rootkit mbr: physicaldrived (rootkit skyryty boot sektror)

[vyosek]

Krasa TDSS jej vidi

Spustte jej znovu, opet scan ale u polozky \Device\Harddisk0\DR0 by mel byt predvoleny "Cure", ten tam nechte

Bude asi potreba restart PC, udelejte

Pak novy log z TDSS a aswMBR

[breta21]

mam ten soubor MRB.dat odstanit ? ?
odkud ten rootkit muže byt ?



18:20:07.0484 0848 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
18:20:07.0656 0848 ============================================================
18:20:07.0656 0848 Current date / time: 2012/02/10 18:20:07.0656
18:20:07.0656 0848 SystemInfo:
18:20:07.0656 0848
18:20:07.0656 0848 OS Version: 5.1.2600 ServicePack: 2.0
18:20:07.0656 0848 Product type: Workstation
18:20:07.0656 0848 ComputerName: BRETA-3A020784F
18:20:07.0656 0848 UserName: breta
18:20:07.0656 0848 Windows directory: C:\WINDOW
18:20:07.0656 0848 System windows directory: C:\WINDOW
18:20:07.0656 0848 Processor architecture: Intel x86
18:20:07.0656 0848 Number of processors: 1
18:20:07.0656 0848 Page size: 0x1000
18:20:07.0656 0848 Boot type: Normal boot
18:20:07.0656 0848 ============================================================
18:20:09.0796 0848 Drive \Device\Harddisk0\DR0 - Size: 0x262AE80000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:20:09.0859 0848 \Device\Harddisk0\DR0:
18:20:09.0859 0848 MBR used
18:20:09.0859 0848 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
18:20:09.0875 0848 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0xF6B9CA9
18:20:10.0203 0848 Initialize success
18:20:10.0203 0848 ============================================================
18:20:14.0875 2784 ============================================================
18:20:14.0890 2784 Scan started
18:20:14.0890 2784 Mode: Manual; SigCheck; TDLFS;
18:20:14.0890 2784 ============================================================
18:20:16.0515 2784 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOW\system32\drivers\Aavmker4.sys
18:20:16.0625 2784 Aavmker4 - ok
18:20:16.0656 2784 Abiosdsk - ok
18:20:16.0703 2784 abp480n5 - ok
18:20:16.0765 2784 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOW\system32\DRIVERS\ACPI.sys
18:20:18.0015 2784 ACPI - ok
18:20:18.0109 2784 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOW\system32\drivers\ACPIEC.sys
18:20:18.0328 2784 ACPIEC - ok
18:20:18.0359 2784 adpu160m - ok
18:20:18.0453 2784 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOW\system32\drivers\aec.sys
18:20:18.0718 2784 aec - ok
18:20:18.0796 2784 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOW\System32\drivers\afd.sys
18:20:18.0812 2784 AFD - ok
18:20:18.0843 2784 Aha154x - ok
18:20:18.0875 2784 aic78u2 - ok
18:20:18.0906 2784 aic78xx - ok
18:20:19.0109 2784 ALCXWDM (d9026163ed32a13923a2c909897a6b87) C:\WINDOW\system32\drivers\ALCXWDM.SYS
18:20:19.0796 2784 ALCXWDM - ok
18:20:19.0890 2784 AliIde - ok
18:20:19.0921 2784 AmdK7 (2cc3bf45ac3180fe29c199bd95f09601) C:\WINDOW\system32\DRIVERS\amdk7.sys
18:20:20.0156 2784 AmdK7 - ok
18:20:20.0203 2784 amsint - ok
18:20:20.0296 2784 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOW\system32\DRIVERS\arp1394.sys
18:20:20.0546 2784 Arp1394 - ok
18:20:20.0640 2784 asc - ok
18:20:20.0718 2784 asc3350p - ok
18:20:20.0750 2784 asc3550 - ok
18:20:20.0828 2784 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOW\system32\drivers\aswFsBlk.sys
18:20:20.0843 2784 aswFsBlk - ok
18:20:20.0890 2784 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOW\system32\drivers\aswMon2.sys
18:20:20.0906 2784 aswMon2 - ok
18:20:21.0015 2784 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOW\system32\drivers\aswRdr.sys
18:20:21.0031 2784 aswRdr - ok
18:20:21.0093 2784 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOW\system32\drivers\aswSnx.sys
18:20:21.0125 2784 aswSnx - ok
18:20:21.0234 2784 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOW\system32\drivers\aswSP.sys
18:20:21.0250 2784 aswSP - ok
18:20:21.0312 2784 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOW\system32\drivers\aswTdi.sys
18:20:21.0312 2784 aswTdi - ok
18:20:21.0421 2784 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOW\system32\DRIVERS\asyncmac.sys
18:20:21.0703 2784 AsyncMac - ok
18:20:21.0796 2784 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOW\system32\DRIVERS\atapi.sys
18:20:22.0015 2784 atapi - ok
18:20:22.0062 2784 Atdisk - ok
18:20:24.0546 2784 ati2mtag (1e75fad9de6cd4d745d27347324649a8) C:\WINDOW\system32\DRIVERS\ati2mtag.sys
18:20:24.0609 2784 ati2mtag - ok
18:20:24.0656 2784 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOW\system32\DRIVERS\atmarpc.sys
18:20:24.0890 2784 Atmarpc - ok
18:20:24.0953 2784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOW\system32\DRIVERS\audstub.sys
18:20:25.0187 2784 audstub - ok
18:20:25.0265 2784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOW\system32\drivers\Beep.sys
18:20:25.0500 2784 Beep - ok
18:20:25.0578 2784 catchme - ok
18:20:25.0796 2784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOW\system32\drivers\cbidf2k.sys
18:20:26.0000 2784 cbidf2k - ok
18:20:26.0046 2784 cd20xrnt - ok
18:20:26.0109 2784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOW\system32\drivers\Cdaudio.sys
18:20:26.0312 2784 Cdaudio - ok
18:20:26.0375 2784 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOW\system32\drivers\Cdfs.sys
18:20:26.0640 2784 Cdfs - ok
18:20:26.0734 2784 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOW\system32\DRIVERS\cdrom.sys
18:20:27.0062 2784 Cdrom - ok
18:20:27.0125 2784 Changer - ok
18:20:27.0171 2784 CmdIde - ok
18:20:27.0234 2784 Cpqarray - ok
18:20:27.0281 2784 dac2w2k - ok
18:20:27.0312 2784 dac960nt - ok
18:20:27.0375 2784 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOW\system32\DRIVERS\disk.sys
18:20:27.0625 2784 Disk - ok
18:20:27.0781 2784 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOW\system32\drivers\dmboot.sys
18:20:28.0062 2784 dmboot - ok
18:20:28.0156 2784 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOW\system32\drivers\dmio.sys
18:20:28.0375 2784 dmio - ok
18:20:28.0421 2784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOW\system32\drivers\dmload.sys
18:20:28.0640 2784 dmload - ok
18:20:28.0781 2784 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOW\system32\drivers\DMusic.sys
18:20:29.0046 2784 DMusic - ok
18:20:29.0093 2784 dpti2o - ok
18:20:29.0125 2784 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOW\system32\drivers\drmkaud.sys
18:20:29.0375 2784 drmkaud - ok
18:20:29.0484 2784 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOW\system32\drivers\Fastfat.sys
18:20:29.0703 2784 Fastfat - ok
18:20:29.0781 2784 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOW\system32\DRIVERS\fdc.sys
18:20:30.0031 2784 Fdc - ok
18:20:30.0109 2784 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOW\system32\drivers\Fips.sys
18:20:30.0296 2784 Fips - ok
18:20:30.0343 2784 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOW\system32\DRIVERS\flpydisk.sys
18:20:30.0578 2784 Flpydisk - ok
18:20:30.0656 2784 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOW\system32\DRIVERS\fltMgr.sys
18:20:30.0890 2784 FltMgr - ok
18:20:30.0953 2784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOW\system32\drivers\Fs_Rec.sys
18:20:31.0171 2784 Fs_Rec - ok
18:20:31.0234 2784 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOW\system32\DRIVERS\ftdisk.sys
18:20:31.0437 2784 Ftdisk - ok
18:20:31.0500 2784 GarenaPEngine - ok
18:20:31.0546 2784 GGSAFERDriver - ok
18:20:31.0640 2784 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOW\system32\DRIVERS\msgpc.sys
18:20:31.0875 2784 Gpc - ok
18:20:31.0921 2784 hpn - ok
18:20:32.0000 2784 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOW\system32\Drivers\HTTP.sys
18:20:32.0031 2784 HTTP - ok
18:20:32.0093 2784 i2omgmt - ok
18:20:32.0125 2784 i2omp - ok
18:20:32.0171 2784 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOW\system32\DRIVERS\i8042prt.sys
18:20:32.0437 2784 i8042prt - ok
18:20:32.0515 2784 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOW\system32\DRIVERS\imapi.sys
18:20:32.0750 2784 Imapi - ok
18:20:32.0796 2784 ini910u - ok
18:20:32.0875 2784 IntelIde - ok
18:20:32.0921 2784 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOW\system32\DRIVERS\Ip6Fw.sys
18:20:33.0171 2784 Ip6Fw - ok
18:20:33.0250 2784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOW\system32\DRIVERS\ipfltdrv.sys
18:20:33.0453 2784 IpFilterDriver - ok
18:20:33.0500 2784 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOW\system32\DRIVERS\ipinip.sys
18:20:33.0781 2784 IpInIp - ok
18:20:33.0875 2784 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOW\system32\DRIVERS\ipnat.sys
18:20:34.0125 2784 IpNat - ok
18:20:34.0156 2784 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOW\system32\DRIVERS\ipsec.sys
18:20:34.0343 2784 IPSec - ok
18:20:34.0437 2784 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOW\system32\DRIVERS\irenum.sys
18:20:34.0515 2784 IRENUM - ok
18:20:34.0578 2784 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOW\system32\DRIVERS\isapnp.sys
18:20:34.0828 2784 isapnp - ok
18:20:34.0906 2784 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOW\system32\DRIVERS\kbdclass.sys
18:20:35.0093 2784 Kbdclass - ok
18:20:35.0156 2784 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOW\system32\drivers\kmixer.sys
18:20:35.0359 2784 kmixer - ok
18:20:35.0453 2784 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOW\system32\drivers\KSecDD.sys
18:20:35.0484 2784 KSecDD - ok
18:20:35.0531 2784 lbrtfdc - ok
18:20:35.0593 2784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOW\system32\drivers\mnmdd.sys
18:20:35.0765 2784 mnmdd - ok
18:20:35.0875 2784 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOW\system32\drivers\Modem.sys
18:20:36.0125 2784 Modem - ok
18:20:36.0171 2784 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOW\system32\DRIVERS\mouclass.sys
18:20:36.0359 2784 Mouclass - ok
18:20:36.0453 2784 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOW\system32\drivers\MountMgr.sys
18:20:36.0671 2784 MountMgr - ok
18:20:36.0703 2784 mraid35x - ok
18:20:36.0781 2784 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOW\system32\DRIVERS\mrxdav.sys
18:20:36.0984 2784 MRxDAV - ok
18:20:37.0109 2784 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOW\system32\DRIVERS\mrxsmb.sys
18:20:37.0156 2784 MRxSmb - ok
18:20:37.0234 2784 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOW\system32\drivers\Msfs.sys
18:20:37.0406 2784 Msfs - ok
18:20:37.0468 2784 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOW\system32\drivers\MSKSSRV.sys
18:20:37.0718 2784 MSKSSRV - ok
18:20:37.0812 2784 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOW\system32\drivers\MSPCLOCK.sys
18:20:38.0015 2784 MSPCLOCK - ok
18:20:38.0062 2784 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOW\system32\drivers\MSPQM.sys
18:20:38.0281 2784 MSPQM - ok
18:20:38.0359 2784 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOW\system32\DRIVERS\mssmbios.sys
18:20:38.0578 2784 mssmbios - ok
18:20:38.0640 2784 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOW\system32\drivers\Mup.sys
18:20:38.0843 2784 Mup - ok
18:20:38.0921 2784 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOW\system32\drivers\NDIS.sys
18:20:39.0156 2784 NDIS - ok
18:20:39.0250 2784 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOW\system32\DRIVERS\ndistapi.sys
18:20:39.0453 2784 NdisTapi - ok
18:20:39.0500 2784 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOW\system32\DRIVERS\ndisuio.sys
18:20:39.0687 2784 Ndisuio - ok
18:20:39.0890 2784 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOW\system32\DRIVERS\ndiswan.sys
18:20:40.0125 2784 NdisWan - ok
18:20:40.0187 2784 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOW\system32\drivers\NDProxy.sys
18:20:40.0375 2784 NDProxy - ok
18:20:40.0468 2784 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOW\system32\DRIVERS\netbios.sys
18:20:40.0625 2784 NetBIOS - ok
18:20:40.0656 2784 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOW\system32\DRIVERS\netbt.sys
18:20:40.0921 2784 NetBT - ok
18:20:41.0062 2784 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOW\system32\DRIVERS\nic1394.sys
18:20:41.0234 2784 NIC1394 - ok
18:20:41.0343 2784 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOW\system32\drivers\ccdcmb.sys
18:20:41.0421 2784 nmwcd - ok
18:20:41.0484 2784 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOW\system32\drivers\ccdcmbo.sys
18:20:41.0562 2784 nmwcdc - ok
18:20:41.0640 2784 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOW\system32\drivers\Npfs.sys
18:20:41.0906 2784 Npfs - ok
18:20:41.0984 2784 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOW\system32\drivers\Ntfs.sys
18:20:42.0265 2784 Ntfs - ok
18:20:42.0359 2784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOW\system32\drivers\Null.sys
18:20:42.0625 2784 Null - ok
18:20:42.0687 2784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOW\system32\DRIVERS\nwlnkflt.sys
18:20:42.0921 2784 NwlnkFlt - ok
18:20:43.0031 2784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOW\system32\DRIVERS\nwlnkfwd.sys
18:20:43.0250 2784 NwlnkFwd - ok
18:20:43.0312 2784 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOW\system32\DRIVERS\ohci1394.sys
18:20:43.0531 2784 ohci1394 - ok
18:20:43.0625 2784 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOW\system32\DRIVERS\parport.sys
18:20:43.0875 2784 Parport - ok
18:20:43.0921 2784 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOW\system32\drivers\PartMgr.sys
18:20:44.0078 2784 PartMgr - ok
18:20:44.0156 2784 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOW\system32\drivers\ParVdm.sys
18:20:44.0375 2784 ParVdm - ok
18:20:44.0437 2784 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOW\system32\DRIVERS\pccsmcfd.sys
18:20:44.0453 2784 pccsmcfd - ok
18:20:44.0500 2784 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOW\system32\DRIVERS\pci.sys
18:20:44.0703 2784 PCI - ok
18:20:44.0828 2784 PCIDump - ok
18:20:44.0859 2784 PCIIde - ok
18:20:44.0921 2784 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOW\system32\drivers\Pcmcia.sys
18:20:45.0093 2784 Pcmcia - ok
18:20:45.0171 2784 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOW\system32\Drivers\pcouffin.sys
18:20:45.0187 2784 pcouffin ( UnsignedFile.Multi.Generic ) - warning
18:20:45.0187 2784 pcouffin - detected UnsignedFile.Multi.Generic (1)
18:20:45.0218 2784 PDCOMP - ok
18:20:45.0234 2784 PDFRAME - ok
18:20:45.0265 2784 PDRELI - ok
18:20:45.0312 2784 PDRFRAME - ok
18:20:45.0343 2784 perc2 - ok
18:20:45.0390 2784 perc2hib - ok
18:20:45.0484 2784 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOW\system32\DRIVERS\raspptp.sys
18:20:45.0656 2784 PptpMiniport - ok
18:20:45.0796 2784 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOW\system32\DRIVERS\psched.sys
18:20:46.0015 2784 PSched - ok
18:20:46.0046 2784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOW\system32\DRIVERS\ptilink.sys
18:20:46.0203 2784 Ptilink - ok
18:20:46.0265 2784 ql1080 - ok
18:20:46.0296 2784 Ql10wnt - ok
18:20:46.0343 2784 ql12160 - ok
18:20:46.0375 2784 ql1240 - ok
18:20:46.0421 2784 ql1280 - ok
18:20:46.0453 2784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOW\system32\DRIVERS\rasacd.sys
18:20:46.0671 2784 RasAcd - ok
18:20:46.0812 2784 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOW\system32\DRIVERS\rasl2tp.sys
18:20:47.0031 2784 Rasl2tp - ok
18:20:47.0078 2784 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOW\system32\DRIVERS\raspppoe.sys
18:20:47.0281 2784 RasPppoe - ok
18:20:47.0343 2784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOW\system32\DRIVERS\raspti.sys
18:20:47.0531 2784 Raspti - ok
18:20:47.0593 2784 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOW\system32\DRIVERS\rdbss.sys
18:20:47.0781 2784 Rdbss - ok
18:20:47.0875 2784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOW\system32\DRIVERS\RDPCDD.sys
18:20:48.0093 2784 RDPCDD - ok
18:20:48.0156 2784 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOW\system32\DRIVERS\rdpdr.sys
18:20:48.0328 2784 rdpdr - ok
18:20:48.0437 2784 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOW\system32\drivers\RDPWD.sys
18:20:48.0609 2784 RDPWD - ok
18:20:48.0656 2784 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOW\system32\DRIVERS\redbook.sys
18:20:48.0906 2784 redbook - ok
18:20:49.0031 2784 RTL8023 (29f9879a1fd386f7251ae9fdadb2cbf1) C:\WINDOW\system32\DRIVERS\Rtlnic51.sys
18:20:49.0046 2784 RTL8023 - ok
18:20:49.0093 2784 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOW\system32\DRIVERS\RTL8139.SYS
18:20:49.0281 2784 rtl8139 - ok
18:20:49.0390 2784 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOW\system32\DRIVERS\secdrv.sys
18:20:49.0406 2784 Secdrv ( UnsignedFile.Multi.Generic ) - warning
18:20:49.0406 2784 Secdrv - detected UnsignedFile.Multi.Generic (1)
18:20:49.0468 2784 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOW\system32\DRIVERS\serenum.sys
18:20:49.0671 2784 serenum - ok
18:20:49.0781 2784 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOW\system32\DRIVERS\serial.sys
18:20:49.0953 2784 Serial - ok
18:20:50.0015 2784 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOW\system32\drivers\sfdrv01.sys
18:20:50.0031 2784 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
18:20:50.0031 2784 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
18:20:50.0109 2784 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOW\system32\drivers\sfhlp02.sys
18:20:50.0125 2784 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
18:20:50.0125 2784 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
18:20:50.0171 2784 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOW\system32\drivers\Sfloppy.sys
18:20:50.0421 2784 Sfloppy - ok
18:20:50.0531 2784 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOW\system32\drivers\sfsync02.sys
18:20:50.0546 2784 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
18:20:50.0546 2784 sfsync02 - detected UnsignedFile.Multi.Generic (1)
18:20:50.0578 2784 Simbad - ok
18:20:50.0609 2784 Sparrow - ok
18:20:50.0656 2784 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOW\system32\drivers\splitter.sys
18:20:50.0859 2784 splitter - ok
18:20:50.0984 2784 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOW\system32\Drivers\sptd.sys
18:20:51.0000 2784 Suspicious file (NoAccess): C:\WINDOW\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
18:20:51.0000 2784 sptd ( LockedFile.Multi.Generic ) - warning
18:20:51.0000 2784 sptd - detected LockedFile.Multi.Generic (1)
18:20:51.0062 2784 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\WINDOW\system32\drivers\sp_rsdrv2.sys
18:20:51.0093 2784 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
18:20:51.0093 2784 sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
18:20:51.0140 2784 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOW\system32\DRIVERS\sr.sys
18:20:51.0250 2784 sr - ok
18:20:51.0343 2784 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOW\system32\DRIVERS\srv.sys
18:20:51.0390 2784 Srv - ok
18:20:51.0437 2784 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOW\system32\DRIVERS\swenum.sys
18:20:51.0609 2784 swenum - ok
18:20:51.0703 2784 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOW\system32\drivers\swmidi.sys
18:20:51.0953 2784 swmidi - ok
18:20:51.0984 2784 symc810 - ok
18:20:52.0031 2784 symc8xx - ok
18:20:52.0062 2784 sym_hi - ok
18:20:52.0093 2784 sym_u3 - ok
18:20:52.0140 2784 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOW\system32\drivers\sysaudio.sys
18:20:52.0343 2784 sysaudio - ok
18:20:52.0453 2784 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOW\system32\DRIVERS\tcpip.sys
18:20:52.0562 2784 Tcpip - ok
18:20:52.0625 2784 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOW\system32\drivers\TDPIPE.sys
18:20:52.0843 2784 TDPIPE - ok
18:20:52.0890 2784 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOW\system32\drivers\TDTCP.sys
18:20:53.0078 2784 TDTCP - ok
18:20:53.0156 2784 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOW\system32\DRIVERS\termdd.sys
18:20:53.0343 2784 TermDD - ok
18:20:53.0406 2784 TosIde - ok
18:20:53.0500 2784 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOW\system32\DRIVERS\uagp35.sys
18:20:53.0687 2784 uagp35 - ok
18:20:53.0812 2784 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOW\system32\drivers\Udfs.sys
18:20:53.0984 2784 Udfs - ok
18:20:54.0015 2784 ultra - ok
18:20:54.0093 2784 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOW\system32\DRIVERS\update.sys
18:20:54.0281 2784 Update - ok
18:20:54.0343 2784 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOW\system32\DRIVERS\usbser_lowerflt.sys
18:20:54.0421 2784 upperdev - ok
18:20:54.0546 2784 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOW\system32\DRIVERS\usbehci.sys
18:20:54.0796 2784 usbehci - ok
18:20:54.0859 2784 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOW\system32\DRIVERS\usbhub.sys
18:20:55.0078 2784 usbhub - ok
18:20:55.0156 2784 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOW\system32\DRIVERS\usbscan.sys
18:20:55.0390 2784 usbscan - ok
18:20:55.0453 2784 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOW\system32\drivers\usbser.sys
18:20:55.0609 2784 usbser - ok
18:20:55.0687 2784 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOW\system32\DRIVERS\usbser_lowerfltj.sys
18:20:55.0765 2784 UsbserFilt - ok
18:20:55.0890 2784 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOW\system32\DRIVERS\USBSTOR.SYS
18:20:56.0156 2784 USBSTOR - ok
18:20:56.0234 2784 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOW\system32\DRIVERS\usbuhci.sys
18:20:56.0437 2784 usbuhci - ok
18:20:56.0500 2784 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOW\System32\drivers\vga.sys
18:20:56.0718 2784 VgaSave - ok
18:20:56.0812 2784 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOW\system32\DRIVERS\viaagp1.sys
18:20:56.0828 2784 viaagp1 - ok
18:20:56.0890 2784 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOW\system32\DRIVERS\viaide.sys
18:20:57.0093 2784 ViaIde - ok
18:20:57.0140 2784 viasraid (1493f351e5a4b915fb5bbb735c14004b) C:\WINDOW\system32\DRIVERS\viasraid.sys
18:20:57.0156 2784 viasraid - ok
18:20:57.0250 2784 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOW\system32\drivers\VolSnap.sys
18:20:57.0406 2784 VolSnap - ok
18:20:57.0484 2784 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOW\system32\DRIVERS\wanarp.sys
18:20:57.0687 2784 Wanarp - ok
18:20:57.0828 2784 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOW\system32\Drivers\wdf01000.sys
18:20:57.0875 2784 Wdf01000 - ok
18:20:57.0906 2784 WDICA - ok
18:20:57.0968 2784 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOW\system32\drivers\wdmaud.sys
18:20:58.0140 2784 wdmaud - ok
18:20:58.0296 2784 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOW\system32\DRIVERS\WudfPf.sys
18:20:58.0328 2784 WudfPf - ok
18:20:58.0390 2784 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOW\system32\DRIVERS\wudfrd.sys
18:20:58.0421 2784 WudfRd - ok
18:20:58.0484 2784 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
18:20:59.0156 2784 \Device\Harddisk0\DR0 - ok
18:20:59.0187 2784 Boot (0x1200) (5b6ff56d1b0fe060d6fc042a1d15f3c5) \Device\Harddisk0\DR0\Partition0
18:20:59.0187 2784 \Device\Harddisk0\DR0\Partition0 - ok
18:20:59.0218 2784 Boot (0x1200) (5d156674f1173f3e0b79bd17c7c273d0) \Device\Harddisk0\DR0\Partition1
18:20:59.0218 2784 \Device\Harddisk0\DR0\Partition1 - ok
18:20:59.0218 2784 ============================================================
18:20:59.0218 2784 Scan finished
18:20:59.0218 2784 ============================================================
18:20:59.0343 2764 Detected object count: 7
18:20:59.0343 2764 Actual detected object count: 7
18:21:06.0953 2764 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0953 2764 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:06.0968 2764 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0968 2764 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:06.0968 2764 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0968 2764 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:06.0968 2764 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0968 2764 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:06.0968 2764 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0968 2764 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:06.0968 2764 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:21:06.0968 2764 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:21:06.0968 2764 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0968 2764 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:24.0843 2660 Deinitialize success

[vyosek]

MBR.dat muzete smazat, vzorek jiz mam a jeste jednou za nej dekuji i jmenem Tigzyho

Jeste prosim znovu udelejte aswMBR

Odkud, to se tezko zjistuje - nejaky crack, nevhodna a pochybna stranka, spatny mail...

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[breta21]

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-10 17:46:12
-----------------------------
17:46:12.015 OS Version: Windows 5.1.2600 Service Pack 2
17:46:12.015 Number of processors: 1 586 0xA00
17:46:12.015 ComputerName: BRETA-3A020784F UserName: breta
17:46:12.781 Initialize success
17:46:13.390 AVAST engine defs: 12020903
17:46:15.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:46:15.687 Disk 0 Vendor: Size: 0MB BusType: 0
17:46:15.687 Device \Driver\atapi -> MajorFunction 8676b1f8
17:46:15.687 Disk 0 MBR read successfully
17:46:15.687 Disk 0 MBR scan
17:46:15.687 Disk 0 MBR:Whistler-C [Rtk]
17:46:15.687 Disk 0 Whistler@MBR code has been found
17:46:15.687 Disk 0 MBR hidden
17:46:15.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63
17:46:15.687 Disk 0 Partition - 00 0F Extended LBA 126323 MB offset 61432560
17:46:15.703 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 126323 MB offset 61432623
17:46:15.703 Disk 0 MBR [Whistler] **ROOTKIT**
17:46:15.734 Disk 0 scanning C:\WINDOW\system32\drivers
17:46:25.500 Service scanning
17:46:25.890 Service sptd C:\WINDOW\System32\Drivers\sptd.sys **LOCKED** 32
17:46:26.453 Modules scanning
17:46:32.343 Disk 0 trace - called modules:
17:46:32.343 ntoskrnl.exe >>UNKNOWN [0x86027a0a]<<
17:46:32.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86729ab8]
17:46:32.343 \Driver\Disk[0x86735940] -> IRP_MJ_READ -> 0x86027a0a
17:46:32.671 AVAST engine scan C:\WINDOW
17:46:38.921 AVAST engine scan C:\WINDOW\system32
17:46:43.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\breta\Plocha\MBR.dat"
17:46:43.953 The log file has been saved successfully to "C:\Documents and Settings\breta\Plocha\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-10 18:22:25
-----------------------------
18:22:25.593 OS Version: Windows 5.1.2600 Service Pack 2
18:22:25.593 Number of processors: 1 586 0xA00
18:22:25.593 ComputerName: BRETA-3A020784F UserName: breta
18:22:26.296 Initialize success
18:22:26.515 AVAST engine defs: 12020903
18:22:35.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:22:35.031 Disk 0 Vendor: Maxtor_6L160P0 BAH41G10 Size: 156334MB BusType: 3
18:22:35.031 Device \Driver\atapi -> MajorFunction 8676b1f8
18:22:35.046 Disk 0 MBR read successfully
18:22:35.046 Disk 0 MBR scan
18:22:35.046 Disk 0 Windows XP default MBR code
18:22:35.046 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63
18:22:35.062 Disk 0 Partition - 00 0F Extended LBA 126323 MB offset 61432560
18:22:35.062 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 126323 MB offset 61432623
18:22:35.078 Disk 0 scanning sectors +320143320
18:22:35.187 Disk 0 scanning C:\WINDOW\system32\drivers
18:22:44.578 Service scanning
18:22:45.125 Service sptd C:\WINDOW\System32\Drivers\sptd.sys **LOCKED** 32
18:22:45.671 Modules scanning
18:22:49.703 Disk 0 trace - called modules:
18:22:49.718 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8676b1f8]<<
18:22:49.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86729ab8]
18:22:49.718 3 CLASSPNP.SYS[f78a005b] -> nt!IofCallDriver -> \Device\00000066[0x86744f18]
18:22:49.718 5 ACPI.sys[f76db620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x867cfd98]
18:22:49.718 \Driver\atapi[0x866a5d20] -> IRP_MJ_CREATE -> 0x8676b1f8
18:22:50.109 AVAST engine scan C:\WINDOW
18:22:55.921 AVAST engine scan C:\WINDOW\system32
18:25:13.562 AVAST engine scan C:\WINDOW\system32\drivers
18:25:28.750 AVAST engine scan C:\Documents and Settings\breta
18:26:33.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\breta\Plocha\MBR.dat"
18:26:33.187 The log file has been saved successfully to "C:\Documents and Settings\breta\Plocha\aswMBR.txt"

[vyosek]

Sjuper, jeste tam pustime jeden nastroj, at odmazem pripadne zbytky

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[breta21]

dvakrat jsem to zkusil a pokažde mi to vyhodile jen sytax error... piše to : nt authorysity/system vyžaduje restart nebo neco......da mi to 60 s a pak to restartuje pc...to mi hlasi CF

[vyosek]

Zkuste jej aplikovat v nouzovem rezimu (restart PC, mackat F8, zvolit stav nouze s praci v siti

[breta21]

bohužel, porad to haže syntax error....vypnuti systemu

[vyosek]

Poprosim o novy log z MBRScanu jak se delal na zacatku

[breta21]

Kód: Vybrat vše

MBRScan v1.1.0

OS             : Windows XP Home Service Pack 2 (32 bit)
PROCESSOR      : x86 Family 6 Model 10 Stepping 0, AuthenticAMD
BOOT           : Normal Boot
DATE           : 2012/02/10 (ISO 8601) at 19:09:41
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __Maxtor 6L160P0 (BAH41G10)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	152.7 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : 633A49B1ED1E7C745F1BDE8E323CFDEF
MBR_SHA1  : 083E11C7AA5CFB71D411C1A695C23C2FBF72A481

Device\Harddisk0\Partition1	29.29 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	123.4 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : \WINDOW\system32\ntoskrnl.exe => LOCKED!
ADDRESS : 0x804D7000
SIZE    : 2.08 Mo

DRIVER  : \WINDOW\system32\hal.dll => LOCKED!
ADDRESS : 0x806ED000
SIZE    : 128.9 Ko

DRIVER  : \WINDOW\system32\KDCOM.DLL => LOCKED!
ADDRESS : 0xF7D2F000
SIZE    : 8.0 Ko

DRIVER  : \WINDOW\system32\BOOTVID.dll => LOCKED!
ADDRESS : 0xF7C3F000
SIZE    : 12.0 Ko

DRIVER  : \WINDOW\System32\Drivers\WMILIB.SYS => LOCKED!
ADDRESS : 0xF7D31000
SIZE    : 8.0 Ko

DRIVER  : \WINDOW\System32\Drivers\SCSIPORT.SYS => LOCKED!
ADDRESS : 0xF7703000
SIZE    : 96.0 Ko

DRIVER  : \WINDOW\system32\DRIVERS\1394BUS.SYS => LOCKED!
ADDRESS : 0xF783F000
SIZE    : 52.0 Ko

DRIVER  : \WINDOW\system32\DRIVERS\PCIIDEX.SYS => LOCKED!
ADDRESS : 0xF7AAF000
SIZE    : 28.0 Ko

DRIVER  : \WINDOW\system32\DRIVERS\CLASSPNP.SYS => LOCKED!
ADDRESS : 0xF789F000
SIZE    : 52.0 Ko

DRIVER  : C:\WINDOW\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xAA444000
SIZE    : 96.0 Ko

DRIVER  : C:\WINDOW\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xF7D67000
SIZE    : 8.0 Ko

DRIVER  : \WINDOW\system32\ntdll.dll => LOCKED!
ADDRESS : 0x7C900000
SIZE    : 708.0 Ko

SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.м.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C   2ä.V.Í.ëÖaùÃNepl
0x00000130   61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64   atn. tabulka odd
0x00000140   A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61   ¡l..Chyba pýi na
0x00000150   9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68   .¡t.n¡ opera.n¡h
0x00000160   6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F   o syst.mu.Opera.
0x00000170   6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65   n¡ syst.m nenale
0x00000180   7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00   zen.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A 13 4F 14 4F 00 00 80 01   .....,Dj.O.O....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 B1 62 A9 03 00 00   ...þ..?...±b©...
0x000001D0   C1 FF 0F FE FF FF F0 62 A9 03 E8 9C 6B 0F 00 00   Á..þ..ðb©.è.k...
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

[vyosek]

vytecne, i MBRScan potvrzuje cisto

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :services
  gupdate
  gupdatem
  gusvc
  
  :reg
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "SunJavaUpdateSched"=-
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  "SpywareTerminator"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "Google Update"=-
  "swg"=-
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  C:\Documents and Settings\breta\Local Settings\Temp\mig153.tmp\migwiz.exe"=-
  "C:\Documents and Settings\breta\Local Settings\Temp\mig2A7.tmp\migwiz.exe"=-
  "C:\Documents and Settings\breta\Local Settings\Temp\migF.tmp\migwiz.exe"=-
  "C:\Documents and Settings\breta\Local Settings\Temp\mig60.tmp\migwiz.exe"=-
  "C:\Documents and Settings\breta\Local Settings\Temp\migB.tmp\migwiz.exe"=-
  "C:\Documents and Settings\breta\Local Settings\Temp\mig2C.tmp\migwiz.exe"=-
  
  :files
  
  C:\Documents and Settings\breta\Data aplikací\Mozilla\Firefox\Profiles\l0tiyvaz.default\searchplugins\daemon-search.xml
  C:\WINDOW\tasks\GoogleUpdateTaskMachineCore.job
  C:\WINDOW\tasks\GoogleUpdateTaskMachineUA.job
  C:\WINDOW\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1757981266-839522115-1003Core.job
  C:\WINDOW\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1757981266-839522115-1003UA.job
  C:\Documents and Settings\breta\Nabídka Start\Programy\Po spuštění\_uninst_26077753.lnk
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

[breta21]

All processes killed
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminator deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\breta\Local Settings\Temp\mig153.tmp\migwiz.exe" not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\breta\Local Settings\Temp\mig2A7.tmp\migwiz.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\breta\Local Settings\Temp\migF.tmp\migwiz.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\breta\Local Settings\Temp\mig60.tmp\migwiz.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\breta\Local Settings\Temp\migB.tmp\migwiz.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\breta\Local Settings\Temp\mig2C.tmp\migwiz.exe deleted successfully.
========== FILES ==========
C:\Documents and Settings\breta\Data aplikací\Mozilla\Firefox\Profiles\l0tiyvaz.default\searchplugins\daemon-search.xml moved successfully.
C:\WINDOW\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOW\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOW\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1757981266-839522115-1003Core.job moved successfully.
C:\WINDOW\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1757981266-839522115-1003UA.job moved successfully.
C:\Documents and Settings\breta\Nabídka Start\Programy\Po spuštění\_uninst_26077753.lnk moved successfully.
File/Folder C:\WINDOW\system32\*.tmp.dll not found.
C:\WINDOW\system32\SET248.tmp moved successfully.
C:\WINDOW\system32\SET24C.tmp moved successfully.
C:\WINDOW\system32\SET254.tmp moved successfully.
C:\WINDOW\SET3.tmp moved successfully.
C:\WINDOW\SET4.tmp moved successfully.
C:\WINDOW\SET8.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOW\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: All Users.WINDOW

User: breta
->Temp folder emptied: 899575757 bytes
->Temporary Internet Files folder emptied: 37265451 bytes
->Java cache emptied: 79930 bytes
->FireFox cache emptied: 45011474 bytes
->Google Chrome cache emptied: 28730881 bytes
->Flash cache emptied: 99014 bytes

User: Bøea

User: Břeťa
->Temp folder emptied: 149493 bytes
->Temporary Internet Files folder emptied: 1354768 bytes
->Java cache emptied: 1310688 bytes
->FireFox cache emptied: 45748592 bytes
->Google Chrome cache emptied: 153701323 bytes
->Flash cache emptied: 12995 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User.WINDOW
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 65794 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 192289426 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 106009125 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 87676747 bytes
RecycleBin emptied: 13897 bytes

Total Files Cleaned = 1 525,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: All Users.WINDOW

User: breta
->Flash cache emptied: 0 bytes

User: Bøea

User: Břeťa
->Flash cache emptied: 0 bytes

User: Default User

User: Default User.WINDOW

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 02102012_191632

Files moved on Reboot...

Registry entries deleted on Reboot...

[vyosek]

Fajn, co nas pacient

[breta21]

vypada dobre, rozhodne na prvni poled jde videt že ji pročišten a rychlejší....Díky

[vyosek]

Muzete mi prosim zabalit cely obsah slozky RK_Quarantine a opet nekam uploadnout