TCP/IP Ping Command

[Kishi]

stale mi vyhadzovalo hlasenie o chybe v tejto aplikacii. Na nete som si nasiel paru navodou ako sa stym popasovat.

Najprv som skusil TDSSKILLER, kde mi vyhodilo log:

17:30:31.0308 3020 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
17:30:31.0386 3020 ============================================================
17:30:31.0386 3020 Current date / time: 2012/04/04 17:30:31.0386
17:30:31.0386 3020 SystemInfo:
17:30:31.0386 3020
17:30:31.0386 3020 OS Version: 5.1.2600 ServicePack: 3.0
17:30:31.0386 3020 Product type: Workstation
17:30:31.0386 3020 ComputerName: SOBRANCE-9AA386
17:30:31.0386 3020 UserName: Kishi
17:30:31.0386 3020 Windows directory: C:\WINDOWS
17:30:31.0386 3020 System windows directory: C:\WINDOWS
17:30:31.0386 3020 Processor architecture: Intel x86
17:30:31.0386 3020 Number of processors: 1
17:30:31.0386 3020 Page size: 0x1000
17:30:31.0386 3020 Boot type: Normal boot
17:30:31.0386 3020 ============================================================
17:30:34.0011 3020 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:30:34.0011 3020 \Device\Harddisk0\DR0:
17:30:34.0011 3020 MBR used
17:30:34.0011 3020 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
17:30:34.0027 3020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x724AFE5
17:30:34.0089 3020 Initialize success
17:30:34.0089 3020 ============================================================
17:30:43.0980 2420 ============================================================
17:30:43.0980 2420 Scan started
17:30:43.0980 2420 Mode: Manual;
17:30:43.0980 2420 ============================================================
17:30:44.0886 2420 Abiosdsk - ok
17:30:45.0152 2420 abp480n5 - ok
17:30:45.0402 2420 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:30:45.0449 2420 ACPI - ok
17:30:45.0636 2420 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:30:45.0636 2420 ACPIEC - ok
17:30:45.0808 2420 adpu160m - ok
17:30:46.0120 2420 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:30:46.0183 2420 aec - ok
17:30:46.0386 2420 AFD (4bc88568b73714a36e85a7d49fe00cd8) C:\WINDOWS\System32\drivers\afd.sys
17:30:46.0433 2420 AFD - ok
17:30:46.0605 2420 Aha154x - ok
17:30:46.0777 2420 aic78u2 - ok
17:30:46.0949 2420 aic78xx - ok
17:30:47.0230 2420 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:30:47.0230 2420 Alerter - ok
17:30:47.0417 2420 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:30:47.0433 2420 ALG - ok
17:30:47.0605 2420 AliIde - ok
17:30:47.0808 2420 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
17:30:47.0808 2420 AmdK7 - ok
17:30:47.0995 2420 amsint - ok
17:30:48.0292 2420 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:30:48.0339 2420 AppMgmt - ok
17:30:48.0495 2420 asc - ok
17:30:48.0683 2420 asc3350p - ok
17:30:48.0839 2420 asc3550 - ok
17:30:49.0058 2420 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:30:49.0058 2420 AsyncMac - ok
17:30:49.0355 2420 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:30:49.0355 2420 atapi - ok
17:30:49.0542 2420 Atdisk - ok
17:30:49.0808 2420 Ati HotKey Poller (4deaa162480367b232f3ee3a6d34084b) C:\WINDOWS\system32\Ati2evxx.exe
17:30:49.0933 2420 Ati HotKey Poller - ok
17:30:50.0245 2420 ATI Smart (2bdd1d3403827cd1af973a9cfad4edc7) C:\WINDOWS\system32\ati2sgag.exe
17:30:50.0480 2420 ATI Smart - ok
17:30:50.0886 2420 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:30:51.0105 2420 ati2mtag - ok
17:30:51.0308 2420 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:30:51.0324 2420 Atmarpc - ok
17:30:51.0589 2420 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:30:51.0605 2420 AudioSrv - ok
17:30:51.0792 2420 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:30:51.0792 2420 audstub - ok
17:30:51.0995 2420 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:30:51.0995 2420 Beep - ok
17:30:52.0277 2420 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:30:52.0386 2420 BITS - ok
17:30:52.0683 2420 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:30:52.0699 2420 Browser - ok
17:30:52.0886 2420 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:30:52.0886 2420 cbidf2k - ok
17:30:53.0074 2420 cd20xrnt - ok
17:30:53.0261 2420 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:30:53.0261 2420 Cdaudio - ok
17:30:53.0480 2420 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:30:53.0495 2420 Cdfs - ok
17:30:53.0792 2420 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:30:53.0824 2420 Cdrom - ok
17:30:53.0980 2420 Changer - ok
17:30:54.0167 2420 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:30:54.0167 2420 CiSvc - ok
17:30:54.0339 2420 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:30:54.0355 2420 ClipSrv - ok
17:30:54.0527 2420 CmdIde - ok
17:30:55.0027 2420 cmuda (ddcde8ced6e753f9ebbd07659f808d9d) C:\WINDOWS\system32\drivers\cmuda.sys
17:30:55.0245 2420 cmuda - ok
17:30:55.0386 2420 COMSysApp - ok
17:30:55.0542 2420 Cpqarray - ok
17:30:55.0839 2420 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:30:55.0855 2420 CryptSvc - ok
17:30:56.0027 2420 dac2w2k - ok
17:30:56.0199 2420 dac960nt - ok
17:30:56.0480 2420 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
17:30:56.0589 2420 DcomLaunch - ok
17:30:56.0886 2420 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:30:56.0917 2420 Dhcp - ok
17:30:57.0120 2420 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:30:57.0136 2420 Disk - ok
17:30:57.0308 2420 dlbt_device (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\n558.dll
17:30:57.0308 2420 dlbt_device ( Backdoor.Multi.ZAccess.gen ) - infected
17:30:57.0308 2420 dlbt_device - detected Backdoor.Multi.ZAccess.gen (0)
17:30:57.0449 2420 dmadmin - ok
17:30:57.0917 2420 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:30:58.0152 2420 dmboot - ok
17:30:58.0370 2420 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:30:58.0417 2420 dmio - ok
17:30:58.0620 2420 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:30:58.0620 2420 dmload - ok
17:30:58.0777 2420 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:30:58.0792 2420 dmserver - ok
17:30:59.0089 2420 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:30:59.0105 2420 DMusic - ok
17:30:59.0292 2420 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
17:30:59.0308 2420 Dnscache - ok
17:30:59.0511 2420 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:30:59.0558 2420 Dot3svc - ok
17:30:59.0730 2420 dpti2o - ok
17:31:00.0011 2420 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:31:00.0011 2420 drmkaud - ok
17:31:00.0230 2420 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:31:00.0230 2420 EapHost - ok
17:31:00.0402 2420 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:31:00.0417 2420 ERSvc - ok
17:31:00.0620 2420 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
17:31:00.0652 2420 Eventlog - ok
17:31:00.0980 2420 EventSystem (19a799805b24990867b00c120d300c3a) C:\WINDOWS\system32\es.dll
17:31:01.0042 2420 EventSystem - ok
17:31:01.0277 2420 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:31:01.0324 2420 Fastfat - ok
17:31:01.0527 2420 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
17:31:01.0558 2420 FastUserSwitchingCompatibility - ok
17:31:01.0761 2420 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:31:01.0761 2420 Fdc - ok
17:31:02.0058 2420 FET5X86V (4580f83e94774aa1724179a6a97e25e6) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
17:31:02.0074 2420 FET5X86V - ok
17:31:02.0261 2420 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
17:31:02.0277 2420 FETNDIS - ok
17:31:02.0480 2420 FETNDISB (b7186b33b6cf3a23841015531e6e7d68) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
17:31:02.0495 2420 FETNDISB - ok
17:31:02.0699 2420 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:31:02.0714 2420 Fips - ok
17:31:02.0917 2420 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:31:02.0917 2420 Flpydisk - ok
17:31:03.0230 2420 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:31:03.0261 2420 FltMgr - ok
17:31:03.0464 2420 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:31:03.0464 2420 Fs_Rec - ok
17:31:03.0699 2420 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:31:03.0730 2420 Ftdisk - ok
17:31:03.0917 2420 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:31:03.0917 2420 gameenum - ok
17:31:04.0199 2420 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:31:04.0214 2420 Gpc - ok
17:31:04.0324 2420 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:31:04.0370 2420 gupdate - ok
17:31:04.0417 2420 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:31:04.0417 2420 gupdatem - ok
17:31:04.0511 2420 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:31:04.0511 2420 helpsvc - ok
17:31:04.0667 2420 HidServ - ok
17:31:04.0824 2420 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:31:04.0824 2420 hidusb - ok
17:31:05.0011 2420 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:31:05.0027 2420 hkmsvc - ok
17:31:05.0308 2420 hpn - ok
17:31:05.0574 2420 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
17:31:05.0652 2420 HTTP - ok
17:31:05.0824 2420 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:31:05.0824 2420 HTTPFilter - ok
17:31:05.0995 2420 i2omgmt - ok
17:31:06.0120 2420 i2omp - ok
17:31:06.0402 2420 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:31:06.0417 2420 i8042prt - ok
17:31:06.0620 2420 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:31:06.0636 2420 Imapi - ok
17:31:06.0855 2420 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:31:06.0917 2420 ImapiService - ok
17:31:07.0089 2420 ini910u - ok
17:31:07.0261 2420 IntelIde - ok
17:31:07.0558 2420 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:31:07.0558 2420 Ip6Fw - ok
17:31:07.0761 2420 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:31:07.0777 2420 IpFilterDriver - ok
17:31:07.0964 2420 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:31:07.0980 2420 IpInIp - ok
17:31:08.0199 2420 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:31:08.0245 2420 IpNat - ok
17:31:08.0542 2420 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:31:08.0574 2420 IPSec - ok
17:31:08.0761 2420 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:31:08.0761 2420 IRENUM - ok
17:31:08.0980 2420 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:31:08.0980 2420 isapnp - ok
17:31:09.0089 2420 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
17:31:09.0136 2420 JavaQuickStarterService - ok
17:31:09.0308 2420 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:31:09.0324 2420 Kbdclass - ok
17:31:09.0652 2420 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:31:09.0699 2420 kmixer - ok
17:31:09.0917 2420 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
17:31:09.0933 2420 KSecDD - ok
17:31:10.0136 2420 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
17:31:10.0167 2420 LanmanServer - ok
17:31:10.0370 2420 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
17:31:10.0417 2420 lanmanworkstation - ok
17:31:10.0683 2420 lbrtfdc - ok
17:31:10.0777 2420 LightScribeService (f34b35f6f74e28a460749da11d1117f8) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:31:10.0808 2420 LightScribeService - ok
17:31:10.0964 2420 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:31:10.0964 2420 LmHosts - ok
17:31:11.0152 2420 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:31:11.0167 2420 Messenger - ok
17:31:11.0245 2420 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:31:11.0277 2420 Microsoft Office Groove Audit Service - ok
17:31:11.0464 2420 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:31:11.0464 2420 mnmdd - ok
17:31:11.0745 2420 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:31:11.0745 2420 mnmsrvc - ok
17:31:11.0964 2420 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:31:11.0964 2420 Modem - ok
17:31:12.0167 2420 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:31:12.0167 2420 Mouclass - ok
17:31:12.0370 2420 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:31:12.0386 2420 mouhid - ok
17:31:12.0574 2420 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:31:12.0589 2420 MountMgr - ok
17:31:12.0886 2420 mraid35x - ok
17:31:13.0120 2420 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:31:13.0167 2420 MRxDAV - ok
17:31:13.0495 2420 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:31:13.0620 2420 MRxSmb - ok
17:31:13.0917 2420 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:31:13.0917 2420 MSDTC - ok
17:31:14.0120 2420 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:31:14.0120 2420 Msfs - ok
17:31:14.0277 2420 MSIServer - ok
17:31:14.0433 2420 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:31:14.0449 2420 mssmbios - ok
17:31:14.0667 2420 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
17:31:14.0699 2420 Mup - ok
17:31:15.0058 2420 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:31:15.0136 2420 napagent - ok
17:31:15.0199 2420 NBService - ok
17:31:15.0433 2420 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:31:15.0495 2420 NDIS - ok
17:31:15.0683 2420 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:31:15.0683 2420 NdisTapi - ok
17:31:15.0995 2420 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:31:15.0995 2420 Ndisuio - ok
17:31:16.0214 2420 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:31:16.0245 2420 NdisWan - ok
17:31:16.0449 2420 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
17:31:16.0464 2420 NDProxy - ok
17:31:16.0652 2420 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:31:16.0667 2420 NetBIOS - ok
17:31:16.0995 2420 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:31:17.0042 2420 NetBT - ok
17:31:17.0245 2420 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:31:17.0292 2420 NetDDE - ok
17:31:17.0339 2420 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:31:17.0339 2420 NetDDEdsdm - ok
17:31:17.0511 2420 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:31:17.0511 2420 Netlogon - ok
17:31:17.0745 2420 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:31:17.0792 2420 Netman - ok
17:31:18.0136 2420 Nla (b4138e99236f0f57d4cf49bae98a0746) C:\WINDOWS\System32\mswsock.dll
17:31:18.0199 2420 Nla - ok
17:31:18.0370 2420 NMIndexingService (060daf68493ad7adf104413e5a62afa8) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
17:31:18.0449 2420 NMIndexingService - ok
17:31:18.0652 2420 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:31:18.0667 2420 Npfs - ok
17:31:19.0105 2420 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:31:19.0261 2420 Ntfs - ok
17:31:19.0417 2420 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:31:19.0433 2420 NtLmSsp - ok
17:31:19.0714 2420 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:31:19.0839 2420 NtmsSvc - ok
17:31:20.0120 2420 NTSIM (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\system32\ntsim.sys
17:31:20.0120 2420 NTSIM - ok
17:31:20.0308 2420 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:31:20.0308 2420 Null - ok
17:31:20.0511 2420 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:31:20.0511 2420 NwlnkFlt - ok
17:31:20.0699 2420 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:31:20.0699 2420 NwlnkFwd - ok
17:31:20.0886 2420 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:31:21.0120 2420 odserv - ok
17:31:21.0214 2420 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:31:21.0261 2420 ose - ok
17:31:21.0480 2420 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:31:21.0495 2420 Parport - ok
17:31:21.0683 2420 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:31:21.0699 2420 PartMgr - ok
17:31:21.0886 2420 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:31:21.0886 2420 ParVdm - ok
17:31:22.0183 2420 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:31:22.0199 2420 PCI - ok
17:31:22.0370 2420 PCIDump - ok
17:31:22.0542 2420 PCIIde - ok
17:31:22.0761 2420 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:31:22.0792 2420 Pcmcia - ok
17:31:22.0964 2420 PDCOMP - ok
17:31:23.0245 2420 PDFRAME - ok
17:31:23.0402 2420 PDRELI - ok
17:31:23.0574 2420 PDRFRAME - ok
17:31:23.0745 2420 perc2 - ok
17:31:23.0902 2420 perc2hib - ok
17:31:24.0120 2420 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
17:31:24.0136 2420 PlugPlay - ok
17:31:24.0464 2420 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:31:24.0464 2420 PolicyAgent - ok
17:31:24.0667 2420 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:31:24.0683 2420 PptpMiniport - ok
17:31:24.0855 2420 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:31:24.0855 2420 ProtectedStorage - ok
17:31:25.0058 2420 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:31:25.0074 2420 PSched - ok
17:31:25.0386 2420 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:31:25.0386 2420 Ptilink - ok
17:31:25.0589 2420 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:31:25.0589 2420 PxHelp20 - ok
17:31:25.0761 2420 ql1080 - ok
17:31:25.0949 2420 Ql10wnt - ok
17:31:26.0120 2420 ql12160 - ok
17:31:26.0402 2420 ql1240 - ok
17:31:26.0574 2420 ql1280 - ok
17:31:26.0745 2420 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:31:26.0761 2420 RasAcd - ok
17:31:26.0949 2420 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:31:26.0980 2420 RasAuto - ok
17:31:27.0183 2420 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:31:27.0199 2420 Rasl2tp - ok
17:31:27.0511 2420 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:31:27.0558 2420 RasMan - ok
17:31:27.0761 2420 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:31:27.0777 2420 RasPppoe - ok
17:31:27.0964 2420 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:31:27.0964 2420 Raspti - ok
17:31:28.0214 2420 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:31:28.0261 2420 Rdbss - ok
17:31:28.0558 2420 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:31:28.0558 2420 RDPCDD - ok
17:31:28.0808 2420 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:31:28.0855 2420 rdpdr - ok
17:31:29.0089 2420 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:31:29.0136 2420 RDPWD - ok
17:31:29.0324 2420 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:31:29.0370 2420 RDSessMgr - ok
17:31:29.0667 2420 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:31:29.0683 2420 redbook - ok
17:31:29.0870 2420 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:31:29.0886 2420 RemoteAccess - ok
17:31:30.0058 2420 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:31:30.0089 2420 RemoteRegistry - ok
17:31:30.0277 2420 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:31:30.0308 2420 RpcLocator - ok
17:31:30.0667 2420 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
17:31:30.0683 2420 RpcSs - ok
17:31:30.0870 2420 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:31:30.0917 2420 RSVP - ok
17:31:31.0089 2420 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:31:31.0105 2420 SamSs - ok
17:31:31.0292 2420 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:31:31.0324 2420 SCardSvr - ok
17:31:31.0542 2420 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:31:31.0589 2420 Schedule - ok
17:31:31.0886 2420 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:31:31.0886 2420 Secdrv - ok
17:31:32.0058 2420 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:31:32.0074 2420 seclogon - ok
17:31:32.0261 2420 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:31:32.0261 2420 SENS - ok
17:31:32.0464 2420 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:31:32.0464 2420 serenum - ok
17:31:32.0667 2420 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:31:32.0683 2420 Serial - ok
17:31:32.0980 2420 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:31:32.0980 2420 Sfloppy - ok
17:31:33.0214 2420 sgmresbv (4531b6a730bf6bb47898ad975dd9e9d9) C:\WINDOWS\system32\nuwtjoxf.dll
17:31:33.0214 2420 sgmresbv - ok
17:31:33.0480 2420 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:31:33.0574 2420 SharedAccess - ok
17:31:33.0777 2420 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
17:31:33.0777 2420 ShellHWDetection - ok
17:31:34.0058 2420 Simbad - ok
17:31:34.0214 2420 Sparrow - ok
17:31:34.0402 2420 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:31:34.0417 2420 splitter - ok
17:31:34.0589 2420 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
17:31:34.0605 2420 Spooler - ok
17:31:34.0902 2420 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\WINDOWS\System32\Drivers\sptd.sys
17:31:34.0902 2420 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: f42efefb765235f24b24e1d2b6f99f46
17:31:34.0917 2420 sptd ( LockedFile.Multi.Generic ) - warning
17:31:34.0917 2420 sptd - detected LockedFile.Multi.Generic (1)
17:31:35.0214 2420 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:31:35.0230 2420 sr - ok
17:31:35.0449 2420 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:31:35.0495 2420 srservice - ok
17:31:35.0777 2420 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
17:31:35.0870 2420 Srv - ok
17:31:36.0167 2420 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:31:36.0183 2420 SSDPSRV - ok
17:31:36.0433 2420 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:31:36.0542 2420 stisvc - ok
17:31:36.0745 2420 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:31:36.0745 2420 swenum - ok
17:31:36.0995 2420 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:31:37.0011 2420 swmidi - ok
17:31:37.0292 2420 SwPrv - ok
17:31:37.0495 2420 symc810 - ok
17:31:37.0699 2420 symc8xx - ok
17:31:37.0886 2420 sym_hi - ok
17:31:38.0042 2420 sym_u3 - ok
17:31:38.0386 2420 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:31:38.0402 2420 sysaudio - ok
17:31:38.0589 2420 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:31:38.0620 2420 SysmonLog - ok
17:31:38.0855 2420 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:31:38.0933 2420 TapiSrv - ok
17:31:39.0324 2420 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:31:39.0417 2420 Tcpip - ok
17:31:39.0589 2420 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:31:39.0605 2420 TDPIPE - ok
17:31:39.0792 2420 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:31:39.0808 2420 TDTCP - ok
17:31:40.0011 2420 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:31:40.0027 2420 TermDD - ok
17:31:40.0370 2420 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:31:40.0449 2420 TermService - ok
17:31:40.0652 2420 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
17:31:40.0652 2420 Themes - ok
17:31:40.0839 2420 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:31:40.0870 2420 TlntSvr - ok
17:31:41.0042 2420 TosIde - ok
17:31:41.0324 2420 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:31:41.0355 2420 TrkWks - ok
17:31:41.0558 2420 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
17:31:41.0558 2420 tunmp - ok
17:31:41.0761 2420 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
17:31:41.0777 2420 uagp35 - ok
17:31:41.0980 2420 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:31:41.0995 2420 Udfs - ok
17:31:42.0261 2420 ultra - ok
17:31:42.0417 2420 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
17:31:42.0433 2420 UMWdf - ok
17:31:42.0730 2420 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:31:42.0839 2420 Update - ok
17:31:43.0058 2420 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:31:43.0261 2420 upnphost - ok
17:31:43.0433 2420 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:31:43.0449 2420 UPS - ok
17:31:43.0636 2420 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:31:43.0636 2420 usbehci - ok
17:31:43.0839 2420 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:31:43.0855 2420 usbhub - ok
17:31:44.0042 2420 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:31:44.0058 2420 USBSTOR - ok
17:31:44.0339 2420 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:31:44.0355 2420 usbuhci - ok
17:31:44.0542 2420 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:31:44.0542 2420 VgaSave - ok
17:31:44.0745 2420 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
17:31:44.0745 2420 viaagp1 - ok
17:31:45.0011 2420 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:31:45.0011 2420 ViaIde - ok
17:31:45.0511 2420 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:31:45.0542 2420 VolSnap - ok
17:31:45.0855 2420 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:31:45.0933 2420 VSS - ok
17:31:46.0277 2420 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:31:46.0324 2420 W32Time - ok
17:31:46.0620 2420 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:31:46.0636 2420 Wanarp - ok
17:31:46.0824 2420 WDICA - ok
17:31:47.0183 2420 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:31:47.0199 2420 wdmaud - ok
17:31:47.0495 2420 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:31:47.0527 2420 WebClient - ok
17:31:47.0777 2420 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:31:47.0808 2420 winmgmt - ok
17:31:48.0011 2420 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
17:31:48.0027 2420 WmdmPmSN - ok
17:31:48.0449 2420 Wmi (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll
17:31:48.0620 2420 Wmi - ok
17:31:48.0870 2420 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:31:48.0917 2420 WmiApSrv - ok
17:31:49.0245 2420 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
17:31:49.0261 2420 WpdUsb - ok
17:31:49.0449 2420 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:31:49.0449 2420 WS2IFSL - ok
17:31:49.0636 2420 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:31:49.0636 2420 wuauserv - ok
17:31:50.0011 2420 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:31:50.0136 2420 WZCSVC - ok
17:31:50.0480 2420 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:31:50.0511 2420 xmlprov - ok
17:31:50.0574 2420 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:31:51.0730 2420 \Device\Harddisk0\DR0 - ok
17:31:51.0761 2420 Boot (0x1200) (6bba9335b4d806c737b058b5a8ac77ed) \Device\Harddisk0\DR0\Partition0
17:31:51.0777 2420 \Device\Harddisk0\DR0\Partition0 - ok
17:31:51.0792 2420 Boot (0x1200) (dbc3de2fb9519b7cd41de23965444b25) \Device\Harddisk0\DR0\Partition1
17:31:51.0792 2420 \Device\Harddisk0\DR0\Partition1 - ok
17:31:51.0824 2420 ============================================================
17:31:51.0824 2420 Scan finished
17:31:51.0824 2420 ============================================================
17:31:51.0886 2740 Detected object count: 2
17:31:51.0886 2740 Actual detected object count: 2
17:32:34.0777 2740 C:\WINDOWS\system32\n558.dll - copied to quarantine
17:32:34.0777 2740 HKLM\SYSTEM\ControlSet001\services\dlbt_device - will be deleted on reboot
17:32:34.0777 2740 HKLM\SYSTEM\ControlSet002\services\dlbt_device - will be deleted on reboot
17:32:34.0777 2740 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
17:32:34.0777 2740 C:\WINDOWS\system32\n558.dll - will be deleted on reboot
17:32:34.0777 2740 dlbt_device ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:32:34.0792 2740 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:32:34.0792 2740 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:32:51.0339 2688 Deinitialize success

Potom prisiel na rad exeHelper, kde bol log:

exeHelper by Raktor
Build 20100414
Run at 17:38:14 on 04/04/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 17:45:20 on 04/04/12
Now searching...
Checking for numerical processes...

Potom napriek varovaniam som sa sam pustil do programu Combofix a jeho log:

ComboFix 12-04-04.02 - Kishi 04.04.2012 17:57:39.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.767.588 [GMT 2:00]
Running from: c:\documents and settings\Kishi\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ReminderNextRun
c:\documents and settings\All Users\Application Data\windows-updater
c:\documents and settings\All Users\Application Data\windows-updater\log.ini
c:\documents and settings\All Users\Application Data\windows-updater\updater.ini
c:\documents and settings\Kishi\Application Data\Toolbar4
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\affid.dat
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\basis.xml
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\04fcb6ba0889e64393699743bb24ab3b
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\1a06816a192357f4189197196943329e
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\1c76e82ec54cd18a4ded0139fc7b9347
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af8d7c033b46fe
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2b4ad282984708f7b89800e17a257476
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2bcdd36f73e915f5e3956b0e359e2b94
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\35db787c9ed332998cf35cd592dad718
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\44567846e0387d6a62062ab4dbf9ae96
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\52b66d6979ef2abcea9a736d1b4dbc82
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\62bc30f25d3fdeb4649ec65be608739b
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\639a4accf0b15e07ffc3e66029266ccf
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\6f11d3f57222d8d4ba62f45aa5ca79b4
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac64a6095eab39
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\89c35566d3dfdce78572ff8c2a627ad2
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9840cd5f73490a37d4f3e47107ced675
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9956734e872eec3ea3e17f52e84dc6cc
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9d810aab3f7bcbacb07c241f8d726714
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\acfc834035dccfb94e7f9067f5d48a83
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c0b9e89d52d9e1ff85c2db9f694af77d
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c48c9e27c16419ab995d48b077a802ff
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c594d37e13c887da6ddc9975fa9aae82
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c99af55cb1bc0fa21b04e4d18edaf729
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\cddda81bc855c2246ff278cf02b589c2
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\dcd16c0f4842bc19d648b261e3cf263d
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\df4570be347a68121d038aa7552d3745
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\fb95fd1b987bd4ffbcb67783e51679ec
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\icons.bmp
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\024d5362f9b185a44cd8c20a47e2aad2
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\1dfcc21cb058972d1a78f2572e74c3c9
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\2b1e48aafe5ac3b69f54a1e1e58e8419
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\48799e6132058471ea57d8066e8938b0
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\8d35ea89b743df255e7e9d41f61f157d
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\info.txt
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\install.ico
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbback.bmp
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbbigopen.bmp
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbclose.bmp
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbfwd.bmp
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbsep.bmp
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\nav1c.bmp
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\tbcore3.inf
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\TbHelper2.exe
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\uninstall.exe
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\UninstallToolbar.exe
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\update.exe
c:\documents and settings\Kishi\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\version.txt
c:\documents and settings\Kishi\WINDOWS
c:\program files\DealBulldog Toolbar
c:\program files\DealBulldog Toolbar\affid.dat
c:\program files\DealBulldog Toolbar\alert_plugin.dll
c:\program files\DealBulldog Toolbar\basis.xml
c:\program files\DealBulldog Toolbar\CustomTabPage.dll
c:\program files\DealBulldog Toolbar\icons.bmp
c:\program files\DealBulldog Toolbar\info.txt
c:\program files\DealBulldog Toolbar\install.ico
c:\program files\DealBulldog Toolbar\MacroParserPlugin.dll
c:\program files\DealBulldog Toolbar\mbback.bmp
c:\program files\DealBulldog Toolbar\mbbigopen.bmp
c:\program files\DealBulldog Toolbar\mbclose.bmp
c:\program files\DealBulldog Toolbar\mbfwd.bmp
c:\program files\DealBulldog Toolbar\mbsep.bmp
c:\program files\DealBulldog Toolbar\nav1c.bmp
c:\program files\DealBulldog Toolbar\somoto.dll
c:\program files\DealBulldog Toolbar\TbCommonUtils.dll
c:\program files\DealBulldog Toolbar\tbcore3.dll
c:\program files\DealBulldog Toolbar\tbcore3.inf
c:\program files\DealBulldog Toolbar\tbhelper.dll
c:\program files\DealBulldog Toolbar\TbHelper2.exe
c:\program files\DealBulldog Toolbar\uninstall.exe
c:\program files\DealBulldog Toolbar\UninstallToolbar.exe
c:\program files\DealBulldog Toolbar\update.exe
c:\program files\DealBulldog Toolbar\version.txt
c:\windows\$NtUninstallKB31772$\2322290963
c:\windows\$NtUninstallKB31772$\3661145636\@
c:\windows\$NtUninstallKB31772$\3661145636\cfg.ini
c:\windows\$NtUninstallKB31772$\3661145636\Desktop.ini
c:\windows\$NtUninstallKB31772$\3661145636\L\vyxygsrb
c:\windows\$NtUninstallKB31772$\3661145636\twl.dll
c:\windows\$NtUninstallKB31772$\3661145636\U\00000001.@
c:\windows\$NtUninstallKB31772$\3661145636\U\00000002.@
c:\windows\$NtUninstallKB31772$\3661145636\U\00000004.@
c:\windows\$NtUninstallKB31772$\3661145636\U\80000000.@
c:\windows\$NtUninstallKB31772$\3661145636\U\80000004.@
c:\windows\$NtUninstallKB31772$\3661145636\U\80000032.@
c:\windows\$NtUninstallKB31772$\3661145636\version
c:\windows\system32\db2licd.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\driverhardwarev2.dll
c:\windows\$NtUninstallKB31772$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_bcftdi
-------\Legacy_bmwebcfg
-------\Service_bcftdi
-------\Service_bmwebcfg
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 16:07 . 2012-04-04 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\windows-updater
2012-04-04 15:32 . 2012-04-04 15:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 20:38 . 2012-04-03 20:38 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-03 20:38 . 2010-11-22 14:10 69632 ----a-w- c:\windows\system32\vuins32.dll
2012-04-03 20:38 . 2010-11-22 14:10 47104 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2012-04-03 20:38 . 2010-11-22 14:10 319456 ----a-w- c:\windows\system32\difxapi.dll
2012-04-03 18:30 . 2012-04-04 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-04-03 03:35 . 2012-04-03 03:35 187944 ----a-w- c:\windows\system32\nuwtjoxf.dll
2012-04-02 15:25 . 2012-04-03 18:40 -------- d-----w- c:\program files\ESET
2012-03-20 16:26 . 2012-03-20 16:26 -------- d-----w- c:\program files\Burn4Free
2012-03-20 16:16 . 2012-03-20 16:16 -------- d-----w- c:\program files\SweetIM
2012-03-20 16:16 . 2012-03-20 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2012-03-07 20:58 . 2012-03-07 20:58 -------- d-----w- c:\documents and settings\Administrator
2012-03-07 20:53 . 2012-03-07 20:53 -------- d-----w- c:\documents and settings\Kishi\Local Settings\Application Data\ESET
2012-03-07 20:53 . 2012-03-07 20:53 -------- d-----w- c:\documents and settings\Kishi\Application Data\ESET
2012-03-07 20:51 . 2012-03-07 20:51 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 15:48 . 2012-01-02 19:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-02 19:27 . 2012-03-02 19:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-02 19:27 . 2012-02-05 23:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-05 . 9F42478360E9B053A6703DEF39B4CE33 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2012-01-15 130864]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B64656BB-1D2D-E37B-BABE-A7B15B84BB2D}]
2012-04-03 03:35 187944 ----a-w- c:\windows\system32\nuwtjoxf.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-01-15 11:27 1330480 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 1330480]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 1330480]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
@="{B64656BB-1D2D-E37B-BABE-A7B15B84BB2D}"
[HKEY_CLASSES_ROOT\CLSID\{B64656BB-1D2D-E37B-BABE-A7B15B84BB2D}]
2012-04-03 03:35 187944 ----a-w- c:\windows\system32\nuwtjoxf.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-01-19 114992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
setup.exe [2012-4-4 369008]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"47806:TCP"= 47806:TCP:@xpsp2res.dll,-22009
"42929:TCP"= 42929:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R2 sgmresbv;Digital CD Audio Playback Filter Helper;c:\windows\System32\svchost.exe -k netsvcs [14.4.2008 4:42 14336]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.1.2012 13:36 136176]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3.1.2012 13:36 136176]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sgmresbv
bmwebcfg
bcftdi
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 16:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0c18d26e6ad4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 11:36]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 11:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigseekpro.com/burn4free/{D3862C05- ... 0C6A1CF4D7}
mStart Page = hxxp://www.bigseekpro.com/burn4free/{D3862C05- ... 0C6A1CF4D7}
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-33326267.sys
AddRemove-DealBulldog Toolbar - c:\program files\DealBulldog Toolbar\UninstallToolbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-04 18:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1488)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\windows\system32\nuwtjoxf.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDll32.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\setup.exe
.
**************************************************************************
.
Completion time: 2012-04-04 18:10:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 16:10
.
Pre-Run: 12 605 816 832 bytes free
Post-Run: 8 adresárov, 12 818 046 976 voľných bajtov
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8C8151FA07709F23570D6651CCA8FCB1

Chybu mi opravilo PC relativne ide ako ma, len Combofix mi vypol pripojenie k netu a ked som daval naspat pripojit, resp. opravit pripojenie vyhodilo mi: Systemu Windows sa nepodarilo dokoncit opravu problemu, pretoze nie je mozne dokoncit nasledovnu akciu- Obnovuje sa adresa IP.
Ak by sa nasiel niekto kto by bol ochotny sa pozriet na logy a poradit mi kde je chyba bol by som mu velmi vdacny.

[vyosek]

Zdravim a pekny vecer preji

Proto se ComboFix pouziva az na doporuceni. Mate tam peknou mrchu, ZA, jeji leceni je bohuzel zatim zraly na reinstal, ale zkusime to nejak polecit

Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Dejte mi chvili na nastudovani logu

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Driver::
  sgmresbv
  bmwebcfg
  bcftdi
  
  NetSvc::
  sgmresbv
  bmwebcfg
  bcftdi
  
  Collect::
  c:\windows\system32\nuwtjoxf.dll
  
  DDS::
  uStart Page = hxxp://www.bigseekpro.com/burn4free/{D3862C05-4A60-4C7E-9203-EC0C6A1CF4D7}
  mStart Page = hxxp://www.bigseekpro.com/burn4free/{D3862C05-4A60-4C7E-9203-EC0C6A1CF4D7}
  
  File::
  c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0c18d26e6ad4.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  ADS::
  c:\windows\$NtUninstallKB31772$
  
  Folder::
  c:\documents and settings\All Users\Application Data\windows-updater
  c:\program files\SweetIM
  c:\windows\$NtUninstallKB31772$
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SunJavaUpdateSched"=-
  "SweetIM"=-
  "Adobe ARM"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B64656BB-1D2D-E37B-BABE-A7B15B84BB2D}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
  [-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
  [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
  [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
  [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
  [-HKEY_CLASSES_ROOT\CLSID\{B64656BB-1D2D-E37B-BABE-A7B15B84BB2D}]
  
  ClearJavaCache::
  
  AtJob::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Kishi]

nechcelo mi spustit XP tak som restartol stlacil F8 a zvolil poslednu konfiguraciu. Prehodilo mi XP do EN jazyka a ziadny log mi nedalo. Co dalej?

[vyosek]

Pro se win nechtely spustit? ve ktere fazi spousteni bylo ukonceno?

[Kishi]

pri prihlasovani na ucet. Tam zamrzol a nepokracoval dalej.

[vyosek]

Zkuste jeste jednou zopakovat skript pro ComboFix, ale v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti), at vyloucime ze nejde o nejakou jen anomalii...

[Kishi]

spustil som skript a po chvili mi v CF vypisalo chybu v nacitani skriptu ale CF bezi dalej s tym ze mi vyhadzuje tabulku Handle License Agreement

[vyosek]

No pockame az CF dobehne...

[Kishi]

mam tabulku ze je PC infikovany s Rootkit.ZeroAccess. A ma mi restartovat PC.

[vyosek]

Ano, to je a to jsem psal hned na uvod a i u pozorneni ze tohle se veeelmi tezko leci a i na svetovych forech je s tim problem a postup na uspesne vyleceni neni...

[Kishi]

co odporucas ako najlepsiu volbu?preinstalovat windows?

[vyosek]

Pokud se s tim nechcete parat s nejistym vysledkem, tak ano...jine leceni neni zatim

[Kishi]

tak ja to preinstalujem...velmi pekne ti dakujem za pomoc...maj sa

[vyosek]

Neni vubec zac Omlouvam se ze nemam lepsi zpravy, ale tohle je hodne horka novinka, ZA se pekne vyvinul a zatim ani presne nevime co vse poskozuje atd...

Pekny vecer