Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Zřejmě zasifleno

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
AndySue
Návštěvník
Návštěvník
Příspěvky: 91
Registrován: 26 pro 2009 12:10

Re: Zřejmě zasifleno

#16 Příspěvek od AndySue »

Defragmentace pokračuje, vždycky to přes noc pustim, jsem asi na 46% :-)

Horší je, že kompl stále zasiflen, došel mail od Cesnetu. Že tam prý mám tyto sifly:
- mebroot
- torpig

Co s tím?
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: Zřejmě zasifleno

#17 Příspěvek od cernohous13 »

Nech dojet defragmentaci - doufám že jsi to promazal a máš alespoň 15% volného místa (jinak je defrag na hodně dlouho a nejistý)
Potom
Stáhni si Obrázek ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
AndySue
Návštěvník
Návštěvník
Příspěvky: 91
Registrován: 26 pro 2009 12:10

Re: Zřejmě zasifleno

#18 Příspěvek od AndySue »

Defragmentace provedena. Log přiložen (moc znaků).
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: Zřejmě zasifleno

#19 Příspěvek od cernohous13 »

Log rozděl do více odpovědí (přiložení se nezdařilo)
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
AndySue
Návštěvník
Návštěvník
Příspěvky: 91
Registrován: 26 pro 2009 12:10

Re: Zřejmě zasifleno

#20 Příspěvek od AndySue »

Log ke stažení: http://www.rebelsracing.cz/files/log.txt
Nahoru
AndySue
Návštěvník
Návštěvník
Příspěvky: 91
Registrován: 26 pro 2009 12:10

Re: Zřejmě zasifleno

#21 Příspěvek od AndySue »

P.S. pro správce fóra: nelze přiložit .txt, log, doc, html, pdf, gif :-(
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: Zřejmě zasifleno

#22 Příspěvek od cernohous13 »

ComboFix 11-04-14.03 - Ondra 15.04.2011 22:24:49.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.2912 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ondra\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\Adobe Systems
c:\documents and settings\All Users\Data aplikací\Adobe Systems\Product licenses\B2B86000.dat
c:\documents and settings\Ondra\System
c:\documents and settings\Ondra\System\win_qs8.jqx
c:\documents and settings\Ondra\WINDOWS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-15 do 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-04-04 22:30 . 2011-04-11 17:20 -------- d-----w- c:\program files\Defraggler
2011-04-04 10:39 . 2011-04-04 10:39 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\Foxit Software
2011-04-04 09:14 . 2011-04-04 09:14 75208 ----a-w- c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
2011-04-04 08:35 . 2011-04-04 08:35 -------- d-----w- C:\_OTM
2011-04-02 22:44 . 2011-04-02 22:44 -------- d-----w- C:\found.001
2011-04-02 16:23 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-02 16:23 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-02 16:23 . 2011-04-02 16:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-02 10:04 . 2010-09-29 15:13 24064 ----a-w- c:\windows\system32\drivers\motmodem.sys
2011-04-02 10:04 . 2010-12-03 12:03 20352 ----a-w- c:\windows\system32\drivers\motccgp.sys
2011-04-02 10:04 . 2009-01-29 14:18 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
2011-04-02 10:04 . 2007-11-02 12:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys
2011-04-02 10:04 . 2009-12-21 11:42 15616 ----a-w- c:\windows\system32\mot_ci.dll
2011-04-02 10:04 . 2009-05-08 08:56 42752 ----a-w- c:\windows\system32\drivers\motodrv.sys
2011-04-02 10:04 . 2011-04-02 10:04 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-04-02 10:04 . 2011-04-02 10:15 -------- d-----w- c:\program files\Motorola
2011-04-01 07:29 . 2011-04-01 07:29 -------- d-----w- C:\spoolerlogs
2011-03-30 17:57 . 2011-04-01 21:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\lDi28604gNpNk28604
2011-03-25 14:44 . 2009-06-03 10:33 3482112 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2011-03-25 14:44 . 2009-02-11 12:45 27264 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2011-03-25 14:44 . 2008-08-20 17:04 291328 ----a-w- c:\windows\system32\vsnp2uvc.dll
2011-03-25 14:44 . 2008-08-01 15:10 675840 ----a-w- c:\windows\vsnp2uvc.exe
2011-03-25 14:44 . 2007-07-04 16:28 176128 ----a-w- c:\windows\system32\csnp2uvc.dll
2011-03-25 14:44 . 2008-08-21 12:46 184320 ----a-w- c:\windows\system32\rsnp2uvc.dll
2011-03-25 14:44 . 2009-06-01 09:22 320512 ----a-w- c:\windows\tsnp2uvc.exe
2011-03-25 14:44 . 2011-03-25 14:44 -------- d-----w- c:\program files\Common Files\SNP2UVC
2011-03-25 14:44 . 2004-08-09 16:43 94208 ----a-w- c:\windows\amcap.exe
2011-03-25 14:31 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-03-25 14:31 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-03-24 21:12 . 2011-03-24 21:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SafeNet Sentinel
2011-03-24 21:03 . 2011-03-24 21:05 -------- d-----w- c:\program files\Microsoft SQL Server
2011-03-24 21:01 . 2005-06-15 02:00 102400 ----a-w- c:\windows\system32\tsccvid.dll
2011-03-24 21:01 . 2011-03-24 21:01 -------- d-----w- c:\windows\system32\RNBOSENT
2011-03-24 21:01 . 2008-04-02 15:29 50176 ----a-w- c:\windows\system32\SNTI386.DLL
2011-03-24 21:01 . 2008-04-02 15:29 76288 ----a-w- c:\windows\system32\drivers\SENTINEL.SYS
2011-03-24 21:01 . 2008-04-02 15:29 18432 ----a-w- c:\windows\system32\RNBOVDD.DLL
2011-03-24 21:00 . 2011-03-24 21:00 304640 ----a-w- c:\windows\system32\hlvdd.dll
2011-03-24 21:00 . 2011-03-24 21:00 6656 ----a-w- c:\windows\system32\haspvdd.dll
2011-03-24 21:00 . 2011-03-24 21:00 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2011-03-24 21:00 . 2011-03-24 21:00 383 ----a-w- c:\windows\system32\haspdos.sys
2011-03-24 20:55 . 2011-03-24 20:58 -------- d-----w- c:\program files\Edgecam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 06:36 . 2004-08-18 11:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-17 13:18 . 2004-08-18 11:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-18 11:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-18 11:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-18 11:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-18 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-18 11:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-18 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2008-12-09 20:50 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-12-09 20:50 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-18 11:00 440320 ----a-w- c:\windows\system32\shimgvw.dll

-- Snímek resetován k současnému datu -- vynecháno
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyP"="c:\program files\hotkeyp\HotkeyP.exe" [2008-07-15 65536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
"Alt+S Override"="c:\program files\Alt+S Override\Alt+S Override.exe" [2009-10-08 154112]
"EasyPHP"="c:\program files\EasyPHP-5.3.1\EasyPHP-5.3.1.exe" [2010-02-15 277504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-07 13529088]
"nwiz"="nwiz.exe" [2008-05-07 1630208]
"NVHotkey"="nvHotkey.dll" [2008-05-07 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-07 86016]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-01-19 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-06 202256]
.
c:\documents and settings\Ondra\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - miranda32.exe.lnk - c:\program files\Miranda IM\miranda32.exe [2011-1-21 817760]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CLS2009.01.lnk - c:\program files\Edgecam\Cam\cls.exe [2011-3-24 782336]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ondra^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\Ondra\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ondra^Nabídka Start^Programy^Po spuštění^Jádro Plánovače úloh SolidWorks.lnk]
path=c:\documents and settings\Ondra\Nabídka Start\Programy\Po spuštění\Jádro Plánovače úloh SolidWorks.lnk
backup=c:\windows\pss\Jádro Plánovače úloh SolidWorks.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ondra^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Ondra\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-09-13 10:12 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mumservice]
2011-02-02 14:45 1066304 ----a-w- c:\program files\Motorola\Software Update\mumservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSync - ScheduleSync]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2008-04-04 10:38 88584 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-06 13:37 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BBDemon"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"mnmsrvc"=3 (0x3)
"ERSvc"=2 (0x2)
"TapiSrv"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Python25\\pythonw.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\rFactor\\rFactor.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Motorola\\Software Update\\mumapp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7328:TCP"= 7328:TCP:Services
"7329:TCP"= 7329:TCP:Services
"9880:TCP"= 9880:TCP:Services
"9881:TCP"= 9881:TCP:Services
"5804:TCP"= 5804:TCP:Services
"5507:TCP"= 5507:TCP:Services
"9677:TCP"= 9677:TCP:Services
"8008:TCP"= 8008:TCP:Services
"4960:TCP"= 4960:TCP:Services
"5369:TCP"= 5369:TCP:Services
"2225:TCP"= 2225:TCP:Services
"6991:TCP"= 6991:TCP:Services
"4507:TCP"= 4507:TCP:Services
"7514:TCP"= 7514:TCP:Services
"1694:TCP"= 1694:TCP:Services
"7912:TCP"= 7912:TCP:Services
"2460:TCP"= 2460:TCP:Services
"9271:TCP"= 9271:TCP:Services
"2413:TCP"= 2413:TCP:Services
"9334:TCP"= 9334:TCP:Services
"4975:TCP"= 4975:TCP:Services
"8818:TCP"= 8818:TCP:Services
"3960:TCP"= 3960:TCP:Services
"7959:TCP"= 7959:TCP:Services
"2491:TCP"= 2491:TCP:Services
"9099:TCP"= 9099:TCP:Services
"1725:TCP"= 1725:TCP:Services
"9474:TCP"= 9474:TCP:Services
"9521:TCP"= 9521:TCP:Services
"9943:TCP"= 9943:TCP:Services
"1897:TCP"= 1897:TCP:Services
"3054:TCP"= 3054:TCP:Services
"4539:TCP"= 4539:TCP:Services
"2850:TCP"= 2850:TCP:Services
"2038:TCP"= 2038:TCP:Services
"7287:TCP"= 7287:TCP:Services
"5802:TCP"= 5802:TCP:Services
"1788:TCP"= 1788:TCP:Services
"7490:TCP"= 7490:TCP:Services
"3585:TCP"= 3585:TCP:Services
.
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [13.10.2006 22:53 14912]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [1.11.2010 18:08 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [1.11.2010 18:08 41936]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [3.12.2010 1:48 218432]
R2 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [23.11.2009 20:48 71464]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [22.5.2009 18:47 16384]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [22.5.2009 18:47 17408]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [22.5.2009 18:47 9856]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8.10.2010 16:57 100560]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [8.10.2010 16:57 111568]
R3 xcpip;Ovladač protokolu TCP/IP;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 gkariyw;gkariyw;c:\windows\system32\drivers\xgxulf.sys --> c:\windows\system32\drivers\xgxulf.sys [?]
S2 gupdate1c9b099a30c58b0;Služba Google Update (gupdate1c9b099a30c58b0);c:\program files\Google\Update\GoogleUpdate.exe [29.3.2009 20:10 133104]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [20.1.2010 1:59 87336]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [21.11.2010 16:11 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [21.11.2010 19:43 100480]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2.4.2011 12:04 20352]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2.4.2011 12:04 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2.4.2011 12:04 42752]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [1.11.2010 18:08 31888]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [27.1.2010 12:22 11520]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 8:01 2799808]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.12.2008 19:02 721904]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 18:10]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 18:10]
.
2011-04-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-1284227242-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
2011-04-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-1284227242-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
2011-04-15 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-01-01 05:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.lide.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {D282F74B-6F08-4903-B5C4-F39D344FDC8A} = 77.78.80.211,213.46.172.36
FF - ProfilePath - c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\h74hq88m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://localhost/to-do-list.php
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: České slovníky pro kontrolu pravopisu: cs@dictionaries.addons.mozilla.org - %profile%\extensions\cs@dictionaries.addons.mozilla.org
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
MSConfigStartUp-egui - c:\program files\ESET\ESET Smart Security\egui.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-15 22:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2011-04-15 22:31:06
ComboFix-quarantined-files.txt 2011-04-15 20:30
ComboFix2.txt 2010-02-11 17:13
.
Před spuštěním: Volných bajtů: 58 381 774 848
Po spuštění: Volných bajtů: 58 940 530 688
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 07C1D96569C8DCDD0F0862D5451DA277
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: Zřejmě zasifleno

#23 Příspěvek od cernohous13 »

:arrow: Pokud nemáš ComboFix na ploše, přesuň jej tam.
:arrow: Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.
Obrázek
ComboFix se spustí - počkej na log a vlož ho sem.
CFscript

Kód: Vybrat vše

KillAll::

File::
C:\found.001
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-1284227242-839522115-1003.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-1284227242-839522115-1003.job

DirLook::
c:\documents and settings\All Users\Data aplikací\lDi28604gNpNk28604

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"TkBellExe"=-
[HKLM\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"7328:TCP"=-
"7329:TCP"=-
"9880:TCP"=-
"9881:TCP"=-
"5804:TCP"=-
"5507:TCP"=-
"9677:TCP"=-
"8008:TCP"=-
"4960:TCP"=-
"5369:TCP"=-
"2225:TCP"=-
"6991:TCP"=-
"4507:TCP"=-
"7514:TCP"=-
"1694:TCP"=-
"7912:TCP"=-
"2460:TCP"=-
"9271:TCP"=-
"2413:TCP"=-
"9334:TCP"=-
"4975:TCP"=-
"8818:TCP"=-
"3960:TCP"=-
"7959:TCP"=-
"2491:TCP"=-
"9099:TCP"=-
"1725:TCP"=-
"9474:TCP"=-
"9521:TCP"=-
"9943:TCP"=-
"1897:TCP"=-
"3054:TCP"=-
"4539:TCP"=-
"2850:TCP"=-
"2038:TCP"=-
"7287:TCP"=-
"5802:TCP"=-
"1788:TCP"=-
"7490:TCP"=-
"3585:TCP"=-

Driver::
xcpip
xpsec
gkariyw
gupdate1c9b099a30c58b0
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
AndySue
Návštěvník
Návštěvník
Příspěvky: 91
Registrován: 26 pro 2009 12:10

Re: Zřejmě zasifleno

#24 Příspěvek od AndySue »

ComboFix 11-04-16.03 - Ondra 17.04.2011 22:37:43.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.2705 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ondra\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ondra\Plocha\CFscript.txt
* Vytvořen nový Bod Obnovení
.
FILE ::
"C:\found.001"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-1284227242-839522115-1003.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-1284227242-839522115-1003.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-1284227242-839522115-1003.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-1284227242-839522115-1003.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE1C9B099A30C58B0
-------\Service_gkariyw
-------\Service_gupdate1c9b099a30c58b0
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-17 do 2011-04-17 )))))))))))))))))))))))))))))))
.
.
2011-04-16 12:14 . 2011-04-17 18:58 -------- d-----w- c:\documents and settings\Ondra\.freemind
2011-04-16 12:14 . 2011-04-16 12:14 -------- d-----w- c:\program files\FreeMind
2011-04-04 22:30 . 2011-04-11 17:20 -------- d-----w- c:\program files\Defraggler
2011-04-04 10:39 . 2011-04-04 10:39 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\Foxit Software
2011-04-04 09:14 . 2011-04-04 09:14 75208 ----a-w- c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
2011-04-04 08:35 . 2011-04-04 08:35 -------- d-----w- C:\_OTM
2011-04-02 22:44 . 2011-04-02 22:44 -------- d-----w- C:\found.001
2011-04-02 16:23 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-02 16:23 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-02 16:23 . 2011-04-02 16:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-02 10:04 . 2010-09-29 15:13 24064 ----a-w- c:\windows\system32\drivers\motmodem.sys
2011-04-02 10:04 . 2010-12-03 12:03 20352 ----a-w- c:\windows\system32\drivers\motccgp.sys
2011-04-02 10:04 . 2009-01-29 14:18 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
2011-04-02 10:04 . 2007-11-02 12:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys
2011-04-02 10:04 . 2009-12-21 11:42 15616 ----a-w- c:\windows\system32\mot_ci.dll
2011-04-02 10:04 . 2009-05-08 08:56 42752 ----a-w- c:\windows\system32\drivers\motodrv.sys
2011-04-02 10:04 . 2011-04-02 10:04 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-04-02 10:04 . 2011-04-02 10:15 -------- d-----w- c:\program files\Motorola
2011-04-01 07:29 . 2011-04-01 07:29 -------- d-----w- C:\spoolerlogs
2011-03-30 17:57 . 2011-04-01 21:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\lDi28604gNpNk28604
2011-03-25 14:44 . 2009-06-03 10:33 3482112 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2011-03-25 14:44 . 2009-02-11 12:45 27264 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2011-03-25 14:44 . 2008-08-20 17:04 291328 ----a-w- c:\windows\system32\vsnp2uvc.dll
2011-03-25 14:44 . 2008-08-01 15:10 675840 ----a-w- c:\windows\vsnp2uvc.exe
2011-03-25 14:44 . 2007-07-04 16:28 176128 ----a-w- c:\windows\system32\csnp2uvc.dll
2011-03-25 14:44 . 2008-08-21 12:46 184320 ----a-w- c:\windows\system32\rsnp2uvc.dll
2011-03-25 14:44 . 2009-06-01 09:22 320512 ----a-w- c:\windows\tsnp2uvc.exe
2011-03-25 14:44 . 2011-03-25 14:44 -------- d-----w- c:\program files\Common Files\SNP2UVC
2011-03-25 14:44 . 2004-08-09 16:43 94208 ----a-w- c:\windows\amcap.exe
2011-03-25 14:31 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-03-25 14:31 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-03-24 21:12 . 2011-03-24 21:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SafeNet Sentinel
2011-03-24 21:03 . 2011-03-24 21:05 -------- d-----w- c:\program files\Microsoft SQL Server
2011-03-24 21:01 . 2005-06-15 02:00 102400 ----a-w- c:\windows\system32\tsccvid.dll
2011-03-24 21:01 . 2011-03-24 21:01 -------- d-----w- c:\windows\system32\RNBOSENT
2011-03-24 21:01 . 2008-04-02 15:29 50176 ----a-w- c:\windows\system32\SNTI386.DLL
2011-03-24 21:01 . 2008-04-02 15:29 76288 ----a-w- c:\windows\system32\drivers\SENTINEL.SYS
2011-03-24 21:01 . 2008-04-02 15:29 18432 ----a-w- c:\windows\system32\RNBOVDD.DLL
2011-03-24 21:00 . 2011-03-24 21:00 304640 ----a-w- c:\windows\system32\hlvdd.dll
2011-03-24 21:00 . 2011-03-24 21:00 6656 ----a-w- c:\windows\system32\haspvdd.dll
2011-03-24 21:00 . 2011-03-24 21:00 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2011-03-24 21:00 . 2011-03-24 21:00 383 ----a-w- c:\windows\system32\haspdos.sys
2011-03-24 20:55 . 2011-03-24 20:58 -------- d-----w- c:\program files\Edgecam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2008-12-09 20:51 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2004-08-18 11:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2004-08-18 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2004-08-18 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2004-08-18 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2004-08-18 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-18 11:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-18 11:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-18 11:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-18 11:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-18 11:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-18 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-18 11:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-18 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2008-12-09 20:50 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-12-09 20:50 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-18 11:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Data aplikacĂ­\lDi28604gNpNk28604 ----
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyP"="c:\program files\hotkeyp\HotkeyP.exe" [2008-07-15 65536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
"Alt+S Override"="c:\program files\Alt+S Override\Alt+S Override.exe" [2009-10-08 154112]
"EasyPHP"="c:\program files\EasyPHP-5.3.1\EasyPHP-5.3.1.exe" [2010-02-15 277504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-07 13529088]
"nwiz"="nwiz.exe" [2008-05-07 1630208]
"NVHotkey"="nvHotkey.dll" [2008-05-07 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-07 86016]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-01-19 61440]
.
c:\documents and settings\Ondra\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - miranda32.exe.lnk - c:\program files\Miranda IM\miranda32.exe [2011-1-21 817760]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CLS2009.01.lnk - c:\program files\Edgecam\Cam\cls.exe [2011-3-24 782336]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ondra^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\Ondra\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ondra^Nabídka Start^Programy^Po spuštění^Jádro Plánovače úloh SolidWorks.lnk]
path=c:\documents and settings\Ondra\Nabídka Start\Programy\Po spuštění\Jádro Plánovače úloh SolidWorks.lnk
backup=c:\windows\pss\Jádro Plánovače úloh SolidWorks.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ondra^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Ondra\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-09-13 10:12 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mumservice]
2011-02-02 14:45 1066304 ----a-w- c:\program files\Motorola\Software Update\mumservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSync - ScheduleSync]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2008-04-04 10:38 88584 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-06 13:37 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BBDemon"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"mnmsrvc"=3 (0x3)
"ERSvc"=2 (0x2)
"TapiSrv"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Python25\\pythonw.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\rFactor\\rFactor.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Motorola\\Software Update\\mumapp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7328:TCP"= 7328:TCP:Services
"7329:TCP"= 7329:TCP:Services
"9880:TCP"= 9880:TCP:Services
"9881:TCP"= 9881:TCP:Services
"5804:TCP"= 5804:TCP:Services
"5507:TCP"= 5507:TCP:Services
"9677:TCP"= 9677:TCP:Services
"8008:TCP"= 8008:TCP:Services
"4960:TCP"= 4960:TCP:Services
"5369:TCP"= 5369:TCP:Services
"2225:TCP"= 2225:TCP:Services
"6991:TCP"= 6991:TCP:Services
"4507:TCP"= 4507:TCP:Services
"7514:TCP"= 7514:TCP:Services
"1694:TCP"= 1694:TCP:Services
"7912:TCP"= 7912:TCP:Services
"2460:TCP"= 2460:TCP:Services
"9271:TCP"= 9271:TCP:Services
"2413:TCP"= 2413:TCP:Services
"9334:TCP"= 9334:TCP:Services
"4975:TCP"= 4975:TCP:Services
"8818:TCP"= 8818:TCP:Services
"3960:TCP"= 3960:TCP:Services
"7959:TCP"= 7959:TCP:Services
"2491:TCP"= 2491:TCP:Services
"9099:TCP"= 9099:TCP:Services
"1725:TCP"= 1725:TCP:Services
"9474:TCP"= 9474:TCP:Services
"9521:TCP"= 9521:TCP:Services
"9943:TCP"= 9943:TCP:Services
"1897:TCP"= 1897:TCP:Services
"3054:TCP"= 3054:TCP:Services
"4539:TCP"= 4539:TCP:Services
"2850:TCP"= 2850:TCP:Services
"2038:TCP"= 2038:TCP:Services
"7287:TCP"= 7287:TCP:Services
"5802:TCP"= 5802:TCP:Services
"1788:TCP"= 1788:TCP:Services
"7490:TCP"= 7490:TCP:Services
"3585:TCP"= 3585:TCP:Services
.
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [13.10.2006 22:53 14912]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [1.11.2010 18:08 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [1.11.2010 18:08 41936]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [3.12.2010 1:48 218432]
R2 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [23.11.2009 20:48 71464]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [22.5.2009 18:47 16384]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [22.5.2009 18:47 17408]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [22.5.2009 18:47 9856]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8.10.2010 16:57 100560]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [8.10.2010 16:57 111568]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [20.1.2010 1:59 87336]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [21.11.2010 16:11 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [21.11.2010 19:43 100480]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2.4.2011 12:04 20352]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2.4.2011 12:04 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2.4.2011 12:04 42752]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [1.11.2010 18:08 31888]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [27.1.2010 12:22 11520]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 8:01 2799808]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.12.2008 19:02 721904]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - xcpip
*Deregistered* - xpsec
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-17 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-01-01 05:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.lide.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {D282F74B-6F08-4903-B5C4-F39D344FDC8A} = 77.78.80.211,213.46.172.36
FF - ProfilePath - c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\h74hq88m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://localhost/to-do-list.php
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: České slovníky pro kontrolu pravopisu: cs@dictionaries.addons.mozilla.org - %profile%\extensions\cs@dictionaries.addons.mozilla.org
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-17 22:51
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3060)
c:\windows\system32\webcheck.dll
c:\program files\Windows Desktop Search\dsWebAllow.dll
c:\program files\Windows Desktop Search\cs-cz\dsWebAllowRes.dll.mui
c:\program files\Windows Desktop Search\dsWebAllowRes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\EASYPH~1.1\Apache\bin\apache.exe
c:\progra~1\EASYPH~1.1\MySql\bin\mysqld.exe
c:\progra~1\EASYPH~1.1\Apache\bin\apache.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\Rundll32.exe
.
**************************************************************************
.
Celkový čas: 2011-04-17 22:55:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-17 20:55
ComboFix2.txt 2010-02-11 17:13
.
Před spuštěním: Volných bajtů: 57 237 352 448
Po spuštění: Volných bajtů: 57 300 873 216
.
- - End Of File - - 8830A302A076AD19C81D13AA24A47AFA
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: Zřejmě zasifleno

#25 Příspěvek od cernohous13 »

:arrow: proveď podle kolegova návodu
Marek-26 píše:Stáhněte TDSSKiller a uložte ho na plochu.
Poté spusťte TDSSKiller.exe a poté klikněte na Start Scan.
Obrázek

Až to najde infikované soubory klikněte na tlačítko Continue.

Nejspíše po Vás aplikace bude chtít povolit restartovat počítač. Klikněte tedy na tlačítko Reboot Now. Log poté najdete zde: C:\TDSSKiller\_log.txt
Obrázek

Pokud nebude požadovat restart klikněte na Report a vložte sem obsah logu.
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
AndySue
Návštěvník
Návštěvník
Příspěvky: 91
Registrován: 26 pro 2009 12:10

Re: Zřejmě zasifleno

#26 Příspěvek od AndySue »

Reboot nechtěl:

2011/04/18 11:29:16.0750 3324 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/18 11:29:17.0000 3324 ================================================================================
2011/04/18 11:29:17.0000 3324 SystemInfo:
2011/04/18 11:29:17.0000 3324
2011/04/18 11:29:17.0000 3324 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/18 11:29:17.0000 3324 Product type: Workstation
2011/04/18 11:29:17.0000 3324 ComputerName: SUCHOMEL-296172
2011/04/18 11:29:17.0000 3324 UserName: Ondra
2011/04/18 11:29:17.0000 3324 Windows directory: C:\WINDOWS
2011/04/18 11:29:17.0000 3324 System windows directory: C:\WINDOWS
2011/04/18 11:29:17.0000 3324 Processor architecture: Intel x86
2011/04/18 11:29:17.0000 3324 Number of processors: 2
2011/04/18 11:29:17.0000 3324 Page size: 0x1000
2011/04/18 11:29:17.0000 3324 Boot type: Normal boot
2011/04/18 11:29:17.0000 3324 ================================================================================
2011/04/18 11:29:17.0218 3324 Initialize success
2011/04/18 11:29:23.0203 1144 ================================================================================
2011/04/18 11:29:23.0203 1144 Scan started
2011/04/18 11:29:23.0203 1144 Mode: Manual;
2011/04/18 11:29:23.0203 1144 ================================================================================
2011/04/18 11:29:23.0718 1144 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/18 11:29:23.0765 1144 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/18 11:29:23.0812 1144 actser (6463d1db354b13e6ced4d67f6e4910f4) C:\WINDOWS\system32\drivers\actser.sys
2011/04/18 11:29:23.0875 1144 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/18 11:29:23.0921 1144 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/04/18 11:29:23.0968 1144 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/04/18 11:29:24.0078 1144 akshasp (4ed4ce78a42070cb041c208ca53ed70a) C:\WINDOWS\system32\DRIVERS\akshasp.sys
2011/04/18 11:29:24.0109 1144 aksusb (2fa8cbcbd795014267be5f60bb8474c0) C:\WINDOWS\system32\DRIVERS\aksusb.sys
2011/04/18 11:29:24.0187 1144 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/04/18 11:29:24.0250 1144 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/18 11:29:24.0343 1144 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/18 11:29:24.0375 1144 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/18 11:29:24.0421 1144 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/18 11:29:24.0453 1144 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/18 11:29:24.0500 1144 b57w2k (58911390115465bf6d8048f21f48655a) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/04/18 11:29:24.0562 1144 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/04/18 11:29:24.0625 1144 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/18 11:29:24.0687 1144 btaudio (8893ae0b6b9b60e0521a60e8b2160216) C:\WINDOWS\system32\drivers\btaudio.sys
2011/04/18 11:29:24.0718 1144 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/04/18 11:29:24.0765 1144 btkrnl (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/04/18 11:29:24.0812 1144 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys
2011/04/18 11:29:24.0859 1144 BTWDNDIS (28531ab3183f498e58d93d585e6a6b70) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/04/18 11:29:24.0890 1144 btwhid (c5c0e21c67089f053b964e0a8b8adbac) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/04/18 11:29:24.0921 1144 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/04/18 11:29:24.0953 1144 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/04/18 11:29:25.0015 1144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/18 11:29:25.0046 1144 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/18 11:29:25.0109 1144 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/18 11:29:25.0140 1144 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/18 11:29:25.0156 1144 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/18 11:29:25.0187 1144 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/18 11:29:25.0234 1144 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/18 11:29:25.0296 1144 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/18 11:29:25.0343 1144 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/18 11:29:25.0375 1144 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/18 11:29:25.0390 1144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/18 11:29:25.0421 1144 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/18 11:29:25.0453 1144 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/18 11:29:25.0500 1144 ewusbnet (9032405f762f1afa92dfef99cb078306) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
2011/04/18 11:29:25.0531 1144 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/18 11:29:25.0546 1144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/18 11:29:25.0562 1144 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/18 11:29:25.0578 1144 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/18 11:29:25.0625 1144 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/18 11:29:25.0656 1144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/18 11:29:25.0671 1144 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/18 11:29:25.0703 1144 gHidPnp (9a8c0eb871370a410487e70ce4ef3aba) C:\WINDOWS\system32\Drivers\gHidPnp.Sys
2011/04/18 11:29:25.0718 1144 gMouPS2 (9503a7ced3959cbf23bad230e05b1b73) C:\WINDOWS\system32\DRIVERS\gMouPS2.sys
2011/04/18 11:29:25.0734 1144 gMouUsb (810072609cc1615bb3fd843b551e523f) C:\WINDOWS\system32\DRIVERS\gMouUsb.sys
2011/04/18 11:29:25.0781 1144 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/18 11:29:25.0828 1144 Hardlock (d64a40b94602158e40527ae95e7a9193) C:\WINDOWS\system32\drivers\hardlock.sys
2011/04/18 11:29:25.0890 1144 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
2011/04/18 11:29:25.0937 1144 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/18 11:29:25.0953 1144 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/18 11:29:26.0000 1144 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/18 11:29:26.0046 1144 hwdatacard (60aec3f4ec355d9f46d545a0fa08ce87) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/04/18 11:29:26.0093 1144 hwusbfake (b93d3c81ef1d372dc5bd5e6275362e1a) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
2011/04/18 11:29:26.0156 1144 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/18 11:29:26.0171 1144 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/04/18 11:29:26.0187 1144 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/18 11:29:26.0281 1144 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/18 11:29:26.0296 1144 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/18 11:29:26.0328 1144 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/18 11:29:26.0359 1144 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/18 11:29:26.0390 1144 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/18 11:29:26.0406 1144 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/18 11:29:26.0437 1144 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/18 11:29:26.0468 1144 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/18 11:29:26.0484 1144 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/18 11:29:26.0500 1144 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/18 11:29:26.0531 1144 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/18 11:29:26.0562 1144 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/18 11:29:26.0625 1144 LUMDriver (a83ca48076a3c43c3b71175095838d69) C:\WINDOWS\system32\drivers\LUMDriver.sys
2011/04/18 11:29:26.0640 1144 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/18 11:29:26.0687 1144 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/18 11:29:26.0718 1144 motccgp (1088f75c09ebb0a8b0f13b886fd67c52) C:\WINDOWS\system32\DRIVERS\motccgp.sys
2011/04/18 11:29:26.0765 1144 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
2011/04/18 11:29:26.0828 1144 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys
2011/04/18 11:29:26.0890 1144 motmodem (8f408e9ed2feb8a8b8837c380faf7ad6) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/04/18 11:29:26.0921 1144 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/18 11:29:26.0953 1144 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/18 11:29:26.0984 1144 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/18 11:29:27.0000 1144 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/18 11:29:27.0046 1144 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/18 11:29:27.0078 1144 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/18 11:29:27.0125 1144 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/18 11:29:27.0140 1144 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/18 11:29:27.0156 1144 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/18 11:29:27.0203 1144 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/18 11:29:27.0234 1144 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/18 11:29:27.0250 1144 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/18 11:29:27.0296 1144 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/18 11:29:27.0328 1144 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/18 11:29:27.0343 1144 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/18 11:29:27.0375 1144 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/18 11:29:27.0406 1144 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/18 11:29:27.0421 1144 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/18 11:29:27.0468 1144 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/18 11:29:27.0484 1144 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/18 11:29:27.0515 1144 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/18 11:29:27.0562 1144 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/18 11:29:27.0609 1144 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/04/18 11:29:27.0640 1144 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/04/18 11:29:27.0656 1144 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/18 11:29:27.0687 1144 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/18 11:29:27.0765 1144 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/18 11:29:28.0031 1144 nv (e036d93b0e073650cf6cf826cd9e1fbe) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/18 11:29:28.0296 1144 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/18 11:29:28.0343 1144 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/18 11:29:28.0390 1144 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys
2011/04/18 11:29:28.0421 1144 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys
2011/04/18 11:29:28.0468 1144 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/18 11:29:28.0500 1144 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
2011/04/18 11:29:28.0531 1144 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/18 11:29:28.0562 1144 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/18 11:29:28.0625 1144 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/04/18 11:29:28.0656 1144 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/18 11:29:28.0718 1144 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/18 11:29:28.0750 1144 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/18 11:29:28.0937 1144 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/18 11:29:28.0984 1144 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\WINDOWS\system32\DRIVERS\psadd.sys
2011/04/18 11:29:29.0000 1144 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/18 11:29:29.0000 1144 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/18 11:29:29.0015 1144 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/18 11:29:29.0093 1144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/18 11:29:29.0109 1144 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/18 11:29:29.0125 1144 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/18 11:29:29.0140 1144 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/18 11:29:29.0171 1144 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/18 11:29:29.0187 1144 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/18 11:29:29.0203 1144 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/18 11:29:29.0234 1144 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/18 11:29:29.0250 1144 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/18 11:29:29.0296 1144 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/04/18 11:29:29.0328 1144 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/04/18 11:29:29.0343 1144 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/04/18 11:29:29.0359 1144 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/04/18 11:29:29.0421 1144 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/04/18 11:29:29.0453 1144 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/04/18 11:29:29.0484 1144 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/18 11:29:29.0546 1144 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2011/04/18 11:29:29.0546 1144 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/18 11:29:29.0562 1144 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
2011/04/18 11:29:29.0593 1144 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/04/18 11:29:29.0609 1144 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/04/18 11:29:29.0640 1144 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/18 11:29:29.0968 1144 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/18 11:29:30.0109 1144 SNP2UVC (a1a7acf56747dc31aba892ca7690143a) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/04/18 11:29:30.0234 1144 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/18 11:29:30.0296 1144 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/18 11:29:30.0343 1144 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/18 11:29:30.0390 1144 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/18 11:29:30.0468 1144 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/04/18 11:29:30.0531 1144 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/18 11:29:30.0562 1144 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/18 11:29:30.0593 1144 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/18 11:29:30.0671 1144 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/18 11:29:30.0718 1144 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/18 11:29:30.0750 1144 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/18 11:29:30.0781 1144 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/18 11:29:30.0812 1144 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/18 11:29:30.0843 1144 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/18 11:29:30.0890 1144 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/18 11:29:30.0937 1144 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/04/18 11:29:30.0968 1144 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/18 11:29:31.0000 1144 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/18 11:29:31.0031 1144 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/18 11:29:31.0046 1144 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/18 11:29:31.0078 1144 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/18 11:29:31.0125 1144 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/04/18 11:29:31.0171 1144 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/04/18 11:29:31.0187 1144 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/18 11:29:31.0218 1144 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/18 11:29:31.0250 1144 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/04/18 11:29:31.0296 1144 VBoxDrv (9b7d30e837c80ec406676c0fe784107f) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
2011/04/18 11:29:31.0343 1144 VBoxNetAdp (e34cb1e4756b465cc832354162dfcef0) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
2011/04/18 11:29:31.0375 1144 VBoxNetFlt (c7519f03685f5d0291b233310bcf34b1) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
2011/04/18 11:29:31.0421 1144 VBoxUSB (d11e6ba88bccb871ade6e06136bdd8aa) C:\WINDOWS\system32\Drivers\VBoxUSB.sys
2011/04/18 11:29:31.0468 1144 VBoxUSBMon (a2229877303764021c088e6400b3e063) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
2011/04/18 11:29:31.0484 1144 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/18 11:29:31.0546 1144 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
2011/04/18 11:29:31.0593 1144 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/18 11:29:31.0625 1144 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
2011/04/18 11:29:31.0671 1144 vsbus (1c8a783e90c34d205596f1ab4a97e261) C:\WINDOWS\system32\DRIVERS\vsb.sys
2011/04/18 11:29:31.0703 1144 vserial (3377daa1cb8cac46a538c236f5f3d58f) C:\WINDOWS\system32\DRIVERS\vserial.sys
2011/04/18 11:29:31.0750 1144 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/18 11:29:31.0781 1144 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/04/18 11:29:31.0843 1144 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/04/18 11:29:31.0890 1144 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/18 11:29:31.0937 1144 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/04/18 11:29:31.0968 1144 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/04/18 11:29:32.0015 1144 WmHidLo (be1951c6919efb86e95f8ef331e39c50) C:\WINDOWS\system32\drivers\WmHidLo.sys
2011/04/18 11:29:32.0046 1144 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/04/18 11:29:32.0078 1144 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/04/18 11:29:32.0093 1144 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/04/18 11:29:32.0140 1144 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/18 11:29:32.0203 1144 yukonwxp (67331fd053f97a874a60374be6b59523) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/04/18 11:29:32.0531 1144 \HardDisk0 - detected Rootkit.Win32.BackBoot.gen (1)
2011/04/18 11:29:32.0531 1144 ================================================================================
2011/04/18 11:29:32.0531 1144 Scan finished
2011/04/18 11:29:32.0531 1144 ================================================================================
2011/04/18 11:29:32.0546 3320 Detected object count: 1
2011/04/18 11:29:53.0390 3320 Rootkit.Win32.BackBoot.gen(\HardDisk0) - User select action: Skip
2011/04/18 11:30:21.0906 0700 ================================================================================
2011/04/18 11:30:21.0906 0700 Scan started
2011/04/18 11:30:21.0906 0700 Mode: Manual;
2011/04/18 11:30:21.0906 0700 ================================================================================
2011/04/18 11:30:22.0187 0700 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/18 11:30:22.0234 0700 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/18 11:30:22.0281 0700 actser (6463d1db354b13e6ced4d67f6e4910f4) C:\WINDOWS\system32\drivers\actser.sys
2011/04/18 11:30:22.0343 0700 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/18 11:30:22.0375 0700 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/04/18 11:30:22.0406 0700 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/04/18 11:30:22.0484 0700 akshasp (4ed4ce78a42070cb041c208ca53ed70a) C:\WINDOWS\system32\DRIVERS\akshasp.sys
2011/04/18 11:30:22.0500 0700 aksusb (2fa8cbcbd795014267be5f60bb8474c0) C:\WINDOWS\system32\DRIVERS\aksusb.sys
2011/04/18 11:30:22.0562 0700 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/04/18 11:30:22.0609 0700 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/18 11:30:22.0703 0700 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/18 11:30:22.0734 0700 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/18 11:30:22.0781 0700 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/18 11:30:22.0812 0700 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/18 11:30:22.0859 0700 b57w2k (58911390115465bf6d8048f21f48655a) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/04/18 11:30:22.0921 0700 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/04/18 11:30:22.0984 0700 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/18 11:30:23.0031 0700 btaudio (8893ae0b6b9b60e0521a60e8b2160216) C:\WINDOWS\system32\drivers\btaudio.sys
2011/04/18 11:30:23.0078 0700 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/04/18 11:30:23.0125 0700 btkrnl (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/04/18 11:30:23.0171 0700 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys
2011/04/18 11:30:23.0203 0700 BTWDNDIS (28531ab3183f498e58d93d585e6a6b70) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/04/18 11:30:23.0265 0700 btwhid (c5c0e21c67089f053b964e0a8b8adbac) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/04/18 11:30:23.0296 0700 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/04/18 11:30:23.0312 0700 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/04/18 11:30:23.0359 0700 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/18 11:30:23.0406 0700 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/18 11:30:23.0484 0700 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/18 11:30:23.0500 0700 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/18 11:30:23.0531 0700 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/18 11:30:23.0578 0700 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/18 11:30:23.0609 0700 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/18 11:30:23.0687 0700 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/18 11:30:23.0750 0700 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/18 11:30:23.0781 0700 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/18 11:30:23.0796 0700 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/18 11:30:23.0828 0700 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/18 11:30:23.0875 0700 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/18 11:30:23.0921 0700 ewusbnet (9032405f762f1afa92dfef99cb078306) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
2011/04/18 11:30:23.0937 0700 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/18 11:30:23.0968 0700 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/18 11:30:23.0984 0700 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/18 11:30:24.0000 0700 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/18 11:30:24.0031 0700 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/18 11:30:24.0062 0700 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/18 11:30:24.0078 0700 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/18 11:30:24.0109 0700 gHidPnp (9a8c0eb871370a410487e70ce4ef3aba) C:\WINDOWS\system32\Drivers\gHidPnp.Sys
2011/04/18 11:30:24.0156 0700 gMouPS2 (9503a7ced3959cbf23bad230e05b1b73) C:\WINDOWS\system32\DRIVERS\gMouPS2.sys
2011/04/18 11:30:24.0171 0700 gMouUsb (810072609cc1615bb3fd843b551e523f) C:\WINDOWS\system32\DRIVERS\gMouUsb.sys
2011/04/18 11:30:24.0203 0700 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/18 11:30:24.0250 0700 Hardlock (d64a40b94602158e40527ae95e7a9193) C:\WINDOWS\system32\drivers\hardlock.sys
2011/04/18 11:30:24.0296 0700 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
2011/04/18 11:30:24.0343 0700 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/18 11:30:24.0359 0700 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/18 11:30:24.0421 0700 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/18 11:30:24.0484 0700 hwdatacard (60aec3f4ec355d9f46d545a0fa08ce87) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/04/18 11:30:24.0546 0700 hwusbfake (b93d3c81ef1d372dc5bd5e6275362e1a) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
2011/04/18 11:30:24.0625 0700 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/18 11:30:24.0671 0700 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/04/18 11:30:24.0703 0700 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/18 11:30:24.0796 0700 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/18 11:30:24.0828 0700 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/18 11:30:24.0875 0700 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/18 11:30:24.0921 0700 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/18 11:30:24.0953 0700 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/18 11:30:25.0000 0700 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/18 11:30:25.0031 0700 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/18 11:30:25.0078 0700 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/18 11:30:25.0109 0700 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/18 11:30:25.0140 0700 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/18 11:30:25.0156 0700 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/18 11:30:25.0187 0700 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/18 11:30:25.0265 0700 LUMDriver (a83ca48076a3c43c3b71175095838d69) C:\WINDOWS\system32\drivers\LUMDriver.sys
2011/04/18 11:30:25.0312 0700 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/18 11:30:25.0343 0700 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/18 11:30:25.0375 0700 motccgp (1088f75c09ebb0a8b0f13b886fd67c52) C:\WINDOWS\system32\DRIVERS\motccgp.sys
2011/04/18 11:30:25.0421 0700 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
2011/04/18 11:30:25.0453 0700 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys
2011/04/18 11:30:25.0515 0700 motmodem (8f408e9ed2feb8a8b8837c380faf7ad6) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/04/18 11:30:25.0562 0700 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/18 11:30:25.0578 0700 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/18 11:30:25.0609 0700 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/18 11:30:25.0640 0700 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/18 11:30:25.0703 0700 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/18 11:30:25.0750 0700 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/18 11:30:25.0781 0700 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/18 11:30:25.0812 0700 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/18 11:30:25.0843 0700 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/18 11:30:25.0906 0700 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/18 11:30:25.0937 0700 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/18 11:30:25.0968 0700 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/18 11:30:26.0046 0700 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/18 11:30:26.0109 0700 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/18 11:30:26.0140 0700 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/18 11:30:26.0171 0700 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/18 11:30:26.0203 0700 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/18 11:30:26.0234 0700 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/18 11:30:26.0265 0700 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/18 11:30:26.0296 0700 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/18 11:30:26.0312 0700 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/18 11:30:26.0343 0700 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/18 11:30:26.0375 0700 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/04/18 11:30:26.0421 0700 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/04/18 11:30:26.0421 0700 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/18 11:30:26.0453 0700 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/18 11:30:26.0531 0700 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/18 11:30:26.0703 0700 nv (e036d93b0e073650cf6cf826cd9e1fbe) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/18 11:30:26.0765 0700 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/18 11:30:26.0781 0700 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/18 11:30:26.0812 0700 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys
2011/04/18 11:30:26.0843 0700 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys
2011/04/18 11:30:26.0906 0700 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/18 11:30:26.0953 0700 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
2011/04/18 11:30:26.0968 0700 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/18 11:30:27.0031 0700 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/18 11:30:27.0156 0700 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/04/18 11:30:27.0234 0700 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/18 11:30:27.0265 0700 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/18 11:30:27.0328 0700 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/18 11:30:27.0484 0700 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/18 11:30:27.0531 0700 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\WINDOWS\system32\DRIVERS\psadd.sys
2011/04/18 11:30:27.0546 0700 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/18 11:30:27.0562 0700 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/18 11:30:27.0609 0700 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/18 11:30:27.0687 0700 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/18 11:30:27.0718 0700 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/18 11:30:27.0734 0700 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/18 11:30:27.0750 0700 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/18 11:30:27.0781 0700 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/18 11:30:27.0796 0700 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/18 11:30:27.0812 0700 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/18 11:30:27.0843 0700 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/18 11:30:27.0890 0700 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/18 11:30:27.0953 0700 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/04/18 11:30:27.0984 0700 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/04/18 11:30:28.0015 0700 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/04/18 11:30:28.0046 0700 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/04/18 11:30:28.0171 0700 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/04/18 11:30:28.0234 0700 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/04/18 11:30:28.0281 0700 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/18 11:30:28.0328 0700 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2011/04/18 11:30:28.0343 0700 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/18 11:30:28.0359 0700 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
2011/04/18 11:30:28.0406 0700 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/04/18 11:30:28.0421 0700 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/04/18 11:30:28.0453 0700 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/18 11:30:28.0484 0700 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/18 11:30:28.0609 0700 SNP2UVC (a1a7acf56747dc31aba892ca7690143a) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/04/18 11:30:28.0656 0700 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/18 11:30:28.0718 0700 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/18 11:30:28.0734 0700 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/18 11:30:28.0781 0700 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/18 11:30:28.0843 0700 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/04/18 11:30:28.0875 0700 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/18 11:30:28.0906 0700 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/18 11:30:28.0937 0700 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/18 11:30:29.0015 0700 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/18 11:30:29.0046 0700 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/18 11:30:29.0109 0700 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/18 11:30:29.0140 0700 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/18 11:30:29.0171 0700 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/18 11:30:29.0203 0700 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/18 11:30:29.0281 0700 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/18 11:30:29.0328 0700 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/04/18 11:30:29.0375 0700 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/18 11:30:29.0406 0700 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/18 11:30:29.0421 0700 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/18 11:30:29.0453 0700 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/18 11:30:29.0515 0700 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/18 11:30:29.0562 0700 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/04/18 11:30:29.0593 0700 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/04/18 11:30:29.0671 0700 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/18 11:30:29.0718 0700 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/18 11:30:29.0781 0700 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/04/18 11:30:29.0828 0700 VBoxDrv (9b7d30e837c80ec406676c0fe784107f) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
2011/04/18 11:30:29.0875 0700 VBoxNetAdp (e34cb1e4756b465cc832354162dfcef0) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
2011/04/18 11:30:29.0937 0700 VBoxNetFlt (c7519f03685f5d0291b233310bcf34b1) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
2011/04/18 11:30:29.0984 0700 VBoxUSB (d11e6ba88bccb871ade6e06136bdd8aa) C:\WINDOWS\system32\Drivers\VBoxUSB.sys
2011/04/18 11:30:30.0031 0700 VBoxUSBMon (a2229877303764021c088e6400b3e063) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
2011/04/18 11:30:30.0062 0700 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/18 11:30:30.0140 0700 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
2011/04/18 11:30:30.0187 0700 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/18 11:30:30.0250 0700 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
2011/04/18 11:30:30.0281 0700 vsbus (1c8a783e90c34d205596f1ab4a97e261) C:\WINDOWS\system32\DRIVERS\vsb.sys
2011/04/18 11:30:30.0312 0700 vserial (3377daa1cb8cac46a538c236f5f3d58f) C:\WINDOWS\system32\DRIVERS\vserial.sys
2011/04/18 11:30:30.0359 0700 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/18 11:30:30.0406 0700 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/04/18 11:30:30.0468 0700 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/04/18 11:30:30.0531 0700 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/18 11:30:30.0625 0700 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/04/18 11:30:30.0656 0700 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/04/18 11:30:30.0703 0700 WmHidLo (be1951c6919efb86e95f8ef331e39c50) C:\WINDOWS\system32\drivers\WmHidLo.sys
2011/04/18 11:30:30.0750 0700 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/04/18 11:30:30.0796 0700 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/04/18 11:30:30.0812 0700 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/04/18 11:30:30.0875 0700 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/18 11:30:30.0937 0700 yukonwxp (67331fd053f97a874a60374be6b59523) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/04/18 11:30:31.0265 0700 \HardDisk0 - detected Rootkit.Win32.BackBoot.gen (1)
2011/04/18 11:30:31.0265 0700 ================================================================================
2011/04/18 11:30:31.0265 0700 Scan finished
2011/04/18 11:30:31.0265 0700 ================================================================================
2011/04/18 11:30:31.0281 2248 Detected object count: 1
2011/04/18 11:30:31.0531 2248 Rootkit.Win32.BackBoot.gen(\HardDisk0) - User select action: Skip
2011/04/18 11:30:37.0562 1272 ================================================================================
2011/04/18 11:30:37.0562 1272 Scan started
2011/04/18 11:30:37.0562 1272 Mode: Manual;
2011/04/18 11:30:37.0562 1272 ================================================================================
2011/04/18 11:30:37.0875 1272 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/18 11:30:37.0921 1272 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/18 11:30:37.0968 1272 actser (6463d1db354b13e6ced4d67f6e4910f4) C:\WINDOWS\system32\drivers\actser.sys
2011/04/18 11:30:38.0015 1272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/18 11:30:38.0046 1272 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/04/18 11:30:38.0093 1272 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/04/18 11:30:38.0156 1272 akshasp (4ed4ce78a42070cb041c208ca53ed70a) C:\WINDOWS\system32\DRIVERS\akshasp.sys
2011/04/18 11:30:38.0171 1272 aksusb (2fa8cbcbd795014267be5f60bb8474c0) C:\WINDOWS\system32\DRIVERS\aksusb.sys
2011/04/18 11:30:38.0234 1272 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/04/18 11:30:38.0281 1272 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/18 11:30:38.0359 1272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/18 11:30:38.0390 1272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/18 11:30:38.0437 1272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/18 11:30:38.0484 1272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/18 11:30:38.0515 1272 b57w2k (58911390115465bf6d8048f21f48655a) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/04/18 11:30:38.0593 1272 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/04/18 11:30:38.0640 1272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/18 11:30:38.0703 1272 btaudio (8893ae0b6b9b60e0521a60e8b2160216) C:\WINDOWS\system32\drivers\btaudio.sys
2011/04/18 11:30:38.0750 1272 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/04/18 11:30:38.0812 1272 btkrnl (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/04/18 11:30:38.0843 1272 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys
2011/04/18 11:30:38.0890 1272 BTWDNDIS (28531ab3183f498e58d93d585e6a6b70) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/04/18 11:30:38.0937 1272 btwhid (c5c0e21c67089f053b964e0a8b8adbac) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/04/18 11:30:38.0968 1272 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/04/18 11:30:39.0000 1272 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/04/18 11:30:39.0062 1272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/18 11:30:39.0125 1272 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/18 11:30:39.0187 1272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/18 11:30:39.0234 1272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/18 11:30:39.0281 1272 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/18 11:30:39.0328 1272 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/18 11:30:39.0375 1272 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/18 11:30:39.0437 1272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/18 11:30:39.0484 1272 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/18 11:30:39.0500 1272 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/18 11:30:39.0515 1272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/18 11:30:39.0546 1272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/18 11:30:39.0593 1272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/18 11:30:39.0640 1272 ewusbnet (9032405f762f1afa92dfef99cb078306) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
2011/04/18 11:30:39.0656 1272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/18 11:30:39.0687 1272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/18 11:30:39.0718 1272 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/18 11:30:39.0734 1272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/18 11:30:39.0781 1272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/18 11:30:39.0812 1272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/18 11:30:39.0828 1272 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/18 11:30:39.0859 1272 gHidPnp (9a8c0eb871370a410487e70ce4ef3aba) C:\WINDOWS\system32\Drivers\gHidPnp.Sys
2011/04/18 11:30:39.0890 1272 gMouPS2 (9503a7ced3959cbf23bad230e05b1b73) C:\WINDOWS\system32\DRIVERS\gMouPS2.sys
2011/04/18 11:30:39.0921 1272 gMouUsb (810072609cc1615bb3fd843b551e523f) C:\WINDOWS\system32\DRIVERS\gMouUsb.sys
2011/04/18 11:30:39.0968 1272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/18 11:30:40.0031 1272 Hardlock (d64a40b94602158e40527ae95e7a9193) C:\WINDOWS\system32\drivers\hardlock.sys
2011/04/18 11:30:40.0109 1272 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
2011/04/18 11:30:40.0187 1272 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/18 11:30:40.0218 1272 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/18 11:30:40.0281 1272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/18 11:30:40.0328 1272 hwdatacard (60aec3f4ec355d9f46d545a0fa08ce87) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/04/18 11:30:40.0359 1272 hwusbfake (b93d3c81ef1d372dc5bd5e6275362e1a) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
2011/04/18 11:30:40.0421 1272 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/18 11:30:40.0484 1272 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/04/18 11:30:40.0500 1272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/18 11:30:40.0546 1272 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/18 11:30:40.0578 1272 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/18 11:30:40.0609 1272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/18 11:30:40.0640 1272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/18 11:30:40.0671 1272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/18 11:30:40.0703 1272 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/18 11:30:40.0750 1272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/18 11:30:40.0781 1272 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/18 11:30:40.0812 1272 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/18 11:30:40.0828 1272 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/18 11:30:40.0859 1272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/18 11:30:40.0890 1272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/18 11:30:40.0937 1272 LUMDriver (a83ca48076a3c43c3b71175095838d69) C:\WINDOWS\system32\drivers\LUMDriver.sys
2011/04/18 11:30:40.0953 1272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/18 11:30:41.0000 1272 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/18 11:30:41.0046 1272 motccgp (1088f75c09ebb0a8b0f13b886fd67c52) C:\WINDOWS\system32\DRIVERS\motccgp.sys
2011/04/18 11:30:41.0078 1272 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
2011/04/18 11:30:41.0125 1272 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys
2011/04/18 11:30:41.0171 1272 motmodem (8f408e9ed2feb8a8b8837c380faf7ad6) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/04/18 11:30:41.0203 1272 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/18 11:30:41.0218 1272 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/18 11:30:41.0265 1272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/18 11:30:41.0296 1272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/18 11:30:41.0343 1272 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/18 11:30:41.0359 1272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/18 11:30:41.0406 1272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/18 11:30:41.0437 1272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/18 11:30:41.0453 1272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/18 11:30:41.0484 1272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/18 11:30:41.0546 1272 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/18 11:30:41.0546 1272 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/18 11:30:41.0578 1272 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/18 11:30:41.0609 1272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/18 11:30:41.0656 1272 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/18 11:30:41.0687 1272 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/18 11:30:41.0703 1272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/18 11:30:41.0718 1272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/18 11:30:41.0765 1272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/18 11:30:41.0812 1272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/18 11:30:41.0828 1272 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/18 11:30:41.0859 1272 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/18 11:30:41.0890 1272 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/04/18 11:30:41.0937 1272 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/04/18 11:30:41.0968 1272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/18 11:30:42.0000 1272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/18 11:30:42.0062 1272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/18 11:30:42.0234 1272 nv (e036d93b0e073650cf6cf826cd9e1fbe) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/18 11:30:42.0296 1272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/18 11:30:42.0312 1272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/18 11:30:42.0343 1272 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys
2011/04/18 11:30:42.0375 1272 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys
2011/04/18 11:30:42.0406 1272 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/18 11:30:42.0437 1272 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
2011/04/18 11:30:42.0453 1272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/18 11:30:42.0484 1272 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/18 11:30:42.0531 1272 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/04/18 11:30:42.0546 1272 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/18 11:30:42.0578 1272 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/18 11:30:42.0609 1272 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/18 11:30:42.0703 1272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/18 11:30:42.0734 1272 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\WINDOWS\system32\DRIVERS\psadd.sys
2011/04/18 11:30:42.0750 1272 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/18 11:30:42.0765 1272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/18 11:30:42.0796 1272 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/18 11:30:42.0875 1272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/18 11:30:42.0890 1272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/18 11:30:42.0906 1272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/18 11:30:42.0937 1272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/18 11:30:42.0984 1272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/18 11:30:43.0000 1272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/18 11:30:43.0015 1272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/18 11:30:43.0046 1272 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/18 11:30:43.0078 1272 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/18 11:30:43.0125 1272 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/04/18 11:30:43.0140 1272 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/04/18 11:30:43.0171 1272 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/04/18 11:30:43.0187 1272 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/04/18 11:30:43.0234 1272 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/04/18 11:30:43.0265 1272 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/04/18 11:30:43.0296 1272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/18 11:30:43.0343 1272 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2011/04/18 11:30:43.0359 1272 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/18 11:30:43.0359 1272 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
2011/04/18 11:30:43.0390 1272 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/04/18 11:30:43.0421 1272 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/04/18 11:30:43.0437 1272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/18 11:30:43.0484 1272 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/18 11:30:43.0593 1272 SNP2UVC (a1a7acf56747dc31aba892ca7690143a) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/04/18 11:30:43.0640 1272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/18 11:30:43.0703 1272 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/18 11:30:43.0734 1272 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/18 11:30:43.0765 1272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/18 11:30:43.0843 1272 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/04/18 11:30:43.0875 1272 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/18 11:30:43.0890 1272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/18 11:30:43.0921 1272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/18 11:30:44.0000 1272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/18 11:30:44.0031 1272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/18 11:30:44.0046 1272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/18 11:30:44.0078 1272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/18 11:30:44.0109 1272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/18 11:30:44.0156 1272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/18 11:30:44.0187 1272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/18 11:30:44.0218 1272 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/04/18 11:30:44.0265 1272 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/18 11:30:44.0296 1272 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/18 11:30:44.0328 1272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/18 11:30:44.0359 1272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/18 11:30:44.0390 1272 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/18 11:30:44.0437 1272 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/04/18 11:30:44.0468 1272 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/04/18 11:30:44.0515 1272 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/18 11:30:44.0562 1272 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/18 11:30:44.0609 1272 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/04/18 11:30:44.0656 1272 VBoxDrv (9b7d30e837c80ec406676c0fe784107f) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
2011/04/18 11:30:44.0703 1272 VBoxNetAdp (e34cb1e4756b465cc832354162dfcef0) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
2011/04/18 11:30:44.0734 1272 VBoxNetFlt (c7519f03685f5d0291b233310bcf34b1) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
2011/04/18 11:30:44.0750 1272 VBoxUSB (d11e6ba88bccb871ade6e06136bdd8aa) C:\WINDOWS\system32\Drivers\VBoxUSB.sys
2011/04/18 11:30:44.0796 1272 VBoxUSBMon (a2229877303764021c088e6400b3e063) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
2011/04/18 11:30:44.0812 1272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/18 11:30:44.0875 1272 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
2011/04/18 11:30:44.0921 1272 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/18 11:30:44.0968 1272 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
2011/04/18 11:30:45.0000 1272 vsbus (1c8a783e90c34d205596f1ab4a97e261) C:\WINDOWS\system32\DRIVERS\vsb.sys
2011/04/18 11:30:45.0046 1272 vserial (3377daa1cb8cac46a538c236f5f3d58f) C:\WINDOWS\system32\DRIVERS\vserial.sys
2011/04/18 11:30:45.0078 1272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/18 11:30:45.0109 1272 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/04/18 11:30:45.0156 1272 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/04/18 11:30:45.0203 1272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/18 11:30:45.0250 1272 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/04/18 11:30:45.0265 1272 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/04/18 11:30:45.0312 1272 WmHidLo (be1951c6919efb86e95f8ef331e39c50) C:\WINDOWS\system32\drivers\WmHidLo.sys
2011/04/18 11:30:45.0343 1272 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/04/18 11:30:45.0375 1272 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/04/18 11:30:45.0390 1272 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/04/18 11:30:45.0437 1272 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/18 11:30:45.0484 1272 yukonwxp (67331fd053f97a874a60374be6b59523) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/04/18 11:30:45.0718 1272 \HardDisk0 - detected Rootkit.Win32.BackBoot.gen (1)
2011/04/18 11:30:45.0718 1272 ================================================================================
2011/04/18 11:30:45.0718 1272 Scan finished
2011/04/18 11:30:45.0718 1272 ================================================================================
2011/04/18 11:30:45.0734 1052 Detected object count: 1
2011/04/18 11:32:03.0359 1052 Rootkit.Win32.BackBoot.gen(\HardDisk0) - User select action: Skip
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: Zřejmě zasifleno

#27 Příspěvek od cernohous13 »

:arrow: stáhni a ulož na plochu - http://www2.gmer.net/mbr/mbr.exe
Start -> Spustit - napiš cmd -> OK
do černého okna zkopíruj
"%userprofile%\plocha\mbr.exe" -t -s -l "%userprofile%\plocha\GMER.txt"
Enter

na ploše vznikne GMER.txt - zkopíruj sem jeho obsah
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
AndySue
Návštěvník
Návštěvník
Příspěvky: 91
Registrován: 26 pro 2009 12:10

Re: Zřejmě zasifleno

#28 Příspěvek od AndySue »

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD32 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87EA6AEE]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; LEA EAX, [EBP+0x8]; MOV [EBP-0x4], EAX; CMP ESP, 0x22; JNZ 0x10; CMPSB ; MOV EAX, [0x87f1649c]; MOV ECX, [EBP+0x10]; CMP ECX, [EAX]; JBE 0x58; MOV EAX, [EBP+0x10]; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B108868]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IAAStorageDevice-0[0x8B106028]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user & kernel MBR OK
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: Zřejmě zasifleno

#29 Příspěvek od cernohous13 »

AVPTool spustíš znovu a při nálezu se pokusíš změnit v dotazu na akci ze "Skipe" na "Cure"= "Dezinfikovat"
(Odstranit, pokud se dezinfekce nezdaří -nevybírat)
http://tharifas.sweb.cz/AVPTool7.JPG
http://tharifas.sweb.cz/AVPTool7.JPG
AVPTool5.JPG (61.02 KiB) Zobrazeno 2126 x
v případě neúspěchu pokračuj návodem kolegy
:arrow: Stahnete Bootkit Remover http://www.esagelab.com/files/bootkit_remover.rar
  • Rozbalte nejlepe na plochu a spustte
  • Kliknete pravym mysidlem do okna a klik na Vybrat vše - text bude na bilem pozadi a pak stisknout Enter - text bude na cernem pozadi (pokud po enteru pozadi nezcerna, tak stisknete Ctrl+C)
  • Stisknete libovolnou klavesu pro ukoceni utility
  • Sem pak vlozte log pomoci tradicni zkratky Ctrl+V
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
AndySue
Návštěvník
Návštěvník
Příspěvky: 91
Registrován: 26 pro 2009 12:10

Re: Zřejmě zasifleno

#30 Příspěvek od AndySue »

AVP jsem použil, našlo to dost virů. Blbě jsem četl doporučení, takže jsem dával spíš odstranit. Mám sem hodit nějakej log či něco?
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“