Trojan Win32/Kryptik - svcgost.exe

Zpráva

Chulap · #1 Příspěvek od **Chulap** » 09 říj 2011 20:30

Zdravim,

v mojom PC sa zahniezdila asi nejaka havet. Na ploche sa mi ulozil subor "svcgost.exe", a tento som skopiroval aj do mojho lokalneho priecinku na D:\INŠTALAČKY. Ani jeden z nich neviem vymazat, hlasi to svcgost.exe nie je mozne vymazat je pouzivany inym systemom.... ESET NOD32 mi zachitil jednu infiltraciu:

7.10.2011 22:17:56 HTTP filter súbor hxxp://ystxwpkw.org.in/index4.php?src=47&gpr=19&tkr=10072018831271352&tkri=c201e6d673d5b64822dc802098be07d9&e=10& variant infiltrácie Win32/Kryptik.TJO trójsky kôň prerušené spojenie - uložený do karantény RASŤO\Rasťo & Marcela Infiltrácia bola zachytená pri prístupe na web aplikáciou: C:\Program Files\Internet Explorer\IEXPLORE.EXE.

Prosim o pomoc, ci je to nejaka nebezpecna havet a ako sa jej mozem zbavit?

Tu je log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Rasťo & Marcela at 2011-10-09 21:06:17
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 5 GB (24%) free of 20 GB
Total RAM: 511 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:06:49, on 9.10.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\INŠTALAČKY\RSIT_ScanerPC\RSIT.exe
C:\Program Files\trend micro\Rasťo & Marcela.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IOL.lnk = ?
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.sk/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7431000906
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{680C0A2F-781D-4886-A092-66F4DB2CA560}: NameServer = 193.58.193.11 195.12.128.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE (file missing)

--
End of file - 6760 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Rasťo & Marcela\Data aplikací\Mozilla\Firefox\Profiles\uat1iuhc.default

prefs.js - "browser.startup.homepage" - "http://www.vlasaty.sk/"
prefs.js - "extensions.enabledItems" - "aging-tabs@design-noir.de:0.7.1, {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1, {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03, {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.8, personas@christopher.beard:1.6.2, {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:3.5.9.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23"
prefs.js - "keyword.URL" - "http://www.fastbrowsersearch.com/result ... EDDAF5}&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=C:\Program Files\Yahoo!\Common\npyaxmpb.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Rasťo & Marcela\Data aplikací\Mozilla\Firefox\Profiles\uat1iuhc.default\extensions\
aging-tabs@design-noir.de
langpack-sk@firefox.mozilla.org
personas@christopher.beard
{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
{50088764-be68-11db-8314-0800200c9a66}
{84b30000-62f6-364b-eba5-2e5e2061d7e6}
{9D6218B8-03C7-4b91-AA43-680B305DD35C}
{dd3d7613-0246-469d-bc65-2a3cc1668adc}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2006-10-17 87584]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-10-19 1183656]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-10-19 1958800]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-04-09 2029640]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

C:\Documents and Settings\Rasťo & Marcela\Nabídka Start\Programy\Po spuštění
IOL.lnk -
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Spamihilator.lnk - C:\Program Files\Spamihilator\spamihilator.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\Program Files\Spamihilator\spamihilator.exe"="C:\Program Files\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator"
"C:\Program Files\Spamihilator\cdcc.exe"="C:\Program Files\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration"
"C:\Program Files\Spamihilator\dccproc.exe"="C:\Program Files\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC Filter"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"wave"=serwvdrv.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.LEAD"=LCODCCMP.DLL

======List of files/folders created in the last 1 month======

2011-10-09 21:06:17 ----D---- C:\rsit
2011-10-08 11:59:25 ----SHD---- C:\RECYCLER
2011-10-08 11:54:22 ----D---- C:\WINDOWS\temp

======List of files/folders modified in the last 1 month======

2011-10-09 21:06:48 ----D---- C:\Program Files\Trend Micro
2011-10-09 20:58:21 ----D---- C:\Qoobox
2011-10-09 20:58:20 ----D---- C:\WINDOWS\Minidump
2011-10-09 20:58:20 ----D---- C:\WINDOWS
2011-10-09 20:15:56 ----D---- C:\Documents and Settings\Rasťo & Marcela\Data aplikací\Spamihilator
2011-10-09 09:51:56 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-10-08 11:51:04 ----A---- C:\WINDOWS\system.ini
2011-10-08 11:47:10 ----D---- C:\WINDOWS\system32\drivers
2011-10-08 11:47:10 ----D---- C:\WINDOWS\system32
2011-10-08 11:47:10 ----D---- C:\WINDOWS\AppPatch
2011-10-08 11:47:06 ----D---- C:\Program Files\Common Files
2011-10-08 11:39:13 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-08 11:23:24 ----D---- C:\WINDOWS\system32\drivers\etc
2011-10-08 11:21:18 ----D---- C:\WINDOWS\system32\config
2011-10-08 11:21:08 ----D---- C:\WINDOWS\erdnt
2011-10-08 11:01:08 ----D---- C:\WINDOWS\Prefetch
2011-10-08 10:59:59 ----A---- C:\WINDOWS\WDICT32.INI
2011-10-07 19:52:01 ----A---- C:\WINDOWS\NeroDigital.ini
2011-10-04 19:31:51 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 RecAgent;RecAgent; C:\WINDOWS\system32\DRIVERS\RecAgent.sys [2004-08-04 13776]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2009-01-25 114048]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2009-01-25 395744]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2004-08-04 44672]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-04-09 94360]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-01-27 28928]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-01-27 27776]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-04-09 113960]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-02-28 15440]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-01-25 39264]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2004-06-09 3968]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-08-04 126686]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 Slntamr;Smart Link 56K Modem Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2004-08-04 404990]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-08-04 13240]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-01-27 99200]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-08-04 1309184]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-08-04 180360]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-08-04 95424]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2011-03-30 25088]
S3 TF1D091010;TF1D091010; C:\WINDOWS\system32\DRIVERS\TF1D091010.sys [2008-02-02 99968]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-10-17 230944]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-04-09 731840]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-01-27 856064]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 ProtexisLicensing;ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [2006-11-02 174656]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2004-08-17 73796]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 InCDsrvR;InCD Helper (read only); C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-01-27 856064]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-04-09 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 09 říj 2011 20:45

Zdravim a pekny vecer preji

Predpokladam ze ten NOD, jakozto i samotne windows mate legalni = zakoupena licence

Copak jste tam nacvicoval s ComboFixem

Chulap · #3 Příspěvek od **Chulap** » 09 říj 2011 20:55

Zdravim,

vdaka za odpoved. Prehladaval som si priecinky a nasiel som tam na C:\Qoobox co som niekedz davno nieco riesil a tak som ho dnes vymazal cez CCleaner, ale stale mi v Qoobox tam ostal priecinok BackEnv, ktory je chraneny vozi zapisu/vymazaniu.

Ako to vyzera s tym trojanom?

#4 Příspěvek od **vyosek** » 09 říj 2011 20:57

Ja se ptal na legalnost NODu a OS, takze jak to je prosim

PC je infikovano

Chulap · #5 Příspěvek od **Chulap** » 09 říj 2011 21:02

Zdravim,

PC som kupoval dost davno ako jazdeny a asi OS nie je ok, ale NOD som kupoval.

#6 Příspěvek od **vyosek** » 09 říj 2011 21:04

Proc kupujete PC s cracklym OS

Pravidla fora hovori jasne, pokud tu priste budete chtit resit nelegalni OS, bude pomoc odmitnuta. Nyni tedy pokracujme...

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

Chulap · #7 Příspěvek od **Chulap** » 09 říj 2011 21:11

Zdravim,

s tym OS mate celkom pravdu, PC som kupoval od kamosa, tak som to neriesil. Ale dakujem Vam za Vas pristup a ochotu. Takze spustil som scan cez TDSSKiller, ale nenaslo ziadnu hrozbu. Tu je z neho log:

22:07:25.0593 0344 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
22:07:25.0906 0344 ============================================================
22:07:25.0906 0344 Current date / time: 2011/10/09 22:07:25.0906
22:07:25.0906 0344 SystemInfo:
22:07:25.0906 0344
22:07:25.0906 0344 OS Version: 5.1.2600 ServicePack: 2.0
22:07:25.0906 0344 Product type: Workstation
22:07:25.0906 0344 ComputerName: RASŤO
22:07:25.0906 0344 UserName: Rasťo & Marcela
22:07:25.0906 0344 Windows directory: C:\WINDOWS
22:07:25.0906 0344 System windows directory: C:\WINDOWS
22:07:25.0906 0344 Processor architecture: Intel x86
22:07:25.0906 0344 Number of processors: 1
22:07:25.0906 0344 Page size: 0x1000
22:07:25.0906 0344 Boot type: Normal boot
22:07:25.0906 0344 ============================================================
22:07:29.0062 0344 Initialize success
22:07:41.0125 3548 ============================================================
22:07:41.0125 3548 Scan started
22:07:41.0125 3548 Mode: Manual;
22:07:41.0125 3548 ============================================================
22:07:42.0468 3548 Abiosdsk - ok
22:07:42.0515 3548 abp480n5 - ok
22:07:42.0578 3548 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:07:42.0593 3548 ACPI - ok
22:07:42.0671 3548 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:07:42.0718 3548 ACPIEC - ok
22:07:42.0781 3548 adpu160m - ok
22:07:43.0000 3548 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
22:07:43.0000 3548 aec - ok
22:07:43.0062 3548 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
22:07:43.0062 3548 AFD - ok
22:07:43.0093 3548 Aha154x - ok
22:07:43.0140 3548 aic78u2 - ok
22:07:43.0203 3548 aic78xx - ok
22:07:43.0296 3548 AliIde - ok
22:07:43.0343 3548 amsint - ok
22:07:43.0406 3548 asc - ok
22:07:43.0437 3548 asc3350p - ok
22:07:43.0484 3548 asc3550 - ok
22:07:43.0625 3548 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:07:43.0625 3548 AsyncMac - ok
22:07:43.0671 3548 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:07:43.0671 3548 atapi - ok
22:07:43.0718 3548 Atdisk - ok
22:07:43.0781 3548 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:07:43.0796 3548 Atmarpc - ok
22:07:43.0875 3548 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:07:43.0875 3548 audstub - ok
22:07:43.0921 3548 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:07:43.0953 3548 Beep - ok
22:07:44.0046 3548 catchme - ok
22:07:44.0109 3548 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:07:44.0140 3548 cbidf2k - ok
22:07:44.0187 3548 cd20xrnt - ok
22:07:44.0250 3548 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:07:44.0281 3548 Cdaudio - ok
22:07:44.0328 3548 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
22:07:44.0375 3548 Cdfs - ok
22:07:44.0421 3548 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:07:44.0421 3548 Cdrom - ok
22:07:44.0453 3548 Changer - ok
22:07:44.0546 3548 CmdIde - ok
22:07:44.0656 3548 cmuda (924ab66e831e9cf3e20dbc6b63103516) C:\WINDOWS\system32\drivers\cmuda.sys
22:07:44.0687 3548 cmuda - ok
22:07:44.0843 3548 Cpqarray - ok
22:07:44.0906 3548 dac2w2k - ok
22:07:44.0968 3548 dac960nt - ok
22:07:45.0062 3548 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
22:07:45.0062 3548 Disk - ok
22:07:45.0171 3548 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOWS\system32\drivers\dmboot.sys
22:07:45.0218 3548 dmboot - ok
22:07:45.0265 3548 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOWS\system32\drivers\dmio.sys
22:07:45.0281 3548 dmio - ok
22:07:45.0343 3548 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:07:45.0343 3548 dmload - ok
22:07:45.0421 3548 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
22:07:45.0421 3548 DMusic - ok
22:07:45.0500 3548 dpti2o - ok
22:07:45.0546 3548 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
22:07:45.0546 3548 drmkaud - ok
22:07:45.0640 3548 eamon (3b2e8f97b6869c29da023ee75bf585d5) C:\WINDOWS\system32\DRIVERS\eamon.sys
22:07:45.0640 3548 eamon - ok
22:07:45.0765 3548 ehdrv (4fad054cbcaa296be7bd2cb77da9d9b4) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
22:07:45.0765 3548 ehdrv - ok
22:07:45.0875 3548 ElbyCDIO (945ef111161bae49075107e5bc11a23f) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
22:07:45.0875 3548 ElbyCDIO - ok
22:07:45.0953 3548 ElbyDelay (0b15894b0698abcac9f19d060119d1d0) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
22:07:45.0953 3548 ElbyDelay - ok
22:07:46.0046 3548 epfwtdir (d2a915b725845c3eda5a68ed2da74700) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
22:07:46.0171 3548 epfwtdir - ok
22:07:46.0312 3548 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
22:07:46.0375 3548 Fastfat - ok
22:07:46.0484 3548 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:07:46.0484 3548 Fdc - ok
22:07:46.0531 3548 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
22:07:46.0546 3548 FETNDIS - ok
22:07:46.0625 3548 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOWS\system32\drivers\Fips.sys
22:07:46.0625 3548 Fips - ok
22:07:46.0687 3548 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:07:46.0687 3548 Flpydisk - ok
22:07:46.0765 3548 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:07:46.0765 3548 FltMgr - ok
22:07:46.0828 3548 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:07:46.0859 3548 Fs_Rec - ok
22:07:46.0906 3548 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:07:46.0921 3548 Ftdisk - ok
22:07:47.0000 3548 fwdrv (3a3929b7a0eeef83df3a6c81e43a1fa9) C:\WINDOWS\system32\drivers\fwdrv.sys
22:07:47.0015 3548 fwdrv - ok
22:07:47.0062 3548 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:07:47.0062 3548 gameenum - ok
22:07:47.0125 3548 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:07:47.0156 3548 Gpc - ok
22:07:47.0265 3548 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:07:47.0281 3548 hidusb - ok
22:07:47.0312 3548 hpn - ok
22:07:47.0390 3548 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:07:47.0406 3548 HPZid412 - ok
22:07:47.0437 3548 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:07:47.0437 3548 HPZipr12 - ok
22:07:47.0515 3548 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:07:47.0515 3548 HPZius12 - ok
22:07:47.0593 3548 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
22:07:47.0609 3548 HTTP - ok
22:07:47.0656 3548 i2omgmt - ok
22:07:47.0703 3548 i2omp - ok
22:07:47.0796 3548 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOWS\system32\drivers\i8042prt.sys
22:07:47.0843 3548 i8042prt - ok
22:07:48.0000 3548 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:07:48.0000 3548 Imapi - ok
22:07:48.0109 3548 InCDfs (580904d6cdb481bb72fee15aa575b5bd) C:\WINDOWS\system32\drivers\InCDfs.sys
22:07:48.0140 3548 InCDfs - ok
22:07:48.0203 3548 InCDPass (37b31b5741674525bba5c1659b132418) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
22:07:48.0203 3548 InCDPass - ok
22:07:48.0281 3548 InCDrec (a2f6306e5e12b9f78cca5485b312fcbd) C:\WINDOWS\system32\drivers\InCDrec.sys
22:07:48.0296 3548 InCDrec - ok
22:07:48.0343 3548 incdrm (084f6c2e3e2be980242984b74279bfb6) C:\WINDOWS\system32\drivers\incdrm.sys
22:07:48.0359 3548 incdrm - ok
22:07:48.0437 3548 ini910u - ok
22:07:48.0500 3548 IntelIde - ok
22:07:48.0578 3548 intelppm (10a3ac0f0df720ad3c3fd13861d50eb9) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:07:48.0578 3548 intelppm - ok
22:07:48.0656 3548 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:07:48.0671 3548 Ip6Fw - ok
22:07:48.0765 3548 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:07:48.0765 3548 IpFilterDriver - ok
22:07:48.0812 3548 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:07:48.0812 3548 IpInIp - ok
22:07:48.0875 3548 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:07:48.0875 3548 IpNat - ok
22:07:48.0921 3548 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:07:48.0953 3548 IPSec - ok
22:07:49.0000 3548 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
22:07:49.0000 3548 irda - ok
22:07:49.0078 3548 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:07:49.0078 3548 IRENUM - ok
22:07:49.0125 3548 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
22:07:49.0140 3548 irsir - ok
22:07:49.0250 3548 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:07:49.0250 3548 isapnp - ok
22:07:49.0312 3548 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:07:49.0312 3548 Kbdclass - ok
22:07:49.0359 3548 kbdhid (065b5a83aa78c0c7047bf22e0ab5c821) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:07:49.0359 3548 kbdhid - ok
22:07:49.0437 3548 khips (d44c0f4fc254344bad74581632339963) C:\WINDOWS\system32\drivers\khips.sys
22:07:49.0437 3548 khips - ok
22:07:49.0515 3548 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
22:07:49.0515 3548 kmixer - ok
22:07:49.0562 3548 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
22:07:49.0625 3548 KSecDD - ok
22:07:49.0734 3548 lbrtfdc - ok
22:07:49.0890 3548 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:07:49.0906 3548 mnmdd - ok
22:07:50.0031 3548 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOWS\system32\drivers\Modem.sys
22:07:50.0031 3548 Modem - ok
22:07:50.0109 3548 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:07:50.0140 3548 MODEMCSA - ok
22:07:50.0203 3548 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:07:50.0203 3548 Mouclass - ok
22:07:50.0281 3548 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:07:50.0281 3548 mouhid - ok
22:07:50.0328 3548 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
22:07:50.0359 3548 MountMgr - ok
22:07:50.0390 3548 mraid35x - ok
22:07:50.0468 3548 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:07:50.0468 3548 MRxDAV - ok
22:07:50.0531 3548 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:07:50.0531 3548 MRxSmb - ok
22:07:50.0625 3548 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
22:07:50.0656 3548 Msfs - ok
22:07:50.0750 3548 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:07:50.0750 3548 MSKSSRV - ok
22:07:50.0812 3548 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:07:50.0812 3548 MSPCLOCK - ok
22:07:50.0859 3548 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
22:07:50.0859 3548 MSPQM - ok
22:07:50.0906 3548 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:07:50.0906 3548 mssmbios - ok
22:07:51.0000 3548 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
22:07:51.0000 3548 ms_mpu401 - ok
22:07:51.0093 3548 Mtlmnt5 (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
22:07:51.0109 3548 Mtlmnt5 - ok
22:07:51.0203 3548 Mtlstrm (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
22:07:51.0296 3548 Mtlstrm - ok
22:07:51.0406 3548 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
22:07:51.0468 3548 Mup - ok
22:07:51.0546 3548 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
22:07:51.0625 3548 NDIS - ok
22:07:51.0718 3548 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:07:51.0734 3548 NdisTapi - ok
22:07:51.0812 3548 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:07:51.0812 3548 Ndisuio - ok
22:07:51.0906 3548 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:07:51.0906 3548 NdisWan - ok
22:07:51.0953 3548 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
22:07:51.0984 3548 NDProxy - ok
22:07:52.0046 3548 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:07:52.0046 3548 NetBIOS - ok
22:07:52.0109 3548 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:07:52.0125 3548 NetBT - ok
22:07:52.0281 3548 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys
22:07:52.0312 3548 nmwcd - ok
22:07:52.0390 3548 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys
22:07:52.0390 3548 nmwcdc - ok
22:07:52.0437 3548 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
22:07:52.0453 3548 Npfs - ok
22:07:52.0546 3548 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
22:07:52.0656 3548 Ntfs - ok
22:07:52.0750 3548 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
22:07:52.0750 3548 NtMtlFax - ok
22:07:52.0843 3548 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:07:52.0859 3548 Null - ok
22:07:53.0031 3548 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:07:53.0093 3548 nv - ok
22:07:53.0187 3548 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:07:53.0203 3548 NwlnkFlt - ok
22:07:53.0265 3548 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:07:53.0265 3548 NwlnkFwd - ok
22:07:53.0343 3548 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOWS\system32\DRIVERS\parport.sys
22:07:53.0359 3548 Parport - ok
22:07:53.0406 3548 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
22:07:53.0437 3548 PartMgr - ok
22:07:53.0531 3548 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
22:07:53.0593 3548 ParVdm - ok
22:07:53.0687 3548 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:07:53.0687 3548 pccsmcfd - ok
22:07:53.0734 3548 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOWS\system32\DRIVERS\pci.sys
22:07:53.0734 3548 PCI - ok
22:07:53.0828 3548 PCIDump - ok
22:07:53.0875 3548 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:07:53.0875 3548 PCIIde - ok
22:07:53.0937 3548 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:07:54.0015 3548 Pcmcia - ok
22:07:54.0062 3548 PDCOMP - ok
22:07:54.0109 3548 PDFRAME - ok
22:07:54.0156 3548 PDRELI - ok
22:07:54.0218 3548 PDRFRAME - ok
22:07:54.0265 3548 perc2 - ok
22:07:54.0312 3548 perc2hib - ok
22:07:54.0484 3548 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:07:54.0484 3548 PptpMiniport - ok
22:07:54.0562 3548 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
22:07:54.0578 3548 PSched - ok
22:07:54.0625 3548 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:07:54.0625 3548 Ptilink - ok
22:07:54.0734 3548 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:07:54.0734 3548 PxHelp20 - ok
22:07:54.0796 3548 ql1080 - ok
22:07:54.0843 3548 Ql10wnt - ok
22:07:54.0890 3548 ql12160 - ok
22:07:54.0937 3548 ql1240 - ok
22:07:54.0968 3548 ql1280 - ok
22:07:55.0031 3548 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:07:55.0031 3548 RasAcd - ok
22:07:55.0109 3548 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
22:07:55.0109 3548 Rasirda - ok
22:07:55.0171 3548 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:07:55.0171 3548 Rasl2tp - ok
22:07:55.0265 3548 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:07:55.0265 3548 RasPppoe - ok
22:07:55.0312 3548 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:07:55.0312 3548 Raspti - ok
22:07:55.0375 3548 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:07:55.0390 3548 Rdbss - ok
22:07:55.0453 3548 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:07:55.0453 3548 RDPCDD - ok
22:07:55.0515 3548 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:07:55.0515 3548 rdpdr - ok
22:07:55.0593 3548 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
22:07:55.0625 3548 RDPWD - ok
22:07:55.0703 3548 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
22:07:55.0703 3548 RecAgent - ok
22:07:55.0765 3548 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:07:55.0765 3548 redbook - ok
22:07:55.0984 3548 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:07:55.0984 3548 Secdrv - ok
22:07:56.0078 3548 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:07:56.0078 3548 serenum - ok
22:07:56.0140 3548 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOWS\system32\DRIVERS\serial.sys
22:07:56.0156 3548 Serial - ok
22:07:56.0296 3548 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:07:56.0328 3548 Sfloppy - ok
22:07:56.0390 3548 Simbad - ok
22:07:56.0484 3548 Slntamr (2c1779c0feb1f4a6033600305eba623a) C:\WINDOWS\system32\DRIVERS\slntamr.sys
22:07:56.0500 3548 Slntamr - ok
22:07:56.0578 3548 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
22:07:56.0578 3548 SlNtHal - ok
22:07:56.0671 3548 SlWdmSup (db56bb2c55723815cf549d7fc50cfceb) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
22:07:56.0671 3548 SlWdmSup - ok
22:07:56.0781 3548 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys
22:07:56.0781 3548 snapman - ok
22:07:56.0890 3548 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:07:56.0890 3548 SONYPVU1 - ok
22:07:56.0953 3548 Sparrow - ok
22:07:57.0046 3548 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
22:07:57.0046 3548 splitter - ok
22:07:57.0140 3548 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOWS\system32\DRIVERS\sr.sys
22:07:57.0140 3548 sr - ok
22:07:57.0234 3548 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
22:07:57.0250 3548 Srv - ok
22:07:57.0343 3548 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:07:57.0390 3548 swenum - ok
22:07:57.0437 3548 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
22:07:57.0453 3548 swmidi - ok
22:07:57.0515 3548 symc810 - ok
22:07:57.0578 3548 symc8xx - ok
22:07:57.0656 3548 sym_hi - ok
22:07:57.0703 3548 sym_u3 - ok
22:07:57.0750 3548 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
22:07:57.0765 3548 sysaudio - ok
22:07:57.0937 3548 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:07:57.0953 3548 Tcpip - ok
22:07:58.0031 3548 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:07:58.0062 3548 TDPIPE - ok
22:07:58.0125 3548 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
22:07:58.0156 3548 TDTCP - ok
22:07:58.0218 3548 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
22:07:58.0250 3548 teamviewervpn - ok
22:07:58.0296 3548 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:07:58.0312 3548 TermDD - ok
22:07:58.0406 3548 TF1D091010 (0db80323d50501cfae3ec48e2aead5f1) C:\WINDOWS\system32\DRIVERS\TF1D091010.sys
22:07:58.0406 3548 TF1D091010 - ok
22:07:58.0468 3548 tifsfilter (d352fff2a623b916c08ceacbfc8b5c32) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
22:07:58.0468 3548 tifsfilter - ok
22:07:58.0546 3548 timounter (64694b2a5c772e1c61feac300ed90ca6) C:\WINDOWS\system32\DRIVERS\timntr.sys
22:07:58.0562 3548 timounter - ok
22:07:58.0640 3548 TosIde - ok
22:07:58.0765 3548 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
22:07:58.0765 3548 uagp35 - ok
22:07:58.0812 3548 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
22:07:58.0859 3548 Udfs - ok
22:07:58.0953 3548 ultra - ok
22:07:59.0015 3548 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
22:07:59.0062 3548 Update - ok
22:07:59.0156 3548 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
22:07:59.0187 3548 upperdev - ok
22:07:59.0296 3548 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:07:59.0296 3548 usbccgp - ok
22:07:59.0359 3548 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:07:59.0375 3548 usbehci - ok
22:07:59.0421 3548 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:07:59.0437 3548 usbhub - ok
22:07:59.0484 3548 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:07:59.0500 3548 usbprint - ok
22:07:59.0562 3548 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:07:59.0562 3548 usbscan - ok
22:07:59.0656 3548 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\drivers\usbser.sys
22:07:59.0656 3548 usbser - ok
22:07:59.0734 3548 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
22:07:59.0734 3548 UsbserFilt - ok
22:07:59.0781 3548 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:07:59.0781 3548 USBSTOR - ok
22:07:59.0828 3548 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:07:59.0828 3548 usbuhci - ok
22:07:59.0921 3548 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
22:07:59.0937 3548 VgaSave - ok
22:07:59.0968 3548 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:07:59.0984 3548 ViaIde - ok
22:08:00.0031 3548 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOWS\system32\drivers\VolSnap.sys
22:08:00.0093 3548 VolSnap - ok
22:08:00.0234 3548 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:08:00.0265 3548 Wanarp - ok
22:08:00.0328 3548 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:08:00.0343 3548 Wdf01000 - ok
22:08:00.0421 3548 WDICA - ok
22:08:00.0484 3548 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
22:08:00.0484 3548 wdmaud - ok
22:08:00.0812 3548 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:08:00.0812 3548 WpdUsb - ok
22:08:00.0875 3548 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:08:00.0875 3548 WS2IFSL - ok
22:08:01.0000 3548 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:08:01.0000 3548 WudfPf - ok
22:08:01.0062 3548 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:08:01.0062 3548 WudfRd - ok
22:08:01.0187 3548 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
22:08:01.0390 3548 \Device\Harddisk0\DR0 - ok
22:08:01.0421 3548 Boot (0x1200) (3b5fc751bbf678c63f8b359d5aeca67e) \Device\Harddisk0\DR0\Partition0
22:08:01.0421 3548 \Device\Harddisk0\DR0\Partition0 - ok
22:08:01.0484 3548 Boot (0x1200) (804f9a1fc519b9e28a679f2e9a9696eb) \Device\Harddisk0\DR0\Partition1
22:08:01.0484 3548 \Device\Harddisk0\DR0\Partition1 - ok
22:08:01.0500 3548 ============================================================
22:08:01.0500 3548 Scan finished
22:08:01.0500 3548 ============================================================
22:08:01.0562 3240 Detected object count: 0
22:08:01.0562 3240 Actual detected object count: 0

#8 Příspěvek od **vyosek** » 09 říj 2011 21:36

Pri stahovani ComboFixu (navod a postup nize), jej ulozte jako Beruska.com

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Chulap · #9 Příspěvek od **Chulap** » 09 říj 2011 22:03

Tu je log z ComboFix:

ComboFix 11-10-09.01 - Rasťo & Marcela 09.10.2011 22:45:43.10.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.511.219 [GMT 2:00]
Running from: c:\documents and settings\Rasťo & Marcela\Plocha\Beruska.com.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *Enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))
.
.
2011-10-09 19:06 . 2011-10-09 19:07 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 16:11 . 2011-06-04 09:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-19 1183656]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-19 1958800]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\Rasťo & Marcela\Nabídka Start\Programy\Po spuštění\
IOL.lnk - [N/A]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-13 393216]
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2010-8-6 1512448]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 16:18 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.4.2009 16:21 94360]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 10:21 72624]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.4.2009 16:19 731840]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 10:21 1234480]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [8.5.2011 9:44 25088]
S3 TF1D091010;TF1D091010;c:\windows\system32\drivers\TF1D091010.sys [2.2.2008 1:37 99968]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 86268582
*Deregistered* - 86268582
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.12.151.2 195.12.128.1
TCP: Interfaces\{680C0A2F-781D-4886-A092-66F4DB2CA560}: NameServer = 193.58.193.11 195.12.128.1
FF - ProfilePath - c:\documents and settings\Rasťo & Marcela\Data aplikací\Mozilla\Firefox\Profiles\uat1iuhc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.vlasaty.sk/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/resul ... EDDAF5}&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Aging Tabs: aging-tabs@design-noir.de - %profile%\extensions\aging-tabs@design-noir.de
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: ProCon Latte: {9D6218B8-03C7-4b91-AA43-680B305DD35C} - %profile%\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}
FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-09 22:55
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI02.01.01.01PRO"="19387AEE40D02799F82D751BE4E4E4E33A9238363FE7029EC25AF11CF13B657029BF8956306A8B82024895AD76F22E9E0AD52456159DAC66994C532113E9560765BF3945D30D720F193B1E369972A2483710070A4BE097A84D38856E999E8D52FC4D6A33622D9B9DCB04B75C74935ABBC9456DC916BACD63064D1CEFE758298FD1DED49C0BE3DE4DD8835D4CA2A67F1C7E6237149B566ED9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79338EDD5E5BE2F6E6678EDD5E5BE2F6E66723F259D8E8DDCF8B54A32456E0F037AE98223CDC40D950BE5B6B824684FDC3A9A36B1403F33D5F377ED2D703E70BCCF5347A4CADEB96883AC54FBDE0A8863CAE47DCB3129FC4DC7086D8BEEA3A57943F77CB1085234B0B3880BF5F3277AE722A87022A4CBD1E67F0DFF7B3A2B459A6E37683626C717404D2D9EEE9CFCA0DC4980EF6BE7A93173835335661C42B392F02F5EE776B57B136E8D5773455EED7AAB83C3E8DE75CA298FE5DFE4AEDE5C06C7DED435513C6C7F29FA85368E2256EAB0FA3BC07E4C6D465D3ED6042411E5DB1FA8D1753752A1DA55B4065869CA3D0E7660CBBEEC872E7927B29CB72E283256764B5E5A1285D3FC74A377060A991A38DC671E95B6AF6BB26830AF7D67DB9CC87E8FC0EC0462EDBEAD8E29D9CB58C2E638204D6BAA55FD03ABEBA8041BED530A17A2CD407EF6349B23CC878B5EFA660C2AE2678CA5CA6CBFC3F1C6256D7E5CC58CEBF609DC4347ED86A24727C8CE2C998A2EF292072C1F830E1C3818E7EE547655F6ABC836FCA16A71E625F91C3BC9FE579AD2622D215C42BBF7922B66C4BE512EC9159091649D180D8A677EC501FB940935D0F8C66FB40573E39F0705FFB933DF5CE89D4EBC21558DAC657D8716C16529633EA70204324347F35FA2E1853DF5B447004E020C06736AD4E7FF3EBF85556E99723AFF42D48D2ECD0323BDD1FFB73DF76647A6A3DF4361A7B5532878D3DA039A404835CF0AA59B4246E33F8243F209696AA4307298D8A32401F588E68B415F4AA40F6D3B5ED8248FCE9073819A512FBBABAB0B1E7A47546440A82D1B9492C512CEC6A5C9D581E5BD942FBECA74E0BE501D98D2FD2D250EE61281F2427AD744662821079B6520BE872F9A9EBEF7AE26D3A36774635D30707A56B715EC7340F11B7DF71B30A6AC2ABABF77E10061385726B5D60C04F0819AED42E90DBAA5831B0CC45E9998F52CE272506B9B56EA0711550428D6D54721D47E32C657B50352468F259A9393661CB20ADD2EFBF2654B93DD2BD181EECBAB8797E84B0212E0B444235A3B3A9E00F6D1EC9F18B939C000714980B6EAA36AE2A2F833E04B42C41050A4B92DF81E3FB796FB257491A329A1308F349D26EBDBB4098"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4084)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-09 22:58:48
ComboFix-quarantined-files.txt 2011-10-09 20:58
.
Pre-Run: 4 863 856 640
Post-Run: 4 853 850 112
.
- - End Of File - - 9B5A53526D805A384DF1A54291A252D3

#10 Příspěvek od **vyosek** » 09 říj 2011 22:18

Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu

Do okna vlozte skript nize

Kód: Vybrat vše

:filefind
svcgost.exe

:regfind
svcgost.exe

Kliknete na Look
Tlacitko Look se zmeni na Scanning a zsedne
Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

Chulap · #11 Příspěvek od **Chulap** » 09 říj 2011 22:29

Tu je log SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 23:25 on 09/10/2011 by Rasťo & Marcela
Administrator - Elevation successful

========== filefind ==========

Searching for "svcgost.exe"
C:\Documents and Settings\Rasťo & Marcela\Plocha\svcgost.exe --a---- 2552 bytes [08:57 08/10/2011] [20:17 07/10/2011] 7F78831B82DDD2087025014A15860AB0

========== regfind ==========

Searching for "svcgost.exe"
No data found.

-= EOF =-

PS: len chcem pripomenut, ze ten isty subor svcgost.exe mam skopirovany aj na lokalnom D:\

#12 Příspěvek od **vyosek** » 10 říj 2011 05:48

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

C:\Documents and Settings\Rasťo & Marcela\Plocha\svcgost.exe
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Send File
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

Chulap · #13 Příspěvek od **Chulap** » 10 říj 2011 17:27

Zdravim,

tu je odkaz na VirusTotal:

http://www.virustotal.com/file-scan/rep ... 1318263435#

#14 Příspěvek od **vyosek** » 10 říj 2011 17:48

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:services
86268582

:files
C:\Documents and Settings\Rasťo & Marcela\Plocha\svcgost.exe
svcgost.exe /s
svcgost.exe /alldrives
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
c:\documents and settings\Rasťo & Marcela\Nabídka Start\Programy\Po spuštění\IOL.lnk
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

Chulap · #15 Příspěvek od **Chulap** » 10 říj 2011 18:35

Zdravim,

skopiroval som vas kod do laveho pola a potvrdil MoveIt. Program sa rozbehol, pricom v pravom okne RESULT sa objavila hlaska, ze services 86268582 nepozna a posledne riadky bola hlaska, ze subor svcgost.exe na oboch adresach bol uspesne odstraneny. Program ostal takto stat a nic sa nedialo ani po cca 10min. Ked som klikol na plochu programu, tak system zahlasil, ze program neodpoveda, preto som PC restartol. Po restarte PC subor svcgost.exe je odstraneny, ale v C: ziaden log sa nenachadza.
Ako dalej pokracovat?

VIRY.CZ

Trojan Win32/Kryptik - svcgost.exe

Trojan Win32/Kryptik - svcgost.exe

Re: Trojan Win32/Kryptik - svcgost.exe

Re: Trojan Win32/Kryptik - svcgost.exe

Re: Trojan Win32/Kryptik - svcgost.exe

Re: Trojan Win32/Kryptik - svcgost.exe

Re: Trojan Win32/Kryptik - svcgost.exe

Re: Trojan Win32/Kryptik - svcgost.exe

Re: Trojan Win32/Kryptik - svcgost.exe

Re: Trojan Win32/Kryptik - svcgost.exe

Re: Trojan Win32/Kryptik - svcgost.exe

Re: Trojan Win32/Kryptik - svcgost.exe

Re: Trojan Win32/Kryptik - svcgost.exe

Re: Trojan Win32/Kryptik - svcgost.exe

Re: Trojan Win32/Kryptik - svcgost.exe

Re: Trojan Win32/Kryptik - svcgost.exe