W32Time - ok
15:19:30.0703 1616 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:19:30.0937 1616 Wanarp - ok
15:19:30.0937 1616 WDICA - ok
15:19:31.0015 1616 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:19:31.0203 1616 wdmaud - ok
15:19:31.0281 1616 [ 47ae51048a82dfa1cd6b51d369f7e169 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:19:31.0468 1616 WebClient - ok
15:19:31.0546 1616 [ e488332126e3b1182d2b8a0c35408ec6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:19:31.0687 1616 winmgmt - ok
15:19:31.0796 1616 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:19:31.0812 1616 WmdmPmSN - ok
15:19:31.0859 1616 [ 0171cff34bba8c5977f18c48d8aef8c6 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:19:31.0921 1616 Wmi - ok
15:19:31.0968 1616 [ 23f6f03272f7e5679f1f050aed5acee6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:19:32.0125 1616 WmiApSrv - ok
15:19:32.0265 1616 [ 3739866d20abd42f26a7b85f9e2560af ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:19:32.0328 1616 WMPNetworkSvc - ok
15:19:32.0390 1616 [ cf4def1bf66f06964dc0d91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:19:32.0421 1616 WpdUsb - ok
15:19:32.0468 1616 [ 4c86d5faf78194995af9cc1075f65dd3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:19:32.0609 1616 wscsvc - ok
15:19:32.0671 1616 [ c1364564800ee9784192145324a23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:19:32.0859 1616 wuauserv - ok
15:19:32.0906 1616 [ eaa6324f51214d2f6718977ec9ce0def ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:19:32.0937 1616 WudfPf - ok
15:19:32.0984 1616 [ f91ff1e51fca30b3c3981db7d5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:19:33.0015 1616 WudfRd - ok
15:19:33.0046 1616 [ ddee3682fe97037c45f4d7ab467cb8b6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:19:33.0078 1616 WudfSvc - ok
15:19:33.0140 1616 [ a27d4ba7264c0bf52f32d10405bea1d4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:19:33.0312 1616 WZCSVC - ok
15:19:33.0312 1616 xcpip - ok
15:19:33.0406 1616 [ eaa4bb9edb3fb10cf8979fe65e63658f ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:19:33.0578 1616 xmlprov - ok
15:19:33.0578 1616 xpsec - ok
15:19:33.0640 1616 [ bdfa6a3a7ce1d083889b316a484a356a ] zntport C:\WINDOWS\system32\drivers\zntport.sys
15:19:33.0656 1616 zntport - ok
15:19:33.0671 1616 ================ Scan global ===============================
15:19:33.0718 1616 (f36278e42c8c5df03ce17dac8231c91c) C:\WINDOWS\system32\basesrv.dll
15:19:33.0750 1616 (f3fa14a297bc687d0b51289d034033c9) C:\WINDOWS\system32\winsrv.dll
15:19:33.0765 1616 (f3fa14a297bc687d0b51289d034033c9) C:\WINDOWS\system32\winsrv.dll
15:19:33.0796 1616 (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
15:19:33.0796 1616 [Global] - ok
15:19:33.0796 1616 ================ Scan MBR ==================================
15:19:33.0828 1616 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:19:34.0718 1616 \Device\Harddisk0\DR0 - ok
15:19:34.0718 1616 ================ Scan VBR ==================================
15:19:34.0718 1616 Boot (0x1200) (3bdfb410f5212329af90f6136d2cf454) \Device\Harddisk0\DR0\Partition1
15:19:34.0718 1616 \Device\Harddisk0\DR0\Partition1 - ok
15:19:34.0718 1616 ============================================================
15:19:34.0718 1616 Scan finished
15:19:34.0718 1616 ============================================================
15:19:34.0859 2500 Detected object count: 10
15:19:34.0859 2500 Actual detected object count: 10
15:19:42.0703 2500 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:42.0703 2500 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:42.0703 2500 atapi ( ForgedFile.Multi.Generic ) - skipped by user
15:19:42.0703 2500 atapi ( ForgedFile.Multi.Generic ) - User select action: Skip
15:19:42.0703 2500 BlueSoleilCS ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:42.0703 2500 BlueSoleilCS ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:42.0703 2500 BsHelpCS ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:42.0703 2500 BsHelpCS ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:42.0718 2500 BsMobileCS ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:42.0718 2500 BsMobileCS ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:42.0718 2500 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:42.0718 2500 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:42.0718 2500 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:42.0718 2500 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:42.0718 2500 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:42.0718 2500 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:42.0718 2500 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:42.0718 2500 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:42.0734 2500 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:42.0734 2500 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

#6 Příspěvek od **vyosek** » 20 srp 2012 14:31

Vypnete na chvili rezidentni stity antiviru - at nam dovoli zabalit vzorky a nesezere je

Zabalte do raru nasledujici

Celou slozku RK_Quarantine
V miste spusteni MBRScanu jsou tzv Dump soubory

Cely rar mi uploadnete na LP http://leteckaposta.cz/

Mate moznost vypalit CD

Max_cz · #7 Příspěvek od **Max_cz** » 20 srp 2012 14:49

Ano mám, zabalený scan http://leteckaposta.cz/592736713

#8 Příspěvek od **vyosek** » 20 srp 2012 15:28

Jeste mi prosim zabalte ty dump soubory z MBRScanu a tez uploadnete

Max_cz · #9 Příspěvek od **Max_cz** » 20 srp 2012 15:34

vyosek píše:Jeste mi prosim zabalte ty dump soubory z MBRScanu a tez uploadnete

Nemohu je najít, kde jsou uloženy? MBRScan mám na ploše

#10 Příspěvek od **vyosek** » 20 srp 2012 15:36

Vypnete opet rezidentni stity antiviru

Spustte tedy MBRScan a kliknete na Dump, zvolte DR0 a vytvori se na plose soubor Dump_DR0.mbr, tez uploadnete

Max_cz · #11 Příspěvek od **Max_cz** » 20 srp 2012 15:42

http://leteckaposta.cz/395034002 omlouvám se, přehlédl jsem je, myslel jsem, že budou v nějakém adresáři

#12 Příspěvek od **vyosek** » 20 srp 2012 15:52

Nic se nedeje

Jeste si postup zkonzultuji s kolegou jelikoz se jedna o ntb

Mezitims stahnete OTLPEStd http://oldtimer.geekstogo.com/OTLPEStd.exe

Ulozte nejlepe treba primo na disk c:\
Vlozte prazdne CD\DVD do vypalovacky
Spustte OTLPEStd.exe
Dojde k vypaleni programu na disk

Nabootujte z vypaleneho CD - zavede se system prostredi zvane rategoo

Spustte z plochy rategoo utilitu MBRFix

Zadejte do okna nasledujici text mbrfix /drive 0 driveinfo a odenterujte
dle velikosti zkontrolujte, zda-li se jedna opravdu o napadeny disk, DR0 by mel byt __Hitachi HTS543216L9A300
Zadejte do okna (pokud velikost sedi) mbrfix /drive 0 savembr c:\zalohambr.dat
a opet odenterujte
Zkontrolujte, zda-li je na c:\vytvoreny soubor zaloha.mbr

Napiste ci se vse povedlo a ja mezitim zkonzultuji s kolegou dalsi postup

#13 Příspěvek od **vyosek** » 21 srp 2012 05:13

Takze ja mam s kolegou zkonzultovano, thx Naughty

Nyni tedy je na Vas ci se povedlo a muzem se pustit do opravy

Max_cz · #14 Příspěvek od **Max_cz** » 21 srp 2012 14:29

Vypáleno a zalohambr.dat je na C

#15 Příspěvek od **vyosek** » 21 srp 2012 14:38

Nabootujte opet rategoo

Stahnete si tento soubor originalmbr.dat http://leteckaposta.cz/237847528 a ulozte jej primo na c:\

Spustte MBRFix a zadejte mbrfix /drive 0 restorembr c:\originalmbr.dat odenterujte a potvrdte Y a opet enter

Nyni nabootujte do klasickeho rezimu

Stahnete Avenger http://forum.viry.cz//viewtopic.php?f=11&t=19832

Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize
Kód: Vybrat vše
```
Drivers to delete:
xpsec
xcpip
```
Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

Provedte znovu sken MBRScanem a RogueKillerem jako na zacatku http://forum.viry.cz/viewtopic.php?f=13 ... 6#p1138669

VIRY.CZ

Prosím o kontrolu a pomoc při odstranění havěti

Prosím o kontrolu a pomoc při odstranění havěti

Re: Prosím o kontrolu a pomoc při odstranění havěti

Re: Prosím o kontrolu a pomoc při odstranění havěti

Re: Prosím o kontrolu a pomoc při odstranění havěti

Re: Prosím o kontrolu a pomoc při odstranění havěti

Re: Prosím o kontrolu a pomoc při odstranění havěti

Re: Prosím o kontrolu a pomoc při odstranění havěti

Re: Prosím o kontrolu a pomoc při odstranění havěti

Re: Prosím o kontrolu a pomoc při odstranění havěti

Re: Prosím o kontrolu a pomoc při odstranění havěti

Re: Prosím o kontrolu a pomoc při odstranění havěti

Re: Prosím o kontrolu a pomoc při odstranění havěti

Re: Prosím o kontrolu a pomoc při odstranění havěti

Re: Prosím o kontrolu a pomoc při odstranění havěti

Re: Prosím o kontrolu a pomoc při odstranění havěti