Wirusy na Win32 i nie uruchamiajacy sie win xp

PascalTurbo · 12 Wrzesień 2011 14:03

Witam

Na początku dodam ze na komputerze mam dwa systemy Windows XP i Windows 7. Dzisiaj gdy wróciłem do domu i zostałem poinformowany ze windows xp nie działa i faktycznie uruchamia się do paska ładowania windowsa xp i się wyłącza i od nowa wszystko się uruchamia, z trybu awaryjnego jest to samo. Windows 7 działa normalnie ale podczas uruchomienia pojawia się za każdym razem ostrzeżenie z Noda ze wykrył wirusa : Win32/Mebroot koń trojański a po chwili ostrzega o wirusie : Win32/Agent.SDG. Gen koń trojański . Pierwsza moja myśl włączyć Combofixa nic mi to nie pomogło a oto log:

((((((((((((((((((((((((( Pliki utworzone od 2011-08-12 do 2011-09-12 ))))))))))))))))))))))))))))))) . . 2011-09-12 13:54 . 2011-09-12 13:54 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-09-12 13:54 . 2011-09-12 13:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-12 13:24 . 2011-09-12 13:54 -------- d-----w- c:\users\Gadom\AppData\Local\temp 2011-09-09 12:35 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates{201596C7-CA7D-4AD1-89E7-8C8FBA65C280}\mpengine.dll 2011-08-26 12:31 . 2011-08-26 12:31 -------- d-----w- c:\program files\MSN Toolbar 2011-08-26 12:31 . 2011-08-26 12:31 -------- d-----w- c:\program files\Bing Bar Installer 2011-08-26 12:31 . 2011-08-26 12:34 -------- d-----w- c:\programdata\HP Photo Creations 2011-08-26 12:31 . 2011-08-26 12:31 -------- d-----w- c:\program files\HP Photo Creations 2011-08-26 12:31 . 2011-09-08 13:31 -------- d-----w- c:\users\Gadom\AppData\Roaming\HpUpdate 2011-08-24 09:57 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-10 17:14 . 2011-05-24 18:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-16 04:27 . 2011-08-10 23:49 290816 ----a-w- c:\windows\system32\KernelBase.dll 2011-07-16 04:15 . 2011-08-10 23:49 4096 —ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 4096 —ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 3072 —ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 5120 —ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 4608 —ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 4096 —ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 4096 —ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 3584 —ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 3584 —ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 3072 —ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 3072 —ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 3072 —ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 4096 —ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 3584 —ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 3584 —ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 3584 —ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 3584 —ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 3072 —ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 3072 —ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 3072 —ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 3072 —ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 3072 —ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 3072 —ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 23:49 3072 —ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 23:49 6144 —ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 23:49 4608 —ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 23:49 3584 —ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 23:49 3072 —ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-07-09 02:30 . 2011-08-10 23:50 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-24 04:27 . 2011-08-10 23:49 169984 ----a-w- c:\windows\system32\winsrv.dll 2011-06-24 04:22 . 2011-08-10 23:49 271360 ----a-w- c:\windows\system32\conhost.exe 2011-06-23 04:33 . 2011-08-10 23:50 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-06-23 04:33 . 2011-08-10 23:50 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-06-21 05:34 . 2011-08-10 23:49 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-15 08:55 . 2011-08-10 23:49 86016 ----a-w- c:\windows\system32\odbccu32.dll 2011-06-15 08:55 . 2011-08-10 23:49 81920 ----a-w- c:\windows\system32\odbccr32.dll 2011-06-15 08:55 . 2011-08-10 23:49 319488 ----a-w- c:\windows\system32\odbcjt32.dll 2011-06-15 08:55 . 2011-08-10 23:49 163840 ----a-w- c:\windows\system32\odbctrac.dll 2011-06-15 08:55 . 2011-08-10 23:49 122880 ----a-w- c:\windows\system32\odbccp32.dll 2011-09-07 20:34 . 2011-03-25 21:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE~\Browser Helper Objects{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}] 2011-02-09 18:29 400384 ----a-w- c:\progra~1\ALLPLA~1\Iplex\IplexToALLPlayer.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ALLUpdate”=“c:\program files\ALLPlayer\ALLUpdate.exe” [2011-02-07 1362944] “OscarEditor”=“c:\program files\OSCAR Editor\OscarEditor.exe” [2009-11-24 2642432] “Steam”=“e:\gry\steam\steam.exe” [2011-08-02 1242448] “Sony Ericsson PC Companion”=“c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe” [2010-11-16 422912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2008-07-14 570664] “amd_dc_opt”=“c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe” [2008-07-22 77824] “GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-26 31016] “QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” [2010-03-17 421888] “Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2011-06-08 37296] “Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2011-03-30 937920] “egui”=“c:\program files\ESET\ESET Smart Security\egui.exe” [2010-11-04 2219184] “SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2011-04-08 254696] “HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2010-03-12 49208] “Bing Bar”=“c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe” [2010-04-27 243544] “Microsoft Default Manager”=“c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe” [2009-11-11 288088] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “ConsentPromptBehaviorAdmin”= 0 (0x0) “ConsentPromptBehaviorUser”= 3 (0x3) “EnableLUA”= 0 (0x0) “EnableUIADesktopToggle”= 0 (0x0) “PromptOnSecureDesktop”= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “aux”=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2010-06-07 24504] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-01-08 13224] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-30 691696] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-11-04 810144] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Skan uzupełniający ------- . uStart Page = hxxp://vshare.toolbarhome.com/?hp=df IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: kuaiche.com\software TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces{6E8EEAA0-5ABC-4D1C-93A1-95CA91EA2EE7}: NameServer = 194.204.152.34 208.67.222.222 FF - ProfilePath - c:\users\Gadom\AppData\Roaming\Mozilla\Firefox\Profiles\rsyxlne7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search= FF - prefs.js: browser.startup.homepage - hxxp://pl.start3.mozilla.com/firefox?cl … l:official FF - prefs.js: keyword.URL - hxxp://startsear.ch/?q= . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1235542836-933740508-3956609943-1001\Software\SecuROM\License information*] “datasecu”=hex:45,ee,5c,03,fe,70,70,2d,2d,ef,1c,c1,56,1b,ad,ad,21,f5,18,c4,d5, 2b,6a,f2,9d,2a,b8,ac,0e,4e,f9,4b,bb,ae,b1,8d,03,1d,7b,b7,df,a3,27,26,e0,ce,\ “rkeysecu”=hex:84,b1,87,e0,76,42,e4,e4,60,e3,21,05,af,1e,37,af . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2011-09-12 15:55:34 ComboFix-quarantined-files.txt 2011-09-12 13:55 . Przed: 22 740 955 136 bajtów wolnych Po: 22 691 581 952 bajtów wolnych . - - End Of File - - 212C78FBF48E1BCE628049664F848C34

Mam nadzieje ze jakoś pomożecie

Pozdrawiam

Acorus · 12 Wrzesień 2011 14:13

Użyj Kasperski TDSSKiller instrukcja http://www.fixitpc.pl/topic/8-dezynfekc … #entry6814

Jak program coś znajdzie wybierasz Skip .Podaj z niego log.

PascalTurbo · 12 Wrzesień 2011 14:24

prosze oto log z TDSSKiller:

2011/09/12 16:17:31.0418 1624 TDSS rootkit removing tool 2.5.21.0 Sep 10 2011 21:07:05 2011/09/12 16:17:31.0654 1624 ================================================================================ 2011/09/12 16:17:31.0654 1624 SystemInfo: 2011/09/12 16:17:31.0654 1624 2011/09/12 16:17:31.0654 1624 OS Version: 6.1.7601 ServicePack: 1.0 2011/09/12 16:17:31.0654 1624 Product type: Workstation 2011/09/12 16:17:31.0654 1624 ComputerName: GADOM-PC 2011/09/12 16:17:31.0654 1624 UserName: Gadom 2011/09/12 16:17:31.0654 1624 Windows directory: C:\Windows 2011/09/12 16:17:31.0654 1624 System windows directory: C:\Windows 2011/09/12 16:17:31.0654 1624 Processor architecture: Intel x86 2011/09/12 16:17:31.0654 1624 Number of processors: 2 2011/09/12 16:17:31.0654 1624 Page size: 0x1000 2011/09/12 16:17:31.0654 1624 Boot type: Normal boot 2011/09/12 16:17:31.0654 1624 ================================================================================ 2011/09/12 16:17:32.0576 1624 Initialize success 2011/09/12 16:17:44.0525 4928 ================================================================================ 2011/09/12 16:17:44.0525 4928 Scan started 2011/09/12 16:17:44.0525 4928 Mode: Manual; 2011/09/12 16:17:44.0525 4928 ================================================================================ 2011/09/12 16:17:44.0951 4928 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 2011/09/12 16:17:44.0993 4928 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 2011/09/12 16:17:45.0015 4928 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 2011/09/12 16:17:45.0058 4928 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/09/12 16:17:45.0086 4928 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/09/12 16:17:45.0106 4928 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/09/12 16:17:45.0167 4928 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 2011/09/12 16:17:45.0204 4928 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 2011/09/12 16:17:45.0233 4928 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/09/12 16:17:45.0269 4928 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 2011/09/12 16:17:45.0302 4928 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 2011/09/12 16:17:45.0320 4928 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 2011/09/12 16:17:45.0363 4928 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/09/12 16:17:45.0411 4928 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys 2011/09/12 16:17:45.0441 4928 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/09/12 16:17:45.0473 4928 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 2011/09/12 16:17:45.0495 4928 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/09/12 16:17:45.0531 4928 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 2011/09/12 16:17:45.0569 4928 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 2011/09/12 16:17:45.0627 4928 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/09/12 16:17:45.0646 4928 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/09/12 16:17:45.0687 4928 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/09/12 16:17:45.0714 4928 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 2011/09/12 16:17:45.0757 4928 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/09/12 16:17:45.0789 4928 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/09/12 16:17:45.0819 4928 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/09/12 16:17:45.0850 4928 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/09/12 16:17:45.0879 4928 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 2011/09/12 16:17:45.0897 4928 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/09/12 16:17:45.0920 4928 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/09/12 16:17:45.0951 4928 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/09/12 16:17:45.0975 4928 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/09/12 16:17:45.0997 4928 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/09/12 16:17:46.0018 4928 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/09/12 16:17:46.0040 4928 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/09/12 16:17:46.0163 4928 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/09/12 16:17:46.0221 4928 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 2011/09/12 16:17:46.0251 4928 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/09/12 16:17:46.0289 4928 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/09/12 16:17:46.0317 4928 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/09/12 16:17:46.0342 4928 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 2011/09/12 16:17:46.0373 4928 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/09/12 16:17:46.0395 4928 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/09/12 16:17:46.0441 4928 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 2011/09/12 16:17:46.0463 4928 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/09/12 16:17:46.0508 4928 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 2011/09/12 16:17:46.0557 4928 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 2011/09/12 16:17:46.0592 4928 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/09/12 16:17:46.0624 4928 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/09/12 16:17:46.0676 4928 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys 2011/09/12 16:17:46.0742 4928 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys 2011/09/12 16:17:46.0758 4928 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys 2011/09/12 16:17:46.0792 4928 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/09/12 16:17:46.0834 4928 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 2011/09/12 16:17:46.0933 4928 eamonm (bf14fbabd52e9522456d3a2f6e7e76e4) C:\Windows\system32\DRIVERS\eamonm.sys 2011/09/12 16:17:47.0018 4928 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/09/12 16:17:47.0144 4928 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\Windows\system32\DRIVERS\ehdrv.sys 2011/09/12 16:17:47.0197 4928 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/09/12 16:17:47.0244 4928 epfw (15bfe00f030ea20955117bb0677e9668) C:\Windows\system32\DRIVERS\epfw.sys 2011/09/12 16:17:47.0284 4928 Epfwndis (52310e0e603d7da79ecca7d764937a91) C:\Windows\system32\DRIVERS\Epfwndis.sys 2011/09/12 16:17:47.0325 4928 epfwwfp (235250a79cf1e16a5a42407cfe3f6a4c) C:\Windows\system32\DRIVERS\epfwwfp.sys 2011/09/12 16:17:47.0355 4928 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 2011/09/12 16:17:47.0390 4928 ESLvnic1 (3f3126a8f73e92f8eb369d54977d9e15) C:\Windows\system32\DRIVERS\ESLvnic.sys 2011/09/12 16:17:47.0428 4928 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/09/12 16:17:47.0466 4928 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/09/12 16:17:47.0510 4928 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/09/12 16:17:47.0561 4928 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/09/12 16:17:47.0587 4928 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/09/12 16:17:47.0621 4928 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/09/12 16:17:47.0658 4928 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/09/12 16:17:47.0684 4928 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/09/12 16:17:47.0697 4928 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/09/12 16:17:47.0748 4928 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 2011/09/12 16:17:47.0774 4928 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/09/12 16:17:47.0856 4928 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys 2011/09/12 16:17:47.0878 4928 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys 2011/09/12 16:17:47.0993 4928 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys 2011/09/12 16:17:48.0014 4928 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/09/12 16:17:48.0064 4928 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 2011/09/12 16:17:48.0105 4928 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 2011/09/12 16:17:48.0118 4928 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/09/12 16:17:48.0156 4928 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/09/12 16:17:48.0176 4928 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/09/12 16:17:48.0202 4928 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys 2011/09/12 16:17:48.0233 4928 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 2011/09/12 16:17:48.0295 4928 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 2011/09/12 16:17:48.0316 4928 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 2011/09/12 16:17:48.0357 4928 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 2011/09/12 16:17:48.0394 4928 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 2011/09/12 16:17:48.0439 4928 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/09/12 16:17:48.0484 4928 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 2011/09/12 16:17:48.0505 4928 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/09/12 16:17:48.0523 4928 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/09/12 16:17:48.0550 4928 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 2011/09/12 16:17:48.0588 4928 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/09/12 16:17:48.0611 4928 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/09/12 16:17:48.0627 4928 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 2011/09/12 16:17:48.0653 4928 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 2011/09/12 16:17:48.0691 4928 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 2011/09/12 16:17:48.0711 4928 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 2011/09/12 16:17:48.0744 4928 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys 2011/09/12 16:17:48.0782 4928 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys 2011/09/12 16:17:48.0822 4928 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/09/12 16:17:48.0855 4928 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/09/12 16:17:48.0869 4928 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/09/12 16:17:48.0892 4928 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/09/12 16:17:48.0908 4928 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/09/12 16:17:48.0942 4928 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/09/12 16:17:48.0981 4928 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/09/12 16:17:49.0002 4928 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/09/12 16:17:49.0042 4928 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/09/12 16:17:49.0074 4928 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/09/12 16:17:49.0101 4928 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 2011/09/12 16:17:49.0133 4928 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/09/12 16:17:49.0193 4928 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 2011/09/12 16:17:49.0219 4928 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 2011/09/12 16:17:49.0236 4928 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/09/12 16:17:49.0266 4928 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 2011/09/12 16:17:49.0309 4928 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/09/12 16:17:49.0336 4928 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/09/12 16:17:49.0357 4928 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/09/12 16:17:49.0385 4928 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 2011/09/12 16:17:49.0416 4928 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 2011/09/12 16:17:49.0454 4928 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/09/12 16:17:49.0490 4928 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/09/12 16:17:49.0528 4928 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 2011/09/12 16:17:49.0564 4928 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/09/12 16:17:49.0581 4928 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/09/12 16:17:49.0605 4928 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/09/12 16:17:49.0632 4928 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/09/12 16:17:49.0654 4928 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 2011/09/12 16:17:49.0684 4928 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/09/12 16:17:49.0696 4928 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/09/12 16:17:49.0724 4928 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/09/12 16:17:49.0762 4928 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/09/12 16:17:49.0803 4928 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 2011/09/12 16:17:49.0852 4928 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/09/12 16:17:49.0874 4928 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/09/12 16:17:49.0907 4928 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/09/12 16:17:49.0950 4928 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/09/12 16:17:49.0975 4928 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 2011/09/12 16:17:50.0037 4928 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/09/12 16:17:50.0063 4928 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 2011/09/12 16:17:50.0107 4928 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/09/12 16:17:50.0139 4928 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/09/12 16:17:50.0163 4928 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/09/12 16:17:50.0212 4928 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 2011/09/12 16:17:50.0277 4928 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/09/12 16:17:50.0487 4928 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/09/12 16:17:50.0686 4928 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 2011/09/12 16:17:50.0721 4928 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 2011/09/12 16:17:50.0797 4928 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 2011/09/12 16:17:50.0828 4928 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 2011/09/12 16:17:50.0882 4928 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/09/12 16:17:50.0914 4928 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 2011/09/12 16:17:50.0936 4928 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/09/12 16:17:50.0961 4928 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 2011/09/12 16:17:50.0986 4928 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 2011/09/12 16:17:51.0021 4928 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/09/12 16:17:51.0056 4928 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/09/12 16:17:51.0083 4928 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/09/12 16:17:51.0186 4928 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/09/12 16:17:51.0209 4928 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/09/12 16:17:51.0246 4928 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/09/12 16:17:51.0289 4928 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/09/12 16:17:51.0330 4928 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/09/12 16:17:51.0356 4928 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/09/12 16:17:51.0374 4928 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/09/12 16:17:51.0396 4928 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/09/12 16:17:51.0420 4928 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/09/12 16:17:51.0444 4928 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/09/12 16:17:51.0472 4928 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/09/12 16:17:51.0502 4928 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 2011/09/12 16:17:51.0520 4928 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/09/12 16:17:51.0547 4928 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/09/12 16:17:51.0579 4928 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 2011/09/12 16:17:51.0606 4928 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/09/12 16:17:51.0625 4928 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/09/12 16:17:51.0664 4928 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys 2011/09/12 16:17:51.0695 4928 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 2011/09/12 16:17:51.0726 4928 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 2011/09/12 16:17:51.0802 4928 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/09/12 16:17:51.0861 4928 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys 2011/09/12 16:17:51.0918 4928 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\Windows\system32\DRIVERS\s125bus.sys 2011/09/12 16:17:51.0952 4928 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\Windows\system32\DRIVERS\s125mgmt.sys 2011/09/12 16:17:51.0985 4928 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 2011/09/12 16:17:52.0016 4928 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 2011/09/12 16:17:52.0048 4928 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 2011/09/12 16:17:52.0125 4928 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/09/12 16:17:52.0179 4928 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/09/12 16:17:52.0196 4928 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/09/12 16:17:52.0225 4928 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/09/12 16:17:52.0273 4928 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 2011/09/12 16:17:52.0310 4928 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 2011/09/12 16:17:52.0335 4928 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 2011/09/12 16:17:52.0354 4928 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/09/12 16:17:52.0405 4928 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 2011/09/12 16:17:52.0440 4928 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/09/12 16:17:52.0460 4928 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/09/12 16:17:52.0515 4928 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/09/12 16:17:52.0576 4928 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/09/12 16:17:52.0636 4928 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/09/12 16:17:52.0636 4928 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/09/12 16:17:52.0641 4928 sptd - detected LockedFile.Multi.Generic (1) 2011/09/12 16:17:52.0677 4928 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 2011/09/12 16:17:52.0703 4928 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 2011/09/12 16:17:52.0724 4928 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 2011/09/12 16:17:52.0780 4928 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/09/12 16:17:52.0827 4928 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 2011/09/12 16:17:52.0871 4928 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 2011/09/12 16:17:52.0902 4928 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 2011/09/12 16:17:52.0985 4928 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys 2011/09/12 16:17:53.0018 4928 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys 2011/09/12 16:17:53.0053 4928 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/09/12 16:17:53.0116 4928 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 2011/09/12 16:17:53.0158 4928 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 2011/09/12 16:17:53.0193 4928 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 2011/09/12 16:17:53.0247 4928 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 2011/09/12 16:17:53.0295 4928 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/09/12 16:17:53.0333 4928 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 2011/09/12 16:17:53.0390 4928 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 2011/09/12 16:17:53.0415 4928 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/09/12 16:17:53.0461 4928 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 2011/09/12 16:17:53.0525 4928 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 2011/09/12 16:17:53.0556 4928 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 2011/09/12 16:17:53.0581 4928 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/09/12 16:17:53.0630 4928 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/09/12 16:17:53.0689 4928 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 2011/09/12 16:17:53.0719 4928 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/09/12 16:17:53.0754 4928 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 2011/09/12 16:17:53.0799 4928 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys 2011/09/12 16:17:53.0852 4928 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/09/12 16:17:53.0892 4928 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 2011/09/12 16:17:53.0922 4928 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/09/12 16:17:53.0970 4928 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/09/12 16:17:54.0008 4928 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 2011/09/12 16:17:54.0033 4928 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/09/12 16:17:54.0055 4928 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/09/12 16:17:54.0111 4928 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 2011/09/12 16:17:54.0145 4928 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 2011/09/12 16:17:54.0178 4928 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/09/12 16:17:54.0228 4928 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 2011/09/12 16:17:54.0247 4928 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 2011/09/12 16:17:54.0270 4928 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 2011/09/12 16:17:54.0293 4928 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 2011/09/12 16:17:54.0344 4928 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/09/12 16:17:54.0369 4928 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 2011/09/12 16:17:54.0398 4928 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/09/12 16:17:54.0434 4928 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2011/09/12 16:17:54.0462 4928 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/09/12 16:17:54.0502 4928 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/09/12 16:17:54.0525 4928 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/09/12 16:17:54.0570 4928 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/09/12 16:17:54.0602 4928 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/09/12 16:17:54.0664 4928 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/09/12 16:17:54.0683 4928 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/09/12 16:17:54.0756 4928 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/09/12 16:17:54.0808 4928 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 2011/09/12 16:17:54.0849 4928 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/09/12 16:17:54.0893 4928 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 2011/09/12 16:17:54.0946 4928 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/09/12 16:17:54.0984 4928 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0 2011/09/12 16:17:55.0014 4928 \Device\Harddisk0\DR0 - detected Trojan-Clicker.Win32.Wistler.c (0) 2011/09/12 16:17:55.0022 4928 Boot (0x1200) (1c01e981eedca67d292c9707c84228cf) \Device\Harddisk0\DR0\Partition0 2011/09/12 16:17:55.0057 4928 Boot (0x1200) (6543e174f9fa8afc3f2d0fba1a2d0127) \Device\Harddisk0\DR0\Partition1 2011/09/12 16:17:55.0073 4928 Boot (0x1200) (5861db2c7c792b0a04444337fe0e55ff) \Device\Harddisk0\DR0\Partition2 2011/09/12 16:17:55.0095 4928 Boot (0x1200) (ab9077b3bed63baf06100541f1038467) \Device\Harddisk0\DR0\Partition3 2011/09/12 16:17:55.0099 4928 ================================================================================ 2011/09/12 16:17:55.0099 4928 Scan finished 2011/09/12 16:17:55.0099 4928 ================================================================================ 2011/09/12 16:17:55.0109 0376 Detected object count: 2 2011/09/12 16:17:55.0109 0376 Actual detected object count: 2 2011/09/12 16:20:15.0798 0376 LockedFile.Multi.Generic(sptd) - User select action: Skip 2011/09/12 16:20:15.0806 0376 \Device\Harddisk0\DR0 (Trojan-Clicker.Win32.Wistler.c) - will be cured after reboot 2011/09/12 16:20:15.0807 0376 \Device\Harddisk0\DR0 - ok 2011/09/12 16:20:15.0807 0376 Trojan-Clicker.Win32.Wistler.c(\Device\Harddisk0\DR0) - User select action: Cure 2011/09/12 16:20:20.0439 3028 Deinitialize success

Dodam ze wyjątkowo już komunikaty z Noda nie wyskoczyły.

Acorus · 12 Wrzesień 2011 14:49

Dlaczego wyjątkowo?TDSSKiller swoje zrobił.Pokaż jeszcze logi z OTL otl-gmer-rsit-dss-inne-instrukcje-t370405.html

PascalTurbo · 12 Wrzesień 2011 14:59

A jakoś mi się tak napisało Oto log z OTL:

OTL Extras logfile created on: 2011-09-12 16:53:36 - Run 1 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Gadom\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 59,85% Memory free 4,00 Gb Paging File | 2,78 Gb Available in Paging File | 69,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 21,43 Gb Free Space | 43,88% Space Free | Partition Type: NTFS Drive D: | 46,38 Gb Total Space | 37,97 Gb Free Space | 81,85% Space Free | Partition Type: NTFS Drive E: | 368,10 Gb Total Space | 49,47 Gb Free Space | 13,44% Space Free | Partition Type: NTFS Computer Name: GADOM-PC | User Name: Gadom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes] .cpl [@ = cplfile] – C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] – C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes] .html [@ = FirefoxHTML] – C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shell[command]\command] batfile [open] – “%1” %* cmdfile [open] – “%1” %* comfile [open] – “%1” %* cplfile [cplopen] – %SystemRoot%\System32\control.exe “%1”,%* (Microsoft Corporation) exefile [open] – “%1” %* helpfile [open] – Reg Error: Key error. hlpfile [open] – %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] – “%1” %* regfile [merge] – Reg Error: Key error. scrfile [config] – “%1” scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] – “%1” /S txtfile [edit] – Reg Error: Key error. Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] – cmd.exe /s /k pushd “%V” (Microsoft Corporation) Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] – %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] – Reg Error: Value error. Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] “cval” = 1 “FirewallDisableNotify” = 0 “AntiVirusDisableNotify” = 0 “UpdatesDisableNotify” = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] “VistaSp1” = Reg Error: Unknown registry data type – File not found “AntiVirusOverride” = 0 “AntiSpywareOverride” = 0 “FirewallOverride” = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] “DisableSR” = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] “DisableNotifications” = 0 “EnableFirewall” = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] “DisableNotifications” = 0 “EnableFirewall” = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] “DisableNotifications” = 0 “EnableFirewall” = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] “C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe” = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 “C:\Users\Gadomupdate001.exe” = C:\Users\Gadomupdate001.exe:*:Enabled:ldrsoft “C:\Users\Gadom\AppData\Roaming\x2svyttytzmcvie1hkmbmha3marmk3lc2\svcnost.exe” = C:\Users\Gadom\AppData\Roaming\x2svyttytzmcvie1hkmbmha3marmk3lc2\svcnost.exe:*:Enabled:ldrsoft “C:\Users\Gadom\AppData\Roaming\xuqyyxmeupaed2giruqghf2udd1dmsha2\svcnost.exe” = C:\Users\Gadom\AppData\Roaming\xuqyyxmeupaed2giruqghf2udd1dmsha2\svcnost.exe:*:Enabled:ldrsoft ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] “{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}” = Java DB 10.5.3.0 “{048298C9-A4D3-490B-9FF9-AB023A9238F3}” = Steam “{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}” = Call of Duty® 4 - Modern Warfare 1.3 Patch “{08234a0d-cf39-4dca-99f0-0c5cb496da81}” = Bing Bar “{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}” = Windows Live ID Sign-in Assistant “{196BB40D-1578-3D01-B289-BEFC77A11A1E}” = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 “{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}” = Microsoft XNA Framework Redistributable 3.1 “{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}” = Komunikator WTW 0.8.4.2390 “{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 “{26A24AE4-039D-4CA4-87B4-2F83216024FF}” = Java 6 Update 26 “{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}” = QuickTime “{32A3A4F4-B792-11D6-A78A-00B0D0160230}” = Java SE Development Kit 6 Update 23 “{3BD633E0-4BF8-4499-9149-88F0767D449C}” = Call of Duty® 4 - Modern Warfare 1.4 Patch “{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}” = FIFA 11 “{434D0FA0-1558-4D8E-AC3D-BD1000008200}” = DiRT 3 “{45410935-B52C-468A-A836-0D1000018201}” = BulletStorm “{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater “{4CB0307C-565E-4441-86BE-0DF2E4FB828C}” = Microsoft Games for Windows Marketplace “{4D53090A-CE35-42BD-B377-831000018301}” = Fable III “{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}” = SpPhones “{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}” = Bing Bar Platform “{5033F411-4848-49D6-BAC2-DAA06AFA0AFC}” = HP Deskjet 2050 J510 series Basic Device Software “{5454083B-1308-4485-BF17-111000028701}” = Grand Theft Auto: Episodes from Liberty City “{5454083B-1308-4485-BF17-111000028702}” = Grand Theft Auto: Episodes from Liberty City “{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}” = Sp5 “{56C049BE-79E9-4502-BEA7-9754A3E60F9B}” = neroxml “{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}” = Microsoft Search Enhancement Pack “{625C89D5-9E0B-458D-966C-793294643E64}_is1” = Football.Manager.PL.RIP.O22y wersja 1.5 “{66B6D13A-9CC1-417D-B6F2-58AA539D1045}” = Nero 7 Essentials “{6C3959C6-943E-44B3-BAAD-570B04B134E5}” = SpCommon “{7299052b-02a4-4627-81f2-1818da5d550d}” = Microsoft Visual C++ 2005 Redistributable “{787D1A33-A97B-4245-87C0-7174609A540C}” = HP Update “{789289CA-F73A-4A16-A331-54D498CE069F}” = Ventrilo “{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}” = HP Deskjet 2050 J510 series Pomoc “{837b34e3-7c30-493c-8f6a-2b0f04e2912c}” = Microsoft Visual C++ 2005 Redistributable “{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}” = HPDiagnosticAlert “{888F1505-C2B3-4FDE-835D-36353EBD4754}” = Ubisoft Game Launcher “{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight “{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}” = Call of Duty® 4 - Modern Warfare 1.6 Patch “{8C0CAA7A-3272-4991-A808-2C7559DE3409}” = Win7codecs “{8C14DD20-08C7-11D6-9214-005004BFABB8}” = KoktajlBar “{90120000-0015-0415-0000-0000000FF1CE}” = Microsoft Office Access MUI (Polish) 2007 “{90120000-0016-0415-0000-0000000FF1CE}” = Microsoft Office Excel MUI (Polish) 2007 “{90120000-0018-0415-0000-0000000FF1CE}” = Microsoft Office PowerPoint MUI (Polish) 2007 “{90120000-0019-0415-0000-0000000FF1CE}” = Microsoft Office Publisher MUI (Polish) 2007 “{90120000-001A-0415-0000-0000000FF1CE}” = Microsoft Office Outlook MUI (Polish) 2007 “{90120000-001B-0415-0000-0000000FF1CE}” = Microsoft Office Word MUI (Polish) 2007 “{90120000-001F-0407-0000-0000000FF1CE}” = Microsoft Office Proof (German) 2007 “{90120000-001F-0409-0000-0000000FF1CE}” = Microsoft Office Proof (English) 2007 “{90120000-001F-0415-0000-0000000FF1CE}” = Microsoft Office Proof (Polish) 2007 “{90120000-002C-0415-0000-0000000FF1CE}” = Microsoft Office Proofing (Polish) 2007 “{90120000-0030-0000-0000-0000000FF1CE}” = Microsoft Office Enterprise 2007 “{90120000-0044-0415-0000-0000000FF1CE}” = Microsoft Office InfoPath MUI (Polish) 2007 “{90120000-006E-0415-0000-0000000FF1CE}” = Microsoft Office Shared MUI (Polish) 2007 “{90120000-00A1-0415-0000-0000000FF1CE}” = Microsoft Office OneNote MUI (Polish) 2007 “{90120000-00BA-0415-0000-0000000FF1CE}” = Microsoft Office Groove MUI (Polish) 2007 “{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}” = 32 Bit HP CIO Components Installer “{931C37FC-594D-43A9-B10F-A2F2B1F03498}” = Call of Duty® 4 - Modern Warfare 1.7 Patch “{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 “{9E1BAB75-EB78-440D-94C0-A3857BE2E733}” = System Requirements Lab “{9FD6F1A8-5550-46AF-8509-271DF0E768B5}” = Dual-Core Optimizer “{A30C3FBB-7D5E-46D3-91C1-AD320D05373E}” = HP Deskjet 2050 J510 series Badanie ulepszeń produktu “{A49F249F-0C91-497F-86DF-B2585E8E76B7}” = Microsoft Visual C++ 2005 Redistributable “{AC76BA86-7AD7-1045-7B44-A94000000001}” = Adobe Reader 9.4.5 - Polish “{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision” = NVIDIA Sterownik 3D Vision 266.58 “{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel” = Panel sterowania NVIDIA 266.58 “{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver” = NVIDIA Sterownik graficzny 266.58 “{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX” = NVIDIA Oprogramowanie systemu PhysX 9.10.0514 “{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer” = NVIDIA Install Application “{B93E815A-ED3F-436C-8175-C0BB1AD4AA36}” = OSCAR Editor “{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}” = Microsoft Default Manager “{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}” = NVIDIA PhysX “{BE4BA698-8533-4F77-9559-C7F3F78C0B05}” = Assassin’s Creed Brotherhood “{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1 “{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}” = PlayReady PC Runtime x86 “{D103C4BA-F905-437A-8049-DB24763BBE36}” = Skype™ 4.1 “{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1” = Rapture3D 2.4.8 Game “{E415C943-37E5-473F-8BAE-043C56734124}” = Sp5TTInt “{E5141379-B2D9-4BBC-BB2A-5805541571DD}” = Call of Duty® 4 - Modern Warfare 1.2 Patch “{ED3B5D6A-56B2-426A-B037-1F97CD9C0357}” = ESET Smart Security “{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}” = Sony Ericsson PC Companion 2.01.078 “{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}” = Wiedźmin 2 “{F2508213-9989-4E85-A078-72BE483917EF}” = Microsoft Games for Windows - LIVE Redistributable “{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}” = Sp5Intl “{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 “ABC Amber PDF Converter” = ABC Amber PDF Converter “Adobe Flash Player ActiveX” = Adobe Flash Player 10 ActiveX “Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin “ALLPlayer_is1” = ALLPlayer V4.X “CCleaner” = CCleaner “DAEMON Tools Toolbar” = DAEMON Tools Toolbar “Defraggler” = Defraggler “Dev-C++” = Dev-C++ 5 beta 9 release (4.9.9.2) “EA Installer.423539486” = EA Installer “ENTERPRISE” = Microsoft Office Enterprise 2007 “foobar2000” = foobar2000 v0.9.6.9 “GameDesire-Pool & Snooker” = GameDesire-Pool & Snooker “GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}” = DiRT 3 “HP Photo Creations” = HP Photo Creations “Inkscape” = Inkscape 0.46 “installAPK” = installAPK (Remove Only) “InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}” = Call of Duty® 4 - Modern Warfare 1.3 Patch “InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}” = Call of Duty® 4 - Modern Warfare 1.4 Patch “InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}” = Call of Duty® 4 - Modern Warfare 1.6 Patch “InstallShield_{9208F706-6528-4591-A997-F41395FBD8A7}” = Spider-Man® - Web of Shadows 1.1 Patch “InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}” = Call of Duty® 4 - Modern Warfare 1.7 Patch “InstallShield_{B93E815A-ED3F-436C-8175-C0BB1AD4AA36}” = OSCAR Editor “InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}” = Call of Duty® 4 - Modern Warfare 1.2 Patch “ipla” = ipla 2.2.1 “JDownloader” = JDownloader “Mozilla Firefox 6.0.2 (x86 pl)” = Mozilla Firefox 6.0.2 (x86 pl) “NVIDIAStereo” = NVIDIA Stereoscopic 3D Driver “OpenAL” = OpenAL “PunkBusterSvc” = PunkBuster Services “RealAlt_is1” = Real Alternative 1.9.0 Lite “SopCast” = SopCast 3.3.2 “Steam App 10” = Counter-Strike “Steam App 220” = Half-Life 2 “Steam App 320” = Half-Life 2: Deathmatch “Steam App 380” = Half-Life 2: Episode One “Steam App 420” = Half-Life 2: Episode Two “Steam App 440” = Team Fortress 2 “SystemRequirementsLab” = System Requirements Lab “TeamViewer 6” = TeamViewer 6 “Update Engine” = Sony Ericsson Update Engine “WinGimp-2.0_is1” = GIMP 2.6.11 “WinRAR archiver” = Archiwizator WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] “Facebook Plug-In” = Facebook Plug-In ========== Last 10 Event Log Errors ========== [Application Events] Error - 2011-02-21 13:47:18 | Computer Name = Gadom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-02-21 13:47:18 | Computer Name = Gadom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-02-21 13:47:18 | Computer Name = Gadom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-02-21 13:47:18 | Computer Name = Gadom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-02-21 13:47:18 | Computer Name = Gadom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-02-21 16:45:18 | Computer Name = Gadom-PC | Source = VSS | ID = 8194 Description = Error - 2011-02-21 17:04:23 | Computer Name = Gadom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-02-21 17:04:23 | Computer Name = Gadom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-02-21 17:04:23 | Computer Name = Gadom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-02-21 17:04:23 | Computer Name = Gadom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . [System Events] Error - 2011-09-12 09:08:07 | Computer Name = Gadom-PC | Source = volsnap | ID = 393245 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane podczas wykrywania. Error - 2011-09-12 09:08:18 | Computer Name = Gadom-PC | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego błędu: %%2 Error - 2011-09-12 09:16:06 | Computer Name = Gadom-PC | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2011-09-12 09:18:41 | Computer Name = Gadom-PC | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2011-09-12 09:21:01 | Computer Name = Gadom-PC | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2011-09-12 09:28:21 | Computer Name = Gadom-PC | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego błędu: %%2 Error - 2011-09-12 09:48:58 | Computer Name = Gadom-PC | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2011-09-12 09:52:07 | Computer Name = Gadom-PC | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2011-09-12 09:54:23 | Computer Name = Gadom-PC | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2011-09-12 10:21:22 | Computer Name = Gadom-PC | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego błędu: %%2 < End of report >

I wielkie dzięki,jeszcze sprawdzę czy XP chodzi.

Acorus · 12 Wrzesień 2011 15:09

Odinstaluj DAEMON Tools Toolbar.Potrzebny jeszcze log OTL.txt

Wrzuć go na wklej.org

PascalTurbo · 12 Wrzesień 2011 15:16

http://wklej.org/id/593031/

Acorus · 12 Wrzesień 2011 15:29

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL SRV - File not found [Auto | Stopped] – -- (Nero BackItUp Scheduler 4.0) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df FF - prefs.js…browser.search.defaultengine: “Ask.com” FF - prefs.js…browser.search.defaultenginename: “Web Search…” FF - prefs.js…browser.search.defaulturl: “http://www3.iamwired.net/websearch.php?src=tops&search=” FF - prefs.js…browser.search.order.1: “Ask.com” FF - prefs.js…keyword.URL: “http://startsear.ch/?q=” [2010-09-06 13:49:29 | 000,002,566 | ---- | M] () – C:\Users\Gadom\AppData\Roaming\Mozilla\Firefox\Profiles\rsyxlne7.default\searchplugins\askcom.xml [2009-12-30 16:57:08 | 000,002,055 | ---- | M] () – C:\Users\Gadom\AppData\Roaming\Mozilla\Firefox\Profiles\rsyxlne7.default\searchplugins\daemon-search.xml [2010-05-01 13:12:35 | 000,000,261 | ---- | M] () – C:\Users\Gadom\AppData\Roaming\Mozilla\Firefox\Profiles\rsyxlne7.default\searchplugins\Search.xml [2011-08-20 13:35:58 | 000,001,565 | ---- | M] () – C:\Users\Gadom\AppData\Roaming\Mozilla\Firefox\Profiles\rsyxlne7.default\searchplugins\web-search.xml O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found. O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () [2010-02-11 01:17:14 | 000,000,248 | ---- | C] () – C:\Windows\System32\secustat.dat [2010-02-11 00:45:22 | 000,000,305 | ---- | C] () – C:\Windows\System32\secushr.dat :Commands [emptytemp]

Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.Przeskanuj progr.Malwarebytes Anti-Malware

http://www.dobreprogramy.pl/Malwarebyte … 13117.html

Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY WIRUSÓW

PascalTurbo · 12 Wrzesień 2011 17:17

log z Malwarebytes Anti-Malware :

http://wklej.org/id/593088/

Acorus · 12 Wrzesień 2011 17:23

Pousuwaj wszystko.

PascalTurbo · 12 Wrzesień 2011 17:27

Pousuwałem, dałem zapisz log przed usunięciem Wielkie dzięki,jestem bardzo wdzięczny, widzę muszę antywirusa chyba zmienić bo Nod tyle rzeczy pominął ;/