VIRY.CZ

Přeformulace: na webu byly k smazaní antiviru dva programy, které se měly použít postupně, první ok, druhý se před koncem sekl...

ComboFix 11-09-26.02 - Lucka 29.09.2011 19:14:09.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.712 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lucka\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\nová složka\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-28 do 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-29 16:52 . 2011-09-29 16:52 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
2011-09-29 16:20 . 2011-09-29 16:20 -------- d-----w- C:\WINSSLog
2011-09-29 16:16 . 2011-09-29 16:16 1416 ----a-w- C:\FixitRegBackup.reg
2011-09-28 15:32 . 2011-09-28 15:32 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-09-28 10:17 . 2011-09-28 10:17 -------- d-----w- C:\rsit
2011-09-28 10:17 . 2011-09-28 10:17 -------- d-----w- c:\program files\trend micro
2011-09-28 10:16 . 2011-09-28 10:16 -------- d-----w- c:\program files\ESET
2011-09-28 10:16 . 2011-09-28 10:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-09-28 10:10 . 2011-09-28 10:05 56611840 ----a-w- C:\ess_nt32_enu.msi
2011-09-28 09:50 . 2011-09-28 09:50 -------- d-----w- c:\documents and settings\Administrator
2011-09-28 09:49 . 2011-09-28 09:49 -------- d-----w- c:\documents and settings\Lucka\Local Settings\Data aplikací\PCHealth
2011-09-28 09:42 . 2011-09-28 11:50 48016 --sha-w- c:\windows\system32\c_17051.nl_
2011-09-14 19:49 . 2008-04-14 02:21 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-09-14 19:49 . 2008-04-14 02:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-09-03 10:17 . 2011-09-09 09:12 602112 -c----w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-28 17:54 . 2011-09-28 17:54 1805990 ----a-w- C:\Qoobox.zip
2011-09-28 08:13 . 2011-05-17 18:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2004-08-18 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-18 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-09-07 05:41 . 2011-03-24 07:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Chyba šifrovací služby !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Lucka^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\Lucka\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-08-19 14:36 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-07-20 18:58 7581696 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-07-20 18:58 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-07-20 18:58 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-08-18 15:04 17360520 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zástupce stránky vlastností sběrnice High Definition Audio]
2005-01-07 15:07 61952 ------w- c:\windows\system32\HdAShCut.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
.
R1 MpKsl19c4db5d;MpKsl19c4db5d;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{8DB6ED70-307E-43D0-BEA3-629841919AA3}\MpKsl19c4db5d.sys [x]
R1 MpKsl3baff57d;MpKsl3baff57d;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{2329368B-5ABB-478B-92FD-16013CCDD8B5}\MpKsl3baff57d.sys [x]
R1 MpKsl507acd58;MpKsl507acd58;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{093C17A3-3C47-4462-87EA-972ACC9CF665}\MpKsl507acd58.sys [x]
R1 MpKsl783c19f1;MpKsl783c19f1;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{649E9EBC-EAB1-457B-968A-9BA0DCDF8693}\MpKsl783c19f1.sys [x]
R1 MpKsl92d6471d;MpKsl92d6471d;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{093C17A3-3C47-4462-87EA-972ACC9CF665}\MpKsl92d6471d.sys [x]
R1 MpKsl99da5fd8;MpKsl99da5fd8;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4E920287-8060-4678-885E-688FA5E0C8C8}\MpKsl99da5fd8.sys [x]
R1 MpKsld7cb9d28;MpKsld7cb9d28;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7E342DC7-9256-45BE-AF33-2343C0A5AC86}\MpKsld7cb9d28.sys [x]
R1 MpKsle3b7fcbb;MpKsle3b7fcbb;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C0F231B9-9D5D-427E-B618-53A3DD85D645}\MpKsle3b7fcbb.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-20 136176]
R3 CFcatchme;CFcatchme;c:\docume~1\Lucka\LOCALS~1\Temp\CFcatchme.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-20 136176]
R3 ICDSX;Sony IC Recorder (SX);c:\windows\system32\Drivers\ICDSX.sys [2003-10-01 31744]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-20 06:50]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-20 06:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Lucka\Data aplikací\Mozilla\Firefox\Profiles\av491d33.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-29 19:20
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1088)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\WgaTray.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Celkový čas: 2011-09-29 19:20:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-29 17:20
ComboFix2.txt 2011-09-28 17:39
ComboFix3.txt 2011-09-28 16:56
ComboFix4.txt 2011-09-28 12:17
.
Před spuštěním: Volných bajtů: 29 568 417 792
Po spuštění: Volných bajtů: 29 556 072 448
.
- - End Of File - - 0F05A55624C815D031A1DFDF03609193

19:22:50.0187 0288 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
19:22:50.0187 0288 ============================================================
19:22:50.0187 0288 Current date / time: 2011/09/29 19:22:50.0187
19:22:50.0187 0288 SystemInfo:
19:22:50.0187 0288
19:22:50.0187 0288 OS Version: 5.1.2600 ServicePack: 3.0
19:22:50.0187 0288 Product type: Workstation
19:22:50.0187 0288 ComputerName: LUU
19:22:50.0187 0288 UserName: Lucka
19:22:50.0187 0288 Windows directory: C:\WINDOWS
19:22:50.0187 0288 System windows directory: C:\WINDOWS
19:22:50.0187 0288 Processor architecture: Intel x86
19:22:50.0187 0288 Number of processors: 2
19:22:50.0187 0288 Page size: 0x1000
19:22:50.0187 0288 Boot type: Normal boot
19:22:50.0187 0288 ============================================================
19:22:50.0875 0288 Initialize success
19:22:50.0906 1100 ============================================================
19:22:50.0906 1100 Scan started
19:22:50.0906 1100 Mode: Auto (QMbr QBoot DCExact ); SigCheck; TDLFS; Silent;
19:22:50.0906 1100 ============================================================
19:22:51.0953 1100 Abiosdsk - ok
19:22:51.0984 1100 abp480n5 - ok
19:22:52.0078 1100 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:22:54.0265 1100 ACPI - ok
19:22:54.0375 1100 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:22:54.0500 1100 ACPIEC - ok
19:22:54.0562 1100 ADIHdAudAddService (be1423364bb05a6b1751a1e9515e6cac) C:\WINDOWS\system32\drivers\ADIHdAud.sys
19:22:54.0609 1100 ADIHdAudAddService - ok
19:22:54.0625 1100 adpu160m - ok
19:22:54.0656 1100 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:22:54.0765 1100 aec - ok
19:22:54.0812 1100 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
19:22:54.0859 1100 AFD - ok
19:22:54.0953 1100 Aha154x - ok
19:22:54.0984 1100 aic78u2 - ok
19:22:55.0015 1100 aic78xx - ok
19:22:55.0046 1100 AliIde - ok
19:22:55.0078 1100 amsint - ok
19:22:55.0156 1100 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:22:55.0250 1100 Arp1394 - ok
19:22:55.0296 1100 asc - ok
19:22:55.0390 1100 asc3350p - ok
19:22:55.0453 1100 asc3550 - ok
19:22:55.0515 1100 asuskbnt (f5c2ccdb273a546e9c3a15250f1d9165) C:\WINDOWS\system32\drivers\atkkbnt.sys
19:22:55.0531 1100 asuskbnt ( UnsignedFile.Multi.Generic ) - warning
19:22:55.0531 1100 asuskbnt - detected UnsignedFile.Multi.Generic (1)
19:22:55.0546 1100 C:\WINDOWS\system32\drivers\atkkbnt.sys - copied to quarantine
19:22:55.0593 1100 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:22:55.0687 1100 AsyncMac - ok
19:22:55.0765 1100 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:22:55.0875 1100 atapi - ok
19:22:55.0921 1100 Atdisk - ok
19:22:56.0000 1100 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:22:56.0109 1100 Atmarpc - ok
19:22:56.0312 1100 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:22:56.0406 1100 audstub - ok
19:22:56.0484 1100 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:22:56.0593 1100 Beep - ok
19:22:56.0593 1100 catchme - ok
19:22:56.0625 1100 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:22:56.0734 1100 cbidf2k - ok
19:22:56.0765 1100 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:22:56.0875 1100 CCDECODE - ok
19:22:56.0890 1100 cd20xrnt - ok
19:22:56.0906 1100 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:22:56.0984 1100 Cdaudio - ok
19:22:57.0046 1100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:22:57.0156 1100 Cdfs - ok
19:22:57.0203 1100 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:22:57.0281 1100 Cdrom - ok
19:22:57.0359 1100 CFcatchme - ok
19:22:57.0437 1100 Changer - ok
19:22:57.0468 1100 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:22:57.0578 1100 CmBatt - ok
19:22:57.0593 1100 CmdIde - ok
19:22:57.0593 1100 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:22:57.0687 1100 Compbatt - ok
19:22:57.0703 1100 Cpqarray - ok
19:22:57.0703 1100 dac2w2k - ok
19:22:57.0718 1100 dac960nt - ok
19:22:57.0718 1100 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:22:57.0812 1100 Disk - ok
19:22:57.0875 1100 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
19:22:58.0046 1100 dmboot - ok
19:22:58.0093 1100 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
19:22:58.0203 1100 dmio - ok
19:22:58.0234 1100 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:22:58.0359 1100 dmload - ok
19:22:58.0406 1100 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:22:58.0500 1100 DMusic - ok
19:22:58.0562 1100 dpti2o - ok
19:22:58.0609 1100 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:22:58.0687 1100 drmkaud - ok
19:22:58.0750 1100 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:22:58.0843 1100 Fastfat - ok
19:22:58.0875 1100 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:22:58.0968 1100 Fdc - ok
19:22:59.0000 1100 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
19:23:00.0171 1100 Fips - ok
19:23:00.0281 1100 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:23:00.0390 1100 Flpydisk - ok
19:23:00.0437 1100 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:23:00.0546 1100 FltMgr - ok
19:23:00.0593 1100 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:23:00.0703 1100 Fs_Rec - ok
19:23:00.0734 1100 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:23:00.0843 1100 Ftdisk - ok
19:23:00.0859 1100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:23:00.0968 1100 Gpc - ok
19:23:01.0000 1100 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
19:23:01.0046 1100 HdAudAddService - ok
19:23:01.0062 1100 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:23:01.0171 1100 HDAudBus - ok
19:23:01.0281 1100 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:23:01.0359 1100 HidUsb - ok
19:23:01.0406 1100 hpn - ok
19:23:01.0468 1100 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:23:01.0515 1100 HTTP - ok
19:23:01.0546 1100 i2omgmt - ok
19:23:01.0578 1100 i2omp - ok
19:23:01.0625 1100 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:23:01.0734 1100 i8042prt - ok
19:23:01.0812 1100 ICDSX (9404719c43986ef811e69520db411516) C:\WINDOWS\system32\Drivers\ICDSX.sys
19:23:01.0859 1100 ICDSX - ok
19:23:01.0937 1100 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:23:02.0062 1100 Imapi - ok
19:23:02.0093 1100 ini910u - ok
19:23:02.0125 1100 IntelIde - ok
19:23:02.0218 1100 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:23:02.0296 1100 intelppm - ok
19:23:02.0359 1100 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:23:02.0468 1100 Ip6Fw - ok
19:23:02.0562 1100 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:23:02.0671 1100 IpFilterDriver - ok
19:23:02.0734 1100 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:23:02.0843 1100 IpInIp - ok
19:23:02.0875 1100 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:23:02.0968 1100 IpNat - ok
19:23:03.0000 1100 IPSec (2e17fe76fa4ad3a4a297ff536f00e181) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:23:03.0000 1100 IPSec ( UnsignedFile.Multi.Generic ) - warning
19:23:03.0000 1100 IPSec - detected UnsignedFile.Multi.Generic (1)
19:23:03.0000 1100 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine
19:23:03.0015 1100 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
19:23:03.0125 1100 irda - ok
19:23:03.0156 1100 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:23:03.0250 1100 IRENUM - ok
19:23:03.0390 1100 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:23:03.0468 1100 isapnp - ok
19:23:03.0562 1100 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:23:03.0656 1100 Kbdclass - ok
19:23:03.0718 1100 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:23:03.0828 1100 kmixer - ok
19:23:03.0890 1100 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:23:03.0968 1100 KSecDD - ok
19:23:04.0031 1100 lbrtfdc - ok
19:23:04.0125 1100 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:23:04.0218 1100 mnmdd - ok
19:23:04.0296 1100 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
19:23:04.0406 1100 Modem - ok
19:23:04.0421 1100 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:23:04.0531 1100 Mouclass - ok
19:23:04.0578 1100 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:23:04.0687 1100 mouhid - ok
19:23:04.0703 1100 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:23:04.0812 1100 MountMgr - ok
19:23:04.0875 1100 MpKsl19c4db5d - ok
19:23:04.0875 1100 MpKsl3baff57d - ok
19:23:04.0875 1100 MpKsl507acd58 - ok
19:23:04.0890 1100 MpKsl783c19f1 - ok
19:23:04.0890 1100 MpKsl92d6471d - ok
19:23:04.0890 1100 MpKsl99da5fd8 - ok
19:23:04.0890 1100 MpKsld7cb9d28 - ok
19:23:04.0890 1100 MpKsle3b7fcbb - ok
19:23:04.0953 1100 mraid35x - ok
19:23:05.0015 1100 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:23:05.0109 1100 MRxDAV - ok
19:23:05.0234 1100 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:23:05.0296 1100 MRxSmb - ok
19:23:05.0343 1100 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:23:05.0453 1100 Msfs - ok
19:23:05.0531 1100 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:23:05.0625 1100 MSKSSRV - ok
19:23:05.0718 1100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:23:05.0828 1100 MSPCLOCK - ok
19:23:05.0875 1100 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:23:05.0968 1100 MSPQM - ok
19:23:06.0031 1100 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:23:06.0109 1100 mssmbios - ok
19:23:06.0140 1100 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:23:06.0250 1100 MSTEE - ok
19:23:06.0296 1100 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:23:06.0328 1100 Mup - ok
19:23:06.0375 1100 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:23:06.0468 1100 NABTSFEC - ok
19:23:06.0578 1100 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:23:06.0687 1100 NDIS - ok
19:23:06.0765 1100 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:23:06.0875 1100 NdisIP - ok
19:23:06.0937 1100 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:23:06.0968 1100 NdisTapi - ok
19:23:06.0984 1100 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:23:07.0093 1100 Ndisuio - ok
19:23:07.0250 1100 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:23:07.0359 1100 NdisWan - ok
19:23:07.0468 1100 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:23:07.0515 1100 NDProxy - ok
19:23:07.0578 1100 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:23:07.0687 1100 NetBIOS - ok
19:23:07.0796 1100 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:23:07.0906 1100 NetBT - ok
19:23:08.0062 1100 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
19:23:08.0140 1100 NETw3x32 - ok
19:23:08.0250 1100 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:23:08.0359 1100 NIC1394 - ok
19:23:08.0421 1100 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:23:08.0531 1100 Npfs - ok
19:23:08.0609 1100 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:23:08.0734 1100 Ntfs - ok
19:23:08.0796 1100 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:23:08.0906 1100 Null - ok
19:23:09.0093 1100 nv (59e5d945934ec2e7eaa22af81813dabf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:23:09.0484 1100 nv - ok
19:23:09.0625 1100 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:23:09.0734 1100 NwlnkFlt - ok
19:23:09.0765 1100 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:23:09.0875 1100 NwlnkFwd - ok
19:23:09.0953 1100 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:23:10.0046 1100 NwlnkIpx - ok
19:23:10.0093 1100 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:23:10.0187 1100 NwlnkNb - ok
19:23:10.0265 1100 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:23:10.0343 1100 NwlnkSpx - ok
19:23:10.0437 1100 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
19:23:10.0531 1100 NWRDR - ok
19:23:10.0609 1100 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:23:10.0718 1100 ohci1394 - ok
19:23:10.0796 1100 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
19:23:10.0890 1100 Parport - ok
19:23:10.0937 1100 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:23:11.0031 1100 PartMgr - ok
19:23:11.0109 1100 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
19:23:11.0187 1100 ParVdm - ok
19:23:11.0281 1100 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
19:23:11.0359 1100 PCI - ok
19:23:11.0406 1100 PCIDump - ok
19:23:11.0468 1100 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:23:11.0562 1100 PCIIde - ok
19:23:11.0625 1100 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:23:11.0718 1100 Pcmcia - ok
19:23:11.0750 1100 PDCOMP - ok
19:23:11.0796 1100 PDFRAME - ok
19:23:11.0828 1100 PDRELI - ok
19:23:11.0859 1100 PDRFRAME - ok
19:23:11.0890 1100 perc2 - ok
19:23:11.0937 1100 perc2hib - ok
19:23:12.0031 1100 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:23:12.0140 1100 PptpMiniport - ok
19:23:12.0218 1100 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:23:12.0296 1100 PSched - ok
19:23:12.0328 1100 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:23:12.0437 1100 Ptilink - ok
19:23:12.0484 1100 ql1080 - ok
19:23:12.0515 1100 Ql10wnt - ok
19:23:12.0546 1100 ql12160 - ok
19:23:12.0593 1100 ql1240 - ok
19:23:12.0640 1100 ql1280 - ok
19:23:12.0687 1100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:23:12.0781 1100 RasAcd - ok
19:23:12.0890 1100 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
19:23:12.0953 1100 Rasirda - ok
19:23:13.0015 1100 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:23:13.0109 1100 Rasl2tp - ok
19:23:13.0187 1100 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:23:13.0296 1100 RasPppoe - ok
19:23:13.0359 1100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:23:13.0453 1100 Raspti - ok
19:23:13.0515 1100 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:23:13.0609 1100 Rdbss - ok
19:23:13.0671 1100 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:23:13.0765 1100 RDPCDD - ok
19:23:13.0843 1100 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:23:13.0953 1100 rdpdr - ok
19:23:14.0031 1100 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:23:14.0078 1100 RDPWD - ok
19:23:14.0140 1100 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:23:14.0250 1100 redbook - ok
19:23:14.0328 1100 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
19:23:14.0375 1100 rimmptsk - ok
19:23:14.0406 1100 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
19:23:14.0468 1100 rimsptsk - ok
19:23:14.0500 1100 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
19:23:14.0562 1100 rismxdp - ok
19:23:14.0609 1100 RTL8023xp (d6e1b1bd04fad422af17fc4b810cb9af) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:23:14.0656 1100 RTL8023xp - ok
19:23:14.0796 1100 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:23:14.0890 1100 sdbus - ok
19:23:14.0953 1100 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:23:15.0062 1100 Secdrv - ok
19:23:15.0125 1100 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
19:23:15.0218 1100 Serial - ok
19:23:15.0296 1100 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
19:23:15.0390 1100 sffdisk - ok
19:23:15.0437 1100 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
19:23:15.0531 1100 sffp_sd - ok
19:23:15.0625 1100 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:23:15.0718 1100 Sfloppy - ok
19:23:15.0765 1100 Simbad - ok
19:23:15.0828 1100 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:23:15.0921 1100 SLIP - ok
19:23:16.0015 1100 SMCIRDA (faedd4ac72c5772672cce88b3adafa56) C:\WINDOWS\system32\DRIVERS\smcirda.sys
19:23:16.0062 1100 SMCIRDA - ok
19:23:16.0109 1100 Sparrow - ok
19:23:16.0250 1100 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:23:16.0343 1100 splitter - ok
19:23:16.0406 1100 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
19:23:16.0515 1100 sr - ok
19:23:16.0609 1100 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:23:16.0671 1100 Srv - ok
19:23:16.0718 1100 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:23:16.0828 1100 streamip - ok
19:23:16.0859 1100 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:23:16.0968 1100 swenum - ok
19:23:17.0031 1100 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:23:17.0140 1100 swmidi - ok
19:23:17.0218 1100 symc810 - ok
19:23:17.0250 1100 symc8xx - ok
19:23:17.0265 1100 sym_hi - ok
19:23:17.0296 1100 sym_u3 - ok
19:23:17.0328 1100 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:23:17.0421 1100 sysaudio - ok
19:23:17.0484 1100 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:23:17.0546 1100 Tcpip - ok
19:23:17.0640 1100 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:23:17.0750 1100 TDPIPE - ok
19:23:17.0812 1100 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:23:17.0906 1100 TDTCP - ok
19:23:17.0984 1100 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:23:18.0078 1100 TermDD - ok
19:23:18.0187 1100 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
19:23:18.0203 1100 toshidpt ( UnsignedFile.Multi.Generic ) - warning
19:23:18.0203 1100 toshidpt - detected UnsignedFile.Multi.Generic (1)
19:23:18.0203 1100 C:\WINDOWS\system32\drivers\Toshidpt.sys - copied to quarantine
19:23:18.0250 1100 TosIde - ok
19:23:18.0281 1100 tosporte (02ebf69066d6f208af4d07481bbae0ad) C:\WINDOWS\system32\DRIVERS\tosporte.sys
19:23:18.0359 1100 tosporte ( UnsignedFile.Multi.Generic ) - warning
19:23:18.0359 1100 tosporte - detected UnsignedFile.Multi.Generic (1)
19:23:18.0359 1100 C:\WINDOWS\system32\DRIVERS\tosporte.sys - copied to quarantine
19:23:18.0437 1100 Tosrfbd (b52d9ce4a1f2feb1c77f913b55768530) C:\WINDOWS\system32\Drivers\tosrfbd.sys
19:23:18.0453 1100 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning
19:23:18.0453 1100 Tosrfbd - detected UnsignedFile.Multi.Generic (1)
19:23:18.0468 1100 C:\WINDOWS\system32\Drivers\tosrfbd.sys - copied to quarantine
19:23:18.0531 1100 Tosrfbnp (1ae2ba74b2a4f5a358b13fcd35258c30) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
19:23:18.0546 1100 Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
19:23:18.0546 1100 Tosrfbnp - detected UnsignedFile.Multi.Generic (1)
19:23:18.0546 1100 C:\WINDOWS\system32\Drivers\tosrfbnp.sys - copied to quarantine
19:23:18.0593 1100 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
19:23:18.0609 1100 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
19:23:18.0609 1100 Tosrfcom - detected UnsignedFile.Multi.Generic (1)
19:23:18.0703 1100 C:\WINDOWS\system32\Drivers\tosrfcom.sys - copied to quarantine
19:23:18.0750 1100 Tosrfhid (8310963d2d06860e272eec87bca4217a) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
19:23:18.0765 1100 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
19:23:18.0765 1100 Tosrfhid - detected UnsignedFile.Multi.Generic (1)
19:23:18.0765 1100 C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys - copied to quarantine
19:23:18.0859 1100 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
19:23:18.0875 1100 tosrfnds ( UnsignedFile.Multi.Generic ) - warning
19:23:18.0875 1100 tosrfnds - detected UnsignedFile.Multi.Generic (1)
19:23:18.0875 1100 C:\WINDOWS\system32\DRIVERS\tosrfnds.sys - copied to quarantine
19:23:18.0937 1100 TosRfSnd (ab6fd13d7efa2634fa6bdf84c7ef0696) C:\WINDOWS\system32\drivers\TosRfSnd.sys
19:23:18.0968 1100 TosRfSnd ( UnsignedFile.Multi.Generic ) - warning
19:23:18.0968 1100 TosRfSnd - detected UnsignedFile.Multi.Generic (1)
19:23:19.0031 1100 C:\WINDOWS\system32\drivers\TosRfSnd.sys - copied to quarantine
19:23:19.0109 1100 Tosrfusb (c639fc314ea7436325ade8cd514b627c) C:\WINDOWS\system32\Drivers\tosrfusb.sys
19:23:19.0109 1100 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
19:23:19.0109 1100 Tosrfusb - detected UnsignedFile.Multi.Generic (1)
19:23:19.0109 1100 C:\WINDOWS\system32\Drivers\tosrfusb.sys - copied to quarantine
19:23:19.0296 1100 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:23:19.0406 1100 Udfs - ok
19:23:19.0468 1100 ultra - ok
19:23:19.0562 1100 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:23:19.0703 1100 Update - ok
19:23:19.0796 1100 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:23:19.0906 1100 usbehci - ok
19:23:19.0953 1100 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:23:20.0046 1100 usbhub - ok
19:23:20.0125 1100 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:23:20.0234 1100 usbprint - ok
19:23:20.0312 1100 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:23:20.0421 1100 usbscan - ok
19:23:20.0500 1100 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:23:20.0609 1100 USBSTOR - ok
19:23:20.0718 1100 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:23:20.0796 1100 usbuhci - ok
19:23:20.0890 1100 usbvm321 (bce87e9547a6c8815f64cd3c80733bc7) C:\WINDOWS\system32\Drivers\usbvm321.sys
19:23:20.0937 1100 usbvm321 - ok
19:23:21.0046 1100 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:23:21.0156 1100 VgaSave - ok
19:23:21.0218 1100 ViaIde - ok
19:23:21.0265 1100 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
19:23:21.0375 1100 VolSnap - ok
19:23:21.0437 1100 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:23:21.0546 1100 Wanarp - ok
19:23:21.0578 1100 WDICA - ok
19:23:21.0656 1100 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:23:21.0765 1100 wdmaud - ok
19:23:21.0843 1100 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:23:21.0953 1100 WSTCODEC - ok
19:23:22.0031 1100 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:23:22.0062 1100 WudfPf - ok
19:23:22.0093 1100 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:23:22.0125 1100 WudfRd - ok
19:23:22.0140 1100 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
19:23:22.0296 1100 \Device\Harddisk0\DR0 - detected (2)
19:23:22.0296 1100 \Device\Harddisk0\DR0 - copied to quarantine
19:23:22.0375 1100 \Device\Harddisk0\DR0 - ok
19:23:22.0390 1100 Boot (0x1200) (fc843fc1bc011f2e0f49efbfd770ea57) \Device\Harddisk0\DR0\Partition0
19:23:22.0390 1100 \Device\Harddisk0\DR0\Partition0 - detected (2)
19:23:22.0390 1100 \Device\Harddisk0\DR0\Partition0 - copied to quarantine
19:23:22.0390 1100 \Device\Harddisk0\DR0\Partition0 - ok
19:23:22.0390 1100 ============================================================
19:23:22.0390 1100 Scan finished
19:23:22.0390 1100 ============================================================
19:23:23.0265 1696 Deinitialize success

Musim teď tak na hodu zmizet, tak snad jsem tě dost zásobil.

http://www.uschovna.cz/zasilka/D4WRKXAS5H4ZEVWG-JKF

Internet stále stejný...

Můžu se jen zeptat na skromný názor, vyřešíme to nakonec?

Času dost přítelkyně už začíná být lehce zoufalá tak tedy zatím díky

Internet stále neběží, v konoli na příkaz ipconfig to háže pořád chybovou hlášku. Předtím byla ovšem ještě k tomu zdeformovaná, teď už je ok, dokonce i s diakritikou Určitý postup je tedy patrný ač pozvolný.

Z přílohy sosni... neměla by následovat nějaká příloha?

To spíš ty z toho máš koukám očividnou radost Mě to zatím baví a před přítulkou můžu alespoň pěkně šplhat ta je chudák celá vystrašená.
Postup je mi jasný, dostanu se k tomu tak za dvě hoďky (a jen tak na dvě hoďky) o víkendu pak bohužel jsem out.

Ještě taková otázka bokem... neodstraňoval jsem náhodou přesně tyhle registry předevčírem? Tak jen ze zvědavosti, proč je teď přidávám. a ještě jedna rychlá, co znamená Mia:: ?

v Spustit mi to ComboFix/Uninstall nebere.. nemůže nalézt

prosím o smazaní předchozího příspěvku

Zase na druhou stranu se ty mrkni na svůj příspěvek s CSFcript em... nemá to to takhle čistě náhodou být CFScript?? a to dokonce dvakrát... pak má někdo něco opravit...

I mistr tesař se utne, no

Vše proběhlo ok, internet už naskočil...

ComboFix 11-09-30.03 - Lucka 30.09.2011 17:28:13.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.618 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lucka\Plocha\turbina.com
Použité ovládací přepínače :: E:\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Nakažená kopie c:\windows\system32\DRIVERS\ipsec.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\ipsec.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.IPSec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-28 do 2011-09-30 )))))))))))))))))))))))))))))))
.
.
2011-09-29 17:31 . 2011-09-29 17:31 0 ---ha-w- c:\documents and settings\Lucka\Local Settings\Data aplikací\BIT3.tmp
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- C:\vzorky
2011-09-29 16:52 . 2011-09-29 16:52 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
2011-09-29 16:20 . 2011-09-29 16:20 -------- d-----w- C:\WINSSLog
2011-09-29 16:16 . 2011-09-29 16:16 1416 ----a-w- C:\FixitRegBackup.reg
2011-09-28 15:32 . 2011-09-28 15:32 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-09-28 10:17 . 2011-09-28 10:17 -------- d-----w- C:\rsit
2011-09-28 10:17 . 2011-09-28 10:17 -------- d-----w- c:\program files\trend micro
2011-09-28 10:16 . 2011-09-28 10:16 -------- d-----w- c:\program files\ESET
2011-09-28 10:16 . 2011-09-28 10:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-09-28 10:10 . 2011-09-28 10:05 56611840 ----a-w- C:\ess_nt32_enu.msi
2011-09-28 09:50 . 2011-09-28 09:50 -------- d-----w- c:\documents and settings\Administrator
2011-09-28 09:49 . 2011-09-28 09:49 -------- d-----w- c:\documents and settings\Lucka\Local Settings\Data aplikací\PCHealth
2011-09-28 09:42 . 2011-09-28 11:50 48016 --sha-w- c:\windows\system32\c_17051.nl_
2011-09-14 19:49 . 2008-04-14 02:21 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-09-14 19:49 . 2008-04-14 02:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-09-03 10:17 . 2011-09-09 09:12 602112 -c----w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 17:35 . 2011-09-29 17:35 303332 ----a-w- C:\vzorky.zip
2011-09-28 17:54 . 2011-09-28 17:54 1805990 ----a-w- C:\Qoobox.zip
2011-09-28 08:13 . 2011-05-17 18:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2004-08-18 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-18 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-09-07 05:41 . 2011-03-24 07:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Lucka^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\Lucka\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-08-19 14:36 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-07-20 18:58 7581696 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-07-20 18:58 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-07-20 18:58 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-08-18 15:04 17360520 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zástupce stránky vlastností sběrnice High Definition Audio]
2005-01-07 15:07 61952 ------w- c:\windows\system32\HdAShCut.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
.
S1 MpKsl19c4db5d;MpKsl19c4db5d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{8DB6ED70-307E-43D0-BEA3-629841919AA3}\MpKsl19c4db5d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{8DB6ED70-307E-43D0-BEA3-629841919AA3}\MpKsl19c4db5d.sys [?]
S1 MpKsl3baff57d;MpKsl3baff57d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{2329368B-5ABB-478B-92FD-16013CCDD8B5}\MpKsl3baff57d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{2329368B-5ABB-478B-92FD-16013CCDD8B5}\MpKsl3baff57d.sys [?]
S1 MpKsl507acd58;MpKsl507acd58;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{093C17A3-3C47-4462-87EA-972ACC9CF665}\MpKsl507acd58.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{093C17A3-3C47-4462-87EA-972ACC9CF665}\MpKsl507acd58.sys [?]
S1 MpKsl783c19f1;MpKsl783c19f1;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{649E9EBC-EAB1-457B-968A-9BA0DCDF8693}\MpKsl783c19f1.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{649E9EBC-EAB1-457B-968A-9BA0DCDF8693}\MpKsl783c19f1.sys [?]
S1 MpKsl92d6471d;MpKsl92d6471d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{093C17A3-3C47-4462-87EA-972ACC9CF665}\MpKsl92d6471d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{093C17A3-3C47-4462-87EA-972ACC9CF665}\MpKsl92d6471d.sys [?]
S1 MpKsl99da5fd8;MpKsl99da5fd8;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4E920287-8060-4678-885E-688FA5E0C8C8}\MpKsl99da5fd8.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4E920287-8060-4678-885E-688FA5E0C8C8}\MpKsl99da5fd8.sys [?]
S1 MpKsld7cb9d28;MpKsld7cb9d28;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7E342DC7-9256-45BE-AF33-2343C0A5AC86}\MpKsld7cb9d28.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7E342DC7-9256-45BE-AF33-2343C0A5AC86}\MpKsld7cb9d28.sys [?]
S1 MpKsle3b7fcbb;MpKsle3b7fcbb;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C0F231B9-9D5D-427E-B618-53A3DD85D645}\MpKsle3b7fcbb.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C0F231B9-9D5D-427E-B618-53A3DD85D645}\MpKsle3b7fcbb.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20.12.2010 8:50 136176]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\Lucka\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Lucka\LOCALS~1\Temp\CFcatchme.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20.12.2010 8:50 136176]
S3 ICDSX;Sony IC Recorder (SX);c:\windows\system32\drivers\IcdSX.sys [11.10.2010 0:17 31744]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-20 06:50]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-20 06:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Lucka\Data aplikací\Mozilla\Firefox\Profiles\av491d33.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 17:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3968)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Celkový čas: 2011-09-30 17:38:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-30 15:38
ComboFix2.txt 2011-09-29 17:20
.
Před spuštěním: Volných bajtů: 29 773 025 280
Po spuštění: Volných bajtů: 29 714 780 160
.
- - End Of File - - E49ABA5FBF8DD454FEF9E9E4AD7C93BB