AVAST hlasi Win32:Rootkit-gen

Zpráva

Stuler · #1 Příspěvek od **Stuler** » 21 lis 2011 20:45

Ahoj, teraz niekomu z Vas zrejme zozeriem vela casu, ale keby sa neblizil koniec semestra a rootkit-gen by mi nezablokoval net, vyriesil by som si problem sam, ale za danych okolnosti to nejde. takze prikladam log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Stuler at 2011-11-21 20:42:50
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 77 GB (32%) free of 238 GB
Total RAM: 2046 MB (73% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Stuler\Data aplikací\Mozilla\Firefox\Profiles\t4346nj9.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.google.sk"
prefs.js - "extensions.enabledItems" - "battlefieldheroespatcher@ea.com:4.0.27.0, BSToolbar@toolbarnet.com:1.0.0.5, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102, pdfforge@mybrowserbar.com:4.4, wtxpcom@mybrowserbar.com:4.4, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =827316&p="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=0.9.9]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsILegitCheckPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
npdeployJava1.dll
nppdf32.dll
npvsharetvplg.dll
ShockwavePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
yahoo.xml
zoznam-sk.xml

C:\Documents and Settings\Stuler\Data aplikací\Mozilla\Firefox\Profiles\t4346nj9.default\extensions\
battlefieldheroespatcher@ea.com
{20a82645-c095-46ed-80e3-08825760534b}

C:\Documents and Settings\Stuler\Data aplikací\Mozilla\Firefox\Profiles\t4346nj9.default\searchplugins\
askcom.xml
bsplayer-search.xml
netvista.xml
startsear.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
IE5BarLauncherBHO Class - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-09-22 177712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll [2001-08-10 388608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]
{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - VShareToolBar - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-09-22 177712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-08-10 16384000]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-04-30 13750272]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2005-11-15 1204224]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"sysinit"=C:\WINDOWS\sysinit.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
SketchBook Snapshot.lnk - C:\Program Files\Autodesk\SketchBookPro2011\SketchBookSnapshot.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Hry\AGE OF EMPIRES 2\empires2.exe"="C:\Hry\AGE OF EMPIRES 2\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\rFactor\rFactor.exe"="C:\Program Files\rFactor\rFactor.exe:*:Enabled:rFactor"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\CAD\ProE\i486_nt\nms\nmsd.exe"="C:\CAD\ProE\i486_nt\nms\nmsd.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:\CAD\ProE\i486_nt\obj\pro_comm_msg.exe"="C:\CAD\ProE\i486_nt\obj\pro_comm_msg.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:\CAD\ProE\i486_nt\obj\xtop.exe"="C:\CAD\ProE\i486_nt\obj\xtop.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:\CAD\ProE\bin\proe.exe"="C:\CAD\ProE\bin\proe.exe:*:Enabled:Pro/ENGINEER"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\ApexDC++\ApexDC.exe"="C:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ - Pinnacle of File Sharing"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"G:\AGE OF EMPIRES 2\age2_x1.exe"="G:\AGE OF EMPIRES 2\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Documents and Settings\Stuler\Local Settings\Data aplikací\AntikVirtualSTB\AntikVirtualSTB.exe"="C:\Documents and Settings\Stuler\Local Settings\Data aplikací\AntikVirtualSTB\AntikVirtualSTB.exe:*:Enabled:AntikVirtualSTB"
"C:\Hry\FULL\AGE OF EMPIRES 2\age2_x1\age2_x1.exe"="C:\Hry\FULL\AGE OF EMPIRES 2\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"H:\Images\Rise of Nations\RON\RISE.EXE"="H:\Images\Rise of Nations\RON\RISE.EXE:*:Enabled:Rise of Nations"
"C:\Program Files\Mozilla Firefox\plugin-container.exe"="C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox"
"C:\Program Files\Dassault Systemes\B20\intel_a\code\bin\orbixd.exe"="C:\Program Files\Dassault Systemes\B20\intel_a\code\bin\orbixd.exe:*:Enabled:orbixd"
"C:\Program Files\Dassault Systemes\B20\intel_a\code\bin\CNEXT.exe"="C:\Program Files\Dassault Systemes\B20\intel_a\code\bin\CNEXT.exe:*:Enabled:CATIA"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\Freeciv-2.3.0-gtk2\freeciv-server.exe"="C:\Program Files\Freeciv-2.3.0-gtk2\freeciv-server.exe:*:Enabled:freeciv-server"
"C:\Program Files\Freeciv-2.3.0-gtk2\freeciv-gtk2.exe"="C:\Program Files\Freeciv-2.3.0-gtk2\freeciv-gtk2.exe:*:Enabled:freeciv-gtk2"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Průzkumník Windows"
"C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:Instalační program Google"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"vidc.xvid"=xvid.dll
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"msacm.lhacm"=lhacm.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

Stuler · #2 Příspěvek od **Stuler** » 21 lis 2011 20:46

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -
.txt - open - notepad.exe %1

======List of files/folders created in the last 1 month======

2011-11-21 20:37:08 ----D---- C:\Program Files\trend micro
2011-11-21 20:37:06 ----D---- C:\rsit
2011-11-21 20:17:23 ----D---- C:\WINDOWS\LastGood
2011-11-21 18:41:12 ----D---- C:\WINDOWS\CSC
2011-11-21 18:41:01 ----A---- C:\WINDOWS\ntbtlog.txt
2011-11-18 17:11:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alias
2011-11-17 17:44:24 ----HD---- C:\Program Files\Zero G Registry
2011-11-17 17:44:24 ----D---- C:\Program Files\Maple 14
2011-11-17 16:29:37 ----D---- C:\Documents and Settings\Stuler\Data aplikací\Mathsoft
2011-11-17 16:27:04 ----A---- C:\WINDOWS\MC14_RC_IS_Log.txt
2011-11-17 16:26:31 ----D---- C:\Program Files\Mathcad
2011-11-17 16:26:18 ----A---- C:\WINDOWS\MC14_Help_IS_Log.txt
2011-11-17 16:24:55 ----A---- C:\WINDOWS\MC14_IS_LOG.txt
2011-11-16 15:25:39 ----D---- C:\Program Files\Mozilla Sunbird
2011-11-11 07:41:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2641690$
2011-11-09 07:45:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2011-11-05 21:07:41 ----D---- C:\Program Files\UsbMac
2011-11-01 12:47:46 ----D---- C:\Program Files\Freeciv-2.3.0-gtk2
2011-10-26 19:20:25 ----D---- C:\Program Files\Digiarty
2011-10-25 13:06:19 ----D---- C:\WINDOWS\system32\Air Force Screensaver dir
2011-10-25 12:58:55 ----D---- C:\WINDOWS\system32\360 GEnx (1280) dir
2011-10-25 12:58:55 ----A---- C:\WINDOWS\system32\360 GEnx (1280).scr
2011-10-23 21:05:44 ----A---- C:\WINDOWS\system32\reboot.txt
2011-10-22 17:34:58 ----A---- C:\WINDOWS\system32\javaws.exe
2011-10-22 17:34:58 ----A---- C:\WINDOWS\system32\javaw.exe
2011-10-22 17:34:58 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 month======

2011-11-21 20:37:47 ----D---- C:\WINDOWS\Prefetch
2011-11-21 20:37:12 ----D---- C:\WINDOWS\Temp
2011-11-21 20:37:08 ----RD---- C:\Program Files
2011-11-21 20:36:53 ----D---- C:\WINDOWS\system32\drivers
2011-11-21 20:20:06 ----HD---- C:\WINDOWS\inf
2011-11-21 20:19:44 ----SHD---- C:\System Volume Information
2011-11-21 20:17:23 ----D---- C:\WINDOWS
2011-11-21 20:16:32 ----D---- C:\WINDOWS\system32\Restore
2011-11-21 20:08:44 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-21 19:50:54 ----D---- C:\Program Files\Trillian
2011-11-21 19:46:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-21 18:54:10 ----D---- C:\WINDOWS\system32
2011-11-21 18:54:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-21 18:47:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-11-21 18:47:39 ----D---- C:\Program Files\Mozilla Thunderbird
2011-11-21 18:47:27 ----D---- C:\WINDOWS\security
2011-11-21 18:41:24 ----D---- C:\Documents and Settings
2011-11-20 13:54:17 ----D---- C:\apache
2011-11-19 20:05:34 ----D---- C:\Documents and Settings\Stuler\Data aplikací\ApexDC++
2011-11-19 11:19:57 ----SD---- C:\Documents and Settings\Stuler\Data aplikací\Microsoft
2011-11-18 17:23:22 ----HD---- C:\Program Files\InstallShield Installation Information
2011-11-18 17:11:16 ----SHD---- C:\WINDOWS\Installer
2011-11-18 17:11:16 ----D---- C:\Documents and Settings\Stuler\Data aplikací\Autodesk
2011-11-18 17:10:20 ----D---- C:\Program Files\Autodesk
2011-11-18 17:09:05 ----D---- C:\WINDOWS\WinSxS
2011-11-18 17:07:46 ----D---- C:\Autodesk
2011-11-18 17:04:15 ----D---- C:\Software
2011-11-17 16:37:14 ----D---- C:\Documents and Settings\Stuler\Data aplikací\Azureus
2011-11-17 16:29:06 ----D---- C:\Program Files\Common Files\InstallShield
2011-11-17 16:28:29 ----RSD---- C:\WINDOWS\Fonts
2011-11-17 16:28:22 ----D---- C:\WINDOWS\ShellNew
2011-11-16 16:08:19 ----A---- C:\WINDOWS\wincmd.ini
2011-11-16 15:26:33 ----D---- C:\Documents and Settings\Stuler\Data aplikací\Mozilla
2011-11-15 22:25:27 ----D---- C:\CAD
2011-11-11 07:25:50 ----HD---- C:\WINDOWS\$hf_mig$
2011-11-09 12:28:24 ----D---- C:\Program Files\Mozilla Firefox
2011-11-09 07:45:25 ----A---- C:\WINDOWS\imsins.BAK
2011-11-09 07:41:55 ----D---- C:\WINDOWS\Debug
2011-11-09 07:41:50 ----A---- C:\WINDOWS\system32\MRT.exe
2011-11-06 19:12:52 ----D---- C:\Obrázky
2011-11-05 22:27:03 ----D---- C:\WINDOWS\Minidump
2011-11-05 22:26:15 ----D---- C:\Program Files\PDFCreator
2011-11-05 22:25:57 ----D---- C:\Program Files\Golden
2011-11-05 22:25:44 ----D---- C:\Program Files\Cyklotrasy SK
2011-11-05 22:25:33 ----D---- C:\Documents and Settings\Stuler\Data aplikací\HyperLobby
2011-11-05 22:25:33 ----D---- C:\Documents and Settings\Stuler\Data aplikací\BSplayer Pro
2011-11-05 22:25:32 ----D---- C:\Documents and Settings\Stuler\Data aplikací\Audacity
2011-11-05 22:19:51 ----D---- C:\Program Files\WinRAR
2011-11-05 22:19:51 ----D---- C:\Program Files\totalcmd
2011-11-05 22:18:33 ----D---- C:\WINDOWS\twain_32
2011-11-05 22:16:51 ----D---- C:\col3927
2011-11-05 21:58:34 ----D---- C:\Hry
2011-11-05 21:44:39 ----D---- C:\Documents and Settings\Stuler\Data aplikací\Teleca
2011-11-05 21:44:36 ----D---- C:\WINDOWS\Downloaded Installations
2011-11-05 21:44:19 ----D---- C:\Program Files\Common Files\Teleca Shared
2011-11-05 21:44:14 ----D---- C:\Program Files\Common Files
2011-11-05 21:41:44 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-11-05 21:36:10 ----D---- C:\Program Files\RadLight LLC
2011-11-05 21:35:16 ----D---- C:\Program Files\Ahead
2011-11-05 21:25:41 ----D---- C:\Drivers
2011-11-05 21:11:40 ----D---- C:\WINDOWS\system32\config
2011-11-05 21:10:55 ----D---- C:\WINDOWS\system32\wbem
2011-11-05 21:10:53 ----D---- C:\WINDOWS\Registration
2011-11-05 20:57:14 ----D---- C:\Program Files\Teamspeak2_RC2
2011-11-05 20:51:26 ----A---- C:\WINDOWS\NeroDigital.ini
2011-11-05 20:43:48 ----D---- C:\Program Files\Electronic Arts
2011-11-05 20:43:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
2011-11-05 20:43:23 ----D---- C:\Program Files\BS.Player ControlBar
2011-11-05 20:42:39 ----AC---- C:\WINDOWS\control.ini
2011-11-05 20:41:15 ----D---- C:\Program Files\Freeciv-2.2.0-RC1-gtk2
2011-11-05 20:37:20 ----D---- C:\Program Files\PSPad editor
2011-11-05 20:28:24 ----D---- C:\Documents and Settings\Stuler\Data aplikací\Adobe
2011-11-05 20:28:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-11-05 20:24:34 ----D---- C:\Program Files\Voobly
2011-11-03 12:46:42 ----D---- C:\Documents and Settings\Stuler\Data aplikací\.freeciv
2011-11-02 17:33:17 ----A---- C:\WINDOWS\WirelessFTP.INI
2011-10-25 13:00:10 ----A---- C:\WINDOWS\WSST_Screen_Saver.ini
2011-10-25 12:59:21 ----A---- C:\WINDOWS\system.ini
2011-10-25 12:41:17 ----D---- C:\Program Files\LoCFG
2011-10-25 12:41:04 ----D---- C:\ModMan
2011-10-25 12:41:04 ----AC---- C:\WINDOWS\ModMan Uninstall Log.txt
2011-10-24 06:10:53 ----D---- C:\Program Files\7-Zip
2011-10-23 21:41:58 ----D---- C:\Program Files\Vypress Chat
2011-10-23 21:38:07 ----D---- C:\Program Files\Common Files\eDrawings2011
2011-10-23 21:36:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-10-23 21:05:55 ----D---- C:\Program Files\Hewlett-Packard
2011-10-23 21:04:58 ----D---- C:\Program Files\GetASFStream
2011-10-22 17:35:28 ----D---- C:\Program Files\Common Files\Java
2011-10-22 17:34:55 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 d347bus;d347bus; C:\WINDOWS\System32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-20 44944]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\WINDOWS\System32\drivers\sfsync04.sys [2006-08-11 59776]
R0 Si3531;SiI-3531 SATA Controller; C:\WINDOWS\system32\DRIVERS\Si3531.sys [2006-11-17 210224]
R0 SiFilter;SATALink driver accelerator; C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys [2004-11-01 10368]
R0 SiRemFil;SATALink External Device Filter; C:\WINDOWS\system32\DRIVERS\SiRemFil.sys [2006-10-18 5504]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-09-06 30808]
R1 Amfilter;Compatible Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\Amfilter.sys [2007-04-19 8704]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-09-06 442200]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-09-06 320856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-09-06 52568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 LUMDriver;LUMDriver; \??\C:\WINDOWS\system32\drivers\LUMDriver.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-09-06 110552]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-07-15 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-07-15 25888]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R2 rimmptsk;rimmptsk; C:\WINDOWS\System32\DRIVERS\rimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:\WINDOWS\System32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-08-10 4603904]
R3 MOSUMAC;USB-Ethernet Driver; C:\WINDOWS\system32\DRIVERS\MOSUMAC.SYS [2009-08-03 40960]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-03-04 4202496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-02-15 131712]
R3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-01-31 74240]
R3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 CoLinuxDriver;CoLinuxDriver; \??\C:\Documents and Settings\Stuler\Plocha\Portable_Ubuntu\linux.sys []
S3 Amps2prt;Compatible PS/2 Port Mouse Driver; C:\WINDOWS\System32\DRIVERS\Amps2prt.sys [2007-04-19 14336]
S3 Amusbprt;Compatible HID-compliant Mouse Driver; C:\WINDOWS\System32\DRIVERS\Amusbprt.sys [2007-04-19 14336]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2009-10-02 32768]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2005-04-12 17632]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
S2 vvdsvc;VJVodClientServices; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-10-13 1044816]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#3 Příspěvek od **vyosek** » 21 lis 2011 21:44

Zdravim a pekny vecer preji

Stuler píše:vyriesil by som si problem sam, ale za danych okolnosti to nejde

Timhle mate na mysli co

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

Stuler · #4 Příspěvek od **Stuler** » 21 lis 2011 22:07

Vdaka za rychlu odpoved. Samozrejme tou vetou som nechcel nikoho urazit a uz vibec nie spochybnit Vasu pracu, ale nerad otravujem ludi s takymito problemami, pretoze doteraz som si s podobnou havedou dokazal poradit aj sam, ale teraz to je trosku vaznejsi problem. Aj teraz som zo zbrklosti po prestudovani problemov ludi predo mnou prebehol disk s ComboFixom v domnienke, ze mi to len vyhodi log, ale ono sa to snazilo asi aj odstranit problem, takze zrejme by som tu mal poslat komplwtne novy log z RSITu :-/

Tu je log z TDSSKiller:

22:02:18.0687 2372 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
22:02:18.0703 2372 ============================================================
22:02:18.0703 2372 Current date / time: 2011/11/21 22:02:18.0703
22:02:18.0703 2372 SystemInfo:
22:02:18.0703 2372
22:02:18.0703 2372 OS Version: 5.1.2600 ServicePack: 3.0
22:02:18.0703 2372 Product type: Workstation
22:02:18.0703 2372 ComputerName: B07-603B
22:02:18.0703 2372 UserName: Stuler
22:02:18.0703 2372 Windows directory: C:\WINDOWS
22:02:18.0703 2372 System windows directory: C:\WINDOWS
22:02:18.0703 2372 Processor architecture: Intel x86
22:02:18.0703 2372 Number of processors: 2
22:02:18.0703 2372 Page size: 0x1000
22:02:18.0703 2372 Boot type: Normal boot
22:02:18.0703 2372 ============================================================
22:02:20.0078 2372 Initialize success
22:02:23.0968 2744 ============================================================
22:02:23.0968 2744 Scan started
22:02:23.0984 2744 Mode: Manual; SigCheck; TDLFS;
22:02:23.0984 2744 ============================================================
22:02:25.0531 2744 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:02:27.0359 2744 Aavmker4 - ok
22:02:27.0375 2744 Abiosdsk - ok
22:02:27.0406 2744 abp480n5 - ok
22:02:27.0468 2744 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:02:28.0828 2744 ACPI - ok
22:02:29.0000 2744 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:02:29.0125 2744 ACPIEC - ok
22:02:29.0140 2744 adpu160m - ok
22:02:29.0187 2744 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:02:29.0296 2744 aec - ok
22:02:29.0359 2744 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:02:29.0421 2744 AFD - ok
22:02:29.0500 2744 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
22:02:29.0625 2744 AgereSoftModem - ok
22:02:29.0625 2744 Aha154x - ok
22:02:29.0640 2744 aic78u2 - ok
22:02:29.0656 2744 aic78xx - ok
22:02:29.0671 2744 AliIde - ok
22:02:29.0734 2744 Amfilter (e5afbe213942f8df5e467c795345d7d9) C:\WINDOWS\system32\DRIVERS\Amfilter.sys
22:02:29.0750 2744 Amfilter ( UnsignedFile.Multi.Generic ) - warning
22:02:29.0750 2744 Amfilter - detected UnsignedFile.Multi.Generic (1)
22:02:29.0781 2744 Amps2prt (f5bd5647a58a1efe3b507ee6179863f8) C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
22:02:29.0812 2744 Amps2prt ( UnsignedFile.Multi.Generic ) - warning
22:02:29.0812 2744 Amps2prt - detected UnsignedFile.Multi.Generic (1)
22:02:29.0812 2744 amsint - ok
22:02:29.0843 2744 Amusbprt (8c2d2ece996655408c4074210b194537) C:\WINDOWS\system32\DRIVERS\Amusbprt.sys
22:02:29.0859 2744 Amusbprt ( UnsignedFile.Multi.Generic ) - warning
22:02:29.0859 2744 Amusbprt - detected UnsignedFile.Multi.Generic (1)
22:02:29.0921 2744 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:02:30.0109 2744 Arp1394 - ok
22:02:30.0125 2744 asc - ok
22:02:30.0125 2744 asc3350p - ok
22:02:30.0140 2744 asc3550 - ok
22:02:30.0203 2744 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:02:30.0218 2744 aswFsBlk - ok
22:02:30.0250 2744 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
22:02:30.0250 2744 aswMon2 - ok
22:02:30.0281 2744 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
22:02:30.0281 2744 aswRdr - ok
22:02:30.0328 2744 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
22:02:30.0359 2744 aswSnx - ok
22:02:30.0406 2744 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
22:02:30.0421 2744 aswSP - ok
22:02:30.0468 2744 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
22:02:30.0468 2744 aswTdi - ok
22:02:30.0531 2744 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:02:30.0640 2744 AsyncMac - ok
22:02:30.0656 2744 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:02:30.0765 2744 atapi - ok
22:02:30.0781 2744 Atdisk - ok
22:02:30.0828 2744 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
22:02:30.0843 2744 atksgt - ok
22:02:30.0906 2744 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:02:31.0015 2744 Atmarpc - ok
22:02:31.0078 2744 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:02:31.0187 2744 audstub - ok
22:02:31.0234 2744 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:02:31.0359 2744 Beep - ok
22:02:31.0468 2744 catchme - ok
22:02:31.0515 2744 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:02:31.0640 2744 cbidf2k - ok
22:02:31.0671 2744 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:02:31.0781 2744 CCDECODE - ok
22:02:31.0781 2744 cd20xrnt - ok
22:02:31.0812 2744 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:02:31.0921 2744 Cdaudio - ok
22:02:31.0953 2744 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:02:32.0062 2744 Cdfs - ok
22:02:32.0093 2744 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:02:32.0203 2744 Cdrom - ok
22:02:32.0203 2744 Changer - ok
22:02:32.0265 2744 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:02:32.0375 2744 CmBatt - ok
22:02:32.0390 2744 CmdIde - ok
22:02:32.0500 2744 CoLinuxDriver - ok
22:02:32.0562 2744 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:02:32.0656 2744 Compbatt - ok
22:02:32.0687 2744 Cpqarray - ok
22:02:32.0750 2744 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
22:02:32.0765 2744 d347bus ( UnsignedFile.Multi.Generic ) - warning
22:02:32.0765 2744 d347bus - detected UnsignedFile.Multi.Generic (1)
22:02:32.0765 2744 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
22:02:32.0781 2744 d347prt ( UnsignedFile.Multi.Generic ) - warning
22:02:32.0781 2744 d347prt - detected UnsignedFile.Multi.Generic (1)
22:02:32.0781 2744 dac2w2k - ok
22:02:32.0796 2744 dac960nt - ok
22:02:32.0828 2744 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:02:32.0953 2744 Disk - ok
22:02:33.0015 2744 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
22:02:33.0156 2744 dmboot - ok
22:02:33.0171 2744 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
22:02:33.0296 2744 dmio - ok
22:02:33.0312 2744 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:02:33.0437 2744 dmload - ok
22:02:33.0468 2744 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:02:33.0578 2744 DMusic - ok
22:02:33.0609 2744 dpti2o - ok
22:02:33.0640 2744 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:02:33.0750 2744 drmkaud - ok
22:02:33.0796 2744 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:02:33.0890 2744 Fastfat - ok
22:02:33.0937 2744 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:02:34.0031 2744 Fdc - ok
22:02:34.0062 2744 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
22:02:34.0171 2744 Fips - ok
22:02:34.0187 2744 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:02:34.0281 2744 Flpydisk - ok
22:02:34.0343 2744 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:02:34.0468 2744 FltMgr - ok
22:02:34.0515 2744 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:02:34.0625 2744 Fs_Rec - ok
22:02:34.0671 2744 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:02:34.0781 2744 Ftdisk - ok
22:02:34.0812 2744 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:02:34.0937 2744 Gpc - ok
22:02:35.0000 2744 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
22:02:35.0015 2744 hamachi - ok
22:02:35.0046 2744 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:02:35.0187 2744 HDAudBus - ok
22:02:35.0250 2744 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:02:35.0375 2744 HidUsb - ok
22:02:35.0390 2744 hpn - ok
22:02:35.0406 2744 hpt3xx - ok
22:02:35.0468 2744 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:02:35.0500 2744 HTTP - ok
22:02:35.0500 2744 i2omgmt - ok
22:02:35.0515 2744 i2omp - ok
22:02:35.0546 2744 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:02:35.0640 2744 i8042prt - ok
22:02:35.0703 2744 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:02:35.0812 2744 Imapi - ok
22:02:35.0828 2744 ini910u - ok
22:02:36.0000 2744 IntcAzAudAddService (8f924588c272fdaa28cf31a9bbc21a72) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:02:36.0203 2744 IntcAzAudAddService - ok
22:02:36.0218 2744 IntelIde - ok
22:02:36.0234 2744 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:02:36.0343 2744 intelppm - ok
22:02:36.0375 2744 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:02:36.0484 2744 ip6fw - ok
22:02:36.0546 2744 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:02:36.0671 2744 IpFilterDriver - ok
22:02:36.0703 2744 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:02:36.0828 2744 IpInIp - ok
22:02:36.0875 2744 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:02:37.0000 2744 IpNat - ok
22:02:37.0031 2744 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:02:37.0140 2744 IPSec - ok
22:02:37.0171 2744 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:02:37.0281 2744 IRENUM - ok
22:02:37.0296 2744 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:02:37.0406 2744 isapnp - ok
22:02:37.0421 2744 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:02:37.0531 2744 Kbdclass - ok
22:02:37.0546 2744 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:02:37.0640 2744 kbdhid - ok
22:02:37.0671 2744 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:02:37.0781 2744 kmixer - ok
22:02:37.0843 2744 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:02:37.0859 2744 KSecDD - ok
22:02:37.0875 2744 lbrtfdc - ok
22:02:37.0937 2744 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
22:02:37.0953 2744 lirsgt - ok
22:02:37.0984 2744 LUMDriver (ca020db361524d1182138efeaa8cf8f3) C:\WINDOWS\system32\drivers\LUMDriver.sys
22:02:38.0000 2744 LUMDriver - ok
22:02:38.0015 2744 mcdbus - ok
22:02:38.0062 2744 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:02:38.0187 2744 mnmdd - ok
22:02:38.0234 2744 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
22:02:38.0343 2744 Modem - ok
22:02:38.0390 2744 MOSUMAC (1921f2438b0f566a6cd1d4a65b4e5cae) C:\WINDOWS\system32\DRIVERS\MOSUMAC.SYS
22:02:38.0421 2744 MOSUMAC - ok
22:02:38.0437 2744 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:02:38.0546 2744 Mouclass - ok
22:02:38.0593 2744 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:02:38.0703 2744 mouhid - ok
22:02:38.0734 2744 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:02:38.0859 2744 MountMgr - ok
22:02:38.0859 2744 mraid35x - ok
22:02:38.0921 2744 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:02:39.0031 2744 MRxDAV - ok
22:02:39.0078 2744 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:02:39.0125 2744 MRxSmb - ok
22:02:39.0156 2744 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:02:39.0265 2744 Msfs - ok
22:02:39.0281 2744 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:02:39.0390 2744 MSKSSRV - ok
22:02:39.0390 2744 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:02:39.0500 2744 MSPCLOCK - ok
22:02:39.0546 2744 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:02:39.0671 2744 MSPQM - ok
22:02:39.0718 2744 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:02:39.0828 2744 mssmbios - ok
22:02:39.0843 2744 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:02:39.0937 2744 MSTEE - ok
22:02:39.0984 2744 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:02:40.0015 2744 Mup - ok
22:02:40.0031 2744 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:02:40.0140 2744 NABTSFEC - ok
22:02:40.0171 2744 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:02:40.0281 2744 NDIS - ok
22:02:40.0328 2744 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:02:40.0437 2744 NdisIP - ok
22:02:40.0484 2744 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:02:40.0500 2744 NdisTapi - ok
22:02:40.0562 2744 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:02:40.0656 2744 Ndisuio - ok
22:02:40.0671 2744 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:02:40.0781 2744 NdisWan - ok
22:02:40.0843 2744 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:02:40.0859 2744 NDProxy - ok
22:02:40.0921 2744 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:02:41.0031 2744 NetBIOS - ok
22:02:41.0140 2744 NETw4x32 (a9574f52e2fd5c1c1b4807a326e0488f) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
22:02:41.0265 2744 NETw4x32 - ok
22:02:41.0421 2744 NETw5x32 (ccdb8db66acd3c0a6c8e171b79f60ac4) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
22:02:41.0734 2744 NETw5x32 - ok
22:02:41.0765 2744 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:02:41.0937 2744 NIC1394 - ok
22:02:41.0968 2744 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
22:02:42.0078 2744 nm - ok
22:02:42.0109 2744 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:02:42.0218 2744 Npfs - ok
22:02:42.0265 2744 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:02:42.0421 2744 Ntfs - ok
22:02:42.0468 2744 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:02:42.0578 2744 Null - ok
22:02:42.0859 2744 nv (406ddab2b05d94d4818e97ff050d1bc6) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:02:43.0484 2744 nv - ok
22:02:43.0593 2744 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:02:43.0765 2744 NwlnkFlt - ok
22:02:44.0000 2744 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:02:44.0140 2744 NwlnkFwd - ok
22:02:44.0375 2744 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
22:02:44.0640 2744 NwlnkIpx - ok
22:02:44.0781 2744 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
22:02:44.0953 2744 NwlnkNb - ok
22:02:45.0062 2744 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
22:02:45.0203 2744 NwlnkSpx - ok
22:02:45.0328 2744 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:02:45.0453 2744 ohci1394 - ok
22:02:45.0578 2744 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
22:02:45.0718 2744 Parport - ok
22:02:46.0000 2744 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:02:46.0109 2744 PartMgr - ok
22:02:46.0265 2744 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
22:02:46.0406 2744 ParVdm - ok
22:02:46.0968 2744 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
22:02:47.0218 2744 PCI - ok
22:02:47.0312 2744 PCIDump - ok
22:02:47.0437 2744 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:02:47.0640 2744 PCIIde - ok
22:02:47.0750 2744 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:02:47.0937 2744 Pcmcia - ok
22:02:47.0968 2744 PDCOMP - ok
22:02:47.0968 2744 PDFRAME - ok
22:02:47.0984 2744 PDRELI - ok
22:02:48.0000 2744 PDRFRAME - ok
22:02:48.0015 2744 perc2 - ok
22:02:48.0031 2744 perc2hib - ok
22:02:48.0109 2744 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:02:48.0218 2744 PptpMiniport - ok
22:02:48.0234 2744 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
22:02:48.0343 2744 Processor - ok
22:02:48.0375 2744 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:02:48.0484 2744 PSched - ok
22:02:48.0531 2744 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:02:48.0640 2744 Ptilink - ok
22:02:48.0687 2744 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:02:48.0703 2744 PxHelp20 - ok
22:02:48.0703 2744 ql1080 - ok
22:02:48.0750 2744 Ql10wnt - ok
22:02:48.0796 2744 ql12160 - ok
22:02:48.0859 2744 ql1240 - ok
22:02:48.0890 2744 ql1280 - ok
22:02:48.0921 2744 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:02:49.0031 2744 RasAcd - ok
22:02:49.0125 2744 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:02:49.0265 2744 Rasl2tp - ok
22:02:49.0328 2744 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:02:49.0468 2744 RasPppoe - ok
22:02:49.0578 2744 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:02:49.0703 2744 Raspti - ok
22:02:49.0734 2744 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:02:49.0859 2744 Rdbss - ok
22:02:49.0890 2744 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:02:50.0000 2744 RDPCDD - ok
22:02:50.0015 2744 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:02:50.0156 2744 rdpdr - ok
22:02:50.0203 2744 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:02:50.0234 2744 RDPWD - ok
22:02:50.0265 2744 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:02:50.0390 2744 redbook - ok
22:02:50.0437 2744 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
22:02:50.0453 2744 rimmptsk - ok
22:02:50.0484 2744 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
22:02:50.0515 2744 rimsptsk - ok
22:02:50.0562 2744 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:02:50.0671 2744 ROOTMODEM - ok
22:02:50.0718 2744 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:02:50.0750 2744 RTLE8023xp - ok
22:02:50.0796 2744 s716bus (d7a84ef8f953a2d704580e4e73e00011) C:\WINDOWS\system32\DRIVERS\s716bus.sys
22:02:50.0812 2744 s716bus - ok
22:02:50.0828 2744 s716mdfl (c5b509cdeeb733efafadc2d93bc77712) C:\WINDOWS\system32\DRIVERS\s716mdfl.sys
22:02:50.0843 2744 s716mdfl - ok
22:02:50.0890 2744 s716mdm (dc3dec64860878540b374dc7d15d921f) C:\WINDOWS\system32\DRIVERS\s716mdm.sys
22:02:50.0906 2744 s716mdm - ok
22:02:50.0937 2744 s716mgmt (047fd555d897333ad9f61b1d4cc7c114) C:\WINDOWS\system32\DRIVERS\s716mgmt.sys
22:02:50.0953 2744 s716mgmt - ok
22:02:50.0984 2744 s716nd5 (2858193e91eef964e41b6a032e1e4418) C:\WINDOWS\system32\DRIVERS\s716nd5.sys
22:02:51.0000 2744 s716nd5 - ok
22:02:51.0031 2744 s716obex (cc6c212585891614cc2059ba48d27a86) C:\WINDOWS\system32\DRIVERS\s716obex.sys
22:02:51.0046 2744 s716obex - ok
22:02:51.0078 2744 s716unic (aaaeeba9fa0ecb0de6bba59f955cdefb) C:\WINDOWS\system32\DRIVERS\s716unic.sys
22:02:51.0093 2744 s716unic - ok
22:02:51.0156 2744 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:02:51.0328 2744 sdbus - ok
22:02:51.0375 2744 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:02:51.0468 2744 Secdrv - ok
22:02:51.0515 2744 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
22:02:51.0625 2744 Serial - ok
22:02:51.0703 2744 sfdrv01 (00de597b81b381053cb5b21a7f20e365) C:\WINDOWS\system32\drivers\sfdrv01.sys
22:02:51.0718 2744 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
22:02:51.0718 2744 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
22:02:51.0750 2744 sfdrv01a (4d0ce0fadca29e7da68ce597ac9010bd) C:\WINDOWS\system32\drivers\sfdrv01a.sys
22:02:51.0765 2744 sfdrv01a - ok
22:02:51.0812 2744 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
22:02:51.0921 2744 sffdisk - ok
22:02:51.0984 2744 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
22:02:52.0125 2744 sffp_sd - ok
22:02:52.0156 2744 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\WINDOWS\system32\drivers\sfhlp02.sys
22:02:52.0171 2744 sfhlp02 - ok
22:02:52.0234 2744 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:02:52.0390 2744 Sfloppy - ok
22:02:52.0484 2744 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
22:02:52.0671 2744 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
22:02:52.0671 2744 sfsync02 - detected UnsignedFile.Multi.Generic (1)
22:02:53.0078 2744 sfsync04 (c526ad307ff1900bc4c864f74553f762) C:\WINDOWS\system32\drivers\sfsync04.sys
22:02:53.0453 2744 sfsync04 - ok
22:02:53.0593 2744 Si3531 (7471cf7cbb4cc7d92fdb7f6527a9008c) C:\WINDOWS\system32\DRIVERS\Si3531.sys
22:02:53.0656 2744 Si3531 - ok
22:02:53.0921 2744 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
22:02:54.0062 2744 SiFilter - ok
22:02:54.0234 2744 Simbad - ok
22:02:54.0468 2744 SiRemFil (41a59f484188be629087ba391ff60d74) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
22:02:54.0546 2744 SiRemFil - ok
22:02:54.0937 2744 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:02:55.0234 2744 SLIP - ok
22:02:55.0671 2744 Sparrow - ok
22:02:55.0984 2744 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:02:56.0640 2744 splitter - ok
22:02:57.0218 2744 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
22:02:58.0125 2744 sr - ok
22:02:58.0421 2744 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:02:58.0453 2744 Srv - ok
22:02:58.0500 2744 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:02:58.0656 2744 streamip - ok
22:02:58.0687 2744 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:02:58.0843 2744 swenum - ok
22:02:58.0890 2744 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:02:59.0000 2744 swmidi - ok
22:02:59.0015 2744 symc810 - ok
22:02:59.0031 2744 symc8xx - ok
22:02:59.0031 2744 sym_hi - ok
22:02:59.0046 2744 sym_u3 - ok
22:02:59.0093 2744 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:02:59.0203 2744 sysaudio - ok
22:02:59.0265 2744 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
22:02:59.0265 2744 taphss - ok
22:02:59.0328 2744 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:02:59.0359 2744 Tcpip - ok
22:02:59.0437 2744 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
22:02:59.0453 2744 Tcpip6 - ok
22:02:59.0484 2744 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:02:59.0609 2744 TDPIPE - ok
22:02:59.0625 2744 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:02:59.0750 2744 TDTCP - ok
22:02:59.0843 2744 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:02:59.0968 2744 TermDD - ok
22:02:59.0984 2744 TosIde - ok
22:03:00.0046 2744 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
22:03:00.0062 2744 tosporte - ok
22:03:00.0125 2744 tosrfbd (399c5e4db7bdd5a83a7d26c96389b85a) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
22:03:00.0156 2744 tosrfbd - ok
22:03:00.0171 2744 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
22:03:00.0187 2744 tosrfbnp - ok
22:03:00.0218 2744 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys
22:03:00.0250 2744 Tosrfcom - ok
22:03:00.0265 2744 Tosrfhid (efc95c0dc6f96b228f58319776006548) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
22:03:00.0281 2744 Tosrfhid - ok
22:03:00.0328 2744 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
22:03:00.0359 2744 tosrfnds - ok
22:03:00.0375 2744 TosRfSnd (156d63f6898e4d95f2962f2b72862868) C:\WINDOWS\system32\drivers\tosrfsnd.sys
22:03:00.0421 2744 TosRfSnd - ok
22:03:00.0453 2744 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
22:03:00.0500 2744 Tosrfusb - ok
22:03:00.0562 2744 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
22:03:00.0781 2744 tunmp - ok
22:03:00.0875 2744 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:03:00.0968 2744 Udfs - ok
22:03:00.0984 2744 ultra - ok
22:03:01.0062 2744 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:03:01.0171 2744 Update - ok
22:03:01.0265 2744 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:03:01.0375 2744 usbccgp - ok
22:03:01.0421 2744 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:03:01.0531 2744 usbehci - ok
22:03:01.0578 2744 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:03:01.0671 2744 usbhub - ok
22:03:01.0703 2744 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:03:01.0843 2744 usbprint - ok
22:03:01.0890 2744 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:03:01.0984 2744 usbscan - ok
22:03:02.0031 2744 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:03:02.0125 2744 USBSTOR - ok
22:03:02.0171 2744 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:03:02.0281 2744 usbuhci - ok
22:03:02.0328 2744 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:03:02.0437 2744 usbvideo - ok
22:03:02.0500 2744 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
22:03:02.0609 2744 usb_rndisx - ok
22:03:02.0625 2744 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:03:02.0734 2744 VgaSave - ok
22:03:02.0734 2744 ViaIde - ok
22:03:02.0765 2744 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
22:03:02.0875 2744 VolSnap - ok
22:03:02.0906 2744 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:03:03.0000 2744 Wanarp - ok
22:03:03.0015 2744 WDICA - ok
22:03:03.0046 2744 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:03:03.0140 2744 wdmaud - ok
22:03:03.0218 2744 WmBEnum (1abfd1399436e81c9d857f5fc76eaf98) C:\WINDOWS\system32\drivers\WmBEnum.sys
22:03:03.0250 2744 WmBEnum - ok
22:03:03.0312 2744 WmFilter (b3cfcbcc91ff61ef82fc693b8b57e7f0) C:\WINDOWS\system32\drivers\WmFilter.sys
22:03:03.0328 2744 WmFilter - ok
22:03:03.0406 2744 WmHidLo (84e2258c942c940198e60be605c85601) C:\WINDOWS\system32\drivers\WmHidLo.sys
22:03:03.0421 2744 WmHidLo - ok
22:03:03.0468 2744 WmVirHid (a40d2dd0f019423ef6c363f1295eb38d) C:\WINDOWS\system32\drivers\WmVirHid.sys
22:03:03.0500 2744 WmVirHid - ok
22:03:03.0515 2744 WmXlCore (2bf505424f469155cd90d7b3301d7adc) C:\WINDOWS\system32\drivers\WmXlCore.sys
22:03:03.0531 2744 WmXlCore - ok
22:03:03.0562 2744 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:03:03.0656 2744 WSTCODEC - ok
22:03:03.0734 2744 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:03:03.0765 2744 WudfPf - ok
22:03:03.0796 2744 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:03:03.0828 2744 WudfRd - ok
22:03:03.0890 2744 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
22:03:04.0156 2744 \Device\Harddisk0\DR0 - ok
22:03:04.0156 2744 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR2
22:03:07.0203 2744 \Device\Harddisk1\DR2 - ok
22:03:07.0203 2744 Boot (0x1200) (bcc3bf481a5dea2aace5b88d3919c727) \Device\Harddisk0\DR0\Partition0
22:03:07.0203 2744 \Device\Harddisk0\DR0\Partition0 - ok
22:03:07.0218 2744 Boot (0x1200) (fdde09bbad326f4900e9cf2dfbeefd2b) \Device\Harddisk1\DR2\Partition0
22:03:07.0218 2744 \Device\Harddisk1\DR2\Partition0 - ok
22:03:07.0218 2744 ============================================================
22:03:07.0218 2744 Scan finished
22:03:07.0218 2744 ============================================================
22:03:07.0328 2720 Detected object count: 7
22:03:07.0328 2720 Actual detected object count: 7
22:03:10.0875 2720 Amfilter ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:10.0875 2720 Amfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:10.0875 2720 Amps2prt ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:10.0875 2720 Amps2prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:10.0875 2720 Amusbprt ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:10.0875 2720 Amusbprt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:10.0875 2720 d347bus ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:10.0875 2720 d347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:10.0890 2720 d347prt ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:10.0890 2720 d347prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:10.0890 2720 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:10.0890 2720 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:10.0906 2720 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:10.0906 2720 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip

#5 Příspěvek od **vyosek** » 21 lis 2011 22:11

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Mrknete jestli mate z CFka log, mel by byt c:\combofix.txt

A prosim, uz nedelejte zadne dalsi kroky bez doporuceni, ja pak muzu hledat jak chci...

Stuler · #6 Příspěvek od **Stuler** » 21 lis 2011 22:28

Ospravedlnujem sa za nekazen. Zial log z combofixu som nenasiel kompletny, iba cast z neho, pretoze som ukoncil vytvaranie logu (

). Mnozstvo procesov po nabootovani windowsu sa znizil na 35, teda skoro o 50%, system nevykazuje ziadne spomalenie, ale zial subor netbt.sys bol napadnuty rootkitom spomenutym vyssie, bol zaradeny do truhly a kvoli tomu mi nejak nejde TCP/IP protokol, teda nechce ma pripojit k sieti.

#7 Příspěvek od **vyosek** » 21 lis 2011 22:32

Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Stary ComboFix smazte

Pri stahovani noveho CF jej ulozte jako Beruska.com (pozor at zmenite i priponu)

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Stuler · #8 Příspěvek od **Stuler** » 22 lis 2011 00:12

Vďaka za trpezlivosť. Nechal som to prebehnúť a tu je log:

ComboFix 11-11-21.01 - Stuler . 11. 2011 23:26:05.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2046.1559 [GMT 1:00]
Running from: c:\documents and settings\Stuler\Plocha\Beruska.com.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Stuler\WINDOWS
C:\install.exe
c:\program files\vShare.tv plugin\BaRLcher.dll
c:\windows\CSC\d6
c:\windows\system32\bin
c:\windows\system32\bin\DartSock.dll
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\FFVJPlayer.exe
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\Uninstall.exe
c:\windows\system32\Nagasoft\vjocx.dll
.
---- Previous Run -------
.
c:\documents and settings\Stuler\Local Settings\Data aplikací\67379620\X
C:\install.exe
c:\program files\vShare.tv plugin\BaRLcher.dll
c:\windows\$NtUninstallKB3816$\1731696160\@
c:\windows\$NtUninstallKB3816$\1731696160\L\akygdmgo
c:\windows\$NtUninstallKB3816$\1731696160\loader.tlb
c:\windows\$NtUninstallKB3816$\1731696160\U\@00000001
c:\windows\$NtUninstallKB3816$\1731696160\U\@000000c0
c:\windows\$NtUninstallKB3816$\1731696160\U\@000000cb
c:\windows\$NtUninstallKB3816$\1731696160\U\@000000cf
c:\windows\$NtUninstallKB3816$\1731696160\U\@80000000
c:\windows\$NtUninstallKB3816$\1731696160\U\@800000c0
c:\windows\$NtUninstallKB3816$\1731696160\U\@800000cb
c:\windows\$NtUninstallKB3816$\1731696160\U\@800000cf
c:\windows\$NtUninstallKB3816$\2942805296
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\msmqinst.log
c:\windows\system32\
c:\windows\system32\bin\DartSock.dll
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\FFVJPlayer.exe
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\Uninstall.exe
c:\windows\system32\Nagasoft\vjocx.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_vvdsvc
-------\Legacy_vvdsvc
-------\Service_vvdsvc
-------\Service_vvdsvc
-------\Legacy_vvdsvc
-------\Legacy_vvdsvc
-------\Service_vvdsvc
-------\Service_vvdsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-21 21:16 . 2011-11-21 21:16 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-21 19:37 . 2011-11-21 19:37 -------- d-----w- C:\rsit
2011-11-21 17:41 . 2011-11-21 21:16 -------- d-----w- c:\documents and settings\Administrator
2011-11-20 12:48 . 2011-11-21 20:40 -------- d-sh--w- c:\documents and settings\Stuler\Local Settings\Data aplikací\67379620
2011-11-18 16:11 . 2011-11-18 16:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alias
2011-11-17 16:44 . 2011-11-17 16:46 -------- d-----w- c:\program files\Maple 14
2011-11-17 16:44 . 2011-11-17 16:44 -------- d--h--w- c:\program files\Zero G Registry
2011-11-17 16:43 . 2011-11-17 16:43 -------- d--h--w- c:\documents and settings\Stuler\InstallAnywhere
2011-11-17 15:33 . 2011-11-17 15:33 -------- d-----w- c:\documents and settings\Stuler\Local Settings\Data aplikací\Mathsoft
2011-11-17 15:29 . 2011-11-17 15:29 -------- d-----w- c:\documents and settings\Stuler\Data aplikací\Mathsoft
2011-11-17 15:26 . 2011-11-17 15:26 -------- d-----w- c:\program files\Mathcad
2011-11-16 14:25 . 2011-11-21 17:07 -------- d-----w- c:\program files\Mozilla Sunbird
2011-11-05 20:07 . 2011-11-05 20:07 -------- d-----w- c:\program files\UsbMac
2011-11-01 11:47 . 2011-11-03 07:39 -------- d-----w- c:\program files\Freeciv-2.3.0-gtk2
2011-10-26 18:20 . 2011-10-26 18:20 -------- d-----w- c:\program files\Digiarty
2011-10-25 12:06 . 2011-11-05 19:42 -------- d-----w- c:\windows\system32\Air Force Screensaver dir
2011-10-25 11:58 . 2011-10-25 12:00 -------- d-----w- c:\windows\system32\360 GEnx (1280) dir
2011-10-25 11:58 . 2011-10-25 11:58 532480 ----a-w- c:\windows\system32\360 GEnx (1280).scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 20:33 . 2011-06-07 05:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2008-08-08 12:32 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 03:06 . 2011-06-09 17:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2008-08-19 20:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2001-10-25 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2007-10-09 11:03 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 20:45 . 2011-06-07 05:21 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38 . 2011-06-07 05:21 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2008-08-12 15:00 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2008-08-12 15:00 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2008-08-12 15:00 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2008-08-12 15:00 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2008-08-12 15:00 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2008-08-12 15:00 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2008-08-12 15:00 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2001-10-25 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 11:24 . 2011-05-19 18:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1204224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2011\SketchBookSnapshot.exe [2010-9-8 721408]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"AllerCalc"="c:\program files\AllerCalc\AllerCalc.exe" /i
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" /noui
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" -lang 1033
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
"ITSecMng"=%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Hry\\AGE OF EMPIRES 2\\empires2.exe"=
"c:\\Program Files\\rFactor\\rFactor.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\CAD\\ProE\\i486_nt\\nms\\nmsd.exe"=
"c:\\CAD\\ProE\\i486_nt\\obj\\pro_comm_msg.exe"=
"c:\\CAD\\ProE\\i486_nt\\obj\\xtop.exe"=
"c:\\CAD\\ProE\\bin\\proe.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Stuler\\Local Settings\\Data aplikací\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Hry\\FULL\\AGE OF EMPIRES 2\\age2_x1\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Dassault Systemes\\B20\\intel_a\\code\\bin\\orbixd.exe"=
"c:\\Program Files\\Dassault Systemes\\B20\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Freeciv-2.3.0-gtk2\\freeciv-server.exe"=
"c:\\Program Files\\Freeciv-2.3.0-gtk2\\freeciv-gtk2.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [8. 8. 2008 14:43 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [8. 8. 2008 14:43 5248]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5. 7. 2006 13:46 63352]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [9. 8. 2008 9:40 210224]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7. 6. 2011 6:21 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12. 8. 2008 16:00 320856]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [24. 4. 2007 17:52 16688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12. 8. 2008 16:00 20568]
R3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [21. 3. 2011 12:40 40960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 12:16 130384]
S2 CoLinuxDriver;CoLinuxDriver;\??\c:\documents and settings\Stuler\Plocha\Portable_Ubuntu\linux.sys --> c:\documents and settings\Stuler\Plocha\Portable_Ubuntu\linux.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27. 2. 2010 20:05 135664]
S3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [19. 4. 2007 14:45 14336]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27. 2. 2010 20:05 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 12:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 04:51]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 19:05]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 19:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://startsear.ch/?aff=1
mStart Page = hxxp://startsear.ch/?aff=1
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: DhcpNameServer = 147.229.190.143 147.229.191.143
FF - ProfilePath - c:\documents and settings\Stuler\Data aplikací\Mozilla\Firefox\Profiles\t4346nj9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - prefs.js: network.proxy.ftp - 70.161.7.31
FF - prefs.js: network.proxy.ftp_port - 37977
FF - prefs.js: network.proxy.gopher - 70.161.7.31
FF - prefs.js: network.proxy.gopher_port - 37977
FF - prefs.js: network.proxy.http - 70.161.7.31
FF - prefs.js: network.proxy.http_port - 37977
FF - prefs.js: network.proxy.socks - 70.161.7.31
FF - prefs.js: network.proxy.socks_port - 37977
FF - prefs.js: network.proxy.ssl - 70.161.7.31
FF - prefs.js: network.proxy.ssl_port - 37977
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.txt=RadLight Media txt
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - c:\program files\vShare.tv plugin\BarLcher.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - c:\program files\vShare.tv plugin\BarLcher.dll
Notify-WgaLogon - (no file)
SafeBoot-aawservice
AddRemove-VexcastPlayer2.0 - c:\windows\system32\Nagasoft\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-21 23:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-527237240-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-790525478-527237240-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-790525478-527237240-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-790525478-527237240-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-790525478-527237240-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-790525478-527237240-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020
.
[HKEY_USERS\S-1-5-21-790525478-527237240-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:6b,6e,f4,bc,d9,b2,a9,1c,1f,d0,b7,7e,7c,24,44,f4,b5,35,dd,79,3e,2e,0c,
fa,2f,3a,1b,bc,d0,2c,9c,a3,70,6d,82,e2,2d,7a,1b,73,b2,3b,6b,92,c7,cf,36,d0,\
"??"=hex:ef,26,eb,ce,42,78,51,c6,1e,e2,5e,03,7c,c7,f7,a4
.
[HKEY_USERS\S-1-5-21-790525478-527237240-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:30,53,ba,5c,ad,66,b1,53,d2,22,25,36,f9,d6,7b,af,0a,2f,31,30,82,
9a,13,44,7d,90,29,b6,2c,cc,ca,8e,d4,da,44,3d,41,66,0c,33,f2,30,1d,a7,1e,fb,\
"rkeysecu"=hex:8a,83,2d,61,5e,09,d6,f1,4b,ad,ed,ea,eb,6f,fb,fe
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\msi.dll
c:\windows\system32\AcSignIcon.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-11-22 00:02:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-21 23:02
.
Pre-Run: Volných bajtů: 80 760 705 024
Post-Run: Volných bajtů: 80 700 731 392
.
- - End Of File - - 744264700D8B4F6750E60697EA2DD0FD

#9 Příspěvek od **vyosek** » 22 lis 2011 00:33

Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.

Utilitu spustte a prikazte ji, at skenuje - klik na Scan
Kliknutim na Save log ulozte log aswMBR na plochu
Obsah logu aswMBR mi sem vlozte

Stuler · #10 Příspěvek od **Stuler** » 23 lis 2011 16:08

Prikladám log z aswMBR:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-23 07:43:00
-----------------------------
07:43:00.921 OS Version: Windows 5.1.2600 Service Pack 3
07:43:00.921 Number of processors: 2 586 0xF0D
07:43:00.921 ComputerName: B07-603B UserName:
07:43:01.718 Initialize success
07:43:02.843 AVAST engine defs: 11112100
07:43:06.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:43:06.265 Disk 0 Vendor: WDC_WD2500BEVS-00UST0 01.01A01 Size: 238475MB BusType: 3
07:43:06.296 Device \Driver\atapi -> DriverStartIo f7468864
07:43:06.328 Device \Driver\atapi -> MajorFunction 8a55b1f8
07:43:08.390 Disk 0 MBR read successfully
07:43:08.421 Disk 0 MBR scan
07:43:08.843 Disk 0 Windows XP default MBR code
07:43:08.890 Disk 0 scanning sectors +488392065
07:43:09.578 Disk 0 scanning C:\WINDOWS\system32\drivers
07:43:31.187 Service scanning
07:43:43.656 Modules scanning
07:43:48.718 Disk 0 trace - called modules:
07:43:48.796 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a55b1f8]<<
07:43:48.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aaaaab8]
07:43:49.171 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ab40d98]
07:43:49.500 \Driver\atapi[0x8ab42260] -> IRP_MJ_CREATE -> 0x8a55b1f8
07:43:50.609 AVAST engine scan C:\
09:30:31.125 File: C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\1d339-da8-0.dat **INFECTED** Win32:Rootkit-gen [Rtk]
09:30:31.343 File: C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\TEMP\e48965d-734-2.dat **INFECTED** Win32:Rootkit-gen [Rtk]
15:58:40.062 Scan finished successfully
16:00:19.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Dokumenty\MBR.dat"
16:01:18.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Dokumenty\MBR.dat"
16:01:55.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Dokumenty\Obrázky\MBR.dat"
16:01:55.265 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Dokumenty\Obrázky\aswMBR.txt"

#11 Příspěvek od **vyosek** » 23 lis 2011 17:00

Stahnete novy TDSKiller http://support.kaspersky.com/downloads/ ... killer.exe a aplikujte- log pak sem

Stuler · #12 Příspěvek od **Stuler** » 23 lis 2011 19:36

Prikladám nový log z TDSSKiller:

19:31:34.0828 2000 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
19:31:34.0859 2000 ============================================================
19:31:34.0859 2000 Current date / time: 2011/11/23 19:31:34.0859
19:31:34.0859 2000 SystemInfo:
19:31:34.0859 2000
19:31:34.0859 2000 OS Version: 5.1.2600 ServicePack: 3.0
19:31:34.0859 2000 Product type: Workstation
19:31:34.0859 2000 ComputerName: B07-603B
19:31:34.0859 2000 UserName: Stuler
19:31:34.0859 2000 Windows directory: C:\WINDOWS
19:31:34.0859 2000 System windows directory: C:\WINDOWS
19:31:34.0859 2000 Processor architecture: Intel x86
19:31:34.0859 2000 Number of processors: 2
19:31:34.0859 2000 Page size: 0x1000
19:31:34.0859 2000 Boot type: Normal boot
19:31:34.0859 2000 ============================================================
19:31:36.0218 2000 Initialize success
19:31:45.0812 3752 ============================================================
19:31:45.0812 3752 Scan started
19:31:45.0812 3752 Mode: Manual; SigCheck; TDLFS;
19:31:45.0812 3752 ============================================================
19:31:46.0281 3752 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
19:31:46.0453 3752 Aavmker4 - ok
19:31:46.0468 3752 Abiosdsk - ok
19:31:46.0484 3752 abp480n5 - ok
19:31:46.0546 3752 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:31:47.0390 3752 ACPI - ok
19:31:47.0453 3752 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:31:47.0593 3752 ACPIEC - ok
19:31:47.0609 3752 adpu160m - ok
19:31:47.0656 3752 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:31:47.0765 3752 aec - ok
19:31:47.0812 3752 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:31:47.0859 3752 AFD - ok
19:31:47.0937 3752 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
19:31:48.0046 3752 AgereSoftModem - ok
19:31:48.0062 3752 Aha154x - ok
19:31:48.0078 3752 aic78u2 - ok
19:31:48.0078 3752 aic78xx - ok
19:31:48.0093 3752 AliIde - ok
19:31:48.0156 3752 Amfilter (e5afbe213942f8df5e467c795345d7d9) C:\WINDOWS\system32\DRIVERS\Amfilter.sys
19:31:48.0171 3752 Amfilter ( UnsignedFile.Multi.Generic ) - warning
19:31:48.0171 3752 Amfilter - detected UnsignedFile.Multi.Generic (1)
19:31:48.0187 3752 Amps2prt (f5bd5647a58a1efe3b507ee6179863f8) C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
19:31:48.0203 3752 Amps2prt ( UnsignedFile.Multi.Generic ) - warning
19:31:48.0203 3752 Amps2prt - detected UnsignedFile.Multi.Generic (1)
19:31:48.0218 3752 amsint - ok
19:31:48.0234 3752 Amusbprt (8c2d2ece996655408c4074210b194537) C:\WINDOWS\system32\DRIVERS\Amusbprt.sys
19:31:48.0250 3752 Amusbprt ( UnsignedFile.Multi.Generic ) - warning
19:31:48.0250 3752 Amusbprt - detected UnsignedFile.Multi.Generic (1)
19:31:48.0296 3752 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:31:48.0453 3752 Arp1394 - ok
19:31:48.0468 3752 asc - ok
19:31:48.0468 3752 asc3350p - ok
19:31:48.0484 3752 asc3550 - ok
19:31:48.0546 3752 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:31:48.0578 3752 aswFsBlk - ok
19:31:48.0593 3752 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
19:31:48.0625 3752 aswMon2 - ok
19:31:48.0640 3752 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
19:31:48.0656 3752 aswRdr - ok
19:31:48.0703 3752 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
19:31:48.0734 3752 aswSnx - ok
19:31:48.0781 3752 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
19:31:48.0796 3752 aswSP - ok
19:31:48.0812 3752 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
19:31:48.0843 3752 aswTdi - ok
19:31:48.0875 3752 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:31:49.0062 3752 AsyncMac - ok
19:31:49.0078 3752 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:31:49.0187 3752 atapi - ok
19:31:49.0203 3752 Atdisk - ok
19:31:49.0250 3752 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
19:31:49.0265 3752 atksgt - ok
19:31:49.0328 3752 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:31:49.0453 3752 Atmarpc - ok
19:31:49.0500 3752 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:31:49.0609 3752 audstub - ok
19:31:49.0671 3752 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:31:49.0796 3752 Beep - ok
19:31:49.0796 3752 catchme - ok
19:31:49.0859 3752 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:31:49.0984 3752 cbidf2k - ok
19:31:50.0015 3752 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:31:50.0125 3752 CCDECODE - ok
19:31:50.0140 3752 cd20xrnt - ok
19:31:50.0156 3752 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:31:50.0265 3752 Cdaudio - ok
19:31:50.0312 3752 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:31:50.0437 3752 Cdfs - ok
19:31:50.0468 3752 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:31:50.0578 3752 Cdrom - ok
19:31:50.0593 3752 Changer - ok
19:31:50.0640 3752 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:31:50.0750 3752 CmBatt - ok
19:31:50.0765 3752 CmdIde - ok
19:31:50.0875 3752 CoLinuxDriver - ok
19:31:50.0890 3752 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:31:51.0000 3752 Compbatt - ok
19:31:51.0015 3752 Cpqarray - ok
19:31:51.0078 3752 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
19:31:51.0093 3752 d347bus ( UnsignedFile.Multi.Generic ) - warning
19:31:51.0093 3752 d347bus - detected UnsignedFile.Multi.Generic (1)
19:31:51.0109 3752 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
19:31:51.0109 3752 d347prt ( UnsignedFile.Multi.Generic ) - warning
19:31:51.0109 3752 d347prt - detected UnsignedFile.Multi.Generic (1)
19:31:51.0125 3752 dac2w2k - ok
19:31:51.0140 3752 dac960nt - ok
19:31:51.0156 3752 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:31:51.0250 3752 Disk - ok
19:31:51.0296 3752 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
19:31:51.0437 3752 dmboot - ok
19:31:51.0453 3752 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
19:31:51.0578 3752 dmio - ok
19:31:51.0609 3752 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:31:51.0750 3752 dmload - ok
19:31:51.0781 3752 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:31:51.0890 3752 DMusic - ok
19:31:51.0906 3752 dpti2o - ok
19:31:51.0937 3752 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:31:52.0031 3752 drmkaud - ok
19:31:52.0062 3752 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:31:52.0187 3752 Fastfat - ok
19:31:52.0218 3752 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:31:52.0328 3752 Fdc - ok
19:31:52.0375 3752 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
19:31:52.0484 3752 Fips - ok
19:31:52.0500 3752 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:31:52.0609 3752 Flpydisk - ok
19:31:52.0640 3752 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:31:52.0765 3752 FltMgr - ok
19:31:52.0812 3752 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:31:52.0937 3752 Fs_Rec - ok
19:31:52.0968 3752 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:31:53.0078 3752 Ftdisk - ok
19:31:53.0109 3752 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:31:53.0218 3752 Gpc - ok
19:31:53.0281 3752 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
19:31:53.0296 3752 hamachi - ok
19:31:53.0328 3752 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:31:53.0453 3752 HDAudBus - ok
19:31:53.0500 3752 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:31:53.0625 3752 HidUsb - ok
19:31:53.0625 3752 hpn - ok
19:31:53.0640 3752 hpt3xx - ok
19:31:53.0687 3752 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:31:53.0718 3752 HTTP - ok
19:31:53.0734 3752 i2omgmt - ok
19:31:53.0750 3752 i2omp - ok
19:31:53.0781 3752 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:31:53.0875 3752 i8042prt - ok
19:31:53.0906 3752 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:31:54.0015 3752 Imapi - ok
19:31:54.0031 3752 ini910u - ok
19:31:54.0218 3752 IntcAzAudAddService (8f924588c272fdaa28cf31a9bbc21a72) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:31:54.0906 3752 IntcAzAudAddService - ok
19:31:54.0921 3752 IntelIde - ok
19:31:54.0953 3752 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:31:55.0140 3752 intelppm - ok
19:31:55.0187 3752 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:31:55.0296 3752 ip6fw - ok
19:31:55.0343 3752 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:31:55.0453 3752 IpFilterDriver - ok
19:31:55.0500 3752 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:31:55.0625 3752 IpInIp - ok
19:31:55.0640 3752 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:31:55.0781 3752 IpNat - ok
19:31:55.0812 3752 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:31:55.0953 3752 IPSec - ok
19:31:55.0968 3752 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:31:56.0093 3752 IRENUM - ok
19:31:56.0109 3752 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:31:56.0218 3752 isapnp - ok
19:31:56.0234 3752 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:31:56.0343 3752 Kbdclass - ok
19:31:56.0359 3752 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:31:56.0453 3752 kbdhid - ok
19:31:56.0500 3752 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:31:56.0609 3752 kmixer - ok
19:31:56.0671 3752 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:31:56.0687 3752 KSecDD - ok
19:31:56.0703 3752 lbrtfdc - ok
19:31:56.0750 3752 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
19:31:56.0750 3752 lirsgt - ok
19:31:56.0796 3752 LUMDriver (ca020db361524d1182138efeaa8cf8f3) C:\WINDOWS\system32\drivers\LUMDriver.sys
19:31:56.0812 3752 LUMDriver - ok
19:31:56.0828 3752 mcdbus - ok
19:31:56.0875 3752 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:31:57.0000 3752 mnmdd - ok
19:31:57.0046 3752 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
19:31:57.0171 3752 Modem - ok
19:31:57.0203 3752 MOSUMAC (1921f2438b0f566a6cd1d4a65b4e5cae) C:\WINDOWS\system32\DRIVERS\MOSUMAC.SYS
19:31:57.0218 3752 MOSUMAC - ok
19:31:57.0234 3752 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:31:57.0359 3752 Mouclass - ok
19:31:57.0390 3752 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:31:57.0515 3752 mouhid - ok
19:31:57.0546 3752 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:31:57.0656 3752 MountMgr - ok
19:31:57.0671 3752 mraid35x - ok
19:31:57.0703 3752 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:31:57.0828 3752 MRxDAV - ok
19:31:57.0890 3752 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:31:57.0921 3752 MRxSmb - ok
19:31:57.0953 3752 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:31:58.0062 3752 Msfs - ok
19:31:58.0078 3752 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:31:58.0187 3752 MSKSSRV - ok
19:31:58.0203 3752 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:31:58.0312 3752 MSPCLOCK - ok
19:31:58.0359 3752 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:31:58.0468 3752 MSPQM - ok
19:31:58.0515 3752 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:31:58.0625 3752 mssmbios - ok
19:31:58.0656 3752 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:31:58.0750 3752 MSTEE - ok
19:31:58.0796 3752 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:31:58.0828 3752 Mup - ok
19:31:58.0843 3752 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:31:58.0953 3752 NABTSFEC - ok
19:31:58.0984 3752 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:31:59.0093 3752 NDIS - ok
19:31:59.0156 3752 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:31:59.0265 3752 NdisIP - ok
19:31:59.0296 3752 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:31:59.0328 3752 NdisTapi - ok
19:31:59.0421 3752 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:31:59.0531 3752 Ndisuio - ok
19:31:59.0546 3752 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:31:59.0656 3752 NdisWan - ok
19:31:59.0718 3752 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:31:59.0750 3752 NDProxy - ok
19:31:59.0796 3752 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:31:59.0906 3752 NetBIOS - ok
19:32:00.0046 3752 NETw4x32 (a9574f52e2fd5c1c1b4807a326e0488f) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
19:32:00.0187 3752 NETw4x32 - ok
19:32:00.0328 3752 NETw5x32 (ccdb8db66acd3c0a6c8e171b79f60ac4) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
19:32:00.0562 3752 NETw5x32 - ok
19:32:00.0609 3752 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:32:00.0718 3752 NIC1394 - ok
19:32:00.0750 3752 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
19:32:00.0859 3752 nm - ok
19:32:00.0906 3752 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:32:01.0031 3752 Npfs - ok
19:32:01.0093 3752 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:32:01.0250 3752 Ntfs - ok
19:32:01.0296 3752 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:32:01.0421 3752 Null - ok
19:32:01.0718 3752 nv (406ddab2b05d94d4818e97ff050d1bc6) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:32:02.0312 3752 nv - ok
19:32:02.0375 3752 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:32:02.0562 3752 NwlnkFlt - ok
19:32:02.0593 3752 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:32:02.0703 3752 NwlnkFwd - ok
19:32:02.0750 3752 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:32:02.0859 3752 NwlnkIpx - ok
19:32:02.0890 3752 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:32:03.0000 3752 NwlnkNb - ok
19:32:03.0031 3752 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:32:03.0140 3752 NwlnkSpx - ok
19:32:03.0187 3752 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:32:03.0296 3752 ohci1394 - ok
19:32:03.0343 3752 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
19:32:03.0453 3752 Parport - ok
19:32:03.0484 3752 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:32:03.0593 3752 PartMgr - ok
19:32:03.0640 3752 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
19:32:03.0765 3752 ParVdm - ok
19:32:03.0796 3752 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
19:32:03.0890 3752 PCI - ok
19:32:03.0906 3752 PCIDump - ok
19:32:03.0953 3752 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:32:04.0062 3752 PCIIde - ok
19:32:04.0109 3752 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:32:04.0218 3752 Pcmcia - ok
19:32:04.0234 3752 PDCOMP - ok
19:32:04.0250 3752 PDFRAME - ok
19:32:04.0250 3752 PDRELI - ok
19:32:04.0265 3752 PDRFRAME - ok
19:32:04.0281 3752 perc2 - ok
19:32:04.0296 3752 perc2hib - ok
19:32:04.0406 3752 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:32:04.0515 3752 PptpMiniport - ok
19:32:04.0531 3752 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
19:32:04.0640 3752 Processor - ok
19:32:04.0671 3752 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:32:04.0765 3752 PSched - ok
19:32:04.0812 3752 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:32:04.0921 3752 Ptilink - ok
19:32:04.0968 3752 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:32:04.0984 3752 PxHelp20 - ok
19:32:05.0000 3752 ql1080 - ok
19:32:05.0000 3752 Ql10wnt - ok
19:32:05.0015 3752 ql12160 - ok
19:32:05.0031 3752 ql1240 - ok
19:32:05.0046 3752 ql1280 - ok
19:32:05.0062 3752 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:32:05.0171 3752 RasAcd - ok
19:32:05.0203 3752 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:32:05.0312 3752 Rasl2tp - ok
19:32:05.0343 3752 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:32:05.0453 3752 RasPppoe - ok
19:32:05.0484 3752 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:32:05.0593 3752 Raspti - ok
19:32:05.0625 3752 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:32:05.0750 3752 Rdbss - ok
19:32:05.0765 3752 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:32:05.0875 3752 RDPCDD - ok
19:32:05.0921 3752 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:32:06.0031 3752 rdpdr - ok
19:32:06.0093 3752 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:32:06.0109 3752 RDPWD - ok
19:32:06.0156 3752 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:32:06.0281 3752 redbook - ok
19:32:06.0328 3752 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
19:32:06.0359 3752 rimmptsk - ok
19:32:06.0375 3752 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
19:32:06.0406 3752 rimsptsk - ok
19:32:06.0453 3752 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
19:32:06.0562 3752 ROOTMODEM - ok
19:32:06.0625 3752 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:32:06.0656 3752 RTLE8023xp - ok
19:32:06.0703 3752 s716bus (d7a84ef8f953a2d704580e4e73e00011) C:\WINDOWS\system32\DRIVERS\s716bus.sys
19:32:06.0718 3752 s716bus - ok
19:32:06.0734 3752 s716mdfl (c5b509cdeeb733efafadc2d93bc77712) C:\WINDOWS\system32\DRIVERS\s716mdfl.sys
19:32:06.0750 3752 s716mdfl - ok
19:32:06.0781 3752 s716mdm (dc3dec64860878540b374dc7d15d921f) C:\WINDOWS\system32\DRIVERS\s716mdm.sys
19:32:06.0796 3752 s716mdm - ok
19:32:06.0812 3752 s716mgmt (047fd555d897333ad9f61b1d4cc7c114) C:\WINDOWS\system32\DRIVERS\s716mgmt.sys
19:32:06.0828 3752 s716mgmt - ok
19:32:06.0843 3752 s716nd5 (2858193e91eef964e41b6a032e1e4418) C:\WINDOWS\system32\DRIVERS\s716nd5.sys
19:32:06.0859 3752 s716nd5 - ok
19:32:06.0875 3752 s716obex (cc6c212585891614cc2059ba48d27a86) C:\WINDOWS\system32\DRIVERS\s716obex.sys
19:32:06.0890 3752 s716obex - ok
19:32:06.0906 3752 s716unic (aaaeeba9fa0ecb0de6bba59f955cdefb) C:\WINDOWS\system32\DRIVERS\s716unic.sys
19:32:06.0921 3752 s716unic - ok
19:32:06.0984 3752 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:32:07.0109 3752 sdbus - ok
19:32:07.0171 3752 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:32:07.0281 3752 Secdrv - ok
19:32:07.0328 3752 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
19:32:07.0437 3752 Serial - ok
19:32:07.0515 3752 sfdrv01 (00de597b81b381053cb5b21a7f20e365) C:\WINDOWS\system32\drivers\sfdrv01.sys
19:32:07.0531 3752 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
19:32:07.0531 3752 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
19:32:07.0562 3752 sfdrv01a (4d0ce0fadca29e7da68ce597ac9010bd) C:\WINDOWS\system32\drivers\sfdrv01a.sys
19:32:07.0562 3752 sfdrv01a - ok
19:32:07.0625 3752 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
19:32:07.0734 3752 sffdisk - ok
19:32:07.0765 3752 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
19:32:07.0890 3752 sffp_sd - ok
19:32:07.0906 3752 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\WINDOWS\system32\drivers\sfhlp02.sys
19:32:07.0921 3752 sfhlp02 - ok
19:32:07.0953 3752 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:32:08.0078 3752 Sfloppy - ok
19:32:08.0093 3752 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
19:32:08.0093 3752 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
19:32:08.0093 3752 sfsync02 - detected UnsignedFile.Multi.Generic (1)
19:32:08.0156 3752 sfsync04 (c526ad307ff1900bc4c864f74553f762) C:\WINDOWS\system32\drivers\sfsync04.sys
19:32:08.0171 3752 sfsync04 - ok
19:32:08.0218 3752 Si3531 (7471cf7cbb4cc7d92fdb7f6527a9008c) C:\WINDOWS\system32\DRIVERS\Si3531.sys
19:32:08.0234 3752 Si3531 - ok
19:32:08.0265 3752 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
19:32:08.0281 3752 SiFilter - ok
19:32:08.0296 3752 Simbad - ok
19:32:08.0312 3752 SiRemFil (41a59f484188be629087ba391ff60d74) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
19:32:08.0359 3752 SiRemFil - ok
19:32:08.0375 3752 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:32:08.0500 3752 SLIP - ok
19:32:08.0515 3752 Sparrow - ok
19:32:08.0562 3752 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:32:08.0687 3752 splitter - ok
19:32:08.0734 3752 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
19:32:08.0859 3752 sr - ok
19:32:08.0890 3752 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:32:08.0921 3752 Srv - ok
19:32:08.0984 3752 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:32:09.0093 3752 streamip - ok
19:32:09.0140 3752 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:32:09.0250 3752 swenum - ok
19:32:09.0296 3752 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:32:09.0406 3752 swmidi - ok
19:32:09.0421 3752 symc810 - ok
19:32:09.0437 3752 symc8xx - ok
19:32:09.0453 3752 sym_hi - ok
19:32:09.0468 3752 sym_u3 - ok
19:32:09.0515 3752 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:32:09.0625 3752 sysaudio - ok
19:32:09.0687 3752 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
19:32:09.0703 3752 taphss - ok
19:32:09.0765 3752 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:32:09.0796 3752 Tcpip - ok
19:32:09.0859 3752 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
19:32:09.0890 3752 Tcpip6 - ok
19:32:09.0937 3752 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:32:10.0046 3752 TDPIPE - ok
19:32:10.0078 3752 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:32:10.0171 3752 TDTCP - ok
19:32:10.0187 3752 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:32:10.0312 3752 TermDD - ok
19:32:10.0328 3752 TosIde - ok
19:32:10.0375 3752 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
19:32:10.0390 3752 tosporte - ok
19:32:10.0437 3752 tosrfbd (399c5e4db7bdd5a83a7d26c96389b85a) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
19:32:10.0468 3752 tosrfbd - ok
19:32:10.0484 3752 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
19:32:10.0500 3752 tosrfbnp - ok
19:32:10.0515 3752 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys
19:32:10.0546 3752 Tosrfcom - ok
19:32:10.0562 3752 Tosrfhid (efc95c0dc6f96b228f58319776006548) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
19:32:10.0578 3752 Tosrfhid - ok
19:32:10.0593 3752 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
19:32:10.0625 3752 tosrfnds - ok
19:32:10.0640 3752 TosRfSnd (156d63f6898e4d95f2962f2b72862868) C:\WINDOWS\system32\drivers\tosrfsnd.sys
19:32:10.0671 3752 TosRfSnd - ok
19:32:10.0703 3752 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
19:32:10.0734 3752 Tosrfusb - ok
19:32:10.0781 3752 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
19:32:10.0906 3752 tunmp - ok
19:32:10.0953 3752 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:32:11.0078 3752 Udfs - ok
19:32:11.0093 3752 ultra - ok
19:32:11.0156 3752 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:32:11.0296 3752 Update - ok
19:32:11.0359 3752 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:32:11.0484 3752 usbccgp - ok
19:32:11.0531 3752 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:32:11.0671 3752 usbehci - ok
19:32:11.0687 3752 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:32:11.0796 3752 usbhub - ok
19:32:11.0828 3752 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:32:11.0953 3752 usbprint - ok
19:32:12.0015 3752 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:32:12.0125 3752 usbscan - ok
19:32:12.0140 3752 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:32:12.0234 3752 USBSTOR - ok
19:32:12.0265 3752 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:32:12.0375 3752 usbuhci - ok
19:32:12.0421 3752 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:32:12.0531 3752 usbvideo - ok
19:32:12.0593 3752 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
19:32:12.0687 3752 usb_rndisx - ok
19:32:12.0718 3752 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:32:12.0828 3752 VgaSave - ok
19:32:12.0843 3752 ViaIde - ok
19:32:12.0875 3752 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
19:32:12.0984 3752 VolSnap - ok
19:32:13.0015 3752 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:32:13.0125 3752 Wanarp - ok
19:32:13.0125 3752 WDICA - ok
19:32:13.0156 3752 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:32:13.0265 3752 wdmaud - ok
19:32:13.0359 3752 WmBEnum (1abfd1399436e81c9d857f5fc76eaf98) C:\WINDOWS\system32\drivers\WmBEnum.sys
19:32:13.0390 3752 WmBEnum - ok
19:32:13.0453 3752 WmFilter (b3cfcbcc91ff61ef82fc693b8b57e7f0) C:\WINDOWS\system32\drivers\WmFilter.sys
19:32:13.0484 3752 WmFilter - ok
19:32:13.0531 3752 WmHidLo (84e2258c942c940198e60be605c85601) C:\WINDOWS\system32\drivers\WmHidLo.sys
19:32:13.0562 3752 WmHidLo - ok
19:32:13.0593 3752 WmVirHid (a40d2dd0f019423ef6c363f1295eb38d) C:\WINDOWS\system32\drivers\WmVirHid.sys
19:32:13.0625 3752 WmVirHid - ok
19:32:13.0640 3752 WmXlCore (2bf505424f469155cd90d7b3301d7adc) C:\WINDOWS\system32\drivers\WmXlCore.sys
19:32:13.0656 3752 WmXlCore - ok
19:32:13.0703 3752 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:32:13.0812 3752 WSTCODEC - ok
19:32:13.0875 3752 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:32:13.0906 3752 WudfPf - ok
19:32:13.0937 3752 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:32:13.0968 3752 WudfRd - ok
19:32:14.0031 3752 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
19:32:14.0312 3752 \Device\Harddisk0\DR0 - ok
19:32:14.0312 3752 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR14
19:32:18.0437 3752 \Device\Harddisk1\DR14 - ok
19:32:18.0453 3752 Boot (0x1200) (bcc3bf481a5dea2aace5b88d3919c727) \Device\Harddisk0\DR0\Partition0
19:32:18.0453 3752 \Device\Harddisk0\DR0\Partition0 - ok
19:32:18.0453 3752 Boot (0x1200) (fdde09bbad326f4900e9cf2dfbeefd2b) \Device\Harddisk1\DR14\Partition0
19:32:18.0468 3752 \Device\Harddisk1\DR14\Partition0 - ok
19:32:18.0468 3752 ============================================================
19:32:18.0468 3752 Scan finished
19:32:18.0468 3752 ============================================================
19:32:18.0593 2468 Detected object count: 7
19:32:18.0593 2468 Actual detected object count: 7
19:32:39.0593 2468 Amfilter ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:39.0593 2468 Amfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:39.0593 2468 Amps2prt ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:39.0593 2468 Amps2prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:39.0593 2468 Amusbprt ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:39.0593 2468 Amusbprt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:39.0593 2468 d347bus ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:39.0593 2468 d347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:39.0609 2468 d347prt ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:39.0609 2468 d347prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:39.0609 2468 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:39.0609 2468 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:39.0609 2468 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:39.0609 2468 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip

#13 Příspěvek od **vyosek** » 23 lis 2011 21:14

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Collect::
C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\1d339-da8-0.dat
C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\TEMP\e48965d-734-2.dat 

RegNull::
[HKEY_USERS\S-1-5-21-790525478-527237240-725345543-1003\Software\SecuROM\License information*]
[HKEY_USERS\S-1-5-21-790525478-527237240-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-790525478-527237240-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

RegLock::
[HKEY_USERS\S-1-5-21-790525478-527237240-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!]

Firefox::
FF - ProfilePath - c:\documents and settings\Stuler\Data aplikací\Mozilla\Firefox\Profiles\t4346nj9.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - prefs.js: network.proxy.ftp - 70.161.7.31
FF - prefs.js: network.proxy.ftp_port - 37977
FF - prefs.js: network.proxy.gopher - 70.161.7.31
FF - prefs.js: network.proxy.gopher_port - 37977
FF - prefs.js: network.proxy.http - 70.161.7.31
FF - prefs.js: network.proxy.http_port - 37977
FF - prefs.js: network.proxy.socks - 70.161.7.31
FF - prefs.js: network.proxy.socks_port - 37977
FF - prefs.js: network.proxy.ssl - 70.161.7.31
FF - prefs.js: network.proxy.ssl_port - 37977
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Documents and Settings\Stuler\Data aplikací\Mozilla\Firefox\Profiles\t4346nj9.default\searchplugins\askcom.xml
C:\Documents and Settings\Stuler\Data aplikací\Mozilla\Firefox\Profiles\t4346nj9.default\searchplugins\bsplayer-search.xml

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"vvdsvc"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-

Driver::
gupdate
gupdatem
vvdsvc

Folder::
c:\documents and settings\Stuler\Local Settings\Data aplikací\67379620

AtJob::

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Stuler · #14 Příspěvek od **Stuler** » 24 lis 2011 13:01

Nechal som to prebehnut, po restarte system nabehol vpohode, no po hodine cakania na vytvorenie logu (harddisk bol uz davno necinny) som uvazil, ze nemalo dalej zmysel cakat, tak som to ukoncil. Tu je log (zrejme nekompletny):

ComboFix 11-11-21.01 - Stuler . 11. 2011 21:36:18.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2046.1511 [GMT 1:00]
Running from: C:\Documents and Settings\Stuler\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stuler\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"C:\Documents and Settings\Stuler\Data aplikací\Mozilla\Firefox\Profiles\t4346nj9.default\searchplugins\askcom.xml"
"C:\Documents and Settings\Stuler\Data aplikací\Mozilla\Firefox\Profiles\t4346nj9.default\searchplugins\bsplayer-search.xml"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"

file zipped: C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\1d339-da8-0.dat
file zipped: C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\TEMP\e48965d-734-2.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\CSC\d6

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem

((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))

#15 Příspěvek od **vyosek** » 24 lis 2011 13:33

Spustte jeste jednou CF, bez skriptu, ale v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

VIRY.CZ

AVAST hlasi Win32:Rootkit-gen

AVAST hlasi Win32:Rootkit-gen

Re: AVAST hlasi Win32:Rootkit-gen

Re: AVAST hlasi Win32:Rootkit-gen

Re: AVAST hlasi Win32:Rootkit-gen

Re: AVAST hlasi Win32:Rootkit-gen

Re: AVAST hlasi Win32:Rootkit-gen

Re: AVAST hlasi Win32:Rootkit-gen

Re: AVAST hlasi Win32:Rootkit-gen

Re: AVAST hlasi Win32:Rootkit-gen

Re: AVAST hlasi Win32:Rootkit-gen

Re: AVAST hlasi Win32:Rootkit-gen

Re: AVAST hlasi Win32:Rootkit-gen

Re: AVAST hlasi Win32:Rootkit-gen

Re: AVAST hlasi Win32:Rootkit-gen

Re: AVAST hlasi Win32:Rootkit-gen