Skrytá hrozba

Zpráva

Pakl · #1 Příspěvek od **Pakl** » 18 říj 2011 18:42

Dobrý den, nemám žádný problém, ale nová Avira (2012 free) hlásí "skrytý objekt". Nevím, mám-li něco podnikat nebo ne, dovoluji si poslat log ze RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Pavel at 2011-10-18 19:34:17
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 58 GB (57%) free of 103 GB
Total RAM: 5120 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:34:25, on 18.10.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Aura\aura.exe
C:\Program Files (x86)\JetToolBar\JetTB.exe
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\trend micro\Pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/ig?hl=cs&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files (x86)\Seznam.cz\listicka.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O3 - Toolbar: Nástroje Lištičky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Program Files (x86)\Seznam.cz\toolbar\toolbar.dll
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Bonus.SSR.FR10] "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Scotts Gmail Alert] C:\Program Files (x86)\Scott's Gmail Alert\ScottsGmailAlert.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Aura.lnk = C:\Program Files (x86)\Aura\aura.exe
O4 - Startup: jetToolBar.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files (x86)\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files (x86)\Seznam.cz\listicka.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files (x86)\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files (x86)\Seznam.cz\listicka.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D13E15D5-F232-404C-B972-594E6B4396D2}: NameServer = 192.168.1.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Služba Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SearchAnonymizer - Unknown owner - C:\Users\Pavel\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14682 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -service
Ati2evxx.exe -Client
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe" -service
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" -tray
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files (x86)\Scott's Gmail Alert\ScottsGmailAlert.exe"
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
"C:\Program Files (x86)\Aura\aura.exe" gstart
"C:\Program Files (x86)\JetToolBar\JetTB.exe"
"C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe"
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles startup
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files\Canon\DIAS\CnxDIAS.exe"
"C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" /StartMinimized
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe" -s DefaultInstance
"C:\Users\Pavel\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe"
"C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe"
"C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe" 132028*73496599-f9f5-4f04-a4a4-0f934f628288*C:\Program Files (x86)\DisplayFusion\Hooks\DisplayFusionHookx86_74D086AC-251D-439B-8962-3F3C6C74EB18.dll
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000b84
\??\C:\Windows\system32\conhost.exe "-725613508-18235237711229324486739061387-66755092220856953148444911601405226568
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
"C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
"C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe" -s DefaultInstance
{7155D1EB-776C-4C48-96F6-47D53029477E}
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
{CF27A6A5-02C2-4BE0-A0AC-63113AF043FA}
C:\Windows\System32\svchost.exe -k secsvcs
"taskhost.exe"
"C:\totalcmd\TOTALCMD.EXE"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"E:\Proprium\Rozbal\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2874635146-696550908-3422958121-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2874635146-696550908-3422958121-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\y9nt2i60.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/ig?hl=cs&source=iglk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
npPDFXCviewNPPlugin.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\y9nt2i60.default\extensions\
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-20 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-06-06 64928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16 3942048]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-20 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files (x86)\Seznam.cz\listicka.dll [2011-03-15 2201600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23 321120]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{1EA00BE1-6E54-4E2A-8099-680300BF23E1} - Nástroje Lištičky - C:\Program Files (x86)\Seznam.cz\toolbar\toolbar.dll [2011-03-10 183808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Služba Acronis Scheduler2"=C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2010-09-23 391144]
"Ocs_SM"=C:\Users\Pavel\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [2011-04-01 106496]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2000-01-01 12666984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"=C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-09-01 966712]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"DisplayFusion"=C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [2011-05-20 1949088]
"Google Update"=C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 136176]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-09-12 17351304]
""= []
"Scotts Gmail Alert"=C:\Program Files (x86)\Scott's Gmail Alert\ScottsGmailAlert.exe [2011-09-11 3401728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
C:\Windows\Installer\{AC76BA86-1029-0000-7760-000000000003}\_SC_Acrobat.exe [2011-02-15 295606]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
C:\PROGRA~2\Adobe\ACROBA~1.0\Acrobat\ADOBEC~1.EXE [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2002-09-25 113664]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SAOB Monitor"=C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2010-09-02 2536752]
"TrueImageMonitor.exe"=C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2010-09-23 5502312]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-23 620152]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"KeePass 2 PreLoad"=C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2011-07-12 1764352]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"Bonus.SSR.FR10"=C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [2011-04-13 941320]
"ZoneAlarm Client"=C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe [2011-03-18 1043968]
"Garmin Lifetime Updater"=C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe [2011-10-03 1409384]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2011-10-11 258512]

C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Aura.lnk - C:\Program Files (x86)\Aura\aura.exe
jetToolBar.lnk - C:\Program Files (x86)\JetToolBar\JetTB.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-10-18 19:34:16 ----D---- C:\rsit
2011-10-18 19:21:29 ----D---- C:\Program Files (x86)\trend micro
2011-10-18 16:01:52 ----D---- C:\Users\Pavel\AppData\Roaming\Avira
2011-10-18 16:01:17 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2011-10-18 16:01:17 ----A---- C:\Windows\system32\drivers\avipbb.sys
2011-10-18 16:01:17 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2011-10-18 16:01:03 ----D---- C:\ProgramData\Avira
2011-10-18 16:01:03 ----D---- C:\Program Files (x86)\Avira
2011-10-15 17:34:12 ----A---- C:\Windows\system32\win32k.sys
2011-10-15 17:33:32 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-10-15 17:33:32 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-15 17:33:05 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-10-15 17:33:05 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-10-15 17:33:05 ----A---- C:\Windows\system32\oleacc.dll
2011-10-15 17:33:04 ----A---- C:\Windows\system32\oleaut32.dll
2011-10-12 08:23:18 ----D---- C:\Users\Pavel\AppData\Roaming\SUPERAntiSpyware.com
2011-10-12 08:22:27 ----D---- C:\Program Files\SUPERAntiSpyware
2011-10-10 23:45:30 ----ASH---- C:\hiberfil.sys
2011-09-27 18:36:03 ----D---- C:\Windows\SYSWOW64\RTCOM
2011-09-27 18:34:59 ----A---- C:\Windows\system32\WavesGUILib.dll
2011-09-27 18:34:59 ----A---- C:\Windows\system32\tepeqapo64.dll
2011-09-27 18:34:58 ----A---- C:\Windows\system32\SRSWOW64.dll
2011-09-27 18:34:58 ----A---- C:\Windows\system32\SRSTSX64.dll
2011-09-27 18:34:58 ----A---- C:\Windows\system32\SRSTSH64.dll
2011-09-27 18:34:57 ----A---- C:\Windows\system32\SRSHP64.dll
2011-09-27 18:34:54 ----A---- C:\Windows\system32\SFSS_APO.dll
2011-09-27 18:34:54 ----A---- C:\Windows\system32\SFNHK64.dll
2011-09-27 18:34:53 ----A---- C:\Windows\SYSWOW64\SFCOM.dll
2011-09-27 18:34:53 ----A---- C:\Windows\system32\SFCOM64.dll
2011-09-27 18:34:53 ----A---- C:\Windows\system32\SFAPO64.dll
2011-09-27 18:34:52 ----A---- C:\Windows\system32\RtPgEx64.dll
2011-09-27 18:34:52 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2011-09-27 18:34:51 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2011-09-27 18:34:50 ----A---- C:\Windows\system32\RtkCfg64.dll
2011-09-27 18:34:49 ----A---- C:\Windows\system32\RtkAPO64.dll
2011-09-27 18:34:49 ----A---- C:\Windows\system32\RtkApi64.dll
2011-09-27 18:34:48 ----A---- C:\Windows\system32\RTEEP64A.dll
2011-09-27 18:34:47 ----A---- C:\Windows\system32\RTEEL64A.dll
2011-09-27 18:34:47 ----A---- C:\Windows\system32\RTEEG64A.dll
2011-09-27 18:34:47 ----A---- C:\Windows\system32\RTEED64A.dll
2011-09-27 18:34:46 ----A---- C:\Windows\system32\RTCOM64.dll
2011-09-27 18:34:46 ----A---- C:\Windows\system32\RP3DHT64.dll
2011-09-27 18:34:46 ----A---- C:\Windows\system32\RP3DAA64.dll
2011-09-27 18:34:45 ----A---- C:\Windows\system32\RCoRes64.dat
2011-09-27 18:34:45 ----A---- C:\Windows\system32\RCoInst64.dll
2011-09-27 18:34:42 ----A---- C:\Windows\system32\R4EEP64A.dll
2011-09-27 18:34:41 ----A---- C:\Windows\system32\R4EEL64A.dll
2011-09-27 18:34:41 ----A---- C:\Windows\system32\R4EEG64A.dll
2011-09-27 18:34:41 ----A---- C:\Windows\system32\R4EED64A.dll
2011-09-27 18:34:41 ----A---- C:\Windows\system32\R4EEA64A.dll
2011-09-27 18:34:39 ----A---- C:\Windows\system32\MaxxVolumeSDAPO.dll
2011-09-27 18:34:38 ----A---- C:\Windows\system32\MaxxAudioRealtek.dll
2011-09-27 18:34:37 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2011-09-27 18:34:37 ----A---- C:\Windows\system32\MaxxAudioAPO30.dll
2011-09-27 18:34:37 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2011-09-27 18:34:36 ----A---- C:\Windows\system32\KAAPORT64.dll
2011-09-27 18:34:14 ----A---- C:\Windows\system32\FMAPO64.dll
2011-09-27 18:34:13 ----A---- C:\Windows\system32\DTSVoiceClarityDLL64.dll
2011-09-27 18:34:13 ----A---- C:\Windows\system32\DTSU2PREC64.dll
2011-09-27 18:34:11 ----A---- C:\Windows\system32\DTSU2PLFX64.dll
2011-09-27 18:34:10 ----A---- C:\Windows\system32\DTSU2PGFX64.dll
2011-09-27 18:34:09 ----A---- C:\Windows\system32\DTSSymmetryDLL64.dll
2011-09-27 18:34:08 ----A---- C:\Windows\system32\DTSS2SpeakerDLL64.dll
2011-09-27 18:34:07 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2011-09-27 18:34:07 ----A---- C:\Windows\system32\DTSNeoPCDLL64.dll
2011-09-27 18:34:07 ----A---- C:\Windows\system32\DTSLimiterDLL64.dll
2011-09-27 18:34:07 ----A---- C:\Windows\system32\DTSLFXAPO64.dll
2011-09-27 18:34:06 ----A---- C:\Windows\system32\DTSGFXAPONS64.dll
2011-09-27 18:34:06 ----A---- C:\Windows\system32\DTSGFXAPO64.dll
2011-09-27 18:34:06 ----A---- C:\Windows\system32\DTSGainCompensatorDLL64.dll
2011-09-27 18:34:06 ----A---- C:\Windows\system32\DTSBoostDLL64.dll
2011-09-27 18:34:06 ----A---- C:\Windows\system32\DTSBassEnhancementDLL64.dll
2011-09-27 18:34:04 ----A---- C:\Windows\system32\AERTAR64.dll
2011-09-27 18:34:04 ----A---- C:\Windows\system32\AERTAC64.dll
2011-09-27 18:29:23 ----D---- C:\Program Files (x86)\Realtek
2011-09-20 10:12:41 ----D---- C:\Users\Pavel\AppData\Roaming\calibre
2011-09-20 10:11:46 ----D---- C:\Program Files (x86)\Calibre2
2011-09-19 23:53:59 ----D---- C:\Program Files (x86)\FBReader

======List of files/folders modified in the last 1 month======

2011-10-18 19:34:23 ----D---- C:\Program Files\trend micro
2011-10-18 19:34:22 ----D---- C:\Windows\Temp
2011-10-18 19:29:12 ----D---- C:\Windows\Internet Logs
2011-10-18 19:26:45 ----D---- C:\Users\Pavel\AppData\Roaming\DisplayFusion
2011-10-18 19:21:29 ----RD---- C:\Program Files (x86)
2011-10-18 19:21:12 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2011-10-18 19:20:35 ----D---- C:\Windows\System32
2011-10-18 19:20:34 ----D---- C:\Windows
2011-10-18 18:42:12 ----SHD---- C:\System Volume Information
2011-10-18 16:22:58 ----D---- C:\Windows\system32\config
2011-10-18 16:16:52 ----D---- C:\Windows\system32\catroot
2011-10-18 16:07:37 ----D---- C:\Windows\inf
2011-10-18 16:01:28 ----D---- C:\Windows\system32\DriverStore
2011-10-18 16:01:17 ----D---- C:\Windows\system32\drivers
2011-10-18 16:01:03 ----HD---- C:\ProgramData
2011-10-18 15:54:42 ----SHD---- C:\Windows\Installer
2011-10-18 15:54:41 ----D---- C:\Windows\SysWOW64
2011-10-18 15:49:11 ----D---- C:\Windows\Prefetch
2011-10-18 15:17:28 ----D---- C:\Windows\system32\LogFiles
2011-10-18 15:16:24 ----D---- C:\Windows\SYSWOW64\drivers
2011-10-18 15:15:47 ----AD---- C:\ProgramData\TEMP
2011-10-18 15:15:38 ----D---- C:\Program Files (x86)\SpywareBlaster
2011-10-18 15:13:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-18 13:20:46 ----D---- C:\Program Files (x86)\BibleWorks 8
2011-10-18 11:02:03 ----D---- C:\Bat
2011-10-17 16:16:53 ----D---- C:\Program Files (x86)\DOSBox-0.74
2011-10-17 12:54:05 ----D---- C:\Users\Pavel\AppData\Roaming\KeePass
2011-10-17 10:44:09 ----D---- C:\ProgramData\firebird
2011-10-16 11:27:44 ----D---- C:\Windows\debug
2011-10-15 19:23:58 ----RSD---- C:\Windows\assembly
2011-10-15 19:23:58 ----D---- C:\Windows\Microsoft.NET
2011-10-15 18:00:20 ----D---- C:\Windows\winsxs
2011-10-15 17:51:46 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-10-15 17:44:44 ----A---- C:\Windows\system32\MRT.exe
2011-10-15 17:32:27 ----D---- C:\Windows\system32\catroot2
2011-10-12 10:01:25 ----D---- C:\Program Files\Recuva
2011-10-12 09:51:59 ----D---- C:\Windows\Tasks
2011-10-12 09:51:59 ----D---- C:\Program Files (x86)\Glary Utilities
2011-10-12 09:50:50 ----D---- C:\Windows\system32\Tasks
2011-10-12 08:22:27 ----RD---- C:\Program Files
2011-10-12 08:18:42 ----D---- C:\Windows\system32\appmgmt
2011-10-10 18:04:18 ----D---- C:\Program Files (x86)\Garmin
2011-10-10 15:19:53 ----D---- C:\ProgramData\GARMIN
2011-10-10 15:18:48 ----D---- C:\Users\Pavel\AppData\Roaming\GARMIN
2011-10-10 13:31:54 ----D---- C:\Windows\Panther
2011-10-10 13:31:40 ----D---- C:\Windows\Minidump
2011-10-10 13:31:01 ----D---- C:\Program Files\CCleaner
2011-10-10 13:29:38 ----D---- C:\Users\Pavel\AppData\Roaming\Mozilla
2011-10-06 13:22:32 ----D---- C:\Program Files (x86)\Torrent Master
2011-10-06 13:09:02 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-10-06 10:38:38 ----A---- C:\Windows\cdplayer.ini
2011-09-30 18:44:06 ----D---- C:\totalcmd
2011-09-30 08:36:35 ----D---- C:\Program Files\Defraggler
2011-09-27 18:36:29 ----HD---- C:\Program Files (x86)\Temp
2011-09-27 18:34:02 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-09-25 08:22:27 ----D---- C:\Program Files (x86)\Aura
2011-09-23 11:11:33 ----D---- C:\Program Files (x86)\Hesla JB

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2000-01-01 244328]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2011-02-15 277088]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-02-15 513080]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273); C:\Windows\system32\DRIVERS\tdrpm273.sys [2011-02-15 1263200]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2011-02-15 970336]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-10-11 130760]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2010-05-15 458840]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-10-11 97312]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2011-02-15 279136]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-11 5352960]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2000-01-01 3053160]
R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmf6264.sys [2010-08-12 350952]
R3 V0530Dev;Creative Camera VF0530 Driver; C:\Windows\system32\DRIVERS\V0530Vid.sys [2009-12-15 319488]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-05-18 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-05-18 27136]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-05-18 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-05-18 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-12 140672]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-11-25 814344]
R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2010-09-23 1079376]
R2 afcdpsrv;Služba Acronis Nonstop Backup; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-02-15 3975088]
R2 AntiVirService;Avira Realtime Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-11 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2010-02-11 952320]
R2 Canon Driver Information Assist Service;Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [2009-07-31 5762408]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
R2 SearchAnonymizer;SearchAnonymizer; C:\Users\Pavel\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2011-04-01 40960]
R2 Secunia Update Agent;Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-07-07 2156952]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\SysWOW64\ZoneLabs\vsmon.exe [2011-03-18 2435592]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-02-15 654848]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-16 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 19 říj 2011 11:01

Zdravim a pekny den preji

Muzete sem prosim dat obrazek toho hlaseni Aviry

Pakl · #3 Příspěvek od **Pakl** » 19 říj 2011 12:22

Moc dík,

tu je log i hlášky Aviry (nevím, jestli budu umět vložit sem obrázek, zkusím). Jen dodávám: kontrola MBAM, TDSS Killer ani Stinger (všude spuštění jako správce, ale nikoli v nouzovém režimu) nákazu neprokázaly.

Avira Free Antivirus
Report file date: 19. října 2011 12:53

Scanning for 3409682 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : Pavel
Computer name : PAVEL-STŮL

Version information:
BUILD.DAT : 12.0.0.855 41827 Bytes 12.10.2011 17:40:00
AVSCAN.EXE : 12.1.0.17 490448 Bytes 11.10.2011 13:00:09
AVSCAN.DLL : 12.1.0.17 54224 Bytes 23.9.2011 11:34:56
LUKE.DLL : 12.1.0.17 68304 Bytes 11.10.2011 13:00:17
AVSCPLR.DLL : 12.1.0.19 99536 Bytes 11.10.2011 13:00:09
AVREG.DLL : 12.1.0.20 227024 Bytes 11.10.2011 13:00:09
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.3.0 1950720 Bytes 9.2.2011 15:08:51
VBASE003.VDF : 7.11.5.225 1980416 Bytes 7.4.2011 10:00:55
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.5.2011 10:18:22
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7.7.2011 12:12:53
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.8.2011 07:26:09
VBASE007.VDF : 7.11.15.106 2389504 Bytes 5.10.2011 13:00:25
VBASE008.VDF : 7.11.15.107 2048 Bytes 5.10.2011 13:00:25
VBASE009.VDF : 7.11.15.108 2048 Bytes 5.10.2011 13:00:25
VBASE010.VDF : 7.11.15.109 2048 Bytes 5.10.2011 13:00:25
VBASE011.VDF : 7.11.15.110 2048 Bytes 5.10.2011 13:00:25
VBASE012.VDF : 7.11.15.111 2048 Bytes 5.10.2011 13:00:25
VBASE013.VDF : 7.11.15.144 161792 Bytes 7.10.2011 13:00:25
VBASE014.VDF : 7.11.15.177 130048 Bytes 10.10.2011 13:00:25
VBASE015.VDF : 7.11.15.213 113664 Bytes 11.10.2011 13:35:57
VBASE016.VDF : 7.11.16.1 163328 Bytes 14.10.2011 14:03:12
VBASE017.VDF : 7.11.16.34 187904 Bytes 18.10.2011 14:03:12
VBASE018.VDF : 7.11.16.35 2048 Bytes 18.10.2011 14:03:13
VBASE019.VDF : 7.11.16.36 2048 Bytes 18.10.2011 14:03:13
VBASE020.VDF : 7.11.16.37 2048 Bytes 18.10.2011 14:03:13
VBASE021.VDF : 7.11.16.38 2048 Bytes 18.10.2011 14:03:13
VBASE022.VDF : 7.11.16.39 2048 Bytes 18.10.2011 14:03:13
VBASE023.VDF : 7.11.16.40 2048 Bytes 18.10.2011 14:03:13
VBASE024.VDF : 7.11.16.41 2048 Bytes 18.10.2011 14:03:13
VBASE025.VDF : 7.11.16.42 2048 Bytes 18.10.2011 14:03:13
VBASE026.VDF : 7.11.16.43 2048 Bytes 18.10.2011 14:03:13
VBASE027.VDF : 7.11.16.44 2048 Bytes 18.10.2011 14:03:13
VBASE028.VDF : 7.11.16.45 2048 Bytes 18.10.2011 14:03:13
VBASE029.VDF : 7.11.16.46 2048 Bytes 18.10.2011 14:03:13
VBASE030.VDF : 7.11.16.47 2048 Bytes 18.10.2011 14:03:13
VBASE031.VDF : 7.11.16.58 34816 Bytes 19.10.2011 05:56:14
Engineversion : 8.2.6.84
AEVDF.DLL : 8.1.2.1 106868 Bytes 1.9.2011 21:46:02
AESCRIPT.DLL : 8.1.3.81 467322 Bytes 11.10.2011 13:00:07
AESCN.DLL : 8.1.7.2 127349 Bytes 1.9.2011 21:46:02
AESBX.DLL : 8.2.1.34 323957 Bytes 1.9.2011 21:46:02
AERDL.DLL : 8.1.9.15 639348 Bytes 8.9.2011 21:16:06
AEPACK.DLL : 8.2.10.11 684408 Bytes 22.9.2011 14:18:45
AEOFFICE.DLL : 8.1.2.15 201083 Bytes 15.9.2011 23:17:25
AEHEUR.DLL : 8.1.2.180 3748217 Bytes 12.10.2011 11:41:59
AEHELP.DLL : 8.1.17.7 254327 Bytes 1.9.2011 21:46:01
AEGEN.DLL : 8.1.5.9 401780 Bytes 1.9.2011 21:46:01
AEEMU.DLL : 8.1.3.0 393589 Bytes 1.9.2011 21:46:01
AECORE.DLL : 8.1.23.0 196983 Bytes 1.9.2011 21:46:01
AEBB.DLL : 8.1.1.0 53618 Bytes 1.9.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 13:00:11
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 13:00:09
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 13:00:09
AVARKT.DLL : 12.1.0.17 223184 Bytes 11.10.2011 13:00:07
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 13:00:08
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 13:00:22
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 13:00:10
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 13:00:18
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 11.10.2011 13:00:31
RCTEXT.DLL : 12.1.0.16 96208 Bytes 23.9.2011 11:37:24

Configuration settings for the scan:
Jobname.............................: Quick system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\quicksysscan.avp
Logging.............................: default
Primary action......................: repair
Secondary action....................: delete
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Optimised scan......................: on
Scan all files......................: Intelligent file selection
Scan archives.......................: off
Macro heuristic.....................: on
File heuristic......................: extended
Skipped files.......................: C:\System Volume Information, D:\System Volume Information, E:\System Volume Information, F:\System Volume Information,

Start of the scan: 19. října 2011 12:53

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting search for hidden objects.
Hidden driver
[NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts.

The scan of running processes will be started
Scan process 'PrintScreen.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'TOTALCMD.EXE' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'NclMSBTSrvEx.exe' - '1' Module(s) have been scanned
Scan process 'DisplayFusionHookx86.exe' - '1' Module(s) have been scanned
Scan process 'FNPLicensingService.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'NokiaMServer.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'TrueImageMonitor.exe' - '1' Module(s) have been scanned
Scan process 'JetTB.exe' - '1' Module(s) have been scanned
Scan process 'aura.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'NokiaOviSuite.exe' - '1' Module(s) have been scanned
Scan process 'fbserver.exe' - '1' Module(s) have been scanned
Scan process 'reinstall_svc.exe' - '1' Module(s) have been scanned
Scan process 'sua.exe' - '1' Module(s) have been scanned
Scan process 'fbguard.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'afcdpsrv.exe' - '1' Module(s) have been scanned
Scan process 'NetworkLicenseServer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

End of the scan: 19. října 2011 13:00
Used time: 04:36 Minute(s)

The scan has been done completely.

0 Scanned directories
27 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
27 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes
28985 Objects were scanned with rootkit scan
1 Hidden objects were found

[img]e:\Abacus\Avira01.jpg[/img]
[img]e:\Abacus\Avira02.jpg[/img]

Pakl · #4 Příspěvek od **Pakl** » 19 říj 2011 12:23

Tak se mně asi ty Print-screeny odeslat nepodařilo. Omlouvám se...

#5 Příspěvek od **vyosek** » 19 říj 2011 13:07

Z logu je videt ze neco nasla, ale neni videt co..

Navod na screen je zde http://viry.cz/forum/viewtopic.php?f=11&t=14114

A poprosim jeste o log z TDSSKilleru, je primo na disku kde jsou windows

Pakl · #6 Příspěvek od **Pakl** » 19 říj 2011 15:08

Dík velký za pomoc. Posílám log z TDSSKilleru, udělal jsem nový, Kašperští vydali upgrade. Posílám větší log, který program generuje po zakliknutí "Verify driver digital signatures" a "Detect TDLFS File System", snad to není chyba.
Obrázky jsem už nevkládal, je to pouze přehledová obrazovka, kolik souborů bylo prohlédnuto, kolik infikováno apod., jsou tam pouze dvě čísla, různá od nuly: jedno označuje počet skenovaných souborů (28985) druhé počet "hidden objects" (1). Ve všech ostatních případech je nula.

Log z TDSSK:

16:00:53.0160 1420 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
16:00:53.0510 1420 ============================================================
16:00:53.0510 1420 Current date / time: 2011/10/19 16:00:53.0510
16:00:53.0510 1420 SystemInfo:
16:00:53.0510 1420
16:00:53.0510 1420 OS Version: 6.1.7601 ServicePack: 1.0
16:00:53.0510 1420 Product type: Workstation
16:00:53.0510 1420 ComputerName: PAVEL-STŮL
16:00:53.0511 1420 UserName: Pavel
16:00:53.0511 1420 Windows directory: C:\Windows
16:00:53.0511 1420 System windows directory: C:\Windows
16:00:53.0511 1420 Running under WOW64
16:00:53.0511 1420 Processor architecture: Intel x64
16:00:53.0511 1420 Number of processors: 2
16:00:53.0511 1420 Page size: 0x1000
16:00:53.0511 1420 Boot type: Normal boot
16:00:53.0511 1420 ============================================================
16:00:54.0299 1420 Initialize success
16:00:58.0244 4944 ============================================================
16:00:58.0244 4944 Scan started
16:00:58.0244 4944 Mode: Manual;
16:00:58.0244 4944 ============================================================
16:00:59.0312 4944 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:00:59.0316 4944 1394ohci - ok
16:00:59.0365 4944 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:00:59.0370 4944 ACPI - ok
16:00:59.0388 4944 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:00:59.0393 4944 AcpiPmi - ok
16:00:59.0439 4944 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:00:59.0478 4944 adp94xx - ok
16:00:59.0509 4944 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:00:59.0521 4944 adpahci - ok
16:00:59.0536 4944 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:00:59.0545 4944 adpu320 - ok
16:00:59.0587 4944 afcdp (edeb1c2dae4050199b6f403fb0bed4f6) C:\Windows\system32\DRIVERS\afcdp.sys
16:00:59.0597 4944 afcdp - ok
16:00:59.0649 4944 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:00:59.0674 4944 AFD - ok
16:00:59.0796 4944 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:00:59.0819 4944 agp440 - ok
16:00:59.0848 4944 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:00:59.0853 4944 aliide - ok
16:00:59.0873 4944 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:00:59.0881 4944 amdide - ok
16:00:59.0898 4944 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:00:59.0900 4944 AmdK8 - ok
16:00:59.0909 4944 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:00:59.0918 4944 AmdPPM - ok
16:00:59.0949 4944 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:00:59.0957 4944 amdsata - ok
16:00:59.0978 4944 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:00:59.0988 4944 amdsbs - ok
16:01:00.0009 4944 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:01:00.0014 4944 amdxata - ok
16:01:00.0083 4944 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:01:00.0090 4944 AppID - ok
16:01:00.0124 4944 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:01:00.0132 4944 arc - ok
16:01:00.0144 4944 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:01:00.0152 4944 arcsas - ok
16:01:00.0231 4944 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:01:00.0235 4944 AsyncMac - ok
16:01:00.0270 4944 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:01:00.0276 4944 atapi - ok
16:01:00.0938 4944 atikmdag (aeae4abe6419923c037a0b2a157e1fc6) C:\Windows\system32\DRIVERS\atikmdag.sys
16:01:01.0027 4944 atikmdag - ok
16:01:01.0161 4944 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
16:01:01.0170 4944 avgntflt - ok
16:01:01.0240 4944 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
16:01:01.0249 4944 avipbb - ok
16:01:01.0269 4944 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:01:01.0275 4944 avkmgr - ok
16:01:01.0329 4944 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:01:01.0344 4944 b06bdrv - ok
16:01:01.0363 4944 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:01:01.0374 4944 b57nd60a - ok
16:01:01.0403 4944 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:01:01.0406 4944 Beep - ok
16:01:01.0452 4944 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:01:01.0457 4944 blbdrive - ok
16:01:01.0482 4944 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:01:01.0489 4944 bowser - ok
16:01:01.0498 4944 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:01:01.0505 4944 BrFiltLo - ok
16:01:01.0524 4944 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:01:01.0527 4944 BrFiltUp - ok
16:01:01.0543 4944 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:01:01.0555 4944 Brserid - ok
16:01:01.0572 4944 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:01:01.0577 4944 BrSerWdm - ok
16:01:01.0588 4944 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:01:01.0592 4944 BrUsbMdm - ok
16:01:01.0600 4944 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:01:01.0605 4944 BrUsbSer - ok
16:01:01.0615 4944 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:01:01.0622 4944 BTHMODEM - ok
16:01:01.0657 4944 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:01:01.0663 4944 cdfs - ok
16:01:01.0697 4944 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:01:01.0707 4944 cdrom - ok
16:01:01.0737 4944 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:01:01.0756 4944 circlass - ok
16:01:01.0781 4944 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:01:01.0786 4944 CLFS - ok
16:01:01.0852 4944 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:01:01.0865 4944 CmBatt - ok
16:01:01.0880 4944 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:01:01.0886 4944 cmdide - ok
16:01:01.0922 4944 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:01:01.0947 4944 CNG - ok
16:01:01.0975 4944 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:01:01.0981 4944 Compbatt - ok
16:01:02.0005 4944 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:01:02.0011 4944 CompositeBus - ok
16:01:02.0100 4944 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:01:02.0106 4944 crcdisk - ok
16:01:02.0141 4944 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:01:02.0157 4944 CSC - ok
16:01:02.0195 4944 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:01:02.0203 4944 DfsC - ok
16:01:02.0220 4944 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:01:02.0226 4944 discache - ok
16:01:02.0243 4944 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:01:02.0251 4944 Disk - ok
16:01:02.0304 4944 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:01:02.0307 4944 drmkaud - ok
16:01:02.0338 4944 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:01:02.0366 4944 DXGKrnl - ok
16:01:02.0450 4944 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:01:02.0513 4944 ebdrv - ok
16:01:02.0544 4944 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:01:02.0559 4944 elxstor - ok
16:01:02.0633 4944 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:01:02.0651 4944 ErrDev - ok
16:01:02.0683 4944 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:01:02.0696 4944 exfat - ok
16:01:02.0717 4944 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:01:02.0726 4944 fastfat - ok
16:01:02.0752 4944 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:01:02.0756 4944 fdc - ok
16:01:02.0782 4944 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:01:02.0789 4944 FileInfo - ok
16:01:02.0800 4944 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:01:02.0805 4944 Filetrace - ok
16:01:02.0855 4944 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:01:02.0859 4944 flpydisk - ok
16:01:02.0897 4944 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:01:02.0911 4944 FltMgr - ok
16:01:02.0928 4944 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:01:02.0937 4944 FsDepends - ok
16:01:02.0946 4944 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:01:02.0953 4944 Fs_Rec - ok
16:01:02.0988 4944 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:01:03.0003 4944 fvevol - ok
16:01:03.0013 4944 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:01:03.0023 4944 gagp30kx - ok
16:01:03.0055 4944 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:01:03.0061 4944 hcw85cir - ok
16:01:03.0097 4944 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:01:03.0112 4944 HdAudAddService - ok
16:01:03.0131 4944 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:01:03.0134 4944 HDAudBus - ok
16:01:03.0155 4944 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:01:03.0159 4944 HidBatt - ok
16:01:03.0174 4944 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:01:03.0185 4944 HidBth - ok
16:01:03.0194 4944 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:01:03.0210 4944 HidIr - ok
16:01:03.0247 4944 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:01:03.0255 4944 HidUsb - ok
16:01:03.0285 4944 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:01:03.0293 4944 HpSAMD - ok
16:01:03.0328 4944 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:01:03.0369 4944 HTTP - ok
16:01:03.0451 4944 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:01:03.0476 4944 hwpolicy - ok
16:01:03.0565 4944 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:01:03.0574 4944 i8042prt - ok
16:01:03.0608 4944 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:01:03.0621 4944 iaStorV - ok
16:01:03.0634 4944 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:01:03.0640 4944 iirsp - ok
16:01:03.0756 4944 IntcAzAudAddService (4bbb5a55eeb5ec11b20fcbb4cbb49357) C:\Windows\system32\drivers\RTKVHD64.sys
16:01:03.0818 4944 IntcAzAudAddService - ok
16:01:03.0842 4944 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:01:03.0847 4944 intelide - ok
16:01:03.0870 4944 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:01:03.0878 4944 intelppm - ok
16:01:03.0920 4944 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:01:03.0962 4944 IpFilterDriver - ok
16:01:03.0998 4944 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:01:04.0006 4944 IPMIDRV - ok
16:01:04.0020 4944 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:01:04.0030 4944 IPNAT - ok
16:01:04.0049 4944 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:01:04.0054 4944 IRENUM - ok
16:01:04.0074 4944 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:01:04.0079 4944 isapnp - ok
16:01:04.0103 4944 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:01:04.0116 4944 iScsiPrt - ok
16:01:04.0151 4944 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:01:04.0157 4944 kbdclass - ok
16:01:04.0181 4944 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:01:04.0186 4944 kbdhid - ok
16:01:04.0208 4944 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:01:04.0217 4944 KSecDD - ok
16:01:04.0244 4944 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:01:04.0254 4944 KSecPkg - ok
16:01:04.0270 4944 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:01:04.0275 4944 ksthunk - ok
16:01:04.0335 4944 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:01:04.0341 4944 lltdio - ok
16:01:04.0375 4944 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:01:04.0384 4944 LSI_FC - ok
16:01:04.0394 4944 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:01:04.0402 4944 LSI_SAS - ok
16:01:04.0415 4944 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:01:04.0423 4944 LSI_SAS2 - ok
16:01:04.0442 4944 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:01:04.0450 4944 LSI_SCSI - ok
16:01:04.0469 4944 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:01:04.0477 4944 luafv - ok
16:01:04.0494 4944 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:01:04.0501 4944 megasas - ok
16:01:04.0514 4944 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:01:04.0526 4944 MegaSR - ok
16:01:04.0569 4944 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:01:04.0579 4944 Modem - ok
16:01:04.0598 4944 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:01:04.0599 4944 monitor - ok
16:01:04.0632 4944 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:01:04.0639 4944 mouclass - ok
16:01:04.0650 4944 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:01:04.0655 4944 mouhid - ok
16:01:04.0728 4944 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:01:04.0746 4944 mountmgr - ok
16:01:04.0782 4944 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:01:04.0794 4944 mpio - ok
16:01:04.0817 4944 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:01:04.0824 4944 mpsdrv - ok
16:01:04.0870 4944 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:01:04.0881 4944 MRxDAV - ok
16:01:04.0908 4944 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:01:04.0909 4944 mrxsmb - ok
16:01:04.0956 4944 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:01:04.0974 4944 mrxsmb10 - ok
16:01:04.0999 4944 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:01:05.0007 4944 mrxsmb20 - ok
16:01:05.0035 4944 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:01:05.0043 4944 msahci - ok
16:01:05.0080 4944 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:01:05.0091 4944 msdsm - ok
16:01:05.0132 4944 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:01:05.0146 4944 Msfs - ok
16:01:05.0171 4944 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:01:05.0174 4944 mshidkmdf - ok
16:01:05.0193 4944 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:01:05.0199 4944 msisadrv - ok
16:01:05.0226 4944 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:01:05.0230 4944 MSKSSRV - ok
16:01:05.0241 4944 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:01:05.0244 4944 MSPCLOCK - ok
16:01:05.0259 4944 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:01:05.0263 4944 MSPQM - ok
16:01:05.0289 4944 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:01:05.0301 4944 MsRPC - ok
16:01:05.0317 4944 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:01:05.0318 4944 mssmbios - ok
16:01:05.0328 4944 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:01:05.0333 4944 MSTEE - ok
16:01:05.0341 4944 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:01:05.0346 4944 MTConfig - ok
16:01:05.0377 4944 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:01:05.0384 4944 Mup - ok
16:01:05.0413 4944 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:01:05.0426 4944 NativeWifiP - ok
16:01:05.0457 4944 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:01:05.0469 4944 NDIS - ok
16:01:05.0479 4944 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:01:05.0486 4944 NdisCap - ok
16:01:05.0510 4944 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:01:05.0515 4944 NdisTapi - ok
16:01:05.0542 4944 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:01:05.0556 4944 Ndisuio - ok
16:01:05.0587 4944 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:01:05.0597 4944 NdisWan - ok
16:01:05.0655 4944 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:01:05.0675 4944 NDProxy - ok
16:01:05.0694 4944 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:01:05.0700 4944 NetBIOS - ok
16:01:05.0722 4944 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:01:05.0735 4944 NetBT - ok
16:01:05.0780 4944 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:01:05.0789 4944 nfrd960 - ok
16:01:05.0815 4944 nmwcd (88f2f2cb9faee2e14bccf384f4c88061) C:\Windows\system32\drivers\ccdcmbx64.sys
16:01:05.0821 4944 nmwcd - ok
16:01:05.0852 4944 nmwcdc (31c1fac4ae14fb2f8771c59ba3f90bad) C:\Windows\system32\drivers\ccdcmbox64.sys
16:01:05.0858 4944 nmwcdc - ok
16:01:05.0878 4944 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:01:05.0883 4944 Npfs - ok
16:01:05.0903 4944 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:01:05.0907 4944 nsiproxy - ok
16:01:05.0963 4944 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:01:05.0996 4944 Ntfs - ok
16:01:06.0012 4944 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:01:06.0016 4944 Null - ok
16:01:06.0055 4944 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
16:01:06.0069 4944 NVENETFD - ok
16:01:06.0153 4944 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
16:01:06.0188 4944 NVNET - ok
16:01:06.0226 4944 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:01:06.0235 4944 nvraid - ok
16:01:06.0259 4944 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:01:06.0268 4944 nvstor - ok
16:01:06.0289 4944 nvstor64 (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys
16:01:06.0292 4944 nvstor64 - ok
16:01:06.0343 4944 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:01:06.0353 4944 nv_agp - ok
16:01:06.0382 4944 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:01:06.0390 4944 ohci1394 - ok
16:01:06.0464 4944 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:01:06.0472 4944 Parport - ok
16:01:06.0500 4944 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:01:06.0508 4944 partmgr - ok
16:01:06.0555 4944 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
16:01:06.0556 4944 pccsmcfd - ok
16:01:06.0584 4944 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:01:06.0587 4944 pci - ok
16:01:06.0606 4944 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:01:06.0611 4944 pciide - ok
16:01:06.0635 4944 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:01:06.0670 4944 pcmcia - ok
16:01:06.0726 4944 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:01:06.0736 4944 pcw - ok
16:01:06.0759 4944 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:01:06.0801 4944 PEAUTH - ok
16:01:06.0890 4944 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:01:06.0898 4944 PptpMiniport - ok
16:01:06.0908 4944 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:01:06.0916 4944 Processor - ok
16:01:06.0970 4944 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:01:06.0980 4944 Psched - ok
16:01:07.0032 4944 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
16:01:07.0037 4944 PSI - ok
16:01:07.0080 4944 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:01:07.0111 4944 ql2300 - ok
16:01:07.0122 4944 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:01:07.0132 4944 ql40xx - ok
16:01:07.0146 4944 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:01:07.0153 4944 QWAVEdrv - ok
16:01:07.0163 4944 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:01:07.0173 4944 RasAcd - ok
16:01:07.0202 4944 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:01:07.0209 4944 RasAgileVpn - ok
16:01:07.0242 4944 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:01:07.0254 4944 Rasl2tp - ok
16:01:07.0275 4944 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:01:07.0284 4944 RasPppoe - ok
16:01:07.0301 4944 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:01:07.0309 4944 RasSstp - ok
16:01:07.0332 4944 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:01:07.0349 4944 rdbss - ok
16:01:07.0371 4944 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:01:07.0375 4944 rdpbus - ok
16:01:07.0396 4944 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:01:07.0400 4944 RDPCDD - ok
16:01:07.0448 4944 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:01:07.0457 4944 RDPDR - ok
16:01:07.0475 4944 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:01:07.0478 4944 RDPENCDD - ok
16:01:07.0499 4944 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:01:07.0502 4944 RDPREFMP - ok
16:01:07.0526 4944 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:01:07.0535 4944 RDPWD - ok
16:01:07.0561 4944 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:01:07.0573 4944 rdyboost - ok
16:01:07.0618 4944 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:01:07.0625 4944 rspndr - ok
16:01:07.0651 4944 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:01:07.0655 4944 s3cap - ok
16:01:07.0703 4944 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
16:01:07.0708 4944 SASDIFSV - ok
16:01:07.0731 4944 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
16:01:07.0735 4944 SASKUTIL - ok
16:01:07.0756 4944 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:01:07.0764 4944 sbp2port - ok
16:01:07.0796 4944 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:01:07.0807 4944 scfilter - ok
16:01:07.0864 4944 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:01:07.0869 4944 secdrv - ok
16:01:07.0918 4944 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:01:07.0922 4944 Serenum - ok
16:01:07.0943 4944 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:01:07.0951 4944 Serial - ok
16:01:07.0968 4944 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:01:07.0972 4944 sermouse - ok
16:01:08.0032 4944 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:01:08.0063 4944 sffdisk - ok
16:01:08.0083 4944 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:01:08.0088 4944 sffp_mmc - ok
16:01:08.0103 4944 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:01:08.0107 4944 sffp_sd - ok
16:01:08.0124 4944 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:01:08.0127 4944 sfloppy - ok
16:01:08.0145 4944 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:01:08.0154 4944 SiSRaid2 - ok
16:01:08.0170 4944 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:01:08.0179 4944 SiSRaid4 - ok
16:01:08.0216 4944 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:01:08.0224 4944 Smb - ok
16:01:08.0276 4944 snapman (b2c19ae46c5a109679b4fb38058df05a) C:\Windows\system32\DRIVERS\snapman.sys
16:01:08.0295 4944 snapman - ok
16:01:08.0326 4944 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:01:08.0331 4944 spldr - ok
16:01:08.0356 4944 MBR (0x1B8) (d1ad4c53eadd115593e05fa56d6b9dea) \Device\Harddisk0\DR0
16:01:08.0702 4944 \Device\Harddisk0\DR0 - ok
16:01:08.0707 4944 MBR (0x1B8) (d1ad4c53eadd115593e05fa56d6b9dea) \Device\Harddisk1\DR1
16:01:09.0058 4944 \Device\Harddisk1\DR1 - ok
16:01:09.0073 4944 Boot (0x1200) (bfa7041c50e4ec32edfb86bc58dafb1b) \Device\Harddisk0\DR0\Partition0
16:01:09.0074 4944 \Device\Harddisk0\DR0\Partition0 - ok
16:01:09.0093 4944 Boot (0x1200) (6bce7d69ec597a477d96a78101847ae0) \Device\Harddisk0\DR0\Partition1
16:01:09.0113 4944 \Device\Harddisk0\DR0\Partition1 - ok
16:01:09.0147 4944 Boot (0x1200) (292fe5c5c7ef24cf3f102b0839d5c398) \Device\Harddisk0\DR0\Partition2
16:01:09.0148 4944 \Device\Harddisk0\DR0\Partition2 - ok
16:01:09.0155 4944 Boot (0x1200) (2359426677412649fee681cd7058ba21) \Device\Harddisk1\DR1\Partition0
16:01:09.0155 4944 \Device\Harddisk1\DR1\Partition0 - ok
16:01:09.0158 4944 ============================================================
16:01:09.0158 4944 Scan finished
16:01:09.0158 4944 ============================================================
16:01:09.0176 5504 Detected object count: 0
16:01:09.0176 5504 Actual detected object count: 0
16:01:19.0177 1496 ============================================================
16:01:19.0177 1496 Scan started
16:01:19.0177 1496 Mode: Manual; SigCheck; TDLFS;
16:01:19.0177 1496 ============================================================
16:01:19.0597 1496 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:01:19.0691 1496 1394ohci - ok
16:01:19.0764 1496 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:01:19.0785 1496 ACPI - ok
16:01:19.0806 1496 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:01:19.0857 1496 AcpiPmi - ok
16:01:19.0948 1496 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:01:19.0971 1496 adp94xx - ok
16:01:19.0993 1496 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:01:20.0013 1496 adpahci - ok
16:01:20.0073 1496 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:01:20.0091 1496 adpu320 - ok
16:01:20.0221 1496 afcdp (edeb1c2dae4050199b6f403fb0bed4f6) C:\Windows\system32\DRIVERS\afcdp.sys
16:01:20.0286 1496 afcdp - ok
16:01:20.0384 1496 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:01:20.0434 1496 AFD - ok
16:01:20.0463 1496 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:01:20.0477 1496 agp440 - ok
16:01:20.0499 1496 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:01:20.0512 1496 aliide - ok
16:01:20.0520 1496 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:01:20.0535 1496 amdide - ok
16:01:20.0582 1496 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:01:20.0626 1496 AmdK8 - ok
16:01:20.0643 1496 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:01:20.0673 1496 AmdPPM - ok
16:01:20.0741 1496 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:01:20.0757 1496 amdsata - ok
16:01:20.0820 1496 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:01:20.0838 1496 amdsbs - ok
16:01:20.0860 1496 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:01:20.0874 1496 amdxata - ok
16:01:20.0926 1496 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:01:21.0038 1496 AppID - ok
16:01:21.0066 1496 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:01:21.0081 1496 arc - ok
16:01:21.0136 1496 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:01:21.0151 1496 arcsas - ok
16:01:21.0182 1496 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:01:21.0368 1496 AsyncMac - ok
16:01:21.0404 1496 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:01:21.0420 1496 atapi - ok
16:01:21.0655 1496 atikmdag (aeae4abe6419923c037a0b2a157e1fc6) C:\Windows\system32\DRIVERS\atikmdag.sys
16:01:21.0764 1496 atikmdag - ok
16:01:21.0895 1496 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
16:01:21.0909 1496 avgntflt - ok
16:01:21.0986 1496 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
16:01:22.0001 1496 avipbb - ok
16:01:22.0045 1496 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:01:22.0057 1496 avkmgr - ok
16:01:22.0192 1496 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:01:22.0248 1496 b06bdrv - ok
16:01:22.0273 1496 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:01:22.0321 1496 b57nd60a - ok
16:01:22.0354 1496 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:01:22.0404 1496 Beep - ok
16:01:22.0427 1496 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:01:22.0445 1496 blbdrive - ok
16:01:22.0474 1496 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:01:22.0513 1496 bowser - ok
16:01:22.0522 1496 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:01:22.0567 1496 BrFiltLo - ok
16:01:22.0616 1496 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:01:22.0636 1496 BrFiltUp - ok
16:01:22.0739 1496 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:01:22.0784 1496 Brserid - ok
16:01:22.0806 1496 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:01:22.0842 1496 BrSerWdm - ok
16:01:22.0857 1496 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:01:22.0895 1496 BrUsbMdm - ok
16:01:22.0903 1496 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:01:22.0924 1496 BrUsbSer - ok
16:01:22.0934 1496 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:01:22.0975 1496 BTHMODEM - ok
16:01:23.0008 1496 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:01:23.0063 1496 cdfs - ok
16:01:23.0109 1496 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:01:23.0139 1496 cdrom - ok
16:01:23.0162 1496 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:01:23.0197 1496 circlass - ok
16:01:23.0249 1496 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:01:23.0270 1496 CLFS - ok
16:01:23.0353 1496 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:01:23.0379 1496 CmBatt - ok
16:01:23.0398 1496 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:01:23.0411 1496 cmdide - ok
16:01:23.0457 1496 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:01:23.0494 1496 CNG - ok
16:01:23.0509 1496 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:01:23.0523 1496 Compbatt - ok
16:01:23.0589 1496 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:01:23.0615 1496 CompositeBus - ok
16:01:23.0629 1496 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:01:23.0642 1496 crcdisk - ok
16:01:23.0752 1496 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:01:23.0804 1496 CSC - ok
16:01:23.0846 1496 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:01:23.0896 1496 DfsC - ok
16:01:23.0921 1496 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:01:23.0968 1496 discache - ok
16:01:23.0985 1496 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:01:24.0000 1496 Disk - ok
16:01:24.0071 1496 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:01:24.0105 1496 drmkaud - ok
16:01:24.0138 1496 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:01:24.0170 1496 DXGKrnl - ok
16:01:24.0352 1496 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:01:24.0424 1496 ebdrv - ok
16:01:24.0470 1496 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:01:24.0492 1496 elxstor - ok
16:01:24.0534 1496 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:01:24.0557 1496 ErrDev - ok
16:01:24.0621 1496 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:01:24.0680 1496 exfat - ok
16:01:24.0701 1496 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:01:24.0755 1496 fastfat - ok
16:01:24.0794 1496 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:01:24.0822 1496 fdc - ok
16:01:24.0849 1496 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:01:24.0864 1496 FileInfo - ok
16:01:24.0888 1496 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:01:24.0935 1496 Filetrace - ok
16:01:24.0989 1496 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:01:25.0005 1496 flpydisk - ok
16:01:25.0039 1496 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:01:25.0059 1496 FltMgr - ok
16:01:25.0109 1496 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:01:25.0124 1496 FsDepends - ok
16:01:25.0135 1496 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:01:25.0149 1496 Fs_Rec - ok
16:01:25.0180 1496 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:01:25.0201 1496 fvevol - ok
16:01:25.0257 1496 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:01:25.0272 1496 gagp30kx - ok
16:01:25.0335 1496 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:01:25.0370 1496 hcw85cir - ok
16:01:25.0447 1496 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:01:25.0475 1496 HdAudAddService - ok
16:01:25.0498 1496 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:01:25.0520 1496 HDAudBus - ok
16:01:25.0547 1496 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:01:25.0566 1496 HidBatt - ok
16:01:25.0579 1496 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:01:25.0644 1496 HidBth - ok
16:01:25.0653 1496 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:01:25.0677 1496 HidIr - ok
16:01:25.0706 1496 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:01:25.0731 1496 HidUsb - ok
16:01:25.0761 1496 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:01:25.0775 1496 HpSAMD - ok
16:01:25.0804 1496 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:01:25.0869 1496 HTTP - ok
16:01:25.0902 1496 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:01:25.0916 1496 hwpolicy - ok
16:01:25.0965 1496 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:01:25.0983 1496 i8042prt - ok
16:01:26.0074 1496 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:01:26.0095 1496 iaStorV - ok
16:01:26.0124 1496 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:01:26.0138 1496 iirsp - ok
16:01:26.0322 1496 IntcAzAudAddService (4bbb5a55eeb5ec11b20fcbb4cbb49357) C:\Windows\system32\drivers\RTKVHD64.sys
16:01:26.0388 1496 IntcAzAudAddService - ok
16:01:26.0418 1496 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:01:26.0432 1496 intelide - ok
16:01:26.0464 1496 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:01:26.0489 1496 intelppm - ok
16:01:26.0521 1496 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:01:26.0575 1496 IpFilterDriver - ok
16:01:26.0648 1496 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:01:26.0667 1496 IPMIDRV - ok
16:01:26.0684 1496 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:01:26.0748 1496 IPNAT - ok
16:01:26.0757 1496 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:01:26.0804 1496 IRENUM - ok
16:01:26.0824 1496 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:01:26.0839 1496 isapnp - ok
16:01:26.0870 1496 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:01:26.0888 1496 iScsiPrt - ok
16:01:26.0927 1496 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:01:26.0942 1496 kbdclass - ok
16:01:26.0965 1496 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:01:26.0997 1496 kbdhid - ok
16:01:27.0025 1496 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:01:27.0041 1496 KSecDD - ok
16:01:27.0086 1496 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:01:27.0103 1496 KSecPkg - ok
16:01:27.0129 1496 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:01:27.0175 1496 ksthunk - ok
16:01:27.0211 1496 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:01:27.0257 1496 lltdio - ok
16:01:27.0284 1496 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:01:27.0300 1496 LSI_FC - ok
16:01:27.0337 1496 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:01:27.0353 1496 LSI_SAS - ok
16:01:27.0424 1496 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:01:27.0439 1496 LSI_SAS2 - ok
16:01:27.0468 1496 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:01:27.0483 1496 LSI_SCSI - ok
16:01:27.0503 1496 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:01:27.0551 1496 luafv - ok
16:01:27.0590 1496 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:01:27.0605 1496 megasas - ok
16:01:27.0623 1496 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:01:27.0641 1496 MegaSR - ok
16:01:27.0687 1496 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:01:27.0737 1496 Modem - ok
16:01:27.0782 1496 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:01:27.0808 1496 monitor - ok
16:01:27.0857 1496 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:01:27.0872 1496 mouclass - ok
16:01:27.0881 1496 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:01:27.0912 1496 mouhid - ok
16:01:27.0937 1496 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:01:27.0952 1496 mountmgr - ok
16:01:28.0044 1496 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:01:28.0060 1496 mpio - ok
16:01:28.0093 1496 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:01:28.0145 1496 mpsdrv - ok
16:01:28.0180 1496 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:01:28.0215 1496 MRxDAV - ok
16:01:28.0258 1496 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:01:28.0296 1496 mrxsmb - ok
16:01:28.0339 1496 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:01:28.0364 1496 mrxsmb10 - ok
16:01:28.0383 1496 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:01:28.0401 1496 mrxsmb20 - ok
16:01:28.0527 1496 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:01:28.0541 1496 msahci - ok
16:01:28.0631 1496 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:01:28.0646 1496 msdsm - ok
16:01:28.0741 1496 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:01:28.0786 1496 Msfs - ok
16:01:28.0805 1496 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:01:28.0855 1496 mshidkmdf - ok
16:01:28.0869 1496 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:01:28.0882 1496 msisadrv - ok
16:01:28.0900 1496 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:01:28.0954 1496 MSKSSRV - ok
16:01:28.0963 1496 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:01:29.0010 1496 MSPCLOCK - ok
16:01:29.0035 1496 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:01:29.0089 1496 MSPQM - ok
16:01:29.0123 1496 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:01:29.0144 1496 MsRPC - ok
16:01:29.0176 1496 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:01:29.0190 1496 mssmbios - ok
16:01:29.0200 1496 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:01:29.0252 1496 MSTEE - ok
16:01:29.0285 1496 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:01:29.0313 1496 MTConfig - ok
16:01:29.0327 1496 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:01:29.0342 1496 Mup - ok
16:01:29.0363 1496 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:01:29.0393 1496 NativeWifiP - ok
16:01:29.0425 1496 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:01:29.0455 1496 NDIS - ok
16:01:29.0466 1496 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:01:29.0520 1496 NdisCap - ok
16:01:29.0536 1496 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:01:29.0595 1496 NdisTapi - ok
16:01:29.0659 1496 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:01:29.0704 1496 Ndisuio - ok
16:01:29.0729 1496 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:01:29.0785 1496 NdisWan - ok
16:01:29.0814 1496 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:01:29.0868 1496 NDProxy - ok
16:01:29.0886 1496 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:01:29.0932 1496 NetBIOS - ok
16:01:29.0948 1496 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:01:30.0005 1496 NetBT - ok
16:01:30.0048 1496 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:01:30.0062 1496 nfrd960 - ok
16:01:30.0124 1496 nmwcd (88f2f2cb9faee2e14bccf384f4c88061) C:\Windows\system32\drivers\ccdcmbx64.sys
16:01:30.0178 1496 nmwcd - ok
16:01:30.0211 1496 nmwcdc (31c1fac4ae14fb2f8771c59ba3f90bad) C:\Windows\system32\drivers\ccdcmbox64.sys
16:01:30.0268 1496 nmwcdc - ok
16:01:30.0295 1496 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:01:30.0350 1496 Npfs - ok
16:01:30.0378 1496 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:01:30.0424 1496 nsiproxy - ok
16:01:30.0472 1496 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:01:30.0515 1496 Ntfs - ok
16:01:30.0577 1496 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:01:30.0629 1496 Null - ok
16:01:30.0690 1496 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
16:01:30.0713 1496 NVENETFD - ok
16:01:30.0788 1496 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
16:01:30.0806 1496 NVNET - ok
16:01:30.0835 1496 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:01:30.0851 1496 nvraid - ok
16:01:30.0927 1496 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:01:30.0944 1496 nvstor - ok
16:01:30.0973 1496 nvstor64 (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys
16:01:30.0989 1496 nvstor64 - ok
16:01:31.0077 1496 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:01:31.0093 1496 nv_agp - ok
16:01:31.0158 1496 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:01:31.0192 1496 ohci1394 - ok
16:01:31.0265 1496 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:01:31.0289 1496 Parport - ok
16:01:31.0317 1496 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:01:31.0332 1496 partmgr - ok
16:01:31.0364 1496 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
16:01:31.0388 1496 pccsmcfd - ok
16:01:31.0435 1496 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:01:31.0452 1496 pci - ok
16:01:31.0482 1496 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:01:31.0495 1496 pciide - ok
16:01:31.0528 1496 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:01:31.0545 1496 pcmcia - ok
16:01:31.0560 1496 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:01:31.0574 1496 pcw - ok
16:01:31.0601 1496 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:01:31.0667 1496 PEAUTH - ok
16:01:31.0774 1496 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:01:31.0833 1496 PptpMiniport - ok
16:01:31.0858 1496 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:01:31.0892 1496 Processor - ok
16:01:31.0939 1496 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:01:32.0007 1496 Psched - ok
16:01:32.0049 1496 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
16:01:32.0061 1496 PSI - ok
16:01:32.0131 1496 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:01:32.0173 1496 ql2300 - ok
16:01:32.0189 1496 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:01:32.0206 1496 ql40xx - ok
16:01:32.0244 1496 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:01:32.0267 1496 QWAVEdrv - ok
16:01:32.0287 1496 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:01:32.0335 1496 RasAcd - ok
16:01:32.0361 1496 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:01:32.0425 1496 RasAgileVpn - ok
16:01:32.0461 1496 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:01:32.0513 1496 Rasl2tp - ok
16:01:32.0542 1496 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:01:32.0589 1496 RasPppoe - ok
16:01:32.0618 1496 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:01:32.0672 1496 RasSstp - ok
16:01:32.0741 1496 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:01:32.0791 1496 rdbss - ok
16:01:32.0813 1496 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:01:32.0834 1496 rdpbus - ok
16:01:32.0847 1496 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:01:32.0892 1496 RDPCDD - ok
16:01:32.0932 1496 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:01:32.0974 1496 RDPDR - ok
16:01:32.0993 1496 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:01:33.0038 1496 RDPENCDD - ok
16:01:33.0141 1496 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:01:33.0210 1496 RDPREFMP - ok
16:01:33.0244 1496 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:01:33.0290 1496 RDPWD - ok
16:01:33.0362 1496 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:01:33.0379 1496 rdyboost - ok
16:01:33.0419 1496 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:01:33.0473 1496 rspndr - ok
16:01:33.0518 1496 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:01:33.0546 1496 s3cap - ok
16:01:33.0595 1496 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
16:01:33.0607 1496 SASDIFSV - ok
16:01:33.0623 1496 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
16:01:33.0634 1496 SASKUTIL - ok
16:01:33.0657 1496 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:01:33.0673 1496 sbp2port - ok
16:01:33.0714 1496 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:01:33.0758 1496 scfilter - ok
16:01:33.0831 1496 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:01:33.0885 1496 secdrv - ok
16:01:33.0943 1496 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:01:33.0960 1496 Serenum - ok
16:01:33.0985 1496 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:01:34.0004 1496 Serial - ok
16:01:34.0019 1496 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:01:34.0045 1496 sermouse - ok
16:01:34.0091 1496 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:01:34.0126 1496 sffdisk - ok
16:01:34.0142 1496 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:01:34.0167 1496 sffp_mmc - ok
16:01:34.0187 1496 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:01:34.0217 1496 sffp_sd - ok
16:01:34.0241 1496 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:01:34.0275 1496 sfloppy - ok
16:01:34.0294 1496 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:01:34.0308 1496 SiSRaid2 - ok
16:01:34.0320 1496 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:01:34.0335 1496 SiSRaid4 - ok
16:01:34.0359 1496 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:01:34.0419 1496 Smb - ok
16:01:34.0462 1496 snapman (b2c19ae46c5a109679b4fb38058df05a) C:\Windows\system32\DRIVERS\snapman.sys
16:01:34.0478 1496 snapman - ok
16:01:34.0560 1496 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:01:34.0574 1496 spldr - ok
16:01:34.0632 1496 MBR (0x1B8) (d1ad4c53eadd115593e05fa56d6b9dea) \Device\Harddisk0\DR0
16:01:35.0036 1496 \Device\Harddisk0\DR0 - ok
16:01:35.0043 1496 MBR (0x1B8) (d1ad4c53eadd115593e05fa56d6b9dea) \Device\Harddisk1\DR1
16:01:35.0473 1496 \Device\Harddisk1\DR1 - ok
16:01:35.0490 1496 Boot (0x1200) (bfa7041c50e4ec32edfb86bc58dafb1b) \Device\Harddisk0\DR0\Partition0
16:01:35.0492 1496 \Device\Harddisk0\DR0\Partition0 - ok
16:01:35.0511 1496 Boot (0x1200) (6bce7d69ec597a477d96a78101847ae0) \Device\Harddisk0\DR0\Partition1
16:01:35.0512 1496 \Device\Harddisk0\DR0\Partition1 - ok
16:01:35.0548 1496 Boot (0x1200) (292fe5c5c7ef24cf3f102b0839d5c398) \Device\Harddisk0\DR0\Partition2
16:01:35.0549 1496 \Device\Harddisk0\DR0\Partition2 - ok
16:01:35.0555 1496 Boot (0x1200) (2359426677412649fee681cd7058ba21) \Device\Harddisk1\DR1\Partition0
16:01:35.0555 1496 \Device\Harddisk1\DR1\Partition0 - ok
16:01:35.0560 1496 ============================================================
16:01:35.0560 1496 Scan finished
16:01:35.0560 1496 ============================================================
16:01:35.0578 4488 Detected object count: 0
16:01:35.0578 4488 Actual detected object count: 0
16:01:46.0468 2464 Deinitialize success

Pakl · #7 Příspěvek od **Pakl** » 19 říj 2011 15:13

Ještě mě napadlo, nemůže-li to souviset: Avira Free 2012 při instalaci hlásila, že dva programy musí být manuálně odinstalovány kvůli možnému konfliktu: SpywareBlaster a ZoneLab - firewall. Neudělal jsem to, protožeš právě kombinaci Aviry a ZoneLab na tomto fóru kdosi doporučoval jako vhodnou.

Jestli výše uvedený log z TDSSK prozrazoval z identity mého PC něco nevhodného, prosím, smažte to, tak daleko mé počítačové ne/znalosti nesahhají.

#8 Příspěvek od **vyosek** » 19 říj 2011 15:29

ZoneAlarm je dobry FW, otazkou je jestli jste si nenainstaloval tu verzi Aviry, ktera FW ma. Spyware Blaster dejte kazdopadne do pryc, to neni dobr antiSpy.

Neukazuje avira cestu k tomu hidden objektu

Log z TDSSKilleru je cisty, ale udela lepsi sken na skryte hrozby\rootkity

Stahnete SPTD http://www.duplexsecure.com/en/downloads

Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
Ulozte na plochu a spustte
Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

Ulozte na plochu a spustte
Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe ale nespoustejte

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\desktop\mbr" -t -s
```
Kliknete na OK
Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Dejte logy z Gmeru - viz muj podpis

Pakl · #9 Příspěvek od **Pakl** » 19 říj 2011 17:45

Nu, vše jdsem udělal, moc dobře jsem nedopadl:
Defogger proběhl, udělal. SPTD neproběhl, říkal, že nemá co dělat. MBR exe vybeneroval log podle mého názoru smutný:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Neplatný popisovač.
kernel: error reading MBR

Podobně gmer1, ten má velikost 0, nelze totiž zakliknout nic z pravého sloupce možností, kromě tří posledních (services, registry, files) a ostatních partiton (ale ty jsem nezaškrtával, jen C:).
Gmer 2:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-19 18:34:39
Windows 6.1.7601 Service Pack 1
Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF8 0x02 0xE1 0x35 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF8 0x02 0xE1 0x35 ...

---- EOF - GMER 1.0.15 ----

Napadlo mě: je-li problém v MBR, užívám Acronis True Image, který vždy při obnově systému z image nabízí obnovu MBR, tu nedělám. Mám nyní zálohu systému ze 30.9. a z 12.10. Nemohl bych z ní obnovit pouze MBR (celý disk C: bych nerad, jsou tam změny, jen v krajním případě...)

K AV Avira: možnost FW v něm opravdu je, ale nejde spustit, alespoň to neumím. FW je v kapitole "Ochrana internetu" a je to zašedlé, myslím, že to lze spustit pouze při registraci (placené, jak mám za to).
Moc dík.

#10 Příspěvek od **vyosek** » 19 říj 2011 17:51

Moznosti gmeru OK - on ma x64 bit OS je omezeny

Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.

Utilitu spustte a prikazte ji, at skenuje - klik na Scan
Kliknutim na Save log ulozte log aswMBR na plochu
Obsah logu aswMBR mi sem vlozte

MBR netreba obnovovat kdyz neni napadnuty haveti

Pakl · #11 Příspěvek od **Pakl** » 19 říj 2011 19:50

Scan proveden, nechal jsem mu udělat aktualizaci databáze virů (asi 50MB), nechal jsem vlevo dole defaultní výběr "Quick Scan" a zakliknuté "Trace disk IO calls", což nevím, co je.
Log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-19 20:37:41
-----------------------------
20:37:41.899 OS Version: Windows x64 6.1.7601 Service Pack 1
20:37:41.899 Number of processors: 2 586 0x4B02
20:37:41.900 ComputerName: PAVEL-STŮL UserName: Pavel
20:37:42.557 Initialize success
20:39:01.647 AVAST engine defs: 11101901
20:39:38.952 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
20:39:38.955 Disk 0 Vendor: WDC_WD50 05.0 Size: 476938MB BusType: 3
20:39:38.958 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000063
20:39:38.961 Disk 1 Vendor: WDC_WD16 05.0 Size: 152626MB BusType: 3
20:39:40.982 Disk 0 MBR read successfully
20:39:40.985 Disk 0 MBR scan
20:39:40.993 Disk 0 unknown MBR code
20:39:40.996 Service scanning
20:39:44.518 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
20:39:45.205 Modules scanning
20:39:45.208 Disk 0 trace - called modules:
20:39:45.224 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
20:39:45.228 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80051fd5a0]
20:39:45.232 3 CLASSPNP.SYS[fffff8800184d43f] -> nt!IofCallDriver -> [0xfffffa8004e11e40]
20:39:45.235 5 ACPI.sys[fffff88000e4e7a1] -> nt!IofCallDriver -> \Device\00000062[0xfffffa8004d9b060]
20:39:46.321 AVAST engine scan C:\Windows
20:39:48.390 AVAST engine scan C:\Windows\system32
20:42:07.776 AVAST engine scan C:\Windows\system32\drivers
20:42:20.696 AVAST engine scan C:\Users\Pavel
20:44:43.347 AVAST engine scan C:\ProgramData
20:45:24.865 Scan finished successfully
20:45:43.711 Disk 0 MBR has been saved successfully to ...tohle jsem vymazal, snad to navadí, je to moje casta k datům.
20:45:43.734 The log file has been saved successfully to ...tohle jsem vymazal, snad to navadí,...

#12 Příspěvek od **vyosek** » 19 říj 2011 19:58

Pakl píše: 20:45:43.711 Disk 0 MBR has been saved successfully to ...tohle jsem vymazal, snad to navadí, je to moje casta k datům.

OK, jen ten soubor otestujte na virustotal, pro sichr

VirusTotalu (viz muj podpis)

Kliknete na Prochazet
Najdete soubor ktery chci otestovat
Kliknete na Send File
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

Pakl · #13 Příspěvek od **Pakl** » 19 říj 2011 20:09

Jasně, ale který soubor mám oteystovat? Nějak nemůžu najít, o který jde...

#14 Příspěvek od **vyosek** » 19 říj 2011 20:14

Je na te ceste co jste odmazal

Cestu najdete v tom logu co mate vytvoreny

Pakl · #15 Příspěvek od **Pakl** » 19 říj 2011 20:21

Aha, snad jsem správně pochopil, že jde o soubor MBR.dat. Virustotal hlásí:

Antivirus Version Last Update Result
AhnLab-V3 2011.10.19.00 2011.10.19 -
AntiVir 7.11.16.72 2011.10.19 -
Antiy-AVL 2.0.3.7 2011.10.19 -
Avast 6.0.1289.0 2011.10.19 -
AVG 10.0.0.1190 2011.10.18 -
BitDefender 7.2 2011.10.19 -
ByteHero 1.0.0.1 2011.09.23 -
CAT-QuickHeal 11.00 2011.10.19 -
ClamAV 0.97.0.0 2011.10.19 -
Commtouch 5.3.2.6 2011.10.19 -
Comodo 10498 2011.10.19 -
DrWeb 5.0.2.03300 2011.10.19 -
Emsisoft 5.1.0.11 2011.10.19 -
eSafe 7.0.17.0 2011.10.17 -
eTrust-Vet 36.1.8627 2011.10.19 -
F-Prot 4.6.5.141 2011.10.19 -
F-Secure 9.0.16440.0 2011.10.19 -
Fortinet 4.3.370.0 2011.10.19 -
GData 22 2011.10.19 -
Ikarus T3.1.1.107.0 2011.10.19 -
Jiangmin 13.0.900 2011.10.19 -
K7AntiVirus 9.115.5313 2011.10.19 -
Kaspersky 9.0.0.837 2011.10.19 -
McAfee 5.400.0.1158 2011.10.19 -
McAfee-GW-Edition 2010.1D 2011.10.19 -
Microsoft 1.7801 2011.10.19 -
NOD32 6558 2011.10.19 -
Norman 6.07.13 2011.10.19 -
nProtect 2011-10-19.02 2011.10.19 -
Panda 10.0.3.5 2011.10.19 -
PCTools 8.0.0.5 2011.10.19 -
Prevx 3.0 2011.10.19 -
Rising 23.80.02.03 2011.10.19 -
Sophos 4.70.0 2011.10.19 -
SUPERAntiSpyware 4.40.0.1006 2011.10.19 -
Symantec 20111.2.0.82 2011.10.19 -
TheHacker 6.7.0.1.325 2011.10.18 -
TrendMicro 9.500.0.1008 2011.10.19 -
TrendMicro-HouseCall 9.500.0.1008 2011.10.19 -
VBA32 3.12.16.4 2011.10.19 -
VIPRE 10811 2011.10.19 -
ViRobot 2011.10.19.4727 2011.10.19 -
VirusBuster 14.1.20.0 2011.10.19 -
Additional information
MD5 : bdb87523db482ef82671351635d26ece
SHA1 : 1cc41fe1f5fb8dce7c565f7846516de0424e0ff9
SHA256: 0f65deaa294ba0a0c6fd7795bd00de691e0d5b044a935513cc35300579224277
ssdeep: 12:HiVYiqRMhQdeF7UdzaRp2ZQUdRCGWwTsDLLATNlc:CVYiqGhp7Ud4UdRWzT6lc
File size : 512 bytes
First seen: 2011-10-19 19:12:41
Last seen : 2011-10-19 19:12:41
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

VT Community

VIRY.CZ

Skrytá hrozba

Skrytá hrozba

Re: Skrytá hrozba

Re: Skrytá hrozba

Re: Skrytá hrozba

Re: Skrytá hrozba

Re: Skrytá hrozba

Re: Skrytá hrozba

Re: Skrytá hrozba

Re: Skrytá hrozba

Re: Skrytá hrozba

Re: Skrytá hrozba

Re: Skrytá hrozba

Re: Skrytá hrozba

Re: Skrytá hrozba

Re: Skrytá hrozba