VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Problem s Haveti na PC: WIN32/Agent.SDG.Gen trojsky kun

https://forum.viry.cz:443/viewtopic.php?t=122560

Stránka 1 z 1

Problem s Haveti na PC: WIN32/Agent.SDG.Gen trojsky kun

Napsal: 26 čer 2012 19:46
od Vacky
Ahoj,
zdravím všechny.
Mám na PC problém s WIN32/Agent.SDG.Gen trojským koněm v sektoru MBR 0. fyzického disku.
Můžete mi prosím pomoci s jeho odstraněním.
Combofix jsem stahnul, a log zde přikládám:


ComboFix 12-06-26.01 - František Eliáš 26.06.2012 19:51:43.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.190 [GMT 2:00]
Spuštìný z: c:\documents and settings\František Eliáš\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
VAROVÁNÍ - NA TOMTO POÈÍTAÈI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\SET3861.tmp
c:\windows\system32\SET3865.tmp
c:\windows\system32\SET386D.tmp
.
.
((((((((((((((((((((((((( Soubory vytvoøené od 2012-05-26 do 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-13 07:18 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-08-06 17:24 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-06-27 11:53 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-06-27 11:53 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-06-27 11:53 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-06-27 11:53 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-06-27 11:53 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 17:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-06-27 11:53 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-06-27 11:53 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-06-27 13:56 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-06-27 13:56 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-06-27 13:56 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2008-04-14 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2008-04-14 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:44 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2008-04-14 12:00 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-04-14 08:06 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-06-27 11:51 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-09-07 21:26 . 2011-07-04 19:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštìcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BS_Player\prxtbBS_2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 55296]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\František Eliáš\Nabídka Start\Programy\Po spuštìní\
Výøezy obrazovky a spuštìní aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštìní\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\SATELIT\\DreamSet228\\Dreamset.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.6.2010 15:25 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 21:07 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7.4.2010 21:08 95872]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 12:28 73728]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.4.2010 21:07 810120]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s [?]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [10.8.2009 12:07 89600]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [27.7.2010 19:24 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [27.7.2010 19:24 8320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáøe 'Naplánované úlohy'
.
.
------- Doplòkový sken -------
.
uStart Page = https://adisepo.mfcr.cz/adistc/adis/idp ... pert.faces
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} - hxxp://adisepo.mfcr.cz/adistc/adis/idpr_pub/xspa/bin/cryptsignx.cab
FF - ProfilePath - c:\documents and settings\František Eliáš\Data aplikací\Mozilla\Firefox\Profiles\zsvjj5zw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://puvodni.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANÌNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-IT9130 DriverInstaller_10.2.3.2 - c:\docume~1\FRANTI~1\LOCALS~1\Temp\DriverInstall32.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-26 20:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesù ...
.
skenování skrytých položek 'Po spuštìní' ...
.
skenování skrytých souborù ...
.
sken byl úspešnì dokonèen
skryté soubory: 0
.
**************************************************************************
.
Celkový èas: 2012-06-26 20:09:41
ComboFix-quarantined-files.txt 2012-06-26 18:09
.
Pøed spuštìním: Volných bajtù: 51 326 812 160
Po spuštìní: Volných bajtù: 53 157 916 672
.
- - End Of File - - A0F9088FD2A70985204D3F4A2B01E807

Re: Problem s Haveti na PC: WIN32/Agent.SDG.Gen trojsky kun

Napsal: 26 čer 2012 20:01
od Vacky
.....áááá promiň.
Já jak jsem pročítal forum, tak jsem všude četl o CF. Proto jsem chtěl usnadnit práci a rovnou jsem dal Log.
Omlouvám se!
Bohužel ten PC který potřebuji dát dohromady není ON na Netu. Je to problém? Nebudu moci otestovat na VT
Máš pleas řešení?

Re: Problem s Haveti na PC: WIN32/Agent.SDG.Gen trojsky kun

Napsal: 26 čer 2012 20:05
od Vacky
zde je log z MBR screenu

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 6 Model 10 Stepping 0, AuthenticAMD
BOOT           : Normal Boot
DATE           : 2012/06/26 (ISO 8601) at 21:04:27
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __Maxtor 6Y080L0 (YAR41BW0)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR12 __Kingston DataTraveler 2.0 (1.00)
BUS_TYPE       : (0x07)  USB
USE_PIO        : NO
MAX_TRANSFER   : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________

Device\Harddisk0\DR0	76.34 Go  [Fixed] ==> Whistler.E MBR Code

MBR_MD5   : 842E2E19CCBFEA3056C9A8C62D4BB1DF
MBR_SHA1  : E9546B4D5A9AD6679BC9079B0325EA2A5C2127DC

Device\Harddisk0\Partition1	76.32 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

Device\Harddisk1\DR12	7.47 Go  [Removable] ==> Unknown MBR Code

MBR_MD5   : 7B2E83F2C61BAE15988839BFF0F7D4AA
MBR_SHA1  : 748FC084BB14DFAF07E850A85E6B00F7C61F8EED

Device\Harddisk1\Partition1	7.47 Go
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xF6437000
SIZE    : 96.0 Ko

DRIVER  : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xF8AC8000
SIZE    : 8.0 Ko

DRIVER  : C:\WINDOWS\system32\Drivers\PROCEXP113.SYS => Invisible on the disk
ADDRESS : 0xF8A82000
SIZE    : 8.0 Ko

DRIVER  : C:\DOCUME~1\FRANTI~1\LOCALS~1\Temp\catchme.sys => Invisible on the disk
ADDRESS : 0xF8886000
SIZE    : 32.0 Ko

SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   90 31 C0 90 8E D8 8E C0 90 8E D0 BC 00 7C BE 00   .1À..Ø.À..м.|¾.
0x00000010   7C 90 BF 00 06 90 B9 80 00 90 FC F3 66 A5 90 EA   |.¿...¹...üóf¥.ê
0x00000020   26 06 00 00 90 90 66 31 C0 90 BE BE 07 B1 04 66   &.....f1À.¾¾.±.f
0x00000030   39 44 08 90 72 08 66 8B 44 08 66 03 44 0C 83 C6   9D..r.f.D.f.D..Æ
0x00000040   10 90 83 2E 8B 06 04 E2 E6 66 09 C0 74 40 66 83   .......âæf.Àt@f.
0x00000050   C0 02 90 B9 40 00 BB 00 7C BF 12 07 90 83 2E 8B   À..¹@.».|¿......
0x00000060   06 04 E8 71 00 72 27 66 68 83 C4 14 90 90 66 68   ..èq.r'fh.Ä...fh
0x00000070   04 46 E2 F9 90 66 68 80 FF D7 30 90 66 68 89 C3   .Fâù.fh..×0.fh.Ã
0x00000080   B9 00 90 66 68 BE 00 7C 66 0F 83 73 75 E8 BE BE   ¹..fh¾.|f..suè¾¾
0x00000090   07 B1 04 80 3C 80 74 0F 38 2C 0F 85 96 00 83 C6   .±..<.t.8,.....Æ
0x000000A0   10 E2 F0 90 CD 18 90 66 8B 44 08 89 E3 B9 01 00   .âð.Í..f.D..ã¹..
0x000000B0   90 E8 22 00 73 0E 8B 4C 02 B8 01 02 90 CD 13 0F   .è".s..L.¸...Í..
0x000000C0   82 8B 00 90 81 3E FE 7D 55 AA 90 0F 85 A0 00 90   .....>þ}Uª......
0x000000D0   EA 00 7C 00 00 90 66 60 90 BB AA 55 B4 41 CD 13   ê.|...f`.»ªU´AÍ.
0x000000E0   90 73 04 F9 66 61 C3 81 FB 55 AA 75 F6 90 F6 C1   .s.ùfaÃ.ûUªuö.öÁ
0x000000F0   01 74 F0 66 61 90 66 60 6A 00 90 6A 00 66 50 06   .tðfa.f`j..j.fP.
0x00000100   90 53 51 90 6A 10 B4 42 90 89 E6 CD 13 61 90 66   .SQ.j.´B..æÍ.a.f
0x00000110   61 C3 66 69 DB FD 43 03 00 90 66 81 C3 C3 9E 26   aÃfiÛýC...f.ÃÃ.&
0x00000120   00 90 66 89 D8 90 66 C1 E8 10 90 66 25 FF 00 00   ..f.Ø.fÁè..f%...
0x00000130   00 90 C3 90 49 6E 76 61 6C 69 64 20 70 61 72 74   ..Ã.Invalid part
0x00000140   69 74 69 6F 6E 20 74 61 62 6C 65 00 90 90 45 72   ition table...Er
0x00000150   72 6F 72 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72   ror loading oper
0x00000160   61 74 69 6E 67 20 73 79 73 74 65 6D 00 90 90 4D   ating system...M
0x00000170   69 73 73 69 6E 67 20 6F 70 65 72 61 74 69 6E 67   issing operating
0x00000180   20 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00    system.........
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 3C 45 3D 45 00 00 80 01   ........<E=E....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 EC 40 8A 09 00 00   ...þ..?...ì@....
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    90              NOP   
0x0001    31c0            XOR AX, AX   
0x0003    90              NOP   
0x0004    8ed8            MOV DS, AX   
0x0006    8ec0            MOV ES, AX   
0x0008    90              NOP   
0x0009    8ed0            MOV SS, AX   
0x000B    bc 007c         MOV SP, 0x7c00   
0x000E    be 007c         MOV SI, 0x7c00   
0x0011    90              NOP   
0x0012    bf 0006         MOV DI, 0x600   
0x0015    90              NOP   
0x0016    b9 8000         MOV CX, 0x80   
0x0019    90              NOP   
0x001A    fc              CLD   
0x001B    f3 66 a5        REP MOVSD   
0x001E    90              NOP   
0x001F    ea 2606 0000    JMP FAR 0x0:0x626   
0x0024    90              NOP   
0x0025    90              NOP   
0x0026    66 31c0         XOR EAX, EAX   
0x0029    90              NOP   
0x002A    be be07         MOV SI, 0x7be   
0x002D    b1 04           MOV CL, 0x4   
0x002F    66 3944 08      CMP [SI+0x8], EAX   
0x0033    90              NOP   
0x0034    72 08           JB 0x3e   
0x0036    66 8b44 08      MOV EAX, [SI+0x8]   
0x003A    66 0344 0c      ADD EAX, [SI+0xc]   
0x003E    83c6 10         ADD SI, 0x10   
0x0041    90              NOP   
0x0042    832e 8b06 04    SUB WORD [0x68b], 0x4   
0x0047    e2 e6           LOOP 0x2f   
0x0049    66 09c0         OR EAX, EAX   
0x004C    74 40           JZ 0x8e   
0x004E    66 83c0 02      ADD EAX, 0x2   
0x0052    90              NOP   
0x0053    b9 4000         MOV CX, 0x40   
0x0056    bb 007c         MOV BX, 0x7c00   
0x0059    bf 1207         MOV DI, 0x712   
0x005C    90              NOP   
0x005D    832e 8b06 04    SUB WORD [0x68b], 0x4   
0x0062    e8 7100         CALL 0xd6   
0x0065    72 27           JB 0x8e   
0x0067    66 68 83c41490  PUSH 0x9014c483   
0x006D    90              NOP   
0x006E    66 68 0446e2f9  PUSH 0xf9e24604   
0x0074    90              NOP   
0x0075    66 68 80ffd730  PUSH 0x30d7ff80   
0x007B    90              NOP   
0x007C    66 68 89c3b900  PUSH 0xb9c389   
0x0082    90              NOP   
0x0083    66 68 be007c66  PUSH 0x667c00be   
0x0089    0f83 7375       JAE 0x7600   
0x008D    e8 bebe         CALL 0xbf4e   
0x0090    07              POP ES   
0x0091    b1 04           MOV CL, 0x4   
0x0093    803c 80         CMP BYTE [SI], 0x80   
0x0096    74 0f           JZ 0xa7   
0x0098    382c            CMP [SI], CH   
0x009A    0f85 9600       JNZ 0x134   
0x009E    83c6 10         ADD SI, 0x10   
0x00A1    e2 f0           LOOP 0x93   
0x00A3    90              NOP   
0x00A4    cd 18           INT 0x18   
0x00A6    90              NOP   
0x00A7    66 8b44 08      MOV EAX, [SI+0x8]   
0x00AB    89e3            MOV BX, SP   
0x00AD    b9 0100         MOV CX, 0x1   
0x00B0    90              NOP   
0x00B1    e8 2200         CALL 0xd6   
0x00B4    73 0e           JAE 0xc4   
0x00B6    8b4c 02         MOV CX, [SI+0x2]   
0x00B9    b8 0102         MOV AX, 0x201   
0x00BC    90              NOP   
0x00BD    cd 13           INT 0x13   
0x00BF    0f82 8b00       JB 0x14e   
0x00C3    90              NOP   
0x00C4    813e fe7d 55aa  CMP WORD [0x7dfe], 0xaa55   
0x00CA    90              NOP   
0x00CB    0f85 a000       JNZ 0x16f   
0x00CF    90              NOP   
0x00D0    ea 007c 0000    JMP FAR 0x0:0x7c00   
0x00D5    90              NOP   
0x00D6    66 60           PUSHAD   
0x00D8    90              NOP   
0x00D9    bb aa55         MOV BX, 0x55aa   
0x00DC    b4 41           MOV AH, 0x41   
0x00DE    cd 13           INT 0x13   
0x00E0    90              NOP   
0x00E1    73 04           JAE 0xe7   
0x00E3    f9              STC   
0x00E4    66 61           POPAD   
0x00E6    c3              RET   
0x00E7    81fb 55aa       CMP BX, 0xaa55   
0x00EB    75 f6           JNZ 0xe3   
0x00ED    90              NOP   
0x00EE    f6c1 01         TEST CL, 0x1   
0x00F1    74 f0           JZ 0xe3   
0x00F3    66 61           POPAD   
0x00F5    90              NOP   
0x00F6    66 60           PUSHAD   
0x00F8    6a 00           PUSH 0x0   
0x00FA    90              NOP   
0x00FB    6a 00           PUSH 0x0   
0x00FD    66 50           PUSH EAX   
0x00FF    06              PUSH ES   
0x0100    90              NOP   
0x0101    53              PUSH BX   
0x0102    51              PUSH CX   
0x0103    90              NOP   
0x0104    6a 10           PUSH 0x10   
0x0106    b4 42           MOV AH, 0x42   
0x0108    90              NOP   
0x0109    89e6            MOV SI, SP   
0x010B    cd 13           INT 0x13   
0x010D    61              POPA   
0x010E    90              NOP   
0x010F    66 61           POPAD   
0x0111    c3              RET   
0x0112    66 69db fd430300IMUL EBX, EBX, 0x343fd   
0x0119    90              NOP   
0x011A    66 81c3 c39e2600ADD EBX, 0x269ec3   
0x0121    90              NOP   
0x0122    66 89d8         MOV EAX, EBX   
0x0125    90              NOP   
0x0126    66 c1e8 10      SHR EAX, 0x10   
0x012A    90              NOP   
0x012B    66 25 ff000000  AND EAX, 0xff   
0x0131    90              NOP   
0x0132    c3              RET   
0x0133    90              NOP   
0x0134    49              DEC CX   
0x0135    6e              OUTSB   
0x0136    76 61           JBE 0x199   
0x0138    6c              INSB   
0x0139    6964 20 7061    IMUL SP, [SI+0x20], 0x6170   
0x013E    72 74           JB 0x1b4   
0x0140    6974 69 6f6e    IMUL SI, [SI+0x69], 0x6e6f   
0x0145    2074 61         AND [SI+0x61], DH   
0x0148    626c 65         BOUND BP, [SI+0x65]   
0x014B    0090 9045       ADD [BX+SI+0x4590], DL   
0x014F    72 72           JB 0x1c3   
0x0151    6f              OUTSW   
0x0152    72 20           JB 0x174   
0x0154    6c              INSB   
0x0155    6f              OUTSW   
0x0156    61              POPA   
0x0157    64 696e 67 206f IMUL BP, FS:[BP+0x67], 0x6f20   
0x015D    70 65           JO 0x1c4   
0x015F    72 61           JB 0x1c2   
0x0161    74 69           JZ 0x1cc   
0x0163    6e              OUTSB   
0x0164    67 2073 79      AND [EBX+0x79], DH   
0x0168    73 74           JAE 0x1de   
0x016A    65 6d           INS WORD GS:[DI], DX   
0x016C    0090 904d       ADD [BX+SI+0x4d90], DL   
0x0170    6973 73 696e    IMUL SI, [BP+DI+0x73], 0x6e69   
0x0175    67 206f 70      AND [EDI+0x70], CH   
0x0179    65              DB 0x65   
0x0179    65 72 61        JB 0x1dd   
0x017C    74 69           JZ 0x1e7   
0x017E    6e              OUTSB   
0x017F    67 2073 79      AND [EBX+0x79], DH   
0x0183    73 74           JAE 0x1f9   
0x0185    65 6d           INS WORD GS:[DI], DX   
0x0187    0000            ADD [BX+SI], AL   
0x0189    0000            ADD [BX+SI], AL   
0x018B    0000            ADD [BX+SI], AL   
0x018D    0000            ADD [BX+SI], AL   
0x018F    0000            ADD [BX+SI], AL   
0x0191    0000            ADD [BX+SI], AL   
0x0193    0000            ADD [BX+SI], AL   
0x0195    0000            ADD [BX+SI], AL   
0x0197    0000            ADD [BX+SI], AL   
0x0199    0000            ADD [BX+SI], AL   
0x019B    0000            ADD [BX+SI], AL   
0x019D    0000            ADD [BX+SI], AL   
0x019F    0000            ADD [BX+SI], AL   
0x01A1    0000            ADD [BX+SI], AL   
0x01A3    0000            ADD [BX+SI], AL   
0x01A5    0000            ADD [BX+SI], AL   
0x01A7    0000            ADD [BX+SI], AL   
0x01A9    0000            ADD [BX+SI], AL   
0x01AB    0000            ADD [BX+SI], AL   
0x01AD    0000            ADD [BX+SI], AL   
0x01AF    0000            ADD [BX+SI], AL   
0x01B1    0000            ADD [BX+SI], AL   
0x01B3    0000            ADD [BX+SI], AL   
0x01B5    0000            ADD [BX+SI], AL   
0x01B7    003c            ADD [SI], BH   
0x01B9    45              INC BP   
0x01BA    3d 4500         CMP AX, 0x45   
0x01BD    0080 0101       ADD [BX+SI+0x101], AL   
0x01C1    0007            ADD [BX], AL   
0x01C3    fe              DB 0xfe   
0x01C4    ff              DB 0xff   
0x01C5    ff              DB 0xff   
0x01C6    3f              AAS   
0x01C7    0000            ADD [BX+SI], AL   
0x01C9    00ec            ADD AH, CH   
0x01CB    40              INC AX   
0x01CC    8a09            MOV CL, [BX+DI]   
0x01CE    0000            ADD [BX+SI], AL   
0x01D0    0000            ADD [BX+SI], AL   
0x01D2    0000            ADD [BX+SI], AL   
0x01D4    0000            ADD [BX+SI], AL   
0x01D6    0000            ADD [BX+SI], AL   
0x01D8    0000            ADD [BX+SI], AL   
0x01DA    0000            ADD [BX+SI], AL   
0x01DC    0000            ADD [BX+SI], AL   
0x01DE    0000            ADD [BX+SI], AL   
0x01E0    0000            ADD [BX+SI], AL   
0x01E2    0000            ADD [BX+SI], AL   
0x01E4    0000            ADD [BX+SI], AL   
0x01E6    0000            ADD [BX+SI], AL   
0x01E8    0000            ADD [BX+SI], AL   
0x01EA    0000            ADD [BX+SI], AL   
0x01EC    0000            ADD [BX+SI], AL   
0x01EE    0000            ADD [BX+SI], AL   
0x01F0    0000            ADD [BX+SI], AL   
0x01F2    0000            ADD [BX+SI], AL   
0x01F4    0000            ADD [BX+SI], AL   
0x01F6    0000            ADD [BX+SI], AL   
0x01F8    0000            ADD [BX+SI], AL   
0x01FA    0000            ADD [BX+SI], AL   
0x01FC    0000            ADD [BX+SI], AL   
0x01FE    55              PUSH BP   
0x01FF    aa              STOSB   


_______MBR   \Device\Harddisk1\DR12  

0x00000000   FA 33 C0 8E D0 BC 00 7C 8B F4 50 07 50 1F FB FC   ú3À.м.|.ôP.P.ûü
0x00000010   BF 00 06 B9 00 01 F2 A5 EA 1D 06 00 00 BE B8 06   ¿..¹..ò¥ê....¾¸.
0x00000020   AC 3C 00 74 0E 56 BB 07 00 B4 0E CD 10 5E EA 20   ¬<.t.V»..´.Í.^ê 
0x00000030   06 00 00 CD 18 00 00 00 00 00 00 00 00 00 00 00   ...Í............
0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000080   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000B0   00 00 00 00 00 00 00 00 50 65 6E 20 44 72 69 76   ........Pen Driv
0x000000C0   65 20 57 69 74 68 6F 75 74 20 4F 70 65 72 61 74   e Without Operat
0x000000D0   69 6E 67 20 53 79 73 74 65 6D 2E 52 65 6D 6F 76   ing System.Remov
0x000000E0   65 20 50 65 6E 20 44 72 69 76 65 20 41 6E 64 20   e Pen Drive And 
0x000000F0   52 65 62 6F 6F 74 2E 20 00 00 00 00 00 00 00 00   Reboot. ........
0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 01 02 03 04 00 00 00 22   ..............."
0x000001C0   33 00 0C 65 26 F2 90 08 00 00 70 F7 EE 00 00 00   3..e&ò....p÷î...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    fa              CLI   
0x0001    33c0            XOR AX, AX   
0x0003    8ed0            MOV SS, AX   
0x0005    bc 007c         MOV SP, 0x7c00   
0x0008    8bf4            MOV SI, SP   
0x000A    50              PUSH AX   
0x000B    07              POP ES   
0x000C    50              PUSH AX   
0x000D    1f              POP DS   
0x000E    fb              STI   
0x000F    fc              CLD   
0x0010    bf 0006         MOV DI, 0x600   
0x0013    b9 0001         MOV CX, 0x100   
0x0016    f2 a5           REPNZ MOVSW   
0x0018    ea 1d06 0000    JMP FAR 0x0:0x61d   
0x001D    be b806         MOV SI, 0x6b8   
0x0020    ac              LODSB   
0x0021    3c 00           CMP AL, 0x0   
0x0023    74 0e           JZ 0x33   
0x0025    56              PUSH SI   
0x0026    bb 0700         MOV BX, 0x7   
0x0029    b4 0e           MOV AH, 0xe   
0x002B    cd 10           INT 0x10   
0x002D    5e              POP SI   
0x002E    ea 2006 0000    JMP FAR 0x0:0x620   
0x0033    cd 18           INT 0x18   
0x0035    0000            ADD [BX+SI], AL   
0x0037    0000            ADD [BX+SI], AL   
0x0039    0000            ADD [BX+SI], AL   
0x003B    0000            ADD [BX+SI], AL   
0x003D    0000            ADD [BX+SI], AL   
0x003F    0000            ADD [BX+SI], AL   
0x0041    0000            ADD [BX+SI], AL   
0x0043    0000            ADD [BX+SI], AL   
0x0045    0000            ADD [BX+SI], AL   
0x0047    0000            ADD [BX+SI], AL   
0x0049    0000            ADD [BX+SI], AL   
0x004B    0000            ADD [BX+SI], AL   
0x004D    0000            ADD [BX+SI], AL   
0x004F    0000            ADD [BX+SI], AL   
0x0051    0000            ADD [BX+SI], AL   
0x0053    0000            ADD [BX+SI], AL   
0x0055    0000            ADD [BX+SI], AL   
0x0057    0000            ADD [BX+SI], AL   
0x0059    0000            ADD [BX+SI], AL   
0x005B    0000            ADD [BX+SI], AL   
0x005D    0000            ADD [BX+SI], AL   
0x005F    0000            ADD [BX+SI], AL   
0x0061    0000            ADD [BX+SI], AL   
0x0063    0000            ADD [BX+SI], AL   
0x0065    0000            ADD [BX+SI], AL   
0x0067    0000            ADD [BX+SI], AL   
0x0069    0000            ADD [BX+SI], AL   
0x006B    0000            ADD [BX+SI], AL   
0x006D    0000            ADD [BX+SI], AL   
0x006F    0000            ADD [BX+SI], AL   
0x0071    0000            ADD [BX+SI], AL   
0x0073    0000            ADD [BX+SI], AL   
0x0075    0000            ADD [BX+SI], AL   
0x0077    0000            ADD [BX+SI], AL   
0x0079    0000            ADD [BX+SI], AL   
0x007B    0000            ADD [BX+SI], AL   
0x007D    0000            ADD [BX+SI], AL   
0x007F    0000            ADD [BX+SI], AL   
0x0081    0000            ADD [BX+SI], AL   
0x0083    0000            ADD [BX+SI], AL   
0x0085    0000            ADD [BX+SI], AL   
0x0087    0000            ADD [BX+SI], AL   
0x0089    0000            ADD [BX+SI], AL   
0x008B    0000            ADD [BX+SI], AL   
0x008D    0000            ADD [BX+SI], AL   
0x008F    0000            ADD [BX+SI], AL   
0x0091    0000            ADD [BX+SI], AL   
0x0093    0000            ADD [BX+SI], AL   
0x0095    0000            ADD [BX+SI], AL   
0x0097    0000            ADD [BX+SI], AL   
0x0099    0000            ADD [BX+SI], AL   
0x009B    0000            ADD [BX+SI], AL   
0x009D    0000            ADD [BX+SI], AL   
0x009F    0000            ADD [BX+SI], AL   
0x00A1    0000            ADD [BX+SI], AL   
0x00A3    0000            ADD [BX+SI], AL   
0x00A5    0000            ADD [BX+SI], AL   
0x00A7    0000            ADD [BX+SI], AL   
0x00A9    0000            ADD [BX+SI], AL   
0x00AB    0000            ADD [BX+SI], AL   
0x00AD    0000            ADD [BX+SI], AL   
0x00AF    0000            ADD [BX+SI], AL   
0x00B1    0000            ADD [BX+SI], AL   
0x00B3    0000            ADD [BX+SI], AL   
0x00B5    0000            ADD [BX+SI], AL   
0x00B7    0050 65         ADD [BX+SI+0x65], DL   
0x00BA    6e              OUTSB   
0x00BB    2044 72         AND [SI+0x72], AL   
0x00BE    6976 65 2057    IMUL SI, [BP+0x65], 0x5720   
0x00C3    6974 68 6f75    IMUL SI, [SI+0x68], 0x756f   
0x00C8    74 20           JZ 0xea   
0x00CA    4f              DEC DI   
0x00CB    70 65           JO 0x132   
0x00CD    72 61           JB 0x130   
0x00CF    74 69           JZ 0x13a   
0x00D1    6e              OUTSB   
0x00D2    67 2053 79      AND [EBX+0x79], DL   
0x00D6    73 74           JAE 0x14c   
0x00D8    65 6d           INS WORD GS:[DI], DX   
0x00DA    2e              DB 0x2e   
0x00DA    2e 52           PUSH DX   
0x00DC    65 6d           INS WORD GS:[DI], DX   
0x00DE    6f              OUTSW   
0x00DF    76 65           JBE 0x146   
0x00E1    2050 65         AND [BX+SI+0x65], DL   
0x00E4    6e              OUTSB   
0x00E5    2044 72         AND [SI+0x72], AL   
0x00E8    6976 65 2041    IMUL SI, [BP+0x65], 0x4120   
0x00ED    6e              OUTSB   
0x00EE    64 2052 65      AND FS:[BP+SI+0x65], DL   
0x00F2    626f 6f         BOUND BP, [BX+0x6f]   
0x00F5    74 2e           JZ 0x125   
0x00F7    2000            AND [BX+SI], AL   
0x00F9    0000            ADD [BX+SI], AL   
0x00FB    0000            ADD [BX+SI], AL   
0x00FD    0000            ADD [BX+SI], AL   
0x00FF    0000            ADD [BX+SI], AL   
0x0101    0000            ADD [BX+SI], AL   
0x0103    0000            ADD [BX+SI], AL   
0x0105    0000            ADD [BX+SI], AL   
0x0107    0000            ADD [BX+SI], AL   
0x0109    0000            ADD [BX+SI], AL   
0x010B    0000            ADD [BX+SI], AL   
0x010D    0000            ADD [BX+SI], AL   
0x010F    0000            ADD [BX+SI], AL   
0x0111    0000            ADD [BX+SI], AL   
0x0113    0000            ADD [BX+SI], AL   
0x0115    0000            ADD [BX+SI], AL   
0x0117    0000            ADD [BX+SI], AL   
0x0119    0000            ADD [BX+SI], AL   
0x011B    0000            ADD [BX+SI], AL   
0x011D    0000            ADD [BX+SI], AL   
0x011F    0000            ADD [BX+SI], AL   
0x0121    0000            ADD [BX+SI], AL   
0x0123    0000            ADD [BX+SI], AL   
0x0125    0000            ADD [BX+SI], AL   
0x0127    0000            ADD [BX+SI], AL   
0x0129    0000            ADD [BX+SI], AL   
0x012B    0000            ADD [BX+SI], AL   
0x012D    0000            ADD [BX+SI], AL   
0x012F    0000            ADD [BX+SI], AL   
0x0131    0000            ADD [BX+SI], AL   
0x0133    0000            ADD [BX+SI], AL   
0x0135    0000            ADD [BX+SI], AL   
0x0137    0000            ADD [BX+SI], AL   
0x0139    0000            ADD [BX+SI], AL   
0x013B    0000            ADD [BX+SI], AL   
0x013D    0000            ADD [BX+SI], AL   
0x013F    0000            ADD [BX+SI], AL   
0x0141    0000            ADD [BX+SI], AL   
0x0143    0000            ADD [BX+SI], AL   
0x0145    0000            ADD [BX+SI], AL   
0x0147    0000            ADD [BX+SI], AL   
0x0149    0000            ADD [BX+SI], AL   
0x014B    0000            ADD [BX+SI], AL   
0x014D    0000            ADD [BX+SI], AL   
0x014F    0000            ADD [BX+SI], AL   
0x0151    0000            ADD [BX+SI], AL   
0x0153    0000            ADD [BX+SI], AL   
0x0155    0000            ADD [BX+SI], AL   
0x0157    0000            ADD [BX+SI], AL   
0x0159    0000            ADD [BX+SI], AL   
0x015B    0000            ADD [BX+SI], AL   
0x015D    0000            ADD [BX+SI], AL   
0x015F    0000            ADD [BX+SI], AL   
0x0161    0000            ADD [BX+SI], AL   
0x0163    0000            ADD [BX+SI], AL   
0x0165    0000            ADD [BX+SI], AL   
0x0167    0000            ADD [BX+SI], AL   
0x0169    0000            ADD [BX+SI], AL   
0x016B    0000            ADD [BX+SI], AL   
0x016D    0000            ADD [BX+SI], AL   
0x016F    0000            ADD [BX+SI], AL   
0x0171    0000            ADD [BX+SI], AL   
0x0173    0000            ADD [BX+SI], AL   
0x0175    0000            ADD [BX+SI], AL   
0x0177    0000            ADD [BX+SI], AL   
0x0179    0000            ADD [BX+SI], AL   
0x017B    0000            ADD [BX+SI], AL   
0x017D    0000            ADD [BX+SI], AL   
0x017F    0000            ADD [BX+SI], AL   
0x0181    0000            ADD [BX+SI], AL   
0x0183    0000            ADD [BX+SI], AL   
0x0185    0000            ADD [BX+SI], AL   
0x0187    0000            ADD [BX+SI], AL   
0x0189    0000            ADD [BX+SI], AL   
0x018B    0000            ADD [BX+SI], AL   
0x018D    0000            ADD [BX+SI], AL   
0x018F    0000            ADD [BX+SI], AL   
0x0191    0000            ADD [BX+SI], AL   
0x0193    0000            ADD [BX+SI], AL   
0x0195    0000            ADD [BX+SI], AL   
0x0197    0000            ADD [BX+SI], AL   
0x0199    0000            ADD [BX+SI], AL   
0x019B    0000            ADD [BX+SI], AL   
0x019D    0000            ADD [BX+SI], AL   
0x019F    0000            ADD [BX+SI], AL   
0x01A1    0000            ADD [BX+SI], AL   
0x01A3    0000            ADD [BX+SI], AL   
0x01A5    0000            ADD [BX+SI], AL   
0x01A7    0000            ADD [BX+SI], AL   
0x01A9    0000            ADD [BX+SI], AL   
0x01AB    0000            ADD [BX+SI], AL   
0x01AD    0000            ADD [BX+SI], AL   
0x01AF    0000            ADD [BX+SI], AL   
0x01B1    0000            ADD [BX+SI], AL   
0x01B3    0000            ADD [BX+SI], AL   
0x01B5    0000            ADD [BX+SI], AL   
0x01B7    0001            ADD [BX+DI], AL   
0x01B9    0203            ADD AL, [BP+DI]   
0x01BB    04 00           ADD AL, 0x0   
0x01BD    0000            ADD [BX+SI], AL   
0x01BF    2233            AND DH, [BP+DI]   
0x01C1    000c            ADD [SI], CL   
0x01C3    65              DB 0x65   
0x01C4    26              DB 0x26   
0x01C4    f2              DB 0xf2   
0x01C4    26 f2 90        NOP   
0x01C7    0800            OR [BX+SI], AL   
0x01C9    0070 f7         ADD [BX+SI-0x9], DH   
0x01CC    ee              OUT DX, AL   
0x01CD    0000            ADD [BX+SI], AL   
0x01CF    0000            ADD [BX+SI], AL   
0x01D1    0000            ADD [BX+SI], AL   
0x01D3    0000            ADD [BX+SI], AL   
0x01D5    0000            ADD [BX+SI], AL   
0x01D7    0000            ADD [BX+SI], AL   
0x01D9    0000            ADD [BX+SI], AL   
0x01DB    0000            ADD [BX+SI], AL   
0x01DD    0000            ADD [BX+SI], AL   
0x01DF    0000            ADD [BX+SI], AL   
0x01E1    0000            ADD [BX+SI], AL   
0x01E3    0000            ADD [BX+SI], AL   
0x01E5    0000            ADD [BX+SI], AL   
0x01E7    0000            ADD [BX+SI], AL   
0x01E9    0000            ADD [BX+SI], AL   
0x01EB    0000            ADD [BX+SI], AL   
0x01ED    0000            ADD [BX+SI], AL   
0x01EF    0000            ADD [BX+SI], AL   
0x01F1    0000            ADD [BX+SI], AL   
0x01F3    0000            ADD [BX+SI], AL   
0x01F5    0000            ADD [BX+SI], AL   
0x01F7    0000            ADD [BX+SI], AL   
0x01F9    0000            ADD [BX+SI], AL   
0x01FB    0000            ADD [BX+SI], AL   
0x01FD    0055 aa         ADD [DI-0x56], DL

Re: Problem s Haveti na PC: WIN32/Agent.SDG.Gen trojsky kun

Napsal: 26 čer 2012 20:20
od Vacky
Zde přikládám log z TDSSKiller:


21:16:04.0984 2068 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
21:16:05.0593 2068 ============================================================
21:16:05.0593 2068 Current date / time: 2012/06/26 21:16:05.0593
21:16:05.0593 2068 SystemInfo:
21:16:05.0593 2068
21:16:05.0593 2068 OS Version: 5.1.2600 ServicePack: 3.0
21:16:05.0593 2068 Product type: Workstation
21:16:05.0593 2068 ComputerName: PEVNA
21:16:05.0593 2068 UserName: František Eliáš
21:16:05.0593 2068 Windows directory: C:\WINDOWS
21:16:05.0593 2068 System windows directory: C:\WINDOWS
21:16:05.0593 2068 Processor architecture: Intel x86
21:16:05.0593 2068 Number of processors: 1
21:16:05.0625 2068 Page size: 0x1000
21:16:05.0625 2068 Boot type: Normal boot
21:16:05.0625 2068 ============================================================
21:16:10.0406 2068 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:16:10.0406 2068 Drive \Device\Harddisk1\DR14 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:16:10.0406 2068 ============================================================
21:16:10.0406 2068 \Device\Harddisk0\DR0:
21:16:10.0406 2068 MBR partitions:
21:16:10.0406 2068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A40EC
21:16:10.0406 2068 \Device\Harddisk1\DR14:
21:16:10.0406 2068 MBR partitions:
21:16:10.0406 2068 \Device\Harddisk1\DR14\Partition0: MBR, Type 0xC, StartLBA 0x890, BlocksNum 0xEEF770
21:16:10.0406 2068 ============================================================
21:16:10.0437 2068 C: <-> \Device\Harddisk0\DR0\Partition0
21:16:10.0437 2068 ============================================================
21:16:10.0437 2068 Initialize success
21:16:10.0437 2068 ============================================================
21:16:27.0562 2124 ============================================================
21:16:27.0562 2124 Scan started
21:16:27.0562 2124 Mode: Manual; SigCheck; TDLFS;
21:16:27.0562 2124 ============================================================
21:16:28.0093 2124 602XML Updater (ebd7bd25c1d33b10d2251194c300ee85) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
21:16:28.0375 2124 602XML Updater ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0375 2124 602XML Updater - detected UnsignedFile.Multi.Generic (1)
21:16:28.0515 2124 Abiosdsk - ok
21:16:28.0546 2124 abp480n5 - ok
21:16:28.0609 2124 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:16:29.0000 2124 ACPI - ok
21:16:29.0031 2124 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:16:29.0250 2124 ACPIEC - ok
21:16:29.0281 2124 adpu160m - ok
21:16:29.0343 2124 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:16:29.0593 2124 aec - ok
21:16:29.0640 2124 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:16:29.0703 2124 AFD - ok
21:16:29.0718 2124 Aha154x - ok
21:16:29.0750 2124 aic78u2 - ok
21:16:29.0781 2124 aic78xx - ok
21:16:29.0890 2124 ALCXWDM (02d94d2d336d3de8c5e8fe04a62d552d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:16:30.0046 2124 ALCXWDM - ok
21:16:30.0109 2124 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
21:16:30.0296 2124 Alerter - ok
21:16:30.0328 2124 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
21:16:30.0453 2124 ALG - ok
21:16:30.0468 2124 AliIde - ok
21:16:30.0531 2124 AmdK7 (3980814f8027d27ea003e2e3d9d4f604) C:\WINDOWS\system32\DRIVERS\amdk7.sys
21:16:30.0750 2124 AmdK7 - ok
21:16:30.0765 2124 amsint - ok
21:16:30.0781 2124 AppMgmt - ok
21:16:30.0812 2124 asc - ok
21:16:30.0843 2124 asc3350p - ok
21:16:30.0859 2124 asc3550 - ok
21:16:30.0984 2124 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:16:31.0046 2124 aspnet_state - ok
21:16:31.0093 2124 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:16:31.0312 2124 AsyncMac - ok
21:16:31.0359 2124 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:16:31.0562 2124 atapi - ok
21:16:31.0578 2124 Atdisk - ok
21:16:31.0640 2124 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:16:31.0906 2124 Atmarpc - ok
21:16:31.0937 2124 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
21:16:32.0203 2124 AudioSrv - ok
21:16:32.0250 2124 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:16:32.0468 2124 audstub - ok
21:16:32.0531 2124 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:16:32.0750 2124 Beep - ok
21:16:32.0828 2124 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
21:16:33.0156 2124 BITS - ok
21:16:33.0203 2124 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
21:16:33.0421 2124 Browser - ok
21:16:33.0546 2124 catchme - ok
21:16:33.0609 2124 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:16:33.0859 2124 cbidf2k - ok
21:16:33.0875 2124 cd20xrnt - ok
21:16:33.0937 2124 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:16:34.0218 2124 Cdaudio - ok
21:16:34.0281 2124 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:16:34.0515 2124 Cdfs - ok
21:16:34.0562 2124 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:16:34.0812 2124 Cdrom - ok
21:16:34.0843 2124 Changer - ok
21:16:34.0906 2124 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
21:16:35.0140 2124 CiSvc - ok
21:16:35.0171 2124 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
21:16:35.0437 2124 ClipSrv - ok
21:16:35.0515 2124 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:16:35.0562 2124 clr_optimization_v2.0.50727_32 - ok
21:16:35.0640 2124 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:16:35.0703 2124 clr_optimization_v4.0.30319_32 - ok
21:16:35.0718 2124 CmdIde - ok
21:16:35.0734 2124 COMSysApp - ok
21:16:35.0781 2124 Cpqarray - ok
21:16:35.0828 2124 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
21:16:36.0078 2124 CryptSvc - ok
21:16:36.0109 2124 dac2w2k - ok
21:16:36.0125 2124 dac960nt - ok
21:16:36.0203 2124 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
21:16:36.0343 2124 DcomLaunch - ok
21:16:36.0421 2124 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
21:16:36.0750 2124 Dhcp - ok
21:16:36.0796 2124 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:16:37.0031 2124 Disk - ok
21:16:37.0062 2124 dmadmin - ok
21:16:37.0156 2124 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
21:16:37.0578 2124 dmboot - ok
21:16:37.0609 2124 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
21:16:37.0875 2124 dmio - ok
21:16:37.0921 2124 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:16:38.0203 2124 dmload - ok
21:16:38.0250 2124 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
21:16:38.0515 2124 dmserver - ok
21:16:38.0578 2124 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:16:38.0843 2124 DMusic - ok
21:16:38.0890 2124 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
21:16:38.0984 2124 Dnscache - ok
21:16:39.0062 2124 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
21:16:39.0312 2124 Dot3svc - ok
21:16:39.0328 2124 dpti2o - ok
21:16:39.0375 2124 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:16:39.0625 2124 drmkaud - ok
21:16:39.0687 2124 eamon (ba3bb79c859292c3ff2a21b05e64696f) C:\WINDOWS\system32\DRIVERS\eamon.sys
21:16:39.0796 2124 eamon - ok
21:16:39.0859 2124 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
21:16:40.0140 2124 EapHost - ok
21:16:40.0187 2124 ehdrv (3c747a0d8ce29720302972ac6ed09733) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
21:16:40.0218 2124 ehdrv - ok
21:16:40.0296 2124 EhttpSrv (679ad4afcaf9520cc5607d204ae27cce) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
21:16:40.0328 2124 EhttpSrv - ok
21:16:40.0406 2124 ekrn (82a0ee1f5ccc82cc5453d24ff186e9b0) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
21:16:40.0562 2124 ekrn - ok
21:16:40.0640 2124 epfwtdir (c24fae2e95936bb8f0d4941c329cc663) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
21:16:40.0656 2124 epfwtdir - ok
21:16:40.0687 2124 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
21:16:40.0953 2124 ERSvc - ok
21:16:41.0015 2124 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
21:16:41.0265 2124 es1371 - ok
21:16:41.0312 2124 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
21:16:41.0437 2124 Eventlog - ok
21:16:41.0500 2124 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
21:16:41.0578 2124 EventSystem - ok
21:16:41.0625 2124 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:16:41.0875 2124 Fastfat - ok
21:16:41.0937 2124 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:16:42.0031 2124 FastUserSwitchingCompatibility - ok
21:16:42.0093 2124 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:16:42.0343 2124 Fdc - ok
21:16:42.0375 2124 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
21:16:42.0625 2124 FETNDIS - ok
21:16:42.0671 2124 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
21:16:42.0921 2124 Fips - ok
21:16:43.0000 2124 FirebirdGuardianDefaultInstance - ok
21:16:43.0031 2124 FirebirdServerDefaultInstance - ok
21:16:43.0093 2124 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:16:43.0296 2124 Flpydisk - ok
21:16:43.0359 2124 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:16:43.0578 2124 FltMgr - ok
21:16:43.0890 2124 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:16:43.0968 2124 FontCache3.0.0.0 - ok
21:16:44.0062 2124 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:16:44.0296 2124 Fs_Rec - ok
21:16:44.0546 2124 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:16:44.0781 2124 Ftdisk - ok
21:16:44.0875 2124 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:16:45.0109 2124 gameenum - ok
21:16:45.0265 2124 GemCCID (86d3d834d35ebe920d85ffedcef79faf) C:\WINDOWS\system32\Drivers\GemCCID.sys
21:16:45.0453 2124 GemCCID - ok
21:16:45.0453 2124 GMSIPCI - ok
21:16:45.0484 2124 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:16:45.0734 2124 Gpc - ok
21:16:45.0875 2124 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:16:46.0156 2124 helpsvc - ok
21:16:46.0218 2124 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
21:16:46.0468 2124 HidServ - ok
21:16:46.0515 2124 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:16:46.0734 2124 hidusb - ok
21:16:46.0796 2124 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
21:16:47.0046 2124 hkmsvc - ok
21:16:47.0062 2124 hpn - ok
21:16:47.0140 2124 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:16:47.0203 2124 HTTP - ok
21:16:47.0265 2124 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
21:16:47.0531 2124 HTTPFilter - ok
21:16:47.0546 2124 i2omgmt - ok
21:16:47.0578 2124 i2omp - ok
21:16:47.0640 2124 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:16:47.0859 2124 i8042prt - ok
21:16:48.0000 2124 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:16:48.0125 2124 idsvc - ok
21:16:48.0281 2124 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
21:16:48.0296 2124 IJPLMSVC - ok
21:16:48.0359 2124 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:16:48.0578 2124 Imapi - ok
21:16:48.0656 2124 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
21:16:48.0875 2124 ImapiService - ok
21:16:48.0890 2124 ini910u - ok
21:16:48.0937 2124 IntelIde - ok
21:16:48.0984 2124 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:16:49.0265 2124 Ip6Fw - ok
21:16:49.0328 2124 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:16:49.0640 2124 IpFilterDriver - ok
21:16:49.0734 2124 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:16:49.0968 2124 IpInIp - ok
21:16:50.0015 2124 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:16:50.0234 2124 IpNat - ok
21:16:50.0296 2124 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:16:50.0546 2124 IPSec - ok
21:16:50.0593 2124 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:16:50.0703 2124 IRENUM - ok
21:16:50.0750 2124 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:16:50.0968 2124 isapnp - ok
21:16:51.0078 2124 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
21:16:51.0109 2124 JavaQuickStarterService - ok
21:16:51.0156 2124 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:16:51.0375 2124 Kbdclass - ok
21:16:51.0437 2124 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:16:51.0687 2124 kbdhid - ok
21:16:51.0765 2124 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:16:51.0953 2124 kmixer - ok
21:16:52.0000 2124 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:16:52.0062 2124 KSecDD - ok
21:16:52.0125 2124 LanmanServer (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
21:16:52.0156 2124 LanmanServer - ok
21:16:52.0218 2124 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
21:16:52.0296 2124 lanmanworkstation - ok
21:16:52.0312 2124 lbrtfdc - ok
21:16:52.0390 2124 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
21:16:52.0640 2124 LmHosts - ok
21:16:52.0765 2124 McciCMService (4f74184920b2d6e33024409b4c5c57c1) C:\Program Files\Common Files\Motive\McciCMService.exe
21:16:52.0812 2124 McciCMService ( UnsignedFile.Multi.Generic ) - warning
21:16:52.0812 2124 McciCMService - detected UnsignedFile.Multi.Generic (1)
21:16:52.0859 2124 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
21:16:53.0125 2124 Messenger - ok
21:16:53.0203 2124 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:16:53.0265 2124 Microsoft Office Groove Audit Service - ok
21:16:53.0312 2124 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:16:53.0484 2124 mnmdd - ok
21:16:53.0546 2124 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
21:16:53.0828 2124 mnmsrvc - ok
21:16:53.0875 2124 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
21:16:54.0140 2124 Modem - ok
21:16:54.0171 2124 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:16:54.0390 2124 Mouclass - ok
21:16:54.0437 2124 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:16:54.0656 2124 mouhid - ok
21:16:54.0687 2124 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:16:54.0890 2124 MountMgr - ok
21:16:54.0921 2124 mraid35x - ok
21:16:54.0968 2124 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:16:55.0000 2124 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
21:16:55.0000 2124 MREMP50 - detected UnsignedFile.Multi.Generic (1)
21:16:55.0015 2124 MREMP50a64 - ok
21:16:55.0031 2124 MREMPR5 - ok
21:16:55.0046 2124 MRENDIS5 - ok
21:16:55.0062 2124 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:16:55.0093 2124 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
21:16:55.0093 2124 MRESP50 - detected UnsignedFile.Multi.Generic (1)
21:16:55.0109 2124 MRESP50a64 - ok
21:16:55.0156 2124 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:16:55.0375 2124 MRxDAV - ok
21:16:55.0453 2124 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:16:55.0546 2124 MRxSmb - ok
21:16:55.0593 2124 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
21:16:55.0812 2124 MSDTC - ok
21:16:55.0859 2124 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:16:56.0046 2124 Msfs - ok
21:16:56.0062 2124 MSIServer - ok
21:16:56.0375 2124 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:16:56.0625 2124 MSKSSRV - ok
21:16:56.0656 2124 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:16:56.0890 2124 MSPCLOCK - ok
21:16:56.0906 2124 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:16:57.0156 2124 MSPQM - ok
21:16:57.0203 2124 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:16:57.0406 2124 mssmbios - ok
21:16:57.0453 2124 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:16:57.0515 2124 Mup - ok
21:16:57.0578 2124 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
21:16:57.0890 2124 napagent - ok
21:16:57.0937 2124 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:16:58.0187 2124 NDIS - ok
21:16:58.0234 2124 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:16:58.0281 2124 NdisTapi - ok
21:16:58.0328 2124 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:16:58.0531 2124 Ndisuio - ok
21:16:58.0593 2124 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:16:58.0812 2124 NdisWan - ok
21:16:58.0875 2124 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:16:58.0937 2124 NDProxy - ok
21:16:58.0984 2124 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
21:16:59.0015 2124 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:16:59.0015 2124 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:16:59.0078 2124 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:16:59.0328 2124 NetBIOS - ok
21:16:59.0359 2124 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:16:59.0562 2124 NetBT - ok
21:16:59.0625 2124 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:16:59.0843 2124 NetDDE - ok
21:16:59.0875 2124 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:17:00.0093 2124 NetDDEdsdm - ok
21:17:00.0140 2124 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:17:00.0406 2124 Netlogon - ok
21:17:00.0453 2124 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
21:17:00.0656 2124 Netman - ok
21:17:00.0796 2124 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:17:00.0812 2124 NetTcpPortSharing - ok
21:17:00.0859 2124 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
21:17:00.0906 2124 Nla - ok
21:17:00.0953 2124 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
21:17:01.0218 2124 nmwcd - ok
21:17:01.0281 2124 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
21:17:01.0375 2124 nmwcdc - ok
21:17:01.0437 2124 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
21:17:01.0562 2124 nmwcdnsu - ok
21:17:01.0593 2124 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
21:17:01.0703 2124 nmwcdnsuc - ok
21:17:01.0734 2124 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:17:01.0953 2124 Npfs - ok
21:17:02.0031 2124 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:17:02.0281 2124 Ntfs - ok
21:17:02.0312 2124 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:17:02.0515 2124 NtLmSsp - ok
21:17:02.0578 2124 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
21:17:02.0859 2124 NtmsSvc - ok
21:17:02.0906 2124 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:17:03.0125 2124 Null - ok
21:17:03.0281 2124 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:17:03.0750 2124 nv - ok
21:17:03.0906 2124 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:17:04.0156 2124 NwlnkFlt - ok
21:17:04.0171 2124 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:17:04.0437 2124 NwlnkFwd - ok
21:17:04.0625 2124 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:17:04.0765 2124 odserv - ok
21:17:04.0828 2124 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:17:04.0875 2124 ose - ok
21:17:04.0921 2124 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
21:17:05.0125 2124 Parport - ok
21:17:05.0156 2124 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:17:05.0343 2124 PartMgr - ok
21:17:05.0390 2124 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
21:17:05.0609 2124 ParVdm - ok
21:17:05.0656 2124 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:17:05.0734 2124 pccsmcfd - ok
21:17:05.0796 2124 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
21:17:05.0984 2124 PCI - ok
21:17:06.0000 2124 PCIDump - ok
21:17:06.0031 2124 PCIIde - ok
21:17:06.0078 2124 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:17:06.0375 2124 Pcmcia - ok
21:17:06.0406 2124 PDCOMP - ok
21:17:06.0421 2124 PDFRAME - ok
21:17:06.0468 2124 PDRELI - ok
21:17:06.0500 2124 PDRFRAME - ok
21:17:06.0515 2124 perc2 - ok
21:17:06.0546 2124 perc2hib - ok
21:17:06.0656 2124 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
21:17:06.0687 2124 PlugPlay - ok
21:17:06.0718 2124 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
21:17:06.0750 2124 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:17:06.0750 2124 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:17:06.0828 2124 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:17:07.0046 2124 PolicyAgent - ok
21:17:07.0078 2124 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:17:07.0312 2124 PptpMiniport - ok
21:17:07.0343 2124 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:17:07.0562 2124 ProtectedStorage - ok
21:17:07.0578 2124 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:17:07.0781 2124 PSched - ok
21:17:07.0859 2124 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:17:08.0062 2124 Ptilink - ok
21:17:08.0093 2124 ql1080 - ok
21:17:08.0109 2124 Ql10wnt - ok
21:17:08.0140 2124 ql12160 - ok
21:17:08.0171 2124 ql1240 - ok
21:17:08.0187 2124 ql1280 - ok
21:17:08.0218 2124 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:17:08.0453 2124 RasAcd - ok
21:17:08.0515 2124 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
21:17:08.0765 2124 RasAuto - ok
21:17:08.0796 2124 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:17:09.0046 2124 Rasl2tp - ok
21:17:09.0093 2124 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
21:17:09.0328 2124 RasMan - ok
21:17:09.0359 2124 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:17:09.0593 2124 RasPppoe - ok
21:17:09.0640 2124 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:17:09.0843 2124 Raspti - ok
21:17:09.0890 2124 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:17:10.0109 2124 Rdbss - ok
21:17:10.0156 2124 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:17:10.0359 2124 RDPCDD - ok
21:17:10.0406 2124 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:17:10.0500 2124 RDPWD - ok
21:17:10.0562 2124 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
21:17:10.0859 2124 RDSessMgr - ok
21:17:10.0921 2124 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:17:11.0125 2124 redbook - ok
21:17:11.0203 2124 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
21:17:11.0453 2124 RemoteAccess - ok
21:17:11.0500 2124 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
21:17:11.0687 2124 RpcLocator - ok
21:17:11.0765 2124 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
21:17:11.0796 2124 RpcSs - ok
21:17:11.0859 2124 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
21:17:12.0078 2124 RSVP - ok
21:17:12.0125 2124 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
21:17:12.0171 2124 rtl8139 - ok
21:17:12.0218 2124 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:17:12.0453 2124 SamSs - ok
21:17:12.0515 2124 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
21:17:12.0734 2124 SCardSvr - ok
21:17:12.0796 2124 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
21:17:13.0031 2124 Schedule - ok
21:17:13.0062 2124 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:17:13.0171 2124 Secdrv - ok
21:17:13.0218 2124 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
21:17:13.0437 2124 seclogon - ok
21:17:13.0468 2124 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
21:17:13.0671 2124 SENS - ok
21:17:13.0718 2124 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:17:13.0906 2124 serenum - ok
21:17:13.0921 2124 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
21:17:14.0203 2124 Serial - ok
21:17:14.0343 2124 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:17:14.0515 2124 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
21:17:14.0515 2124 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
21:17:14.0656 2124 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:17:14.0921 2124 Sfloppy - ok
21:17:14.0968 2124 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
21:17:15.0218 2124 SharedAccess - ok
21:17:15.0281 2124 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:17:15.0296 2124 ShellHWDetection - ok
21:17:15.0328 2124 Simbad - ok
21:17:15.0359 2124 Sparrow - ok
21:17:15.0421 2124 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:17:15.0656 2124 splitter - ok
21:17:15.0703 2124 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:17:15.0734 2124 Spooler - ok
21:17:16.0062 2124 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
21:17:16.0062 2124 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
21:17:16.0062 2124 sptd ( LockedFile.Multi.Generic ) - warning
21:17:16.0062 2124 sptd - detected LockedFile.Multi.Generic (1)
21:17:16.0187 2124 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
21:17:16.0281 2124 sr - ok
21:17:16.0812 2124 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
21:17:17.0062 2124 srservice - ok
21:17:17.0359 2124 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:17:17.0484 2124 Srv - ok
21:17:17.0531 2124 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
21:17:17.0640 2124 SSDPSRV - ok
21:17:17.0718 2124 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
21:17:17.0937 2124 stisvc - ok
21:17:18.0000 2124 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:17:18.0234 2124 swenum - ok
21:17:18.0265 2124 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:17:18.0515 2124 swmidi - ok
21:17:18.0531 2124 SwPrv - ok
21:17:18.0562 2124 symc810 - ok
21:17:18.0578 2124 symc8xx - ok
21:17:18.0609 2124 sym_hi - ok
21:17:18.0640 2124 sym_u3 - ok
21:17:18.0671 2124 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:17:18.0890 2124 sysaudio - ok
21:17:18.0937 2124 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
21:17:19.0125 2124 SysmonLog - ok
21:17:19.0171 2124 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
21:17:19.0390 2124 TapiSrv - ok
21:17:19.0468 2124 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:17:19.0546 2124 Tcpip - ok
21:17:19.0578 2124 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:17:19.0812 2124 TDPIPE - ok
21:17:19.0843 2124 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:17:20.0109 2124 TDTCP - ok
21:17:20.0156 2124 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:17:20.0375 2124 TermDD - ok
21:17:20.0421 2124 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
21:17:20.0625 2124 TermService - ok
21:17:20.0687 2124 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:17:20.0703 2124 Themes - ok
21:17:20.0718 2124 TosIde - ok
21:17:20.0796 2124 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
21:17:20.0984 2124 TrkWks - ok
21:17:21.0046 2124 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
21:17:21.0250 2124 uagp35 - ok
21:17:21.0312 2124 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:17:21.0531 2124 Udfs - ok
21:17:21.0578 2124 ultra - ok
21:17:21.0671 2124 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:17:21.0937 2124 Update - ok
21:17:22.0000 2124 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
21:17:22.0093 2124 upnphost - ok
21:17:22.0140 2124 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
21:17:22.0218 2124 upperdev - ok
21:17:22.0265 2124 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
21:17:22.0437 2124 UPS - ok
21:17:22.0500 2124 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:17:22.0765 2124 usbccgp - ok
21:17:22.0828 2124 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:17:23.0015 2124 usbehci - ok
21:17:23.0046 2124 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:17:23.0265 2124 usbhub - ok
21:17:23.0312 2124 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:17:23.0531 2124 usbscan - ok
21:17:23.0593 2124 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
21:17:23.0843 2124 usbser - ok
21:17:23.0875 2124 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
21:17:23.0968 2124 UsbserFilt - ok
21:17:24.0031 2124 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:17:24.0203 2124 USBSTOR - ok
21:17:24.0234 2124 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:17:24.0453 2124 usbuhci - ok
21:17:24.0484 2124 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:17:24.0687 2124 VgaSave - ok
21:17:24.0734 2124 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:17:24.0953 2124 ViaIde - ok
21:17:25.0015 2124 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
21:17:25.0218 2124 VolSnap - ok
21:17:25.0265 2124 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
21:17:25.0375 2124 VSS - ok
21:17:25.0453 2124 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
21:17:25.0640 2124 W32Time - ok
21:17:25.0703 2124 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:17:25.0921 2124 Wanarp - ok
21:17:26.0000 2124 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:17:26.0109 2124 Wdf01000 - ok
21:17:26.0140 2124 WDICA - ok
21:17:26.0203 2124 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:17:26.0375 2124 wdmaud - ok
21:17:26.0437 2124 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
21:17:26.0671 2124 WebClient - ok
21:17:26.0796 2124 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:17:27.0031 2124 winmgmt - ok
21:17:27.0125 2124 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:17:27.0218 2124 WmdmPmSN - ok
21:17:27.0281 2124 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:17:27.0484 2124 WmiApSrv - ok
21:17:27.0640 2124 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:17:27.0765 2124 WMPNetworkSvc - ok
21:17:27.0828 2124 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:17:27.0875 2124 WpdUsb - ok
21:17:28.0031 2124 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:17:28.0140 2124 WPFFontCache_v0400 - ok
21:17:28.0203 2124 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:17:28.0421 2124 WS2IFSL - ok
21:17:28.0453 2124 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
21:17:28.0687 2124 wscsvc - ok
21:17:28.0703 2124 WSearch - ok
21:17:28.0781 2124 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
21:17:29.0000 2124 wuauserv - ok
21:17:29.0046 2124 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:17:29.0093 2124 WudfPf - ok
21:17:29.0140 2124 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:17:29.0203 2124 WudfRd - ok
21:17:29.0250 2124 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
21:17:29.0281 2124 WudfSvc - ok
21:17:29.0359 2124 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
21:17:29.0625 2124 WZCSVC - ok
21:17:29.0687 2124 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
21:17:29.0953 2124 xmlprov - ok
21:17:29.0984 2124 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
21:17:30.0015 2124 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
21:17:30.0015 2124 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
21:17:30.0078 2124 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk1\DR14
21:17:30.0187 2124 \Device\Harddisk1\DR14 - ok
21:17:30.0203 2124 Boot (0x1200) (9d96a33ebdbc1f24b090b0a1224c41fa) \Device\Harddisk0\DR0\Partition0
21:17:30.0203 2124 \Device\Harddisk0\DR0\Partition0 - ok
21:17:30.0250 2124 Boot (0x1200) (56e35ae201a76289848adda82bfec6d3) \Device\Harddisk1\DR14\Partition0
21:17:30.0250 2124 \Device\Harddisk1\DR14\Partition0 - ok
21:17:30.0250 2124 ============================================================
21:17:30.0250 2124 Scan finished
21:17:30.0250 2124 ============================================================
21:17:30.0390 2732 Detected object count: 9
21:17:30.0390 2732 Actual detected object count: 9
21:18:07.0203 2732 602XML Updater ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0203 2732 602XML Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0203 2732 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0203 2732 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0203 2732 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0203 2732 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0203 2732 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0203 2732 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0218 2732 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0218 2732 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0218 2732 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0218 2732 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0234 2732 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0234 2732 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0234 2732 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:18:07.0234 2732 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:18:07.0234 2732 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user
21:18:07.0234 2732 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Skip

Re: Problem s Haveti na PC: WIN32/Agent.SDG.Gen trojsky kun

Napsal: 26 čer 2012 20:37
od Vacky
a zde je log po Léčbě (Cure)


21:32:44.0953 3504 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
21:32:45.0203 3504 ============================================================
21:32:45.0203 3504 Current date / time: 2012/06/26 21:32:45.0203
21:32:45.0203 3504 SystemInfo:
21:32:45.0203 3504
21:32:45.0218 3504 OS Version: 5.1.2600 ServicePack: 3.0
21:32:45.0218 3504 Product type: Workstation
21:32:45.0218 3504 ComputerName: PEVNA
21:32:45.0234 3504 UserName: František Eliáš
21:32:45.0234 3504 Windows directory: C:\WINDOWS
21:32:45.0234 3504 System windows directory: C:\WINDOWS
21:32:45.0234 3504 Processor architecture: Intel x86
21:32:45.0234 3504 Number of processors: 1
21:32:45.0234 3504 Page size: 0x1000
21:32:45.0234 3504 Boot type: Normal boot
21:32:45.0234 3504 ============================================================
21:32:51.0015 3504 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:32:51.0015 3504 ============================================================
21:32:51.0015 3504 \Device\Harddisk0\DR0:
21:32:51.0015 3504 MBR partitions:
21:32:51.0015 3504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A40EC
21:32:51.0015 3504 ============================================================
21:32:51.0046 3504 C: <-> \Device\Harddisk0\DR0\Partition0
21:32:51.0062 3504 ============================================================
21:32:51.0062 3504 Initialize success
21:32:51.0062 3504 ============================================================
21:33:08.0343 3528 ============================================================
21:33:08.0343 3528 Scan started
21:33:08.0343 3528 Mode: Manual; SigCheck; TDLFS;
21:33:08.0343 3528 ============================================================
21:33:08.0640 3528 602XML Updater (ebd7bd25c1d33b10d2251194c300ee85) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
21:33:10.0718 3528 602XML Updater ( UnsignedFile.Multi.Generic ) - warning
21:33:10.0718 3528 602XML Updater - detected UnsignedFile.Multi.Generic (1)
21:33:10.0859 3528 Abiosdsk - ok
21:33:10.0890 3528 abp480n5 - ok
21:33:10.0968 3528 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:33:12.0406 3528 ACPI - ok
21:33:12.0453 3528 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:33:12.0703 3528 ACPIEC - ok
21:33:12.0718 3528 adpu160m - ok
21:33:12.0781 3528 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:33:13.0093 3528 aec - ok
21:33:13.0140 3528 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:33:13.0218 3528 AFD - ok
21:33:13.0234 3528 Aha154x - ok
21:33:13.0265 3528 aic78u2 - ok
21:33:13.0281 3528 aic78xx - ok
21:33:13.0375 3528 ALCXWDM (02d94d2d336d3de8c5e8fe04a62d552d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:33:13.0671 3528 ALCXWDM - ok
21:33:13.0750 3528 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
21:33:13.0953 3528 Alerter - ok
21:33:14.0000 3528 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
21:33:14.0078 3528 ALG - ok
21:33:14.0093 3528 AliIde - ok
21:33:14.0140 3528 AmdK7 (3980814f8027d27ea003e2e3d9d4f604) C:\WINDOWS\system32\DRIVERS\amdk7.sys
21:33:14.0390 3528 AmdK7 - ok
21:33:14.0406 3528 amsint - ok
21:33:14.0437 3528 AppMgmt - ok
21:33:14.0453 3528 asc - ok
21:33:14.0484 3528 asc3350p - ok
21:33:14.0515 3528 asc3550 - ok
21:33:14.0671 3528 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:33:14.0781 3528 aspnet_state - ok
21:33:14.0828 3528 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:33:15.0093 3528 AsyncMac - ok
21:33:15.0140 3528 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:33:15.0343 3528 atapi - ok
21:33:15.0359 3528 Atdisk - ok
21:33:15.0421 3528 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:33:15.0687 3528 Atmarpc - ok
21:33:15.0734 3528 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
21:33:15.0968 3528 AudioSrv - ok
21:33:16.0015 3528 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:33:16.0281 3528 audstub - ok
21:33:16.0328 3528 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:33:16.0609 3528 Beep - ok
21:33:16.0671 3528 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
21:33:17.0109 3528 BITS - ok
21:33:17.0156 3528 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
21:33:17.0375 3528 Browser - ok
21:33:17.0531 3528 catchme - ok
21:33:17.0578 3528 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:33:17.0859 3528 cbidf2k - ok
21:33:17.0875 3528 cd20xrnt - ok
21:33:17.0937 3528 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:33:18.0218 3528 Cdaudio - ok
21:33:18.0265 3528 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:33:18.0562 3528 Cdfs - ok
21:33:18.0609 3528 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:33:18.0906 3528 Cdrom - ok
21:33:18.0968 3528 Changer - ok
21:33:19.0015 3528 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
21:33:19.0265 3528 CiSvc - ok
21:33:19.0296 3528 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
21:33:19.0796 3528 ClipSrv - ok
21:33:19.0843 3528 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:33:19.0890 3528 clr_optimization_v2.0.50727_32 - ok
21:33:19.0984 3528 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:33:20.0125 3528 clr_optimization_v4.0.30319_32 - ok
21:33:20.0156 3528 CmdIde - ok
21:33:20.0171 3528 COMSysApp - ok
21:33:20.0218 3528 Cpqarray - ok
21:33:20.0265 3528 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
21:33:20.0515 3528 CryptSvc - ok
21:33:20.0531 3528 dac2w2k - ok
21:33:20.0546 3528 dac960nt - ok
21:33:20.0625 3528 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
21:33:20.0765 3528 DcomLaunch - ok
21:33:20.0843 3528 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
21:33:21.0078 3528 Dhcp - ok
21:33:21.0125 3528 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:33:21.0421 3528 Disk - ok
21:33:21.0437 3528 dmadmin - ok
21:33:21.0515 3528 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
21:33:21.0968 3528 dmboot - ok
21:33:22.0015 3528 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
21:33:22.0343 3528 dmio - ok
21:33:22.0390 3528 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:33:22.0640 3528 dmload - ok
21:33:22.0703 3528 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
21:33:22.0984 3528 dmserver - ok
21:33:23.0031 3528 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:33:23.0359 3528 DMusic - ok
21:33:23.0406 3528 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
21:33:23.0562 3528 Dnscache - ok
21:33:23.0593 3528 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
21:33:23.0890 3528 Dot3svc - ok
21:33:23.0906 3528 dpti2o - ok
21:33:23.0953 3528 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:33:24.0250 3528 drmkaud - ok
21:33:24.0312 3528 eamon (ba3bb79c859292c3ff2a21b05e64696f) C:\WINDOWS\system32\DRIVERS\eamon.sys
21:33:24.0562 3528 eamon - ok
21:33:24.0593 3528 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
21:33:24.0859 3528 EapHost - ok
21:33:24.0921 3528 ehdrv (3c747a0d8ce29720302972ac6ed09733) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
21:33:25.0062 3528 ehdrv - ok
21:33:25.0187 3528 EhttpSrv (679ad4afcaf9520cc5607d204ae27cce) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
21:33:25.0250 3528 EhttpSrv - ok
21:33:25.0328 3528 ekrn (82a0ee1f5ccc82cc5453d24ff186e9b0) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
21:33:25.0406 3528 ekrn - ok
21:33:25.0468 3528 epfwtdir (c24fae2e95936bb8f0d4941c329cc663) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
21:33:25.0609 3528 epfwtdir - ok
21:33:25.0640 3528 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
21:33:25.0890 3528 ERSvc - ok
21:33:25.0953 3528 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
21:33:26.0296 3528 es1371 - ok
21:33:26.0359 3528 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
21:33:26.0453 3528 Eventlog - ok
21:33:26.0531 3528 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
21:33:26.0593 3528 EventSystem - ok
21:33:26.0640 3528 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:33:27.0015 3528 Fastfat - ok
21:33:27.0062 3528 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:33:27.0140 3528 FastUserSwitchingCompatibility - ok
21:33:27.0187 3528 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:33:27.0500 3528 Fdc - ok
21:33:27.0531 3528 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
21:33:27.0828 3528 FETNDIS - ok
21:33:27.0875 3528 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
21:33:28.0187 3528 Fips - ok
21:33:28.0281 3528 FirebirdGuardianDefaultInstance - ok
21:33:28.0312 3528 FirebirdServerDefaultInstance - ok
21:33:28.0375 3528 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:33:28.0656 3528 Flpydisk - ok
21:33:28.0718 3528 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:33:29.0031 3528 FltMgr - ok
21:33:29.0140 3528 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:33:29.0187 3528 FontCache3.0.0.0 - ok
21:33:29.0234 3528 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:33:29.0531 3528 Fs_Rec - ok
21:33:29.0578 3528 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:33:29.0859 3528 Ftdisk - ok
21:33:29.0906 3528 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:33:30.0187 3528 gameenum - ok
21:33:30.0234 3528 GemCCID (86d3d834d35ebe920d85ffedcef79faf) C:\WINDOWS\system32\Drivers\GemCCID.sys
21:33:30.0343 3528 GemCCID - ok
21:33:30.0359 3528 GMSIPCI - ok
21:33:30.0406 3528 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:33:30.0687 3528 Gpc - ok
21:33:30.0796 3528 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:33:31.0062 3528 helpsvc - ok
21:33:31.0125 3528 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
21:33:31.0343 3528 HidServ - ok
21:33:31.0390 3528 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:33:31.0703 3528 hidusb - ok
21:33:31.0765 3528 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
21:33:32.0000 3528 hkmsvc - ok
21:33:32.0015 3528 hpn - ok
21:33:32.0078 3528 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:33:32.0140 3528 HTTP - ok
21:33:32.0203 3528 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
21:33:32.0468 3528 HTTPFilter - ok
21:33:32.0484 3528 i2omgmt - ok
21:33:32.0515 3528 i2omp - ok
21:33:32.0578 3528 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:33:32.0937 3528 i8042prt - ok
21:33:33.0046 3528 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:33:33.0171 3528 idsvc - ok
21:33:33.0328 3528 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
21:33:33.0343 3528 IJPLMSVC - ok
21:33:33.0437 3528 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:33:33.0718 3528 Imapi - ok
21:33:33.0781 3528 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
21:33:34.0109 3528 ImapiService - ok
21:33:34.0125 3528 ini910u - ok
21:33:34.0171 3528 IntelIde - ok
21:33:34.0218 3528 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:33:34.0593 3528 Ip6Fw - ok
21:33:34.0625 3528 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:33:34.0968 3528 IpFilterDriver - ok
21:33:35.0015 3528 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:33:35.0312 3528 IpInIp - ok
21:33:35.0359 3528 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:33:35.0593 3528 IpNat - ok
21:33:35.0656 3528 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:33:35.0984 3528 IPSec - ok
21:33:36.0031 3528 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:33:36.0156 3528 IRENUM - ok
21:33:36.0218 3528 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:33:36.0484 3528 isapnp - ok
21:33:36.0562 3528 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
21:33:36.0593 3528 JavaQuickStarterService - ok
21:33:36.0640 3528 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:33:36.0937 3528 Kbdclass - ok
21:33:36.0968 3528 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:33:37.0265 3528 kbdhid - ok
21:33:37.0328 3528 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:33:37.0671 3528 kmixer - ok
21:33:37.0734 3528 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:33:37.0859 3528 KSecDD - ok
21:33:37.0906 3528 LanmanServer (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
21:33:37.0984 3528 LanmanServer - ok
21:33:38.0031 3528 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
21:33:38.0078 3528 lanmanworkstation - ok
21:33:38.0109 3528 lbrtfdc - ok
21:33:38.0187 3528 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
21:33:38.0421 3528 LmHosts - ok
21:33:38.0562 3528 McciCMService (4f74184920b2d6e33024409b4c5c57c1) C:\Program Files\Common Files\Motive\McciCMService.exe
21:33:38.0593 3528 McciCMService ( UnsignedFile.Multi.Generic ) - warning
21:33:38.0593 3528 McciCMService - detected UnsignedFile.Multi.Generic (1)
21:33:38.0640 3528 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
21:33:38.0968 3528 Messenger - ok
21:33:39.0046 3528 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:33:39.0093 3528 Microsoft Office Groove Audit Service - ok
21:33:39.0140 3528 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:33:39.0375 3528 mnmdd - ok
21:33:39.0453 3528 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
21:33:39.0750 3528 mnmsrvc - ok
21:33:39.0781 3528 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
21:33:40.0031 3528 Modem - ok
21:33:40.0093 3528 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:33:40.0390 3528 Mouclass - ok
21:33:40.0453 3528 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:33:40.0734 3528 mouhid - ok
21:33:40.0781 3528 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:33:41.0062 3528 MountMgr - ok
21:33:41.0078 3528 mraid35x - ok
21:33:41.0125 3528 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:33:41.0171 3528 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
21:33:41.0171 3528 MREMP50 - detected UnsignedFile.Multi.Generic (1)
21:33:41.0203 3528 MREMP50a64 - ok
21:33:41.0218 3528 MREMPR5 - ok
21:33:41.0250 3528 MRENDIS5 - ok
21:33:41.0328 3528 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:33:41.0359 3528 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
21:33:41.0359 3528 MRESP50 - detected UnsignedFile.Multi.Generic (1)
21:33:41.0375 3528 MRESP50a64 - ok
21:33:41.0437 3528 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:33:41.0812 3528 MRxDAV - ok
21:33:41.0875 3528 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:33:41.0984 3528 MRxSmb - ok
21:33:42.0031 3528 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
21:33:42.0281 3528 MSDTC - ok
21:33:42.0390 3528 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:33:42.0609 3528 Msfs - ok
21:33:42.0640 3528 MSIServer - ok
21:33:42.0687 3528 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:33:42.0984 3528 MSKSSRV - ok
21:33:43.0031 3528 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:33:43.0281 3528 MSPCLOCK - ok
21:33:43.0296 3528 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:33:43.0578 3528 MSPQM - ok
21:33:43.0640 3528 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:33:43.0859 3528 mssmbios - ok
21:33:43.0906 3528 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:33:43.0968 3528 Mup - ok
21:33:44.0031 3528 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
21:33:44.0312 3528 napagent - ok
21:33:44.0343 3528 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:33:44.0593 3528 NDIS - ok
21:33:44.0640 3528 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:33:44.0734 3528 NdisTapi - ok
21:33:44.0796 3528 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:33:45.0109 3528 Ndisuio - ok
21:33:45.0171 3528 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:33:45.0437 3528 NdisWan - ok
21:33:45.0484 3528 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:33:45.0593 3528 NDProxy - ok
21:33:45.0640 3528 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
21:33:45.0687 3528 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:33:45.0687 3528 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:33:45.0734 3528 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:33:46.0015 3528 NetBIOS - ok
21:33:46.0093 3528 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:33:46.0421 3528 NetBT - ok
21:33:46.0468 3528 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:33:46.0703 3528 NetDDE - ok
21:33:46.0734 3528 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:33:46.0968 3528 NetDDEdsdm - ok
21:33:47.0046 3528 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:33:47.0234 3528 Netlogon - ok
21:33:47.0281 3528 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
21:33:47.0531 3528 Netman - ok
21:33:47.0671 3528 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:33:47.0718 3528 NetTcpPortSharing - ok
21:33:47.0781 3528 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
21:33:47.0828 3528 Nla - ok
21:33:47.0875 3528 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
21:33:48.0125 3528 nmwcd - ok
21:33:48.0171 3528 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
21:33:48.0265 3528 nmwcdc - ok
21:33:48.0328 3528 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
21:33:48.0468 3528 nmwcdnsu - ok
21:33:48.0500 3528 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
21:33:48.0593 3528 nmwcdnsuc - ok
21:33:48.0640 3528 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:33:48.0890 3528 Npfs - ok
21:33:48.0953 3528 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:33:49.0406 3528 Ntfs - ok
21:33:49.0468 3528 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:33:49.0687 3528 NtLmSsp - ok
21:33:49.0781 3528 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
21:33:50.0109 3528 NtmsSvc - ok
21:33:50.0171 3528 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:33:50.0421 3528 Null - ok
21:33:50.0546 3528 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:33:50.0984 3528 nv - ok
21:33:51.0140 3528 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:33:51.0421 3528 NwlnkFlt - ok
21:33:51.0437 3528 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:33:51.0718 3528 NwlnkFwd - ok
21:33:51.0890 3528 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:33:52.0031 3528 odserv - ok
21:33:52.0062 3528 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:33:52.0140 3528 ose - ok
21:33:52.0218 3528 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
21:33:52.0500 3528 Parport - ok
21:33:52.0531 3528 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:33:52.0812 3528 PartMgr - ok
21:33:52.0859 3528 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
21:33:53.0078 3528 ParVdm - ok
21:33:53.0125 3528 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:33:53.0187 3528 pccsmcfd - ok
21:33:53.0234 3528 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
21:33:53.0484 3528 PCI - ok
21:33:53.0515 3528 PCIDump - ok
21:33:53.0546 3528 PCIIde - ok
21:33:53.0609 3528 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:33:53.0875 3528 Pcmcia - ok
21:33:53.0890 3528 PDCOMP - ok
21:33:53.0906 3528 PDFRAME - ok
21:33:53.0937 3528 PDRELI - ok
21:33:53.0953 3528 PDRFRAME - ok
21:33:53.0984 3528 perc2 - ok
21:33:54.0000 3528 perc2hib - ok
21:33:54.0109 3528 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
21:33:54.0125 3528 PlugPlay - ok
21:33:54.0187 3528 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
21:33:54.0234 3528 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:33:54.0234 3528 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:33:54.0281 3528 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:33:54.0500 3528 PolicyAgent - ok
21:33:54.0531 3528 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:33:54.0843 3528 PptpMiniport - ok
21:33:54.0875 3528 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:33:55.0062 3528 ProtectedStorage - ok
21:33:55.0109 3528 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:33:55.0390 3528 PSched - ok
21:33:55.0453 3528 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:33:55.0718 3528 Ptilink - ok
21:33:55.0734 3528 ql1080 - ok
21:33:55.0765 3528 Ql10wnt - ok
21:33:55.0796 3528 ql12160 - ok
21:33:55.0812 3528 ql1240 - ok
21:33:55.0843 3528 ql1280 - ok
21:33:55.0890 3528 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:33:56.0140 3528 RasAcd - ok
21:33:56.0187 3528 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
21:33:56.0468 3528 RasAuto - ok
21:33:56.0515 3528 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:33:56.0796 3528 Rasl2tp - ok
21:33:56.0843 3528 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
21:33:57.0046 3528 RasMan - ok
21:33:57.0093 3528 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:33:57.0359 3528 RasPppoe - ok
21:33:57.0406 3528 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:33:57.0640 3528 Raspti - ok
21:33:57.0703 3528 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:33:58.0062 3528 Rdbss - ok
21:33:58.0093 3528 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:33:58.0328 3528 RDPCDD - ok
21:33:58.0375 3528 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:33:58.0468 3528 RDPWD - ok
21:33:58.0531 3528 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
21:33:58.0781 3528 RDSessMgr - ok
21:33:58.0843 3528 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:33:59.0125 3528 redbook - ok
21:33:59.0187 3528 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
21:33:59.0453 3528 RemoteAccess - ok
21:33:59.0500 3528 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
21:33:59.0812 3528 RpcLocator - ok
21:33:59.0890 3528 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
21:33:59.0968 3528 RpcSs - ok
21:34:00.0031 3528 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
21:34:00.0296 3528 RSVP - ok
21:34:00.0343 3528 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
21:34:00.0484 3528 rtl8139 - ok
21:34:00.0546 3528 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:34:00.0781 3528 SamSs - ok
21:34:00.0843 3528 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
21:34:01.0062 3528 SCardSvr - ok
21:34:01.0109 3528 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
21:34:01.0343 3528 Schedule - ok
21:34:01.0421 3528 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:34:01.0531 3528 Secdrv - ok
21:34:01.0578 3528 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
21:34:01.0765 3528 seclogon - ok
21:34:01.0796 3528 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
21:34:02.0078 3528 SENS - ok
21:34:02.0140 3528 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:34:02.0359 3528 serenum - ok
21:34:02.0390 3528 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
21:34:02.0671 3528 Serial - ok
21:34:02.0828 3528 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:34:02.0921 3528 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
21:34:02.0921 3528 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
21:34:03.0046 3528 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:34:03.0296 3528 Sfloppy - ok
21:34:03.0359 3528 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
21:34:03.0656 3528 SharedAccess - ok
21:34:03.0687 3528 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:34:03.0718 3528 ShellHWDetection - ok
21:34:03.0750 3528 Simbad - ok
21:34:03.0812 3528 Sparrow - ok
21:34:03.0875 3528 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:34:04.0156 3528 splitter - ok
21:34:04.0218 3528 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:34:04.0250 3528 Spooler - ok
21:34:04.0328 3528 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
21:34:04.0328 3528 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
21:34:04.0343 3528 sptd ( LockedFile.Multi.Generic ) - warning
21:34:04.0343 3528 sptd - detected LockedFile.Multi.Generic (1)
21:34:04.0421 3528 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
21:34:04.0562 3528 sr - ok
21:34:04.0593 3528 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
21:34:04.0703 3528 srservice - ok
21:34:04.0765 3528 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:34:04.0906 3528 Srv - ok
21:34:04.0953 3528 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
21:34:05.0046 3528 SSDPSRV - ok
21:34:05.0093 3528 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
21:34:05.0359 3528 stisvc - ok
21:34:05.0421 3528 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:34:05.0671 3528 swenum - ok
21:34:05.0718 3528 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:34:06.0000 3528 swmidi - ok
21:34:06.0031 3528 SwPrv - ok
21:34:06.0062 3528 symc810 - ok
21:34:06.0093 3528 symc8xx - ok
21:34:06.0109 3528 sym_hi - ok
21:34:06.0140 3528 sym_u3 - ok
21:34:06.0203 3528 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:34:06.0421 3528 sysaudio - ok
21:34:06.0484 3528 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
21:34:06.0703 3528 SysmonLog - ok
21:34:06.0734 3528 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
21:34:06.0937 3528 TapiSrv - ok
21:34:07.0000 3528 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:34:07.0109 3528 Tcpip - ok
21:34:07.0156 3528 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:34:07.0437 3528 TDPIPE - ok
21:34:07.0468 3528 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:34:07.0718 3528 TDTCP - ok
21:34:07.0765 3528 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:34:08.0109 3528 TermDD - ok
21:34:08.0203 3528 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
21:34:08.0406 3528 TermService - ok
21:34:08.0484 3528 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:34:08.0500 3528 Themes - ok
21:34:08.0515 3528 TosIde - ok
21:34:08.0578 3528 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
21:34:08.0796 3528 TrkWks - ok
21:34:08.0875 3528 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
21:34:09.0203 3528 uagp35 - ok
21:34:09.0250 3528 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:34:09.0500 3528 Udfs - ok
21:34:09.0546 3528 ultra - ok
21:34:09.0593 3528 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:34:10.0031 3528 Update - ok
21:34:10.0093 3528 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
21:34:10.0218 3528 upnphost - ok
21:34:10.0250 3528 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
21:34:10.0328 3528 upperdev - ok
21:34:10.0390 3528 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
21:34:10.0593 3528 UPS - ok
21:34:10.0640 3528 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:34:10.0906 3528 usbccgp - ok
21:34:10.0953 3528 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:34:11.0234 3528 usbehci - ok
21:34:11.0265 3528 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:34:11.0531 3528 usbhub - ok
21:34:11.0609 3528 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:34:11.0875 3528 usbscan - ok
21:34:11.0937 3528 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
21:34:12.0218 3528 usbser - ok
21:34:12.0265 3528 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
21:34:12.0359 3528 UsbserFilt - ok
21:34:12.0406 3528 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:34:12.0593 3528 USBSTOR - ok
21:34:12.0640 3528 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:34:12.0921 3528 usbuhci - ok
21:34:12.0984 3528 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:34:13.0234 3528 VgaSave - ok
21:34:13.0281 3528 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:34:13.0546 3528 ViaIde - ok
21:34:13.0609 3528 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
21:34:13.0921 3528 VolSnap - ok
21:34:13.0968 3528 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
21:34:14.0109 3528 VSS - ok
21:34:14.0171 3528 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
21:34:14.0359 3528 W32Time - ok
21:34:14.0421 3528 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:34:14.0703 3528 Wanarp - ok
21:34:14.0765 3528 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:34:14.0875 3528 Wdf01000 - ok
21:34:14.0890 3528 WDICA - ok
21:34:14.0937 3528 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:34:15.0171 3528 wdmaud - ok
21:34:15.0203 3528 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
21:34:15.0421 3528 WebClient - ok
21:34:15.0546 3528 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:34:15.0781 3528 winmgmt - ok
21:34:15.0859 3528 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:34:15.0953 3528 WmdmPmSN - ok
21:34:16.0031 3528 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:34:16.0234 3528 WmiApSrv - ok
21:34:16.0375 3528 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:34:16.0609 3528 WMPNetworkSvc - ok
21:34:16.0671 3528 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:34:16.0718 3528 WpdUsb - ok
21:34:16.0875 3528 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:34:17.0046 3528 WPFFontCache_v0400 - ok
21:34:17.0093 3528 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:34:17.0359 3528 WS2IFSL - ok
21:34:17.0421 3528 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
21:34:17.0656 3528 wscsvc - ok
21:34:17.0671 3528 WSearch - ok
21:34:17.0734 3528 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
21:34:17.0937 3528 wuauserv - ok
21:34:17.0984 3528 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:34:18.0046 3528 WudfPf - ok
21:34:18.0078 3528 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:34:18.0125 3528 WudfRd - ok
21:34:18.0156 3528 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
21:34:18.0187 3528 WudfSvc - ok
21:34:18.0265 3528 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
21:34:18.0531 3528 WZCSVC - ok
21:34:18.0562 3528 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
21:34:18.0828 3528 xmlprov - ok
21:34:18.0875 3528 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
21:34:19.0343 3528 \Device\Harddisk0\DR0 - ok
21:34:19.0375 3528 Boot (0x1200) (9d96a33ebdbc1f24b090b0a1224c41fa) \Device\Harddisk0\DR0\Partition0
21:34:19.0390 3528 \Device\Harddisk0\DR0\Partition0 - ok
21:34:19.0390 3528 ============================================================
21:34:19.0390 3528 Scan finished
21:34:19.0390 3528 ============================================================
21:34:19.0531 3520 Detected object count: 8
21:34:19.0531 3520 Actual detected object count: 8
21:34:35.0828 3520 602XML Updater ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 602XML Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:34:42.0640 3496 Deinitialize success

Re: Problem s Haveti na PC: WIN32/Agent.SDG.Gen trojsky kun

Napsal: 27 čer 2012 14:32
od Vacky
Ahoj,

ano je od Trojana pokoj.
Ted jsem spustil jeste NOD a ten nasel nejake dalsi 4 infiltrace. Ale ty jsem uz zvladl sam.

VELICE DEKUJI,
jsem vasim dluznikem.

Re: Problem s Haveti na PC: WIN32/Agent.SDG.Gen trojsky kun

Napsal: 27 čer 2012 19:50
od Vacky
To vis, ja zas takovej profik nejsem.
Ale snazim se porad zdokonalovat.
SAmozrejme ta moje veta, kdyz ji takhle ctu...... to byla opravdu zhovadilost.
Omlouvam se za ni, jestli vas nejak pohorsila ci dokonce rozcilila.

Jeste jednou diky diky

Re: Problem s Haveti na PC: WIN32/Agent.SDG.Gen trojsky kun

Napsal: 28 čer 2012 20:20
od Vacky
jj, to verim.
Ten druhy prispevek jsem psal v rychlosti, protoze me deti uz tahaly za nohu at jdu s nima ven.
Takze jsem to DOST DOST DOST odflaknul.
lol
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz