Rootkit Physicaldrive0 nie pozwala zamknąć systemu

[ShadyYo]

Od wczoraj mam problem z systemem (Windows 7, 32bit). Avast wykrywa mi rootkita i kilka innych zakażeń (po każdym ponownym uruchomieniu systemu), które widać na screenach:

 

 

 

Ponadto uniemożliwia mi to wyłączenie systemu. Za każdym razem gdy to robię, zamiast wyłączyć automatycznie uruchamia się ponownie i pojawia się "ekran śmierci". Ponadto często się zawiesza w różnych sytuacjach, czasem zawiesza się nagle cała przeglądarka, czasem nie mogę otworzyć zwykłego notatnika. Podobnie nie mogę włączyć Mój Komputer, w takich sytuacjach nie działa kombinacja klawiszy alt+ctrl+del a jedynym wyjściem jest restart komputera. Są też takie sytuacje gdy przy uruchamianiu systemu, po ekranie powitalnym (tym z "Zapraszamy") pojawia się czarny ekran, kursor i nic więcej (wtedy można włączyć go ponownie poprzez Wyloguj użytkownika i ponowne zalogowanie). Dodaję załączniki skanów. Bardzo proszę o pomoc.

OTL.Txt

Extras.Txt

gmer.txt

[Landuss]

Wygląda na to, że masz rootkita TDL4 w MBR. W takim wypadku przeskanuj się narzedziem Kaspersky TDSSKiller. Kiedy wykryje rootkita zaznacz opcję Cure (leczenie) i wklej wynikowy raport.

[ShadyYo]

Rootkit został pomyślnie wyleczony. Nie wiem czy to już miało pomóc ale Avast wciąż wykrywa rootkita MBR:\\.\PHYSICALDRIVE0. Raport:

 

2011/05/08 00:14:32.0868 4180 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16

2011/05/08 00:14:33.0367 4180 ================================================================================

2011/05/08 00:14:33.0367 4180 SystemInfo:

2011/05/08 00:14:33.0367 4180

2011/05/08 00:14:33.0367 4180 OS Version: 6.1.7600 ServicePack: 0.0

2011/05/08 00:14:33.0367 4180 Product type: Workstation

2011/05/08 00:14:33.0367 4180 ComputerName: MICHAŁ-KOMPUTER

2011/05/08 00:14:33.0367 4180 UserName: Michał

2011/05/08 00:14:33.0367 4180 Windows directory: C:\Windows

2011/05/08 00:14:33.0367 4180 System windows directory: C:\Windows

2011/05/08 00:14:33.0367 4180 Processor architecture: Intel x86

2011/05/08 00:14:33.0367 4180 Number of processors: 2

2011/05/08 00:14:33.0383 4180 Page size: 0x1000

2011/05/08 00:14:33.0383 4180 Boot type: Normal boot

2011/05/08 00:14:33.0383 4180 ================================================================================

2011/05/08 00:14:33.0773 4180 Initialize success

2011/05/08 00:14:44.0896 4244 ================================================================================

2011/05/08 00:14:44.0896 4244 Scan started

2011/05/08 00:14:44.0896 4244 Mode: Manual;

2011/05/08 00:14:44.0896 4244 ================================================================================

2011/05/08 00:14:46.0706 4244 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/05/08 00:14:46.0752 4244 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2011/05/08 00:14:46.0784 4244 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/05/08 00:14:46.0846 4244 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/05/08 00:14:46.0893 4244 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/05/08 00:14:46.0908 4244 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/05/08 00:14:46.0971 4244 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2011/05/08 00:14:47.0002 4244 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2011/05/08 00:14:47.0033 4244 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/05/08 00:14:47.0080 4244 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2011/05/08 00:14:47.0174 4244 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2011/05/08 00:14:47.0205 4244 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2011/05/08 00:14:47.0236 4244 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/05/08 00:14:47.0376 4244 amdkmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/05/08 00:14:47.0470 4244 amdkmdap (41876830a043176f7902e781238f95ef) C:\Windows\system32\DRIVERS\atikmpag.sys

2011/05/08 00:14:47.0501 4244 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/05/08 00:14:47.0532 4244 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

2011/05/08 00:14:47.0595 4244 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/05/08 00:14:47.0626 4244 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

2011/05/08 00:14:47.0657 4244 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2011/05/08 00:14:47.0735 4244 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/05/08 00:14:47.0766 4244 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/05/08 00:14:47.0813 4244 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys

2011/05/08 00:14:47.0860 4244 aswMonFlt (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys

2011/05/08 00:14:47.0891 4244 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys

2011/05/08 00:14:47.0922 4244 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys

2011/05/08 00:14:47.0954 4244 aswTdi (1408421505257846eb336feeef33352d) C:\Windows\system32\drivers\aswTdi.sys

2011/05/08 00:14:47.0969 4244 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/05/08 00:14:48.0000 4244 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2011/05/08 00:14:48.0156 4244 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/05/08 00:14:48.0328 4244 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/05/08 00:14:48.0390 4244 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/05/08 00:14:48.0437 4244 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/05/08 00:14:48.0484 4244 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/05/08 00:14:48.0531 4244 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

2011/05/08 00:14:48.0546 4244 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/05/08 00:14:48.0578 4244 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/05/08 00:14:48.0609 4244 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/05/08 00:14:48.0640 4244 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/05/08 00:14:48.0656 4244 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/05/08 00:14:48.0687 4244 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/05/08 00:14:48.0749 4244 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/05/08 00:14:48.0780 4244 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/05/08 00:14:48.0812 4244 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

2011/05/08 00:14:48.0843 4244 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys

2011/05/08 00:14:48.0921 4244 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys

2011/05/08 00:14:48.0952 4244 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/05/08 00:14:48.0999 4244 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2011/05/08 00:14:49.0046 4244 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/05/08 00:14:49.0092 4244 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/05/08 00:14:49.0155 4244 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/05/08 00:14:49.0202 4244 cmdGuard (25257833bfe9751c54751477123f174e) C:\Windows\system32\DRIVERS\cmdguard.sys

2011/05/08 00:14:49.0217 4244 cmdHlp (85b5d9ffa0b0d20a5137a356918e2e38) C:\Windows\system32\DRIVERS\cmdhlp.sys

2011/05/08 00:14:49.0248 4244 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2011/05/08 00:14:49.0280 4244 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/05/08 00:14:49.0311 4244 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/05/08 00:14:49.0342 4244 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/05/08 00:14:49.0373 4244 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/05/08 00:14:49.0451 4244 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

2011/05/08 00:14:49.0514 4244 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2011/05/08 00:14:49.0529 4244 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/05/08 00:14:49.0576 4244 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/05/08 00:14:49.0638 4244 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

2011/05/08 00:14:49.0685 4244 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2011/05/08 00:14:49.0732 4244 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/05/08 00:14:49.0779 4244 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/05/08 00:14:49.0826 4244 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

2011/05/08 00:14:49.0982 4244 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/05/08 00:14:50.0075 4244 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/05/08 00:14:50.0106 4244 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2011/05/08 00:14:50.0153 4244 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/05/08 00:14:50.0184 4244 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/05/08 00:14:50.0216 4244 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/05/08 00:14:50.0262 4244 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/05/08 00:14:50.0294 4244 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/05/08 00:14:50.0309 4244 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/05/08 00:14:50.0340 4244 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/05/08 00:14:50.0372 4244 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/05/08 00:14:50.0387 4244 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/05/08 00:14:50.0434 4244 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2011/05/08 00:14:50.0465 4244 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/05/08 00:14:50.0496 4244 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/05/08 00:14:50.0543 4244 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

2011/05/08 00:14:50.0574 4244 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/05/08 00:14:50.0606 4244 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/05/08 00:14:50.0637 4244 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/05/08 00:14:50.0684 4244 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/05/08 00:14:50.0715 4244 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2011/05/08 00:14:50.0793 4244 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/05/08 00:14:50.0840 4244 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2011/05/08 00:14:50.0871 4244 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2011/05/08 00:14:50.0886 4244 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/05/08 00:14:50.0949 4244 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

2011/05/08 00:14:50.0980 4244 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/05/08 00:14:51.0042 4244 inspect (3fd25c91bc2be3465559e64801c10e33) C:\Windows\system32\DRIVERS\inspect.sys

2011/05/08 00:14:51.0152 4244 IntcAzAudAddService (f42f2f88017a2e2b6f783acef6c2c149) C:\Windows\system32\drivers\RTKVHDA.sys

2011/05/08 00:14:51.0214 4244 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2011/05/08 00:14:51.0245 4244 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/05/08 00:14:51.0276 4244 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/05/08 00:14:51.0308 4244 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/05/08 00:14:51.0323 4244 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/05/08 00:14:51.0354 4244 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/05/08 00:14:51.0386 4244 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2011/05/08 00:14:51.0417 4244 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/05/08 00:14:51.0464 4244 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/05/08 00:14:51.0495 4244 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/05/08 00:14:51.0526 4244 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2011/05/08 00:14:51.0557 4244 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2011/05/08 00:14:51.0620 4244 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/05/08 00:14:51.0682 4244 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/05/08 00:14:51.0698 4244 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/05/08 00:14:51.0729 4244 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/05/08 00:14:51.0744 4244 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/05/08 00:14:51.0776 4244 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/05/08 00:14:51.0822 4244 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys

2011/05/08 00:14:51.0869 4244 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/05/08 00:14:51.0885 4244 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/05/08 00:14:51.0916 4244 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/05/08 00:14:51.0963 4244 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/05/08 00:14:51.0994 4244 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/05/08 00:14:52.0041 4244 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/05/08 00:14:52.0072 4244 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2011/05/08 00:14:52.0088 4244 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2011/05/08 00:14:52.0119 4244 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/05/08 00:14:52.0150 4244 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2011/05/08 00:14:52.0212 4244 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/05/08 00:14:52.0244 4244 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/05/08 00:14:52.0275 4244 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/05/08 00:14:52.0306 4244 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2011/05/08 00:14:52.0322 4244 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2011/05/08 00:14:52.0384 4244 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/05/08 00:14:52.0400 4244 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/05/08 00:14:52.0415 4244 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/05/08 00:14:52.0478 4244 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/05/08 00:14:52.0493 4244 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/05/08 00:14:52.0524 4244 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/05/08 00:14:52.0556 4244 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/05/08 00:14:52.0587 4244 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/05/08 00:14:52.0602 4244 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/05/08 00:14:52.0634 4244 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/05/08 00:14:52.0665 4244 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/05/08 00:14:52.0712 4244 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/05/08 00:14:52.0758 4244 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2011/05/08 00:14:52.0790 4244 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/05/08 00:14:52.0821 4244 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/05/08 00:14:52.0852 4244 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/05/08 00:14:52.0883 4244 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/05/08 00:14:52.0899 4244 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2011/05/08 00:14:52.0977 4244 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/05/08 00:14:53.0008 4244 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2011/05/08 00:14:53.0070 4244 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/05/08 00:14:53.0102 4244 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/05/08 00:14:53.0148 4244 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/05/08 00:14:53.0195 4244 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

2011/05/08 00:14:53.0242 4244 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/05/08 00:14:53.0304 4244 NVHDA (0e40ef12bc029ff8b13043f157452c47) C:\Windows\system32\drivers\nvhda32v.sys

2011/05/08 00:14:53.0585 4244 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/05/08 00:14:53.0741 4244 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

2011/05/08 00:14:53.0788 4244 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

2011/05/08 00:14:53.0850 4244 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/05/08 00:14:53.0882 4244 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/05/08 00:14:53.0928 4244 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/05/08 00:14:53.0960 4244 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2011/05/08 00:14:53.0975 4244 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/05/08 00:14:54.0006 4244 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2011/05/08 00:14:54.0038 4244 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2011/05/08 00:14:54.0053 4244 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/05/08 00:14:54.0084 4244 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/05/08 00:14:54.0116 4244 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/05/08 00:14:54.0256 4244 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/05/08 00:14:54.0287 4244 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/05/08 00:14:54.0334 4244 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/05/08 00:14:54.0381 4244 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/05/08 00:14:54.0428 4244 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/05/08 00:14:54.0459 4244 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/05/08 00:14:54.0474 4244 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/05/08 00:14:54.0506 4244 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/05/08 00:14:54.0537 4244 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/05/08 00:14:54.0568 4244 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/05/08 00:14:54.0599 4244 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/05/08 00:14:54.0630 4244 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2011/05/08 00:14:54.0646 4244 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/05/08 00:14:54.0677 4244 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/05/08 00:14:54.0724 4244 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

2011/05/08 00:14:54.0755 4244 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/05/08 00:14:54.0786 4244 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/05/08 00:14:54.0818 4244 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2011/05/08 00:14:54.0849 4244 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2011/05/08 00:14:54.0911 4244 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/05/08 00:14:54.0958 4244 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/05/08 00:14:55.0020 4244 RTL8167 (1a42b4cba44778d312e668cd166cbcbb) C:\Windows\system32\DRIVERS\Rt86win7.sys

2011/05/08 00:14:55.0036 4244 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

2011/05/08 00:14:55.0083 4244 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/05/08 00:14:55.0114 4244 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2011/05/08 00:14:55.0176 4244 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/05/08 00:14:55.0239 4244 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/05/08 00:14:55.0254 4244 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/05/08 00:14:55.0286 4244 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/05/08 00:14:55.0332 4244 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/05/08 00:14:55.0364 4244 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/05/08 00:14:55.0379 4244 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/05/08 00:14:55.0410 4244 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/05/08 00:14:55.0442 4244 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2011/05/08 00:14:55.0488 4244 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/05/08 00:14:55.0520 4244 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/05/08 00:14:55.0551 4244 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/05/08 00:14:55.0598 4244 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/05/08 00:14:55.0676 4244 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys

2011/05/08 00:14:55.0722 4244 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys

2011/05/08 00:14:55.0738 4244 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys

2011/05/08 00:14:55.0816 4244 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys

2011/05/08 00:14:55.0878 4244 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/05/08 00:14:55.0925 4244 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

2011/05/08 00:14:55.0956 4244 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

2011/05/08 00:14:56.0034 4244 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2011/05/08 00:14:56.0190 4244 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2011/05/08 00:14:56.0315 4244 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2011/05/08 00:14:56.0393 4244 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2011/05/08 00:14:56.0471 4244 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2011/05/08 00:14:56.0518 4244 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2011/05/08 00:14:56.0549 4244 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2011/05/08 00:14:56.0580 4244 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2011/05/08 00:14:56.0627 4244 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/05/08 00:14:56.0674 4244 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2011/05/08 00:14:56.0705 4244 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/05/08 00:14:56.0736 4244 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2011/05/08 00:14:56.0783 4244 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/05/08 00:14:56.0830 4244 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2011/05/08 00:14:56.0846 4244 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/05/08 00:14:56.0908 4244 usbbus (cccece399b1990d63bfc8de8161dd838) C:\Windows\system32\DRIVERS\lgusbbus.sys

2011/05/08 00:14:56.0939 4244 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/05/08 00:14:56.0970 4244 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2011/05/08 00:14:56.0986 4244 UsbDiag (b2ef4693e17404a178da88318c5236b8) C:\Windows\system32\DRIVERS\lgusbdiag.sys

2011/05/08 00:14:57.0017 4244 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2011/05/08 00:14:57.0064 4244 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2011/05/08 00:14:57.0095 4244 USBModem (eb16939525ed91fb649ec68afc865dce) C:\Windows\system32\DRIVERS\lgusbmodem.sys

2011/05/08 00:14:57.0126 4244 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/05/08 00:14:57.0158 4244 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/05/08 00:14:57.0189 4244 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/05/08 00:14:57.0236 4244 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS

2011/05/08 00:14:57.0267 4244 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/05/08 00:14:57.0314 4244 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/05/08 00:14:57.0345 4244 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/05/08 00:14:57.0376 4244 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/05/08 00:14:57.0407 4244 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/05/08 00:14:57.0438 4244 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2011/05/08 00:14:57.0470 4244 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/05/08 00:14:57.0485 4244 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2011/05/08 00:14:57.0532 4244 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

2011/05/08 00:14:57.0548 4244 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

2011/05/08 00:14:57.0579 4244 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/05/08 00:14:57.0610 4244 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/05/08 00:14:57.0641 4244 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2011/05/08 00:14:57.0672 4244 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/05/08 00:14:57.0719 4244 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/05/08 00:14:57.0750 4244 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/05/08 00:14:57.0797 4244 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/08 00:14:57.0813 4244 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/08 00:14:57.0860 4244 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/05/08 00:14:57.0906 4244 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/05/08 00:14:57.0969 4244 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/05/08 00:14:58.0000 4244 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/05/08 00:14:58.0062 4244 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/05/08 00:14:58.0125 4244 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/05/08 00:14:58.0172 4244 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2011/05/08 00:14:58.0218 4244 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/05/08 00:14:58.0265 4244 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/05/08 00:14:58.0281 4244 ================================================================================

2011/05/08 00:14:58.0281 4244 Scan finished

2011/05/08 00:14:58.0281 4244 ================================================================================

2011/05/08 00:14:58.0296 4236 Detected object count: 1

2011/05/08 00:15:13.0288 4236 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/05/08 00:15:13.0288 4236 \HardDisk0 - ok

2011/05/08 00:15:13.0288 4236 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/05/08 00:15:24.0816 4168 Deinitialize success

[picasso]

Rootkit został pomyślnie wyleczony. Nie wiem czy to już miało pomóc ale Avast wciąż wykrywa rootkita MBR:\\.\PHYSICALDRIVE0.

 

Pokazujesz log z procesu nieukończonego. Czy zresetowałeś system? Bez restartu proces czyszczenia nie jest wykonany. Zresetuj komputer i wygeneruj log z Kasperskiego + GMER ponownie.

[ShadyYo]

Myślę, że problem może polegać na tym, że podczas ponownego uruchamiania systemu pojawia się ten "ekran śmierci" (a raczej jeszcze podczas wyłączania, przed ponownym uruchamianiem), który sam dodatkowo ponownie uruchamia system, przez co proces ten nie może być poprawnie wykonany.

[picasso]

Myślę, że problem może polegać na tym, że podczas ponownego uruchamiania systemu pojawia się ten "ekran śmierci" (a raczej jeszcze podczas wyłączania, przed ponownym uruchamianiem), który sam dodatkowo ponownie uruchamia system, przez co proces ten nie może być poprawnie wykonany.

A widzisz, tego nie podałeś. Nadpisz więc MBR z poziomu bootowalnej płyty. Zastartuj do WinRE, wybierz moduł Command Prompt i wywołaj polecenie bootrec /fixmbr.

[ShadyYo]

Szczerze mówiąc nie wiem na czym polega to nadpisanie MBR a następnie zastartowanie do WinRE. Gdzie należy wybrać takie opcje?

[picasso]

ShadyYo zadajesz pytanie jakbyś kompletnie nie przeczytał co napisałam:

 

 

Zastartuj do WinRE, wybierz moduł Command Prompt i wywołaj polecenie bootrec /fixmbr.

 

W tym zdaniu jest wszystko co należy zrobić! To jest operacja nadpisania MBR.

[ShadyYo]

Zaraz zaraz, dziś komputer uruchamia się ponownie bez żadnych problemów, nie wiem jakim cudem. Więc stworzyłem ponownie log i czy tym razem jest ten proces ukończony? Jeśli nie, spróbuję z tą płytą. Zdziwię się jeśli ten też jest niedokończony skoro komputer uruchomił się ponownie poprawnie.

 

2011/05/08 11:16:45.0175 2456 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16

2011/05/08 11:16:45.0705 2456 ================================================================================

2011/05/08 11:16:45.0705 2456 SystemInfo:

2011/05/08 11:16:45.0705 2456

2011/05/08 11:16:45.0705 2456 OS Version: 6.1.7600 ServicePack: 0.0

2011/05/08 11:16:45.0705 2456 Product type: Workstation

2011/05/08 11:16:45.0705 2456 ComputerName: MICHAŁ-KOMPUTER

2011/05/08 11:16:45.0705 2456 UserName: Michał

2011/05/08 11:16:45.0705 2456 Windows directory: C:\Windows

2011/05/08 11:16:45.0705 2456 System windows directory: C:\Windows

2011/05/08 11:16:45.0705 2456 Processor architecture: Intel x86

2011/05/08 11:16:45.0705 2456 Number of processors: 2

2011/05/08 11:16:45.0705 2456 Page size: 0x1000

2011/05/08 11:16:45.0705 2456 Boot type: Normal boot

2011/05/08 11:16:45.0705 2456 ================================================================================

2011/05/08 11:16:46.0376 2456 Initialize success

2011/05/08 11:16:48.0248 1708 ================================================================================

2011/05/08 11:16:48.0248 1708 Scan started

2011/05/08 11:16:48.0248 1708 Mode: Manual;

2011/05/08 11:16:48.0248 1708 ================================================================================

2011/05/08 11:16:49.0636 1708 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/05/08 11:16:49.0683 1708 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2011/05/08 11:16:49.0730 1708 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/05/08 11:16:49.0777 1708 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/05/08 11:16:49.0808 1708 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/05/08 11:16:49.0839 1708 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/05/08 11:16:49.0902 1708 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2011/05/08 11:16:49.0917 1708 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2011/05/08 11:16:49.0948 1708 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/05/08 11:16:49.0995 1708 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2011/05/08 11:16:50.0073 1708 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2011/05/08 11:16:50.0104 1708 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2011/05/08 11:16:50.0136 1708 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/05/08 11:16:50.0276 1708 amdkmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/05/08 11:16:50.0354 1708 amdkmdap (41876830a043176f7902e781238f95ef) C:\Windows\system32\DRIVERS\atikmpag.sys

2011/05/08 11:16:50.0385 1708 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/05/08 11:16:50.0432 1708 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

2011/05/08 11:16:50.0479 1708 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/05/08 11:16:50.0494 1708 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

2011/05/08 11:16:50.0541 1708 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2011/05/08 11:16:51.0727 1708 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/05/08 11:16:51.0758 1708 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/05/08 11:16:51.0805 1708 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys

2011/05/08 11:16:51.0852 1708 aswMonFlt (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys

2011/05/08 11:16:51.0883 1708 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys

2011/05/08 11:16:51.0914 1708 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys

2011/05/08 11:16:51.0945 1708 aswTdi (1408421505257846eb336feeef33352d) C:\Windows\system32\drivers\aswTdi.sys

2011/05/08 11:16:51.0976 1708 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/05/08 11:16:51.0992 1708 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2011/05/08 11:16:52.0148 1708 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/05/08 11:16:52.0320 1708 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/05/08 11:16:52.0382 1708 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/05/08 11:16:52.0413 1708 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/05/08 11:16:52.0460 1708 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/05/08 11:16:52.0507 1708 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

2011/05/08 11:16:52.0522 1708 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/05/08 11:16:52.0554 1708 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/05/08 11:16:52.0585 1708 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/05/08 11:16:52.0616 1708 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/05/08 11:16:52.0647 1708 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/05/08 11:16:52.0663 1708 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/05/08 11:16:52.0725 1708 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/05/08 11:16:52.0756 1708 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/05/08 11:16:52.0788 1708 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

2011/05/08 11:16:52.0819 1708 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys

2011/05/08 11:16:52.0881 1708 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys

2011/05/08 11:16:52.0912 1708 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/05/08 11:16:52.0959 1708 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2011/05/08 11:16:52.0990 1708 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/05/08 11:16:53.0037 1708 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/05/08 11:16:53.0100 1708 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/05/08 11:16:53.0146 1708 cmdGuard (25257833bfe9751c54751477123f174e) C:\Windows\system32\DRIVERS\cmdguard.sys

2011/05/08 11:16:53.0178 1708 cmdHlp (85b5d9ffa0b0d20a5137a356918e2e38) C:\Windows\system32\DRIVERS\cmdhlp.sys

2011/05/08 11:16:53.0193 1708 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2011/05/08 11:16:53.0224 1708 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/05/08 11:16:53.0256 1708 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/05/08 11:16:53.0287 1708 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/05/08 11:16:53.0318 1708 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/05/08 11:16:53.0380 1708 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

2011/05/08 11:16:53.0427 1708 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2011/05/08 11:16:53.0458 1708 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/05/08 11:16:53.0490 1708 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/05/08 11:16:53.0552 1708 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

2011/05/08 11:16:53.0599 1708 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2011/05/08 11:16:53.0630 1708 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/05/08 11:16:53.0677 1708 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/05/08 11:16:53.0739 1708 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

2011/05/08 11:16:54.0020 1708 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/05/08 11:16:54.0207 1708 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/05/08 11:16:54.0301 1708 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2011/05/08 11:16:54.0363 1708 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/05/08 11:16:54.0379 1708 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/05/08 11:16:54.0426 1708 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/05/08 11:16:54.0472 1708 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/05/08 11:16:54.0504 1708 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/05/08 11:16:54.0535 1708 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/05/08 11:16:54.0566 1708 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/05/08 11:16:54.0597 1708 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/05/08 11:16:54.0628 1708 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/05/08 11:16:54.0660 1708 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2011/05/08 11:16:54.0691 1708 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/05/08 11:16:54.0722 1708 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/05/08 11:16:54.0784 1708 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

2011/05/08 11:16:54.0816 1708 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/05/08 11:16:54.0831 1708 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/05/08 11:16:54.0862 1708 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/05/08 11:16:54.0909 1708 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/05/08 11:16:54.0956 1708 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2011/05/08 11:16:55.0018 1708 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/05/08 11:16:55.0065 1708 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2011/05/08 11:16:55.0081 1708 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2011/05/08 11:16:55.0112 1708 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/05/08 11:16:55.0143 1708 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

2011/05/08 11:16:55.0190 1708 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/05/08 11:16:55.0237 1708 inspect (3fd25c91bc2be3465559e64801c10e33) C:\Windows\system32\DRIVERS\inspect.sys

2011/05/08 11:16:55.0362 1708 IntcAzAudAddService (f42f2f88017a2e2b6f783acef6c2c149) C:\Windows\system32\drivers\RTKVHDA.sys

2011/05/08 11:16:55.0408 1708 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2011/05/08 11:16:55.0440 1708 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/05/08 11:16:55.0486 1708 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/05/08 11:16:55.0533 1708 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/05/08 11:16:55.0549 1708 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/05/08 11:16:55.0580 1708 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/05/08 11:16:55.0611 1708 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2011/05/08 11:16:55.0642 1708 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/05/08 11:16:55.0674 1708 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/05/08 11:16:55.0705 1708 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/05/08 11:16:55.0752 1708 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2011/05/08 11:16:55.0783 1708 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2011/05/08 11:16:55.0845 1708 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/05/08 11:16:55.0892 1708 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/05/08 11:16:55.0908 1708 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/05/08 11:16:55.0939 1708 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/05/08 11:16:55.0970 1708 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/05/08 11:16:56.0017 1708 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/05/08 11:16:56.0064 1708 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys

2011/05/08 11:16:56.0095 1708 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/05/08 11:16:56.0110 1708 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/05/08 11:16:56.0142 1708 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/05/08 11:16:56.0173 1708 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/05/08 11:16:56.0220 1708 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/05/08 11:16:56.0298 1708 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/05/08 11:16:56.0313 1708 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2011/05/08 11:16:56.0344 1708 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2011/05/08 11:16:56.0376 1708 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/05/08 11:16:56.0422 1708 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2011/05/08 11:16:56.0469 1708 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/05/08 11:16:56.0500 1708 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/05/08 11:16:56.0532 1708 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/05/08 11:16:56.0594 1708 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2011/05/08 11:16:56.0610 1708 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2011/05/08 11:16:56.0656 1708 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/05/08 11:16:56.0688 1708 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/05/08 11:16:56.0703 1708 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/05/08 11:16:56.0750 1708 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/05/08 11:16:56.0781 1708 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/05/08 11:16:56.0812 1708 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/05/08 11:16:56.0844 1708 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/05/08 11:16:56.0859 1708 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/05/08 11:16:56.0890 1708 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/05/08 11:16:56.0906 1708 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/05/08 11:16:56.0937 1708 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/05/08 11:16:56.0984 1708 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/05/08 11:16:57.0031 1708 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2011/05/08 11:16:57.0062 1708 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/05/08 11:16:57.0093 1708 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/05/08 11:16:57.0124 1708 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/05/08 11:16:57.0156 1708 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/05/08 11:16:57.0187 1708 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2011/05/08 11:16:57.0249 1708 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/05/08 11:16:57.0280 1708 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2011/05/08 11:16:57.0327 1708 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/05/08 11:16:57.0358 1708 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/05/08 11:16:57.0390 1708 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/05/08 11:16:57.0452 1708 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

2011/05/08 11:16:57.0499 1708 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/05/08 11:16:57.0561 1708 NVHDA (0e40ef12bc029ff8b13043f157452c47) C:\Windows\system32\drivers\nvhda32v.sys

2011/05/08 11:16:57.0826 1708 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/05/08 11:16:57.0982 1708 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

2011/05/08 11:16:58.0029 1708 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

2011/05/08 11:16:58.0092 1708 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/05/08 11:16:58.0123 1708 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/05/08 11:16:58.0170 1708 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/05/08 11:16:58.0201 1708 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2011/05/08 11:16:58.0216 1708 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/05/08 11:16:58.0248 1708 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2011/05/08 11:16:58.0279 1708 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2011/05/08 11:16:58.0310 1708 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/05/08 11:16:58.0341 1708 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/05/08 11:16:58.0372 1708 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/05/08 11:16:58.0513 1708 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/05/08 11:16:58.0528 1708 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/05/08 11:16:58.0591 1708 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/05/08 11:16:58.0638 1708 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/05/08 11:16:58.0684 1708 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/05/08 11:16:58.0716 1708 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/05/08 11:16:58.0731 1708 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/05/08 11:16:58.0778 1708 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/05/08 11:16:58.0809 1708 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/05/08 11:16:58.0856 1708 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/05/08 11:16:58.0887 1708 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/05/08 11:16:58.0918 1708 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2011/05/08 11:16:58.0934 1708 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/05/08 11:16:58.0965 1708 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/05/08 11:16:59.0012 1708 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

2011/05/08 11:16:59.0043 1708 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/05/08 11:16:59.0074 1708 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/05/08 11:16:59.0106 1708 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2011/05/08 11:16:59.0137 1708 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2011/05/08 11:16:59.0199 1708 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/05/08 11:16:59.0262 1708 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/05/08 11:16:59.0324 1708 RTL8167 (1a42b4cba44778d312e668cd166cbcbb) C:\Windows\system32\DRIVERS\Rt86win7.sys

2011/05/08 11:16:59.0355 1708 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

2011/05/08 11:16:59.0386 1708 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/05/08 11:16:59.0418 1708 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2011/05/08 11:16:59.0464 1708 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/05/08 11:16:59.0527 1708 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/05/08 11:16:59.0542 1708 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/05/08 11:16:59.0574 1708 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/05/08 11:16:59.0620 1708 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/05/08 11:16:59.0652 1708 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/05/08 11:16:59.0667 1708 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/05/08 11:16:59.0698 1708 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/05/08 11:16:59.0730 1708 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2011/05/08 11:16:59.0776 1708 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/05/08 11:16:59.0808 1708 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/05/08 11:16:59.0823 1708 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/05/08 11:16:59.0886 1708 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/05/08 11:16:59.0979 1708 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys

2011/05/08 11:17:00.0010 1708 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys

2011/05/08 11:17:00.0026 1708 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys

2011/05/08 11:17:00.0104 1708 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys

2011/05/08 11:17:00.0182 1708 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/05/08 11:17:00.0229 1708 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

2011/05/08 11:17:00.0260 1708 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

2011/05/08 11:17:00.0307 1708 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2011/05/08 11:17:00.0385 1708 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2011/05/08 11:17:00.0447 1708 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2011/05/08 11:17:00.0494 1708 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2011/05/08 11:17:00.0510 1708 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2011/05/08 11:17:00.0541 1708 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2011/05/08 11:17:00.0572 1708 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2011/05/08 11:17:00.0588 1708 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2011/05/08 11:17:00.0650 1708 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/05/08 11:17:00.0681 1708 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2011/05/08 11:17:00.0712 1708 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/05/08 11:17:00.0744 1708 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2011/05/08 11:17:00.0790 1708 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/05/08 11:17:00.0822 1708 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2011/05/08 11:17:00.0853 1708 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/05/08 11:17:00.0900 1708 usbbus (cccece399b1990d63bfc8de8161dd838) C:\Windows\system32\DRIVERS\lgusbbus.sys

2011/05/08 11:17:00.0931 1708 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/05/08 11:17:00.0962 1708 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2011/05/08 11:17:00.0993 1708 UsbDiag (b2ef4693e17404a178da88318c5236b8) C:\Windows\system32\DRIVERS\lgusbdiag.sys

2011/05/08 11:17:01.0024 1708 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2011/05/08 11:17:01.0149 1708 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2011/05/08 11:17:01.0180 1708 USBModem (eb16939525ed91fb649ec68afc865dce) C:\Windows\system32\DRIVERS\lgusbmodem.sys

2011/05/08 11:17:01.0212 1708 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/05/08 11:17:01.0258 1708 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/05/08 11:17:01.0290 1708 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/05/08 11:17:01.0336 1708 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS

2011/05/08 11:17:01.0352 1708 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/05/08 11:17:01.0399 1708 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/05/08 11:17:01.0430 1708 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/05/08 11:17:01.0461 1708 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/05/08 11:17:01.0492 1708 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/05/08 11:17:01.0524 1708 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2011/05/08 11:17:01.0555 1708 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/05/08 11:17:01.0570 1708 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2011/05/08 11:17:01.0617 1708 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

2011/05/08 11:17:01.0633 1708 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

2011/05/08 11:17:01.0664 1708 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/05/08 11:17:01.0695 1708 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/05/08 11:17:01.0726 1708 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2011/05/08 11:17:01.0773 1708 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/05/08 11:17:01.0804 1708 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/05/08 11:17:01.0851 1708 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/05/08 11:17:01.0882 1708 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/08 11:17:01.0898 1708 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/08 11:17:01.0960 1708 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/05/08 11:17:01.0992 1708 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/05/08 11:17:02.0054 1708 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/05/08 11:17:02.0085 1708 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/05/08 11:17:02.0163 1708 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/05/08 11:17:02.0210 1708 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/05/08 11:17:02.0257 1708 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2011/05/08 11:17:02.0304 1708 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/05/08 11:17:02.0366 1708 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/05/08 11:17:02.0366 1708 ================================================================================

2011/05/08 11:17:02.0366 1708 Scan finished

2011/05/08 11:17:02.0366 1708 ================================================================================

2011/05/08 11:17:02.0382 3612 Detected object count: 1

2011/05/08 11:17:09.0667 3612 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/05/08 11:17:09.0667 3612 \HardDisk0 - ok

2011/05/08 11:17:09.0667 3612 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/05/08 11:17:16.0203 3828 Deinitialize success

[picasso]

Zdziwię się jeśli ten też jest niedokończony skoro komputer uruchomił się ponownie poprawnie.

 

Ale w logu to przecież nie będzie widzialne - nie w logu przed restartem (a taki tu widzę). A jeśli log po restarcie nadal pokazuje wynik "Rootkit.Win32.TDSS.tdl4" + Avast zgłasza to samo = leczenie jest nieskuteczne i tyle. I w takim przypadku mówię: pobrać z linka gotową płytę WinRE i z niej zastartować, na ekranie opcji wybrać "Command Prompt" i wpisać komendę bootrec /fixmbr. To jest przecież banalne!

[ShadyYo]

Zrobiłem tak, wpisałem komendę w Command Prompt (The operation finished successfully), a następnie zrestartowałem komputer. Co teraz? Mam spróbować ponownie użyć Kasperskiego?

 

/ Aha, widzę, że już jest ok, Kaspersky nie wykrywa żadnego rootkita.

 

Logi w załączniku.

TDSSKiller.2.5.0.0_08.05.2011_12.21.32_log.txt

gmer1.txt

[Landuss]

Rootkit usunięty więc teraz weźmy się za pozostałe drobnostki.

 

1. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst:

 

:OTL
DRV - File not found [Kernel | On_Demand | Running] --  -- (ALSysIO)
FF - prefs.js..browser.search.selectedEngine: "Web Search..."
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
[2011-03-26 00:05:34 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Michał\AppData\Roaming\mozilla\Firefox\Profiles\7qdjgkjz.default\extensions\toolbar@ask.com
[2011-04-30 19:59:05 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Michał\AppData\Roaming\mozilla\Firefox\Profiles\7qdjgkjz.default\extensions\vshare@toolbar
[2011-04-30 19:59:14 | 000,001,583 | ---- | M] () -- C:\Users\Michał\AppData\Roaming\Mozilla\Firefox\Profiles\7qdjgkjz.default\searchplugins\web-search.xml
O4 - HKLM..\Run: []  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[2011-05-04 21:41:00 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Michał.job
 
:Commands
[emptyflash]
[emptytemp]

 

Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

 

2. Odinstaluj pasek sponsoringowy Ask Toolbar

 

3. Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowe logi z OTL.

 

 

 

[ShadyYo]

Wszystko wykonane. Logi z OTL:

 

OTL logfile created on: 2011-05-08 14:23:49 - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Michał\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free

7,00 Gb Paging File | 6,00 Gb Available in Paging File | 86,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 68,26 Gb Total Space | 14,64 Gb Free Space | 21,44% Space Free | Partition Type: NTFS

Drive D: | 80,69 Gb Total Space | 17,32 Gb Free Space | 21,47% Space Free | Partition Type: NTFS

Drive G: | 3,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: MICHAŁ-KOMPUTER | User Name: Michał | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011-05-07 22:21:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Michał\Desktop\OTL.exe

PRC - [2011-05-01 14:07:35 | 002,548,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

PRC - [2011-05-01 14:07:31 | 001,803,224 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

PRC - [2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011-01-28 18:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

PRC - [2011-01-28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe

PRC - [2011-01-13 10:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2011-01-13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010-12-27 13:09:38 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe

PRC - [2010-10-16 13:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

PRC - [2010-10-16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010-08-10 15:57:24 | 000,049,321 | ---- | M] (The Pidgin developer community) -- C:\Program Files\Pidgin\pidgin.exe

PRC - [2010-07-29 00:46:54 | 000,437,264 | ---- | M] () -- C:\Program Files\Core Temp\Core Temp.exe

PRC - [2010-07-07 03:51:10 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2010-07-07 03:50:42 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2010-05-21 00:29:12 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2010-05-21 00:29:08 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2010-03-04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009-02-23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011-05-07 22:21:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Michał\Desktop\OTL.exe

MOD - [2011-05-01 14:08:29 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll

MOD - [2011-01-13 10:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll

MOD - [2010-08-21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2011-05-01 14:07:31 | 001,803,224 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV - [2011-01-28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2011-01-13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010-10-16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010-08-19 01:15:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010-07-07 03:50:42 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2010-03-04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

SRV - [2009-07-16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Running] -- -- (ALSysIO)

DRV - [2011-05-01 14:08:28 | 000,080,064 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)

DRV - [2011-05-01 14:08:27 | 000,236,600 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)

DRV - [2011-05-01 14:08:27 | 000,035,768 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)

DRV - [2011-01-13 10:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011-01-13 10:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011-01-13 10:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011-01-13 10:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011-01-13 10:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010-10-22 08:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2010-09-07 22:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2010-07-07 03:15:24 | 000,210,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2009-11-12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009-07-14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009-07-14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2009-02-24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2008-09-04 07:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2008-09-04 07:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2008-09-04 07:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2935702085-876755048-1880503703-1000\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-2935702085-876755048-1880503703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.pl"

 

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-09-09 19:28:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-12-27 13:09:52 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-04-29 21:36:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-04-29 21:36:54 | 000,000,000 | ---D | M]

 

[2010-08-18 17:28:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michał\AppData\Roaming\mozilla\Extensions

[2011-05-08 14:13:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michał\AppData\Roaming\mozilla\Firefox\Profiles\7qdjgkjz.default\extensions

[2011-04-29 21:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011-01-30 14:29:38 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2011-01-27 13:01:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011-04-14 18:59:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2010-11-12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

 

Hosts file not found

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

O3 - HKU\S-1-5-21-2935702085-876755048-1880503703-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)

O4 - HKLM..\Run: [searchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-2935702085-876755048-1880503703-1000..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O4 - Startup: C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005-02-25 18:24:46 | 000,000,051 | R--- | M] () - G:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{1c3b1c11-ecdc-11df-a1f5-001fd0574fbc}\Shell - "" = AutoRun

O33 - MountPoints2\{1c3b1c11-ecdc-11df-a1f5-001fd0574fbc}\Shell\AutoRun\command - "" = G:\Install.exe -- [2004-10-21 19:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011-05-08 14:23:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2011-05-08 14:13:13 | 000,000,000 | ---D | C] -- C:\_OTL

[2011-05-08 11:14:25 | 000,607,288 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Michał\Desktop\SPTDinst-v178-x86.exe

[2011-05-08 10:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2011-05-08 10:48:58 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Roaming\uTorrent

[2011-05-08 10:48:46 | 000,399,736 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Michał\Desktop\utorrent.exe

[2011-05-08 00:11:12 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michał\Desktop\tdsskiller.exe

[2011-05-07 22:21:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Michał\Desktop\OTL.exe

[2011-05-01 13:06:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2011-05-01 12:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\oM31004JgIaF31004

[2011-04-28 15:55:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe

[2011-04-28 15:55:05 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll

[2011-04-28 15:55:05 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys

[2011-04-28 15:55:04 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe

[2011-04-28 15:55:01 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011-04-28 15:55:00 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2011-04-21 17:28:35 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2011-04-21 17:28:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011-04-21 17:28:35 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011-04-21 17:28:35 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011-04-21 17:28:35 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011-04-21 17:28:35 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011-04-21 17:28:35 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011-04-21 17:28:35 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011-04-21 17:28:35 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011-04-21 17:28:35 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2011-04-21 17:28:35 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011-04-21 17:28:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011-04-21 17:28:35 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011-04-21 17:28:35 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2011-04-21 17:28:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011-04-21 17:28:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2011-04-21 17:28:35 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2011-04-21 17:28:35 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2011-04-21 17:28:35 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2011-04-21 17:28:35 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2011-04-21 17:28:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011-04-21 17:28:35 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2011-04-21 17:28:35 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011-04-21 17:28:35 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2011-04-21 17:28:35 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2011-04-21 17:28:35 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011-04-21 17:28:35 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2011-04-21 17:28:35 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2011-04-21 17:28:35 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2011-04-21 17:28:35 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011-04-21 17:28:35 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011-04-21 17:28:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011-04-21 17:28:35 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2011-04-21 17:28:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2011-04-21 17:28:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011-04-21 17:28:35 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2011-04-21 17:28:35 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011-04-21 17:28:35 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011-04-21 17:28:35 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011-04-20 14:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

[2011-04-14 21:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD

[2011-04-14 21:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\XviD

[2011-04-14 21:59:41 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5

[2011-04-14 21:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5

[2011-04-14 21:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5

[2011-04-14 21:59:24 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub

[2011-04-14 21:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub

[2011-04-14 21:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest

[2011-04-14 06:28:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe

[2011-04-14 06:28:44 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011-04-14 06:28:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011-04-14 06:28:12 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011-04-14 06:28:10 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe

[2011-04-14 06:28:08 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2011-04-14 06:28:05 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2011-04-14 06:28:04 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

 

========== Files - Modified Within 30 Days ==========

 

[2011-05-08 14:21:57 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011-05-08 14:21:57 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011-05-08 14:14:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011-05-08 14:14:33 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys

[2011-05-08 11:14:27 | 000,607,288 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Michał\Desktop\SPTDinst-v178-x86.exe

[2011-05-08 10:56:19 | 150,194,176 | ---- | M] () -- C:\Users\Michał\Desktop\Windows 7 32-bit Repair Disc.iso

[2011-05-08 10:50:04 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk

[2011-05-08 10:48:51 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Michał\Desktop\utorrent.exe

[2011-05-08 10:45:13 | 000,011,789 | ---- | M] () -- C:\Users\Michał\Desktop\Windows 7 32-bit Repair Disc.torrent

[2011-05-08 00:11:20 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michał\Desktop\tdsskiller.exe

[2011-05-07 22:21:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Michał\Desktop\OTL.exe

[2011-05-07 19:34:04 | 000,000,029 | ---- | M] () -- C:\Users\Michał\Desktop\k1w2w5rf.bat

[2011-05-07 18:32:44 | 000,302,080 | ---- | M] () -- C:\Users\Michał\Desktop\k1w2w5rf.exe

[2011-05-01 14:08:29 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll

[2011-05-01 14:08:28 | 000,080,064 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys

[2011-05-01 14:08:27 | 000,236,600 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys

[2011-05-01 14:08:27 | 000,035,768 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys

[2011-05-01 14:08:27 | 000,017,256 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys

[2011-04-29 21:36:57 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011-04-24 16:00:03 | 000,697,674 | ---- | M] () -- C:\Windows\System32\perfh015.dat

[2011-04-24 16:00:03 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011-04-24 16:00:03 | 000,134,784 | ---- | M] () -- C:\Windows\System32\perfc015.dat

[2011-04-24 16:00:03 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011-04-21 17:28:35 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2011-04-21 17:28:35 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011-04-21 17:28:35 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011-04-21 17:28:35 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011-04-21 17:28:35 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011-04-21 17:28:35 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011-04-21 17:28:35 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011-04-21 17:28:35 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011-04-21 17:28:35 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011-04-21 17:28:35 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2011-04-21 17:28:35 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011-04-21 17:28:35 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011-04-21 17:28:35 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011-04-21 17:28:35 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2011-04-21 17:28:35 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011-04-21 17:28:35 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2011-04-21 17:28:35 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2011-04-21 17:28:35 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2011-04-21 17:28:35 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2011-04-21 17:28:35 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2011-04-21 17:28:35 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011-04-21 17:28:35 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2011-04-21 17:28:35 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011-04-21 17:28:35 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2011-04-21 17:28:35 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2011-04-21 17:28:35 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011-04-21 17:28:35 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2011-04-21 17:28:35 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2011-04-21 17:28:35 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2011-04-21 17:28:35 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011-04-21 17:28:35 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011-04-21 17:28:35 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2011-04-21 17:28:35 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011-04-21 17:28:35 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2011-04-21 17:28:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2011-04-21 17:28:35 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011-04-21 17:28:35 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2011-04-21 17:28:35 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011-04-21 17:28:35 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011-04-21 17:28:35 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011-04-20 18:30:27 | 000,290,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011-04-20 13:33:26 | 000,004,044 | ---- | M] () -- C:\Users\Michał\Documents\cc_20110420_133323.reg

[2011-04-20 13:33:03 | 000,468,116 | ---- | M] () -- C:\Users\Michał\Documents\cc_20110420_133233.reg

[2011-04-18 23:24:59 | 000,008,704 | ---- | M] () -- C:\Users\Michał\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-04-12 17:36:40 | 000,176,628 | ---- | M] () -- C:\Users\Michał\Desktop\information_schema.sql

[2011-04-12 17:30:43 | 012,930,030 | ---- | M] () -- C:\Users\Michał\Desktop\eminembo_312j51z.sql

[2011-04-12 17:26:38 | 013,106,172 | ---- | M] () -- C:\Users\Michał\Desktop\localhost.sql

 

========== Files Created - No Company Name ==========

 

[2011-05-08 10:52:56 | 150,194,176 | ---- | C] () -- C:\Users\Michał\Desktop\Windows 7 32-bit Repair Disc.iso

[2011-05-08 10:50:04 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk

[2011-05-08 10:45:12 | 000,011,789 | ---- | C] () -- C:\Users\Michał\Desktop\Windows 7 32-bit Repair Disc.torrent

[2011-05-07 19:08:22 | 000,000,029 | ---- | C] () -- C:\Users\Michał\Desktop\k1w2w5rf.bat

[2011-05-07 18:32:40 | 000,302,080 | ---- | C] () -- C:\Users\Michał\Desktop\k1w2w5rf.exe

[2011-04-29 21:36:57 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011-04-21 17:28:35 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2011-04-20 13:33:24 | 000,004,044 | ---- | C] () -- C:\Users\Michał\Documents\cc_20110420_133323.reg

[2011-04-20 13:32:36 | 000,468,116 | ---- | C] () -- C:\Users\Michał\Documents\cc_20110420_133233.reg

[2011-04-12 17:36:30 | 000,176,628 | ---- | C] () -- C:\Users\Michał\Desktop\information_schema.sql

[2011-04-12 17:28:39 | 012,930,030 | ---- | C] () -- C:\Users\Michał\Desktop\eminembo_312j51z.sql

[2011-04-12 17:24:19 | 013,106,172 | ---- | C] () -- C:\Users\Michał\Desktop\localhost.sql

[2011-01-27 18:43:04 | 007,269,376 | ---- | C] () -- C:\Windows\System32\mmpeg.exe

[2011-01-20 15:52:29 | 000,008,704 | ---- | C] () -- C:\Users\Michał\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-09-09 20:09:32 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

[2010-09-09 19:23:47 | 000,177,236 | ---- | C] () -- C:\Windows\hpoins14.dat

[2010-09-09 19:23:47 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat

[2010-08-19 13:24:00 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2010-08-18 20:15:20 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2010-08-18 18:56:35 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010-08-18 18:56:28 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010-08-18 18:56:28 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010-08-18 18:56:28 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010-08-18 17:08:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010-08-18 16:59:09 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2010-06-16 00:28:58 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2010-05-11 22:42:08 | 000,205,156 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2009-07-14 10:07:57 | 000,697,674 | ---- | C] () -- C:\Windows\System32\perfh015.dat

[2009-07-14 10:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat

[2009-07-14 10:07:57 | 000,134,784 | ---- | C] () -- C:\Windows\System32\perfc015.dat

[2009-07-14 10:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat

[2009-07-14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009-07-14 06:33:53 | 000,290,824 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009-07-14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009-07-14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009-07-14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009-07-14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009-07-14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009-07-14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009-07-14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll

[2009-07-14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009-07-14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2009-02-18 19:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe

[2009-02-03 22:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe

[2002-10-16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll

 

========== LOP Check ==========

 

[2011-05-08 14:26:46 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\.purple

[2011-01-29 23:35:33 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\AnvSoft

[2010-11-07 19:10:49 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\Bioshock

[2010-09-13 21:09:07 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\Canneverbe Limited

[2010-08-18 17:38:13 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\DAEMON Tools Lite

[2011-05-02 12:39:06 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\FileZilla

[2011-05-06 21:25:38 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\foobar2000

[2010-08-18 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\Foxit Software

[2011-01-23 20:12:00 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\gtk-2.0

[2011-01-27 18:12:44 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\iJoysoft

[2010-08-18 17:51:25 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\IrfanView

[2010-08-18 17:48:03 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\KeePass

[2010-10-01 16:23:55 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\Leadertech

[2011-03-26 12:46:35 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\LG Electronics

[2010-10-29 19:53:21 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\Mp3tag

[2010-08-22 15:45:13 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\OpenOffice.org

[2010-10-01 13:41:08 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\runic games

[2011-01-27 18:26:57 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\StoneNext

[2011-05-08 11:03:35 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\uTorrent

[2010-12-03 21:33:03 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\Yandex

[2011-05-07 23:39:45 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:661DFA1C

 

< End of report >

[Landuss]

W porządku, zeszło co trzeba. Wykonaj jeszcze następujące zalecenia na koniec:

 

1. Użyj opcji Sprzątanie z OTL.

 

2. Obowiązkowo zainstaluj SP1 dla Windows (KLIK) oraz zaktualizuj Avast

 

3. Na koniec wyzeruj stan Przywracania systemu: KLIK.

 

 

[ShadyYo]

Wszystkie kroki zrobione. Rozumiem, że to już wszystkie czynności?

Edytowane 8 Maja 2011 przez Landuss
Tak to tyle, w takim rzie temat zamykam