VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Napadení trojským koněm Mebroot FX

https://forum.viry.cz:443/viewtopic.php?t=119877

Stránka 1 z 1

Napadení trojským koněm Mebroot FX

Napsal: 24 úno 2012 21:43
od credo17
Ahoj,

ESET Smart Security mi detekoval v počítači trojský kůň Mebroot FX, při odstranění hlásí ale chybu, že ho neumí odstranit. Počítač mi běží poměrně pomalu, občas se zasekává, myslím, že tam toho mám víc. Posílám log ke kontrole a předem bych chtěl moc poděkovat za pomoc. Díky. Standa

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1Click DVD Copy 4.2.9.1-->"C:\Program Files\LG Software Innovations\1Click DVD Copy 4.2\unins000.exe"
7-Zip 9.10 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe -maintain activex
Adobe Reader X - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA0000000001}
AIMP2-->C:\Program Files\AIMP2\UnInstall.exe
Aktualizace systému Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Aktualizace systému Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Aktualizace systému Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Aktualizace systému Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB2607712)-->"C:\WINDOWS\$NtUninstallKB2607712$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB2616676)-->"C:\WINDOWS\$NtUninstallKB2616676$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Aktualizace zabezpečení pro Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"
Aktualizace zabezpečení produktu Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2530548)-->"C:\WINDOWS\ie8updates\KB2530548-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2559049)-->"C:\WINDOWS\ie8updates\KB2559049-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2586448)-->"C:\WINDOWS\ie8updates\KB2586448-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2647516)-->"C:\WINDOWS\ie8updates\KB2647516-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Aktualizace zabezpečení systému Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ArcSoft Camera Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE6F8DC5-8639-4E7F-A0FE-EEB0522FCAAC}\setup.exe" -l0x9
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Audio Recorder for FREE v9.3-->"C:\Program Files\Audio Recorder for FREE\unins000.exe"
AV MP3 Player-Morpher 2.0.105-->C:\PROGRA~1\AVMP3P~1\UNWISE.EXE C:\PROGRA~1\AVMP3P~1\INSTALL.LOG
AVI ReComp 1.2.3-->C:\Program Files\AVI ReComp\uninst.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Aye Text to Mp3 2.10-->"C:\Program Files\AyeTexttoMp3\unins000.exe"
AZBoxEdit-->MsiExec.exe /I{D9C3127C-B6F5-4D01-908D-C62DD8036E74}
BitTorrent-->"C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_170b2\uninstall.exe"
CesarFTP 0.99g-->"C:\Program Files\CesarFTP\unins000.exe"
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Download_Energy Toolbar-->C:\PROGRA~1\DOWNLO~1\UNWISE.EXE /U C:\PROGRA~1\DOWNLO~1\INSTALL.LOG
DVDFab Platinum 3.2.1.0 Ghosthunter release-->"C:\Program Files\DVDFab Platinum 3\unins000.exe"
Easy MP3 Recorder 2.0-->"C:\Program Files\EasyMP3Recorder\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
eMusic - 50 Free MP3 offer-->"C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
EvJO Photo-Image Resizer v1.2-->"C:\Program Files\EvJOSoft\Photo-Image Resizer\unins000.exe"
Exact Audio Copy 0.95b4-->C:\Program Files\Exact Audio Copy\uninst.exe
FileUploader-->MsiExec.exe /I{F5C0BB6F-18B5-4D3D-885C-97FB423C5CC0}
FlashFXP Password Recovery (remove only)-->"C:\Program Files\FlashFXP Password Recovery\Uninstall.exe"
FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
Free MP3 Recorder 1.0-->"C:\Program Files\MP3Recorder\unins000.exe"
Free PDF to Word Doc Converter v1.1-->"C:\Program Files\Free PDF to Word Doc Converter\unins000.exe"
GoldWave v5.22-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.22" "C:\Program Files\GoldWave\unstall.log"
GSpot Codec Information Appliance-->C:\Program Files\GSpot\Uninstall.exe
HijackThis 1.99.1-->C:\HijackThis.exe /uninstall
HNFSmart 2.4-->"C:\Program Files\HumaxSmartSuite\HNFSmart\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kat MP3 Recorder-->C:\Program Files\Kat MP3 Recorder\uninstall.exe
Loop Recorder Pro-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LOOPRECP.INF, DefaultUninstall.ntx86
MDI viewer 0.1-->"C:\Program Files\MDIviewer\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional s aplikací FrontPage-->MsiExec.exe /I{90280405-6000-11D3-8CFE-0050048383C9}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
mIRC 6.15-->"C:\Program Files\mIRC\unins000.exe"
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
MP3 Voice Recorder 1.0-->"C:\Program Files\MP3 Voice Recorder\unins000.exe"
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MyDSC2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero Recode CE-->C:\WINDOWS\UNRecode.exe /UNINSTALL
NeroVision Express 3-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nikon View 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
Oprava hotfix aplikace Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
PowerArchiver 2006 v9.64 Czech-->"C:\Program Files\PowerArchiver\unins000.exe"
PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"
PuTTY version 0.60-->"C:\Program Files\PuTTY\unins000.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RapidSpool 2.0.1-->"C:\Program Files\RapidSpool\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""
SlickView 1.4-->"C:\Program Files\René Slijkhuis\SlickView\unins000.exe"
Smart PC Recorder - by freebird-->C:\Program Files\freebird\SmartRecorder\Uninstall.exe
Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe"
Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
Sunbelt Kerio Personal Firewall-->MsiExec.exe /X{E659E0EE-10E6-49B7-8696-60F38D0EB174}
Tactile12000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Tactile Pictures\Uninst.isu"
Tinynice MP3Recorder 1.00 Beta-->"C:\Program Files\Tinynice Software\MP3Recorder\unins000.exe"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
TotalImageConverter-->"C:\Program Files\TotalImageConverter\unins000.exe"
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
UltraMixer 2.1.4-->"C:\Program Files\UltraMixer\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
WD SmartWare-->MsiExec.exe /X{CD0DC280-2489-4464-A2FC-16104676394A}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinFast Entertainment Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE4AA694-815A-4045-BD49-C94F2BED7458}\setup.exe"
WinFast PVR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C882DE6B-1482-42D6-A7C2-A9F946EDBAF6}\setup.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
XstreamRadio 3.02-->MsiExec.exe /X{35915E20-0B68-4315-9C76-E36FD82695B6}
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Xvid CZ 1.01-->"C:\Program Files\Xvid CZ\unins000.exe"
Zlurp! 1.9.4-->"C:\Program Files\Zlurp!\unins000.exe"

======Security center information======

AV: ESET Smart Security 5.0
FW: ESET personal firewall
FW: Sunbelt Kerio Personal Firewall

Re: Napadení trojským koněm Mebroot FX

Napsal: 24 úno 2012 21:45
od vyosek
Zdravim a pekny vecer preji :)

:arrow: Poprosim i o druhy log z RSIT s nazvem log.txt, je ulozen v c:\rsit

:arrow: Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe
  • Ulozte nejlepe na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
  • Kliknete na Report
  • Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte
:arrow: Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
  • Kliknete na volbu Change parametrs
  • V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
  • Kliknete na OK
  • Utilite prikazte, at skenuje - klik na Start Scan
  • Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
  • Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
  • Pokud mate vsude Skip, kliknete na Continue
  • Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Re: Napadení trojským koněm Mebroot FX

Napsal: 24 úno 2012 22:01
od credo17
Vkládám sem logy, našlo mi tam toho docela dost. :-)

Nejprve ten RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Standa at 2012-02-24 21:39:21
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (3%) free of 128 GB
Total RAM: 1023 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:39:37, on 24.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Standa\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Standa\Plocha\SALAMAND.EXE
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\RSIT.exe
C:\Program Files\trend micro\Standa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 86.49.29.218:8192
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\tbDow0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\tbDow0.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\tbDow0.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PATHPILOT] C:\Program Files\Kat MP3 Recorder\Kat MP3 Recorder.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Standa\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 8458 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
Download Energy Toolbar - C:\Program Files\Download_Energy\tbDow0.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-06-18 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 191096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ad708c09-d51b-45b3-9d28-4eba2681febf} - Download Energy Toolbar - C:\Program Files\Download_Energy\tbDow0.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2004-04-06 1298542]
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2005-09-30 319488]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-09-22 185632]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-12-09 74752]
"PATHPILOT"=C:\Program Files\Kat MP3 Recorder\Kat MP3 Recorder.exe [2010-11-04 347648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 3080264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Octoshape Streaming Services"=C:\Documents and Settings\Standa\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2009-01-08 70936]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
WDSmartWare.lnk - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\telesat\AZBoxEdit\AZBoxEdit.exe"="C:\Program Files\telesat\AZBoxEdit\AZBoxEdit.exe:*:Enabled:AZBoxEdit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"vidc.xvid"=xvid.dll
"midi9"=C:\WINDOWS\system32\..\vygl.tmp 0yAAAAAAAA

======File associations======

.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 month======

2012-02-24 21:39:23 ----D---- C:\Program Files\trend micro
2012-02-24 21:39:21 ----D---- C:\rsit
2012-02-24 21:34:08 ----A---- C:\RSIT.exe
2012-02-24 08:35:19 ----D---- C:\Program Files\AVAST Software
2012-02-24 08:35:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2012-02-24 08:33:45 ----A---- C:\setup_av_free.exe
2012-02-18 09:08:08 ----A---- C:\winamp5623_full_emusic-7plus_all.exe
2012-02-16 22:23:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-16 22:21:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-16 20:15:32 ----N---- C:\WINDOWS\system32\iacenc.dll

======List of files/folders modified in the last 1 month======

2012-02-24 21:39:23 ----RD---- C:\Program Files
2012-02-24 21:37:01 ----D---- C:\Documents and Settings\Standa\Data aplikací\Free Download Manager
2012-02-24 21:24:08 ----D---- C:\WINDOWS\Temp
2012-02-24 21:24:06 ----AD---- C:\WINDOWS
2012-02-24 21:23:13 ----D---- C:\WINDOWS\Minidump
2012-02-24 21:09:57 ----SHD---- C:\Config.Msi
2012-02-24 21:09:51 ----SHD---- C:\WINDOWS\Installer
2012-02-24 21:09:34 ----HD---- C:\WINDOWS\inf
2012-02-24 21:09:34 ----D---- C:\WINDOWS\system32\drivers
2012-02-24 21:09:16 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-24 21:07:50 ----D---- C:\Program Files\ESET
2012-02-24 20:59:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-24 20:55:56 ----D---- C:\WINDOWS\system32
2012-02-24 08:36:21 ----D---- C:\WINDOWS\WinSxS
2012-02-23 22:09:35 ----D---- C:\Program Files\PowerArchiver
2012-02-23 20:50:59 ----D---- C:\MUSIC
2012-02-22 23:49:48 ----D---- C:\WINDOWS\Prefetch
2012-02-18 09:47:30 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-18 09:47:13 ----RSD---- C:\WINDOWS\assembly
2012-02-17 08:55:31 ----D---- C:\Program Files\Internet Explorer
2012-02-16 22:51:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-16 22:24:30 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-16 22:24:08 ----A---- C:\WINDOWS\imsins.BAK
2012-02-16 22:24:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-16 22:21:42 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-11 16:11:38 ----D---- C:\YOUDJ
2012-02-05 21:00:49 ----D---- C:\MUSIC 2012
2012-02-04 00:37:38 ----D---- C:\MOVIE
2012-01-29 19:11:48 ----D---- C:\Best of Dance 2011 - TOP 100

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-12-16 31088]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2011-08-04 61936]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 284184]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-04-06 25600]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 91672]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2010-12-01 108104]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728]
R3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
R3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 Dot4Scan;Ovladač třídy skeneru standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2011-08-09 39824]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-10-15 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;Zvukový řadič VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-03 84480]
R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-04-06 89472]
S3 0kkbtnn.sys;0kkbtnn.sys; \??\C:\WINDOWS\system32\drivers\0kkbtnn.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DualCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2006-01-26 34686]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\drivers\xcpip.sys []
S3 xpsec;Ovladač IPSEC; C:\WINDOWS\system32\drivers\xpsec.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-04-06 929904]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2006-07-18 1205784]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WDDMService;WD SmartWare Drive Manager; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Pak ten TDSS killer

21:52:49.0876 0896 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
21:52:50.0116 0896 ============================================================
21:52:50.0116 0896 Current date / time: 2012/02/24 21:52:50.0116
21:52:50.0116 0896 SystemInfo:
21:52:50.0116 0896
21:52:50.0116 0896 OS Version: 5.1.2600 ServicePack: 3.0
21:52:50.0116 0896 Product type: Workstation
21:52:50.0116 0896 ComputerName: STANISLA-6927C2
21:52:50.0116 0896 UserName: Standa
21:52:50.0116 0896 Windows directory: C:\WINDOWS
21:52:50.0116 0896 System windows directory: C:\WINDOWS
21:52:50.0116 0896 Processor architecture: Intel x86
21:52:50.0116 0896 Number of processors: 1
21:52:50.0116 0896 Page size: 0x1000
21:52:50.0116 0896 Boot type: Normal boot
21:52:50.0116 0896 ============================================================
21:52:52.0169 0896 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:52:52.0299 0896 \Device\Harddisk0\DR0:
21:52:52.0299 0896 MBR used
21:52:52.0299 0896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFA011FF
21:52:52.0299 0896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFA0123E, BlocksNum 0x15A2C483
21:52:52.0419 0896 Initialize success
21:52:52.0419 0896 ============================================================
21:53:17.0946 2644 ============================================================
21:53:17.0946 2644 Scan started
21:53:17.0946 2644 Mode: Manual; SigCheck; TDLFS;
21:53:17.0946 2644 ============================================================
21:53:18.0567 2644 0kkbtnn.sys - ok
21:53:18.0637 2644 Abiosdsk - ok
21:53:18.0697 2644 abp480n5 - ok
21:53:18.0827 2644 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:53:21.0571 2644 ACPI - ok
21:53:21.0691 2644 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:53:22.0192 2644 ACPIEC - ok
21:53:22.0272 2644 adpu160m - ok
21:53:22.0372 2644 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:53:22.0833 2644 aec - ok
21:53:22.0983 2644 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:53:23.0063 2644 AFD - ok
21:53:23.0174 2644 Aha154x - ok
21:53:23.0244 2644 aic78u2 - ok
21:53:23.0304 2644 aic78xx - ok
21:53:23.0394 2644 AliIde - ok
21:53:23.0484 2644 AmdK7 (3980814f8027d27ea003e2e3d9d4f604) C:\WINDOWS\system32\DRIVERS\amdk7.sys
21:53:24.0005 2644 AmdK7 - ok
21:53:24.0075 2644 amsint - ok
21:53:24.0215 2644 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\WINDOWS\system32\Drivers\AnyDVD.sys
21:53:24.0495 2644 AnyDVD - ok
21:53:24.0706 2644 asc - ok
21:53:24.0906 2644 asc3350p - ok
21:53:25.0086 2644 asc3550 - ok
21:53:25.0337 2644 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
21:53:25.0367 2644 ASPI32 ( UnsignedFile.Multi.Generic ) - warning
21:53:25.0367 2644 ASPI32 - detected UnsignedFile.Multi.Generic (1)
21:53:25.0627 2644 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:53:26.0188 2644 AsyncMac - ok
21:53:26.0388 2644 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:53:26.0859 2644 atapi - ok
21:53:27.0099 2644 Atdisk - ok
21:53:27.0299 2644 ati2mtag (86be5339a67c0a309f3e3ef8b0901ee5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:53:27.0710 2644 ati2mtag - ok
21:53:27.0830 2644 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:53:28.0401 2644 Atmarpc - ok
21:53:28.0541 2644 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:53:29.0012 2644 audstub - ok
21:53:29.0112 2644 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:53:29.0663 2644 Beep - ok
21:53:29.0803 2644 catchme - ok
21:53:29.0933 2644 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:53:30.0584 2644 cbidf2k - ok
21:53:30.0674 2644 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:53:31.0135 2644 CCDECODE - ok
21:53:31.0245 2644 cd20xrnt - ok
21:53:31.0355 2644 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:53:31.0956 2644 Cdaudio - ok
21:53:32.0036 2644 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:53:32.0487 2644 Cdfs - ok
21:53:32.0607 2644 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:53:33.0108 2644 Cdrom - ok
21:53:33.0188 2644 Changer - ok
21:53:33.0338 2644 CmdIde - ok
21:53:33.0458 2644 Cpqarray - ok
21:53:33.0578 2644 CX23880 (fce8506d1c61f05319e85c70638abd21) C:\WINDOWS\system32\drivers\cx88vid.sys
21:53:33.0649 2644 CX23880 - ok
21:53:33.0789 2644 CXAVXBAR (e80185c7ac234c9b045513de2cbeff4c) C:\WINDOWS\system32\drivers\cxavxbar.sys
21:53:33.0869 2644 CXAVXBAR - ok
21:53:33.0949 2644 CXTUNE (b5e3d476efaf08a2cd2cf77835018123) C:\WINDOWS\system32\drivers\CX88TUNE.sys
21:53:34.0019 2644 CXTUNE - ok
21:53:34.0089 2644 dac2w2k - ok
21:53:34.0179 2644 dac960nt - ok
21:53:34.0310 2644 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:53:34.0790 2644 Disk - ok
21:53:34.0980 2644 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
21:53:35.0511 2644 dmboot - ok
21:53:35.0641 2644 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
21:53:36.0192 2644 dmio - ok
21:53:36.0262 2644 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:53:36.0773 2644 dmload - ok
21:53:36.0873 2644 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:53:37.0324 2644 DMusic - ok
21:53:37.0504 2644 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
21:53:37.0965 2644 Dot4 - ok
21:53:38.0075 2644 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
21:53:38.0646 2644 Dot4Print - ok
21:53:38.0776 2644 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
21:53:39.0377 2644 Dot4Scan - ok
21:53:39.0477 2644 dpti2o - ok
21:53:39.0557 2644 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:53:39.0958 2644 drmkaud - ok
21:53:40.0048 2644 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
21:53:40.0108 2644 eamon - ok
21:53:40.0218 2644 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
21:53:40.0248 2644 ehdrv - ok
21:53:40.0388 2644 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
21:53:40.0448 2644 ElbyCDIO - ok
21:53:40.0538 2644 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\WINDOWS\system32\DRIVERS\epfw.sys
21:53:40.0589 2644 epfw - ok
21:53:40.0709 2644 Epfwndis (75d3bcd3e0eded0ab0f96d9a10ff01c9) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
21:53:40.0759 2644 Epfwndis - ok
21:53:40.0859 2644 epfwtdi (dc64f26f35e32c9472bbf8acd84060d3) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
21:53:40.0889 2644 epfwtdi - ok
21:53:41.0109 2644 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:53:41.0630 2644 Fastfat - ok
21:53:41.0730 2644 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:53:42.0201 2644 Fdc - ok
21:53:42.0321 2644 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
21:53:42.0852 2644 Fips - ok
21:53:42.0932 2644 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:53:43.0322 2644 Flpydisk - ok
21:53:43.0433 2644 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:53:43.0963 2644 FltMgr - ok
21:53:44.0064 2644 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:53:44.0564 2644 Fs_Rec - ok
21:53:44.0644 2644 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:53:45.0315 2644 Ftdisk - ok
21:53:45.0456 2644 fwdrv (1ff2eef447a177df2c544b80f8f7f879) C:\WINDOWS\system32\drivers\fwdrv.sys
21:53:45.0506 2644 fwdrv - ok
21:53:45.0626 2644 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:53:46.0096 2644 gameenum - ok
21:53:46.0217 2644 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:53:46.0697 2644 Gpc - ok
21:53:46.0787 2644 hpn - ok
21:53:46.0908 2644 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:53:47.0028 2644 HTTP - ok
21:53:47.0138 2644 i2omgmt - ok
21:53:47.0218 2644 i2omp - ok
21:53:47.0308 2644 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:53:47.0689 2644 i8042prt - ok
21:53:47.0799 2644 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:53:48.0290 2644 Imapi - ok
21:53:48.0410 2644 InCDfs (694f2709ea18565f66751857e8f5c3dd) C:\WINDOWS\system32\drivers\InCDfs.sys
21:53:48.0450 2644 InCDfs ( UnsignedFile.Multi.Generic ) - warning
21:53:48.0450 2644 InCDfs - detected UnsignedFile.Multi.Generic (1)
21:53:48.0560 2644 InCDPass (7daa24d326d3ef94574002bec52a733d) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
21:53:48.0590 2644 InCDPass ( UnsignedFile.Multi.Generic ) - warning
21:53:48.0590 2644 InCDPass - detected UnsignedFile.Multi.Generic (1)
21:53:48.0690 2644 InCDrec (36dfcb32d75b0ff09dfd405d1c1de261) C:\WINDOWS\system32\drivers\InCDrec.sys
21:53:48.0710 2644 InCDrec ( UnsignedFile.Multi.Generic ) - warning
21:53:48.0710 2644 InCDrec - detected UnsignedFile.Multi.Generic (1)
21:53:48.0860 2644 ini910u - ok
21:53:48.0951 2644 IntelIde - ok
21:53:49.0041 2644 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:53:49.0501 2644 Ip6Fw - ok
21:53:49.0592 2644 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:53:50.0172 2644 IpFilterDriver - ok
21:53:50.0293 2644 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:53:50.0723 2644 IpInIp - ok
21:53:50.0823 2644 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:53:51.0274 2644 IpNat - ok
21:53:51.0354 2644 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:53:51.0845 2644 IPSec - ok
21:53:51.0955 2644 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:53:52.0386 2644 IRENUM - ok
21:53:52.0516 2644 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:53:53.0046 2644 isapnp - ok
21:53:53.0197 2644 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:53:53.0557 2644 Kbdclass - ok
21:53:53.0697 2644 khips (304ce9fb3d64caa07b940bef4f8c2dcd) C:\WINDOWS\system32\drivers\khips.sys
21:53:53.0737 2644 khips - ok
21:53:53.0868 2644 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:53:54.0278 2644 kmixer - ok
21:53:54.0398 2644 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:53:54.0479 2644 KSecDD - ok
21:53:54.0659 2644 lbrtfdc - ok
21:53:54.0899 2644 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:53:55.0450 2644 mnmdd - ok
21:53:55.0560 2644 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
21:53:56.0021 2644 Modem - ok
21:53:56.0121 2644 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:53:56.0521 2644 Mouclass - ok
21:53:56.0632 2644 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:53:57.0102 2644 MountMgr - ok
21:53:57.0202 2644 mraid35x - ok
21:53:57.0293 2644 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:53:57.0763 2644 MRxDAV - ok
21:53:57.0883 2644 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:53:58.0064 2644 MRxSmb - ok
21:53:58.0344 2644 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:53:58.0835 2644 Msfs - ok
21:53:58.0985 2644 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:53:59.0646 2644 MSKSSRV - ok
21:53:59.0836 2644 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:54:00.0327 2644 MSPCLOCK - ok
21:54:00.0567 2644 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:54:01.0288 2644 MSPQM - ok
21:54:01.0469 2644 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:54:01.0869 2644 mssmbios - ok
21:54:02.0049 2644 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:54:02.0520 2644 MSTEE - ok
21:54:02.0780 2644 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:54:02.0891 2644 Mup - ok
21:54:03.0111 2644 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:54:03.0572 2644 NABTSFEC - ok
21:54:03.0822 2644 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:54:04.0253 2644 NDIS - ok
21:54:04.0363 2644 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:54:04.0803 2644 NdisIP - ok
21:54:04.0904 2644 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:54:04.0964 2644 NdisTapi - ok
21:54:05.0074 2644 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:54:05.0484 2644 Ndisuio - ok
21:54:05.0605 2644 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:54:06.0015 2644 NdisWan - ok
21:54:06.0135 2644 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:54:06.0205 2644 NDProxy - ok
21:54:06.0296 2644 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:54:06.0726 2644 NetBIOS - ok
21:54:06.0826 2644 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:54:07.0227 2644 NetBT - ok
21:54:07.0427 2644 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:54:07.0888 2644 Npfs - ok
21:54:08.0028 2644 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:54:08.0509 2644 Ntfs - ok
21:54:08.0629 2644 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:54:09.0210 2644 Null - ok
21:54:09.0320 2644 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:54:10.0021 2644 NwlnkFlt - ok
21:54:10.0121 2644 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:54:10.0712 2644 NwlnkFwd - ok
21:54:10.0832 2644 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
21:54:11.0283 2644 Parport - ok
21:54:11.0393 2644 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:54:11.0803 2644 PartMgr - ok
21:54:11.0884 2644 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
21:54:12.0474 2644 ParVdm - ok
21:54:12.0575 2644 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
21:54:12.0985 2644 PCI - ok
21:54:13.0075 2644 PCIDump - ok
21:54:13.0155 2644 PCIIde - ok
21:54:13.0256 2644 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:54:13.0716 2644 Pcmcia - ok
21:54:13.0826 2644 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
21:54:13.0876 2644 Pcouffin ( UnsignedFile.Multi.Generic ) - warning
21:54:13.0876 2644 Pcouffin - detected UnsignedFile.Multi.Generic (1)
21:54:13.0957 2644 PDCOMP - ok
21:54:14.0037 2644 PDFRAME - ok
21:54:14.0097 2644 PDRELI - ok
21:54:14.0197 2644 PDRFRAME - ok
21:54:14.0267 2644 perc2 - ok
21:54:14.0347 2644 perc2hib - ok
21:54:14.0547 2644 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
21:54:14.0577 2644 pfc ( UnsignedFile.Multi.Generic ) - warning
21:54:14.0577 2644 pfc - detected UnsignedFile.Multi.Generic (1)
21:54:14.0718 2644 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:54:15.0108 2644 PptpMiniport - ok
21:54:15.0198 2644 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:54:15.0619 2644 PSched - ok
21:54:15.0729 2644 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:54:16.0310 2644 Ptilink - ok
21:54:16.0410 2644 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:54:16.0440 2644 PxHelp20 - ok
21:54:16.0520 2644 ql1080 - ok
21:54:16.0620 2644 Ql10wnt - ok
21:54:16.0710 2644 ql12160 - ok
21:54:16.0811 2644 ql1240 - ok
21:54:16.0881 2644 ql1280 - ok
21:54:16.0941 2644 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:54:17.0522 2644 RasAcd - ok
21:54:17.0652 2644 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:54:18.0092 2644 Rasl2tp - ok
21:54:18.0223 2644 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:54:18.0583 2644 RasPppoe - ok
21:54:18.0683 2644 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:54:19.0284 2644 Raspti - ok
21:54:19.0404 2644 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:54:19.0765 2644 Rdbss - ok
21:54:19.0845 2644 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:54:20.0446 2644 RDPCDD - ok
21:54:20.0586 2644 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:54:20.0997 2644 rdpdr - ok
21:54:21.0177 2644 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:54:21.0287 2644 RDPWD - ok
21:54:21.0447 2644 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:54:21.0838 2644 redbook - ok
21:54:22.0038 2644 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:54:22.0419 2644 rtl8139 - ok
21:54:22.0629 2644 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:54:23.0060 2644 Secdrv - ok
21:54:23.0190 2644 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:54:23.0640 2644 serenum - ok
21:54:23.0761 2644 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
21:54:24.0201 2644 Serial - ok
21:54:24.0311 2644 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:54:24.0762 2644 Sfloppy - ok
21:54:24.0892 2644 Simbad - ok
21:54:24.0952 2644 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:54:25.0363 2644 SLIP - ok
21:54:25.0503 2644 Sparrow - ok
21:54:25.0593 2644 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:54:25.0994 2644 splitter - ok
21:54:26.0084 2644 SQTECH905C (e3879c514f59402e1a7ce58a5511816f) C:\WINDOWS\system32\Drivers\Capt905c.sys
21:54:26.0114 2644 SQTECH905C ( UnsignedFile.Multi.Generic ) - warning
21:54:26.0114 2644 SQTECH905C - detected UnsignedFile.Multi.Generic (1)
21:54:26.0224 2644 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
21:54:26.0625 2644 sr - ok
21:54:26.0795 2644 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:54:26.0905 2644 Srv - ok
21:54:27.0105 2644 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:54:27.0476 2644 streamip - ok
21:54:27.0546 2644 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:54:27.0997 2644 swenum - ok
21:54:28.0137 2644 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:54:28.0527 2644 swmidi - ok
21:54:28.0638 2644 symc810 - ok
21:54:28.0718 2644 symc8xx - ok
21:54:28.0788 2644 sym_hi - ok
21:54:28.0898 2644 sym_u3 - ok
21:54:29.0008 2644 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:54:29.0389 2644 sysaudio - ok
21:54:29.0589 2644 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:54:29.0699 2644 Tcpip - ok
21:54:29.0829 2644 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:54:30.0280 2644 TDPIPE - ok
21:54:30.0370 2644 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:54:30.0741 2644 TDTCP - ok
21:54:30.0871 2644 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:54:31.0322 2644 TermDD - ok
21:54:31.0412 2644 TosIde - ok
21:54:31.0512 2644 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:54:31.0902 2644 Udfs - ok
21:54:32.0033 2644 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
21:54:32.0053 2644 ULCDRHlp ( UnsignedFile.Multi.Generic ) - warning
21:54:32.0053 2644 ULCDRHlp - detected UnsignedFile.Multi.Generic (1)
21:54:32.0123 2644 ultra - ok
21:54:32.0253 2644 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:54:32.0724 2644 Update - ok
21:54:32.0914 2644 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:54:33.0314 2644 usbhub - ok
21:54:33.0415 2644 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:54:33.0835 2644 usbscan - ok
21:54:33.0945 2644 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:54:34.0376 2644 usbstor - ok
21:54:34.0466 2644 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:54:34.0917 2644 usbuhci - ok
21:54:35.0127 2644 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:54:35.0538 2644 VgaSave - ok
21:54:35.0638 2644 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:54:36.0078 2644 viaagp - ok
21:54:36.0209 2644 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:54:36.0599 2644 ViaIde - ok
21:54:36.0739 2644 VIAudio (819bf44085104be6527b86a88acf856b) C:\WINDOWS\system32\drivers\ac97via.sys
21:54:37.0110 2644 VIAudio - ok
21:54:37.0310 2644 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
21:54:37.0701 2644 VolSnap - ok
21:54:37.0891 2644 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:54:38.0292 2644 Wanarp - ok
21:54:38.0442 2644 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:54:38.0512 2644 WDC_SAM - ok
21:54:38.0652 2644 WDICA - ok
21:54:38.0842 2644 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:54:39.0283 2644 wdmaud - ok
21:54:39.0493 2644 WFIOCTL (9bc98a4e3401d52ed860cf883ccb7478) C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS
21:54:39.0513 2644 WFIOCTL ( UnsignedFile.Multi.Generic ) - warning
21:54:39.0513 2644 WFIOCTL - detected UnsignedFile.Multi.Generic (1)
21:54:40.0024 2644 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
21:54:40.0164 2644 WpdUsb - ok
21:54:40.0385 2644 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:54:40.0755 2644 WSTCODEC - ok
21:54:40.0895 2644 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:54:40.0965 2644 WudfPf - ok
21:54:41.0045 2644 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:54:41.0096 2644 WudfRd - ok
21:54:41.0276 2644 xcpip - ok
21:54:41.0366 2644 xpsec - ok
21:54:41.0456 2644 MBR (0x1B8) (0e1d60863e74698b6255deeb65261da6) \Device\Harddisk0\DR0
21:54:41.0456 2644 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
21:54:41.0456 2644 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
21:54:41.0556 2644 Boot (0x1200) (b50d4b9fa536699c7b5d44074652c756) \Device\Harddisk0\DR0\Partition0
21:54:41.0556 2644 \Device\Harddisk0\DR0\Partition0 - ok
21:54:41.0606 2644 Boot (0x1200) (12a43653fc8c1f4e06c9a56710d145b0) \Device\Harddisk0\DR0\Partition1
21:54:41.0616 2644 \Device\Harddisk0\DR0\Partition1 - ok
21:54:41.0626 2644 ============================================================
21:54:41.0626 2644 Scan finished
21:54:41.0626 2644 ============================================================
21:54:41.0867 2412 Detected object count: 10
21:54:41.0867 2412 Actual detected object count: 10
21:55:53.0590 2412 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:53.0590 2412 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:53.0590 2412 InCDfs ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:53.0590 2412 InCDfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:53.0610 2412 InCDPass ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:53.0610 2412 InCDPass ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:53.0610 2412 InCDrec ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:53.0610 2412 InCDrec ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:53.0650 2412 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:53.0650 2412 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:53.0650 2412 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:53.0650 2412 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:53.0650 2412 SQTECH905C ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:53.0650 2412 SQTECH905C ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:53.0660 2412 ULCDRHlp ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:53.0660 2412 ULCDRHlp ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:53.0660 2412 WFIOCTL ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:53.0660 2412 WFIOCTL ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:53.0670 2412 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - skipped by user
21:55:53.0670 2412 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Skip

A ten MBR Scan

[

Re: Napadení trojským koněm Mebroot FX

Napsal: 24 úno 2012 22:03
od credo17
TEN MBRscan mi sem nejde vložit, jsou tam jenom nějaké čtverečky. :-)

Re: Napadení trojským koněm Mebroot FX

Napsal: 24 úno 2012 22:05
od vyosek
:arrow: Fajn, i TDSSKiller ho ukazal svinaka Sinowala

:arrow: Znovu spustte TDSSKiller, prikazte at skenuje a pak u polozky \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) nechte Cure

:arrow: Bude treba restart PC

:arrow: Pak udelejte novy sken TDSSKillerem

Re: Napadení trojským koněm Mebroot FX

Napsal: 24 úno 2012 22:18
od credo17
Posílám nový log z TSSKilleru.

22:14:14.0404 2408 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
22:14:15.0075 2408 ============================================================
22:14:15.0075 2408 Current date / time: 2012/02/24 22:14:15.0075
22:14:15.0075 2408 SystemInfo:
22:14:15.0075 2408
22:14:15.0085 2408 OS Version: 5.1.2600 ServicePack: 3.0
22:14:15.0085 2408 Product type: Workstation
22:14:15.0085 2408 ComputerName: STANISLA-6927C2
22:14:15.0085 2408 UserName: Standa
22:14:15.0085 2408 Windows directory: C:\WINDOWS
22:14:15.0085 2408 System windows directory: C:\WINDOWS
22:14:15.0085 2408 Processor architecture: Intel x86
22:14:15.0085 2408 Number of processors: 1
22:14:15.0085 2408 Page size: 0x1000
22:14:15.0085 2408 Boot type: Normal boot
22:14:15.0085 2408 ============================================================
22:14:17.0168 2408 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:14:17.0298 2408 \Device\Harddisk0\DR0:
22:14:17.0298 2408 MBR used
22:14:17.0298 2408 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFA011FF
22:14:17.0298 2408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFA0123E, BlocksNum 0x15A2C483
22:14:17.0488 2408 Initialize success
22:14:17.0488 2408 ============================================================
22:14:25.0960 2112 ============================================================
22:14:25.0960 2112 Scan started
22:14:25.0960 2112 Mode: Manual; SigCheck; TDLFS;
22:14:25.0960 2112 ============================================================
22:14:26.0651 2112 0kkbtnn.sys - ok
22:14:26.0741 2112 Abiosdsk - ok
22:14:26.0821 2112 abp480n5 - ok
22:14:26.0962 2112 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:14:30.0747 2112 ACPI - ok
22:14:30.0937 2112 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:14:31.0598 2112 ACPIEC - ok
22:14:31.0728 2112 adpu160m - ok
22:14:31.0899 2112 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:14:32.0449 2112 aec - ok
22:14:32.0690 2112 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:14:32.0840 2112 AFD - ok
22:14:33.0191 2112 Aha154x - ok
22:14:33.0271 2112 aic78u2 - ok
22:14:33.0361 2112 aic78xx - ok
22:14:33.0501 2112 AliIde - ok
22:14:33.0651 2112 AmdK7 (3980814f8027d27ea003e2e3d9d4f604) C:\WINDOWS\system32\DRIVERS\amdk7.sys
22:14:34.0162 2112 AmdK7 - ok
22:14:34.0332 2112 amsint - ok
22:14:34.0472 2112 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\WINDOWS\system32\Drivers\AnyDVD.sys
22:14:34.0833 2112 AnyDVD - ok
22:14:35.0023 2112 asc - ok
22:14:35.0153 2112 asc3350p - ok
22:14:35.0254 2112 asc3550 - ok
22:14:35.0434 2112 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
22:14:35.0474 2112 ASPI32 ( UnsignedFile.Multi.Generic ) - warning
22:14:35.0474 2112 ASPI32 - detected UnsignedFile.Multi.Generic (1)
22:14:35.0674 2112 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:14:36.0275 2112 AsyncMac - ok
22:14:36.0525 2112 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:14:37.0076 2112 atapi - ok
22:14:37.0256 2112 Atdisk - ok
22:14:37.0477 2112 ati2mtag (86be5339a67c0a309f3e3ef8b0901ee5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:14:37.0957 2112 ati2mtag - ok
22:14:38.0218 2112 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:14:38.0749 2112 Atmarpc - ok
22:14:38.0949 2112 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:14:39.0580 2112 audstub - ok
22:14:39.0760 2112 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:14:40.0431 2112 Beep - ok
22:14:40.0511 2112 catchme - ok
22:14:40.0651 2112 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:14:41.0272 2112 cbidf2k - ok
22:14:41.0422 2112 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:14:41.0853 2112 CCDECODE - ok
22:14:41.0943 2112 cd20xrnt - ok
22:14:42.0043 2112 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:14:42.0714 2112 Cdaudio - ok
22:14:42.0895 2112 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:14:43.0315 2112 Cdfs - ok
22:14:43.0495 2112 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:14:44.0026 2112 Cdrom - ok
22:14:44.0156 2112 Changer - ok
22:14:44.0297 2112 CmdIde - ok
22:14:44.0417 2112 Cpqarray - ok
22:14:44.0557 2112 CX23880 (fce8506d1c61f05319e85c70638abd21) C:\WINDOWS\system32\drivers\cx88vid.sys
22:14:44.0647 2112 CX23880 - ok
22:14:44.0817 2112 CXAVXBAR (e80185c7ac234c9b045513de2cbeff4c) C:\WINDOWS\system32\drivers\cxavxbar.sys
22:14:44.0947 2112 CXAVXBAR - ok
22:14:45.0148 2112 CXTUNE (b5e3d476efaf08a2cd2cf77835018123) C:\WINDOWS\system32\drivers\CX88TUNE.sys
22:14:45.0228 2112 CXTUNE - ok
22:14:45.0328 2112 dac2w2k - ok
22:14:45.0408 2112 dac960nt - ok
22:14:45.0548 2112 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:14:46.0079 2112 Disk - ok
22:14:46.0229 2112 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
22:14:46.0810 2112 dmboot - ok
22:14:46.0950 2112 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
22:14:47.0752 2112 dmio - ok
22:14:47.0882 2112 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:14:48.0463 2112 dmload - ok
22:14:48.0533 2112 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:14:49.0023 2112 DMusic - ok
22:14:49.0133 2112 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
22:14:49.0684 2112 Dot4 - ok
22:14:49.0814 2112 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
22:14:50.0405 2112 Dot4Print - ok
22:14:50.0525 2112 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
22:14:51.0106 2112 Dot4Scan - ok
22:14:51.0237 2112 dpti2o - ok
22:14:51.0307 2112 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:14:51.0747 2112 drmkaud - ok
22:14:51.0887 2112 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
22:14:51.0948 2112 eamon - ok
22:14:52.0058 2112 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
22:14:52.0098 2112 ehdrv - ok
22:14:52.0208 2112 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
22:14:52.0268 2112 ElbyCDIO - ok
22:14:52.0458 2112 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\WINDOWS\system32\DRIVERS\epfw.sys
22:14:52.0498 2112 epfw - ok
22:14:52.0558 2112 Epfwndis (75d3bcd3e0eded0ab0f96d9a10ff01c9) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
22:14:52.0669 2112 Epfwndis - ok
22:14:52.0849 2112 epfwtdi (dc64f26f35e32c9472bbf8acd84060d3) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
22:14:52.0899 2112 epfwtdi - ok
22:14:53.0059 2112 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:14:53.0620 2112 Fastfat - ok
22:14:53.0850 2112 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:14:54.0311 2112 Fdc - ok
22:14:54.0411 2112 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
22:14:54.0902 2112 Fips - ok
22:14:55.0032 2112 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:14:55.0483 2112 Flpydisk - ok
22:14:55.0593 2112 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:14:56.0114 2112 FltMgr - ok
22:14:56.0254 2112 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:14:56.0815 2112 Fs_Rec - ok
22:14:56.0905 2112 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:14:57.0606 2112 Ftdisk - ok
22:14:57.0746 2112 fwdrv (1ff2eef447a177df2c544b80f8f7f879) C:\WINDOWS\system32\drivers\fwdrv.sys
22:14:57.0806 2112 fwdrv - ok
22:14:57.0926 2112 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:14:58.0457 2112 gameenum - ok
22:14:58.0557 2112 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:14:59.0078 2112 Gpc - ok
22:14:59.0248 2112 hpn - ok
22:14:59.0358 2112 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:14:59.0478 2112 HTTP - ok
22:14:59.0639 2112 i2omgmt - ok
22:14:59.0719 2112 i2omp - ok
22:14:59.0869 2112 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:15:00.0340 2112 i8042prt - ok
22:15:00.0520 2112 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:15:00.0960 2112 Imapi - ok
22:15:01.0221 2112 InCDfs (694f2709ea18565f66751857e8f5c3dd) C:\WINDOWS\system32\drivers\InCDfs.sys
22:15:01.0331 2112 InCDfs ( UnsignedFile.Multi.Generic ) - warning
22:15:01.0331 2112 InCDfs - detected UnsignedFile.Multi.Generic (1)
22:15:01.0471 2112 InCDPass (7daa24d326d3ef94574002bec52a733d) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
22:15:01.0531 2112 InCDPass ( UnsignedFile.Multi.Generic ) - warning
22:15:01.0531 2112 InCDPass - detected UnsignedFile.Multi.Generic (1)
22:15:01.0702 2112 InCDrec (36dfcb32d75b0ff09dfd405d1c1de261) C:\WINDOWS\system32\drivers\InCDrec.sys
22:15:01.0752 2112 InCDrec ( UnsignedFile.Multi.Generic ) - warning
22:15:01.0752 2112 InCDrec - detected UnsignedFile.Multi.Generic (1)
22:15:01.0952 2112 ini910u - ok
22:15:02.0042 2112 IntelIde - ok
22:15:02.0152 2112 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:15:02.0653 2112 Ip6Fw - ok
22:15:02.0853 2112 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:15:03.0414 2112 IpFilterDriver - ok
22:15:03.0594 2112 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:15:03.0995 2112 IpInIp - ok
22:15:04.0135 2112 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:15:04.0546 2112 IpNat - ok
22:15:04.0616 2112 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:15:05.0106 2112 IPSec - ok
22:15:05.0297 2112 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:15:05.0717 2112 IRENUM - ok
22:15:05.0838 2112 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:15:06.0298 2112 isapnp - ok
22:15:06.0539 2112 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:15:07.0019 2112 Kbdclass - ok
22:15:07.0179 2112 khips (304ce9fb3d64caa07b940bef4f8c2dcd) C:\WINDOWS\system32\drivers\khips.sys
22:15:07.0219 2112 khips - ok
22:15:07.0370 2112 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:15:07.0740 2112 kmixer - ok
22:15:08.0121 2112 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:15:08.0241 2112 KSecDD - ok
22:15:08.0441 2112 lbrtfdc - ok
22:15:08.0672 2112 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:15:09.0343 2112 mnmdd - ok
22:15:09.0483 2112 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
22:15:09.0903 2112 Modem - ok
22:15:10.0044 2112 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:15:10.0614 2112 Mouclass - ok
22:15:10.0765 2112 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:15:11.0185 2112 MountMgr - ok
22:15:11.0375 2112 mraid35x - ok
22:15:11.0516 2112 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:15:11.0956 2112 MRxDAV - ok
22:15:12.0207 2112 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:15:12.0437 2112 MRxSmb - ok
22:15:12.0617 2112 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:15:13.0038 2112 Msfs - ok
22:15:13.0208 2112 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:15:13.0789 2112 MSKSSRV - ok
22:15:13.0959 2112 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:15:14.0350 2112 MSPCLOCK - ok
22:15:14.0530 2112 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:15:15.0011 2112 MSPQM - ok
22:15:15.0221 2112 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:15:15.0672 2112 mssmbios - ok
22:15:15.0862 2112 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:15:16.0262 2112 MSTEE - ok
22:15:16.0443 2112 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:15:16.0523 2112 Mup - ok
22:15:16.0703 2112 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:15:17.0254 2112 NABTSFEC - ok
22:15:17.0434 2112 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:15:17.0895 2112 NDIS - ok
22:15:18.0075 2112 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:15:18.0486 2112 NdisIP - ok
22:15:18.0636 2112 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:15:18.0726 2112 NdisTapi - ok
22:15:18.0846 2112 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:15:19.0297 2112 Ndisuio - ok
22:15:19.0447 2112 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:15:19.0868 2112 NdisWan - ok
22:15:20.0008 2112 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:15:20.0088 2112 NDProxy - ok
22:15:20.0268 2112 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:15:20.0679 2112 NetBIOS - ok
22:15:20.0909 2112 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:15:21.0380 2112 NetBT - ok
22:15:21.0730 2112 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:15:22.0181 2112 Npfs - ok
22:15:22.0421 2112 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:15:22.0962 2112 Ntfs - ok
22:15:23.0202 2112 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:15:23.0823 2112 Null - ok
22:15:24.0024 2112 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:15:24.0604 2112 NwlnkFlt - ok
22:15:24.0865 2112 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:15:25.0486 2112 NwlnkFwd - ok
22:15:25.0616 2112 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
22:15:26.0087 2112 Parport - ok
22:15:26.0277 2112 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:15:26.0667 2112 PartMgr - ok
22:15:26.0868 2112 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
22:15:27.0509 2112 ParVdm - ok
22:15:27.0679 2112 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
22:15:28.0130 2112 PCI - ok
22:15:28.0250 2112 PCIDump - ok
22:15:28.0350 2112 PCIIde - ok
22:15:28.0470 2112 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:15:28.0891 2112 Pcmcia - ok
22:15:29.0131 2112 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
22:15:29.0191 2112 Pcouffin ( UnsignedFile.Multi.Generic ) - warning
22:15:29.0191 2112 Pcouffin - detected UnsignedFile.Multi.Generic (1)
22:15:29.0381 2112 PDCOMP - ok
22:15:29.0411 2112 PDFRAME - ok
22:15:29.0482 2112 PDRELI - ok
22:15:29.0572 2112 PDRFRAME - ok
22:15:29.0652 2112 perc2 - ok
22:15:29.0732 2112 perc2hib - ok
22:15:29.0942 2112 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
22:15:30.0012 2112 pfc ( UnsignedFile.Multi.Generic ) - warning
22:15:30.0012 2112 pfc - detected UnsignedFile.Multi.Generic (1)
22:15:30.0193 2112 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:15:30.0603 2112 PptpMiniport - ok
22:15:30.0773 2112 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:15:31.0144 2112 PSched - ok
22:15:31.0274 2112 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:15:31.0875 2112 Ptilink - ok
22:15:32.0055 2112 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:15:32.0085 2112 PxHelp20 - ok
22:15:32.0276 2112 ql1080 - ok
22:15:32.0376 2112 Ql10wnt - ok
22:15:32.0506 2112 ql12160 - ok
22:15:32.0586 2112 ql1240 - ok
22:15:32.0636 2112 ql1280 - ok
22:15:32.0746 2112 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:15:33.0397 2112 RasAcd - ok
22:15:33.0587 2112 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:15:33.0968 2112 Rasl2tp - ok
22:15:34.0218 2112 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:15:34.0719 2112 RasPppoe - ok
22:15:34.0869 2112 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:15:35.0470 2112 Raspti - ok
22:15:35.0730 2112 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:15:36.0151 2112 Rdbss - ok
22:15:36.0291 2112 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:15:36.0912 2112 RDPCDD - ok
22:15:37.0183 2112 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:15:37.0663 2112 rdpdr - ok
22:15:37.0864 2112 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:15:37.0964 2112 RDPWD - ok
22:15:38.0154 2112 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:15:38.0575 2112 redbook - ok
22:15:38.0845 2112 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:15:39.0256 2112 rtl8139 - ok
22:15:39.0486 2112 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:15:39.0957 2112 Secdrv - ok
22:15:40.0187 2112 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:15:40.0608 2112 serenum - ok
22:15:40.0818 2112 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
22:15:41.0309 2112 Serial - ok
22:15:41.0559 2112 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:15:42.0000 2112 Sfloppy - ok
22:15:42.0190 2112 Simbad - ok
22:15:42.0340 2112 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:15:42.0741 2112 SLIP - ok
22:15:42.0891 2112 Sparrow - ok
22:15:43.0041 2112 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:15:43.0482 2112 splitter - ok
22:15:43.0682 2112 SQTECH905C (e3879c514f59402e1a7ce58a5511816f) C:\WINDOWS\system32\Drivers\Capt905c.sys
22:15:43.0752 2112 SQTECH905C ( UnsignedFile.Multi.Generic ) - warning
22:15:43.0752 2112 SQTECH905C - detected UnsignedFile.Multi.Generic (1)
22:15:43.0922 2112 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
22:15:44.0373 2112 sr - ok
22:15:44.0643 2112 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:15:44.0773 2112 Srv - ok
22:15:44.0934 2112 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:15:45.0334 2112 streamip - ok
22:15:45.0565 2112 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:15:45.0965 2112 swenum - ok
22:15:46.0206 2112 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:15:46.0796 2112 swmidi - ok
22:15:46.0967 2112 symc810 - ok
22:15:47.0037 2112 symc8xx - ok
22:15:47.0107 2112 sym_hi - ok
22:15:47.0147 2112 sym_u3 - ok
22:15:47.0267 2112 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:15:47.0758 2112 sysaudio - ok
22:15:47.0988 2112 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:15:48.0158 2112 Tcpip - ok
22:15:48.0329 2112 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:15:48.0809 2112 TDPIPE - ok
22:15:48.0990 2112 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:15:49.0410 2112 TDTCP - ok
22:15:49.0600 2112 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:15:50.0091 2112 TermDD - ok
22:15:50.0271 2112 TosIde - ok
22:15:50.0402 2112 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:15:50.0832 2112 Udfs - ok
22:15:51.0012 2112 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
22:15:51.0073 2112 ULCDRHlp ( UnsignedFile.Multi.Generic ) - warning
22:15:51.0073 2112 ULCDRHlp - detected UnsignedFile.Multi.Generic (1)
22:15:51.0213 2112 ultra - ok
22:15:51.0353 2112 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:15:51.0894 2112 Update - ok
22:15:52.0054 2112 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:15:52.0505 2112 usbhub - ok
22:15:52.0675 2112 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:15:53.0126 2112 usbscan - ok
22:15:53.0336 2112 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:15:53.0726 2112 usbstor - ok
22:15:53.0927 2112 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:15:54.0437 2112 usbuhci - ok
22:15:54.0608 2112 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:15:55.0008 2112 VgaSave - ok
22:15:55.0148 2112 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:15:55.0619 2112 viaagp - ok
22:15:55.0789 2112 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:15:56.0180 2112 ViaIde - ok
22:15:56.0420 2112 VIAudio (819bf44085104be6527b86a88acf856b) C:\WINDOWS\system32\drivers\ac97via.sys
22:15:56.0841 2112 VIAudio - ok
22:15:57.0011 2112 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
22:15:57.0422 2112 VolSnap - ok
22:15:57.0662 2112 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:15:58.0083 2112 Wanarp - ok
22:15:58.0243 2112 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
22:15:58.0303 2112 WDC_SAM - ok
22:15:58.0413 2112 WDICA - ok
22:15:58.0673 2112 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:15:59.0144 2112 wdmaud - ok
22:15:59.0314 2112 WFIOCTL (9bc98a4e3401d52ed860cf883ccb7478) C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS
22:15:59.0354 2112 WFIOCTL ( UnsignedFile.Multi.Generic ) - warning
22:15:59.0354 2112 WFIOCTL - detected UnsignedFile.Multi.Generic (1)
22:15:59.0715 2112 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:15:59.0875 2112 WpdUsb - ok
22:16:00.0136 2112 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:16:00.0556 2112 WSTCODEC - ok
22:16:00.0746 2112 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:16:00.0867 2112 WudfPf - ok
22:16:00.0977 2112 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:16:01.0077 2112 WudfRd - ok
22:16:01.0257 2112 xcpip - ok
22:16:01.0417 2112 xpsec - ok
22:16:01.0528 2112 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
22:16:02.0229 2112 \Device\Harddisk0\DR0 - ok
22:16:02.0269 2112 Boot (0x1200) (b50d4b9fa536699c7b5d44074652c756) \Device\Harddisk0\DR0\Partition0
22:16:02.0269 2112 \Device\Harddisk0\DR0\Partition0 - ok
22:16:02.0319 2112 Boot (0x1200) (12a43653fc8c1f4e06c9a56710d145b0) \Device\Harddisk0\DR0\Partition1
22:16:02.0319 2112 \Device\Harddisk0\DR0\Partition1 - ok
22:16:02.0329 2112 ============================================================
22:16:02.0329 2112 Scan finished
22:16:02.0329 2112 ============================================================
22:16:02.0519 2704 Detected object count: 9
22:16:02.0519 2704 Actual detected object count: 9
22:16:13.0905 2704 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user
22:16:13.0905 2704 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:16:13.0905 2704 InCDfs ( UnsignedFile.Multi.Generic ) - skipped by user
22:16:13.0905 2704 InCDfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:16:13.0905 2704 InCDPass ( UnsignedFile.Multi.Generic ) - skipped by user
22:16:13.0905 2704 InCDPass ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:16:13.0905 2704 InCDrec ( UnsignedFile.Multi.Generic ) - skipped by user
22:16:13.0905 2704 InCDrec ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:16:13.0925 2704 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
22:16:13.0925 2704 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:16:13.0925 2704 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
22:16:13.0925 2704 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:16:13.0945 2704 SQTECH905C ( UnsignedFile.Multi.Generic ) - skipped by user
22:16:13.0945 2704 SQTECH905C ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:16:13.0945 2704 ULCDRHlp ( UnsignedFile.Multi.Generic ) - skipped by user
22:16:13.0945 2704 ULCDRHlp ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:16:13.0965 2704 WFIOCTL ( UnsignedFile.Multi.Generic ) - skipped by user
22:16:13.0965 2704 WFIOCTL ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:16:26.0373 2380 Deinitialize success

Re: Napadení trojským koněm Mebroot FX

Napsal: 24 úno 2012 22:21
od vyosek
:arrow: Sjupr, sinowal je v krdeli :arcisit: Odmaznem i dalsi potvory

:arrow: Ten ESET Smart Security mate legalni = zakoupena licence :???: Proc jste stahoval instalacku Avastu :???:

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: Napadení trojským koněm Mebroot FX

Napsal: 24 úno 2012 23:19
od credo17
Konečně to dojelo, trvalo to snad věčnost. :-) Měl jsem předtím nelegální téměř nefunkční verzi ESETU, dnes ráno jsem běžel koupit legální verzi, tak jsem tam mezitím nainstaloval AVAST, abych tam měl aspoň něco. :-)

ComboFix 12-02-24.02 - Standa 24.02.2012 22:33:24.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.399 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Sunbelt Kerio Personal Firewall *Disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Standa\WINDOWS
C:\readme.txt
c:\windows\iun6002.exe
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Bifrost
c:\windows\system32\Bifrost\logg.dat
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-24 do 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 21:10 . 2012-02-24 21:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-24 20:52 . 2012-02-24 20:52 2062896 ----a-w- C:\tdsskiller.exe
2012-02-24 20:39 . 2012-02-24 20:39 -------- d-----w- c:\program files\trend micro
2012-02-24 20:39 . 2012-02-24 20:39 -------- d-----w- C:\rsit
2012-02-24 20:34 . 2012-02-24 20:34 781383 ----a-w- C:\RSIT.exe
2012-02-24 07:37 . 2012-02-24 07:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-24 07:35 . 2012-02-24 19:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-02-24 07:35 . 2012-02-24 07:35 -------- d-----w- c:\program files\AVAST Software
2012-02-24 07:33 . 2012-02-24 07:33 64207032 ----a-w- C:\setup_av_free.exe
2012-02-18 08:08 . 2012-02-18 08:08 16474544 ----a-w- C:\winamp5623_full_emusic-7plus_all.exe
2012-02-16 19:15 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 19:15 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2004-08-18 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2004-03-11 12:27 . 2007-01-13 11:04 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\tbDow0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Download_Energy\tbDow0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\tbDow0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}"= "c:\program files\Download_Energy\tbDow0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="c:\documents and settings\Standa\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-04-06 1298542]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-09-30 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-22 185632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"PATHPILOT"="c:\program files\Kat MP3 Recorder\Kat MP3 Recorder.exe" [2010-11-04 347648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2007-1-13 237568]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\telesat\\AZBoxEdit\\AZBoxEdit.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18.7.2006 12:02 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18.7.2006 12:02 91672]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22.9.2011 12:03 974944]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11.2.2007 14:23 47360]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [13.1.2007 15:11 9446]
S3 0kkbtnn.sys;0kkbtnn.sys;\??\c:\windows\system32\drivers\0kkbtnn.sys --> c:\windows\system32\drivers\0kkbtnn.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [25.12.2009 11:24 11520]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 17:35]
.
2012-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 86.49.29.218:8192
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7A0815F1-6B65-4e3a-B198-709807B4042A} - {1EC035CE-090E-4AF7-B6DF-AD11C2F0F9C9} - c:\program files\XstreamRadio 3.02\RadioHelper.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-AviSynth - c:\program files\AviSynth 2.5\Uninstall.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-24 23:06
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D6299AE-889A-80C8-3F98-761F4E8EA1A2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaibolopjipfpobgnniapedhfdeapb"=hex:64,61,66,64,6b,6c,62,6e,00,50
"oaeagfjdfjefgkjjfdggbebkbaongd"=hex:6b,61,69,64,63,67,62,62,66,64,6a,68,63,67,
6f,6b,61,68,69,61,6c,6c,00,00
"nakaijpdfiepcphoifndodcfdnid"=hex:6b,61,68,64,6e,6b,66,6f,66,64,6f,68,68,64,
6e,70,63,6f,6c,62,6b,6c,00,00
.
[HKEY_USERS\S-1-5-21-343818398-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{736D346C-6739-3819-78E8-9DD9FC90103B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abeckmeifhojmlecpogghkmgkeplnkhkbj"=hex:61,61,00,00
"bbeckmeifhojmlecpojgcimpficmcbabejeh"=hex:61,61,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2728)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2012-02-24 23:17:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-24 22:16
ComboFix2.txt 2008-10-02 19:31
ComboFix3.txt 2008-08-09 21:10
.
Před spuštěním: 3 715 694 592
Po spuštění: 4 409 585 664
.
- - End Of File - - 29B15EEAA9A204F6B3965EA10B09CB01

Re: Napadení trojským koněm Mebroot FX

Napsal: 25 úno 2012 13:29
od credo17
Můžu jen poprosit o potvrzení, zda ten log z toho Combo Fixu je OK, nebo mám ještě něco pročistit? Díky moc.

Re: Napadení trojským koněm Mebroot FX

Napsal: 25 úno 2012 15:38
od vyosek
:arrow: Byl jsem v praci, proto pozdejsi odpoved

:arrow: v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) projedte PC temito utilitami, at se zbavime zbytku antiviru co tam mate :arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

File::
c:\program files\Download_Energy\tbDow0.dll
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry::
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"=-
[-HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="c:\documents and settings\Standa\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"InCD"=-
"QuickTime Task"=-
"TkBellExe"=-
"SunJavaUpdateSched"=-
"WinampAgent"=-
"PATHPILOT"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-
"3389:TCP"=-

Collect::
c:\windows\system32\drivers\0kkbtnn.sys
c:\windows\system32\drivers\xpsec.sys

Driver::
0kkbtnn.sys
JavaQuickStarterService
xpsec

DDS::
uInternet Settings,ProxyServer = 86.49.29.218:8192

RegNull::
[HKEY_USERS\S-1-5-21-343818398-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D6299AE-889A-80C8-3F98-761F4E8EA1A2}*]
[HKEY_USERS\S-1-5-21-343818398-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{736D346C-6739-3819-78E8-9DD9FC90103B}*]

ClearJavaCache::

AtJob::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Napadení trojským koněm Mebroot FX

Napsal: 25 úno 2012 16:52
od credo17
Po přetažení tohoto txt souboru se mi rozjel znovu celý Combofix scn, což nevím, zda je dobře, posílám log.

ComboFix 12-02-24.02 - Standa 25.02.2012 16:18:21.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.390 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Sunbelt Kerio Personal Firewall *Enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-25 do 2012-02-25 )))))))))))))))))))))))))))))))
.
.
2012-02-25 14:50 . 2012-02-25 14:50 326976 ----a-w- C:\aswclear.exe
2012-02-24 21:10 . 2012-02-24 21:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-24 20:52 . 2012-02-24 20:52 2062896 ----a-w- C:\tdsskiller.exe
2012-02-24 20:39 . 2012-02-24 20:39 -------- d-----w- c:\program files\trend micro
2012-02-24 20:39 . 2012-02-24 20:39 -------- d-----w- C:\rsit
2012-02-24 20:34 . 2012-02-24 20:34 781383 ----a-w- C:\RSIT.exe
2012-02-24 07:37 . 2012-02-24 07:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-24 07:35 . 2012-02-25 14:58 -------- d-----w- c:\program files\AVAST Software
2012-02-24 07:35 . 2012-02-24 19:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-02-24 07:33 . 2012-02-24 07:33 64207032 ----a-w- C:\setup_av_free.exe
2012-02-18 08:08 . 2012-02-18 08:08 16474544 ----a-w- C:\winamp5623_full_emusic-7plus_all.exe
2012-02-16 19:15 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 19:15 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2004-08-18 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2004-03-11 12:27 . 2007-01-13 11:04 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-24_22.07.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-25 15:00 . 2012-02-25 15:00 16384 c:\windows\Temp\Perflib_Perfdata_764.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\tbDow0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Download_Energy\tbDow0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\tbDow0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}"= "c:\program files\Download_Energy\tbDow0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="c:\documents and settings\Standa\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-04-06 1298542]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-09-30 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-22 185632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"PATHPILOT"="c:\program files\Kat MP3 Recorder\Kat MP3 Recorder.exe" [2010-11-04 347648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2007-1-13 237568]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\telesat\\AZBoxEdit\\AZBoxEdit.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18.7.2006 12:02 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18.7.2006 12:02 91672]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22.9.2011 12:03 974944]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11.2.2007 14:23 47360]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [13.1.2007 15:11 9446]
S3 0kkbtnn.sys;0kkbtnn.sys;\??\c:\windows\system32\drivers\0kkbtnn.sys --> c:\windows\system32\drivers\0kkbtnn.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [25.12.2009 11:24 11520]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 17:35]
.
2012-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 86.49.29.218:8192
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7A0815F1-6B65-4e3a-B198-709807B4042A} - {1EC035CE-090E-4AF7-B6DF-AD11C2F0F9C9} - c:\program files\XstreamRadio 3.02\RadioHelper.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-25 16:42
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D6299AE-889A-80C8-3F98-761F4E8EA1A2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaibolopjipfpobgnniapedhfdeapb"=hex:64,61,66,64,6b,6c,62,6e,00,50
"oaeagfjdfjefgkjjfdggbebkbaongd"=hex:6b,61,69,64,63,67,62,62,66,64,6a,68,63,67,
6f,6b,61,68,69,61,6c,6c,00,00
"nakaijpdfiepcphoifndodcfdnid"=hex:6b,61,68,64,6e,6b,66,6f,66,64,6f,68,68,64,
6e,70,63,6f,6c,62,6b,6c,00,00
.
[HKEY_USERS\S-1-5-21-343818398-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{736D346C-6739-3819-78E8-9DD9FC90103B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abeckmeifhojmlecpogghkmgkeplnkhkbj"=hex:61,61,00,00
"bbeckmeifhojmlecpojgcimpficmcbabejeh"=hex:61,61,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(4000)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-02-25 16:48:48
ComboFix-quarantined-files.txt 2012-02-25 15:48
ComboFix2.txt 2012-02-24 22:17
ComboFix3.txt 2008-10-02 19:31
ComboFix4.txt 2008-08-09 21:10
.
Před spuštěním: 4 141 867 008
Po spuštění: 4 371 968 000
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B2AB9C85710F0A000DDB61564C262AB4

Re: Napadení trojským koněm Mebroot FX

Napsal: 25 úno 2012 16:54
od vyosek
Scan bude probihat, ale vy jste ten CFScript neaplikoval, jelikoz v logu o nem neni zminka...a tez CF neni na plose Spuštěný z: C:\ComboFix.exe
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz