Virus ktory spomalik pc a zahlcuje pamat

[onkel1]

Dostal sa mi pod ruky tetin počítač a vyzerá že to už má pomaly za sebou. Poprosil by som o rady lebo ja na to sam nestačím

Log z hijackthisu

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:56:19, on 6.4.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\TEMP\gvxjmp\setup.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
\.\globalroot\C:\WINDOWS\system32\svchost.exe
F:\hijackthis_2.00beta.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [RkZCQTVCOUEyN0Q2ODBFOU] C:\Documents and Settings\All Users\ovsgukxd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Irfqfy] C:\Documents and Settings\user\Application Data\Irfqfy.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [System External] RunDll32 "C:\Documents and Settings\LocalService\ethost.dll",Init (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} - http://c6.community.alice.it/download/D ... ctiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E14FE1F-8624-4746-A216-D10E1543D62D}: NameServer = 192.168.1.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\gvxjmp\setup.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 4611 bytes

[vyosek]

Zdravim a pekny den preji

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895 - je podrobnejsi nez HJT

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

[onkel1]

Tak pridávam logy :

z RSIT-u

Logfile of random's system information tool 1.09 (written by random/random)
Run by user at 2012-04-06 12:16:46
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 348 MB (4%) free of 9 GB
Total RAM: 767 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:16:48, on 6.4.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\TEMP\gvxjmp\setup.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
\.\globalroot\C:\WINDOWS\system32\svchost.exe
F:\RSIT.exe
C:\Program Files\trend micro\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [RkZCQTVCOUEyN0Q2ODBFOU] C:\Documents and Settings\All Users\ovsgukxd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Irfqfy] C:\Documents and Settings\user\Application Data\Irfqfy.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [System External] RunDll32 "C:\Documents and Settings\LocalService\ethost.dll",Init (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} - http://c6.community.alice.it/download/D ... ctiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E14FE1F-8624-4746-A216-D10E1543D62D}: NameServer = 192.168.1.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\gvxjmp\setup.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 4620 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1957994488-854245398-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1957994488-854245398-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\y13d0ddj.default

prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "meter@idot.cz:1.081027, {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3.1, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.228 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
NPOFFICE.DLL
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\y13d0ddj.default\extensions\
meter@idot.cz
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"RkZCQTVCOUEyN0Q2ODBFOU"=C:\Documents and Settings\All Users\ovsgukxd.exe []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]
"Irfqfy"=C:\Documents and Settings\user\Application Data\Irfqfy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-28 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:Microsoft Media Collaboration Extender (MCE-In)"
"C:\WINDOWS\system32\wininet.exe"="C:\WINDOWS\system32\wininet.exe:*:Enabled:Windows XP Update"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2012-04-06 12:16:47 ----D---- C:\Program Files\trend micro
2012-04-06 12:16:46 ----D---- C:\rsit
2012-04-06 11:33:45 ----D---- C:\WINDOWS\system32\LogFiles
2012-04-06 10:49:59 ----A---- C:\Documents and Settings\user\Application Data\6816C279.exe
2012-04-06 10:33:40 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2012-04-06 10:32:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-04-06 10:32:22 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-04-06 10:32:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-04-06 10:31:02 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-04-06 10:24:36 ----A---- C:\WINDOWS\system32\MRT.exe
2012-04-05 09:51:21 ----SHD---- C:\Config.Msi
2012-04-05 09:48:59 ----D---- C:\6d5e47130691582ec809376870f7
2012-03-22 16:29:44 ----D---- C:\Documents and Settings\All Users\Application Data\529C505A0000A21B6A4CC3162830AC72
2012-03-13 10:26:43 ----D---- C:\Documents and Settings\user\Application Data\install
2012-03-13 10:26:43 ----D---- C:\directory
2012-03-09 16:37:47 ----ASH---- C:\WINDOWS\system32\dds_trash_log.cmd
2012-03-07 12:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

======List of files/folders modified in the last 1 month======

2012-04-06 12:16:47 ----RD---- C:\Program Files
2012-04-06 12:12:31 ----D---- C:\WINDOWS\Microsoft.NET
2012-04-06 12:12:30 ----RSD---- C:\WINDOWS\assembly
2012-04-06 11:56:22 ----D---- C:\WINDOWS\Prefetch
2012-04-06 11:51:52 ----D---- C:\WINDOWS\system32
2012-04-06 11:51:35 ----D---- C:\WINDOWS\Temp
2012-04-06 11:51:35 ----D---- C:\WINDOWS
2012-04-06 11:50:58 ----D---- C:\Documents and Settings\user\Application Data\Skype
2012-04-06 11:49:40 ----D---- C:\WINDOWS\system32\drivers
2012-04-06 11:49:13 ----D---- C:\WINDOWS\security
2012-04-06 11:49:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-04-06 11:44:55 ----HD---- C:\WINDOWS\inf
2012-04-06 11:41:50 ----SHD---- C:\WINDOWS\Installer
2012-04-06 11:39:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-04-06 11:37:33 ----D---- C:\WINDOWS\WinSxS
2012-04-06 11:32:13 ----D---- C:\WINDOWS\system32\CatRoot2
2012-04-06 11:29:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2012-04-06 10:50:12 ----SHD---- C:\System Volume Information
2012-04-06 10:50:12 ----D---- C:\WINDOWS\system32\Restore
2012-04-06 10:38:35 ----D---- C:\WINDOWS\system32\CatRoot_bak
2012-04-06 10:38:35 ----D---- C:\WINDOWS\system32\CatRoot
2012-04-06 10:31:12 ----SD---- C:\WINDOWS\Tasks
2012-04-05 09:47:16 ----D---- C:\WINDOWS\Minidump
2012-03-23 17:36:24 ----D---- C:\WINDOWS\system32\inetsrv
2012-03-23 17:36:24 ----D---- C:\WINDOWS\system32\1028
2012-03-23 17:33:13 ----D---- C:\WINDOWS\system32\export
2012-03-12 10:59:28 ----D---- C:\Program Files\Mozilla Firefox
2012-03-10 13:19:00 ----D---- C:\Program Files\Windows Media Player
2012-03-09 16:42:07 ----D---- C:\WINDOWS\system32\drivers\etc
2012-03-07 12:34:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-07 12:34:18 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2004-08-04 44672]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 zhynbowcjiqat3;zhynbowcjiqat3.sys; C:\WINDOWS\system32\drivers\zhynbowcjiqat3.sys [2012-04-06 72192]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2010-09-23 46592]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-08-10 204672]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2006-06-02 236800]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMService;AMService; C:\WINDOWS\TEMP\gvxjmp\setup.exe [2012-03-14 59904]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 tangoservice;QWAVEDRV; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-29 136176]
S2 lcs;Rpskt; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 mzdsxczv;Mouse Class Helper; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 WDM_YAMAHAAC97;Mssqlserver; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-29 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------





a z RK:


RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spustené v : Normálny režim
Užívateľ: user [Práva Správcu]
Režim: Kontrola -- Dátum: 04/06/2012 12:17:53

¤¤¤ Škodlivé procesy: 2 ¤¤¤
[SUSP PATH] setup.exe -- C:\WINDOWS\TEMP\gvxjmp\setup.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- \\.\globalroot\SystemRoot\system32\svchost.exe -> KILLED [TermProc]

¤¤¤ Záznamy Registrov: 5 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Irfqfy (C:\Documents and Settings\user\Application Data\Irfqfy.exe) -> FOUND
[SUSP PATH] HKUS\.DEFAULT[...]\Run : PC Health Status (C:\Documents and Settings\user\Application Data\fqrmqdpd.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1060284298-1957994488-854245398-1003[...]\Run : Irfqfy (C:\Documents and Settings\user\Application Data\Irfqfy.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Run : PC Health Status (C:\Documents and Settings\user\Application Data\fqrmqdpd.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤
[FAKED] mf.sys : c:\windows\system32\drivers\mf.sys --> CANNOT FIX
[FAKED] netbt.sys : c:\windows\system32\drivers\netbt.sys --> CANNOT FIX
[FAKED] nic1394.sys : c:\windows\system32\drivers\nic1394.sys --> CANNOT FIX
[FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX

¤¤¤ Ovládač: [NAHRATÉ] ¤¤¤

¤¤¤ Nákaza : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ Súbor HOSTS: ¤¤¤


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6E040L0 +++++
--- User ---
[MBR] 637bf760da85dcfe04271171e221fec8
[BSP] 0e927195d6126622fddbeb01380ee729 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 9201 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 18844245 | Size: 29996 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: USB 2.0 Flash Disk USB Device +++++
--- User ---
[MBR] 16bb170d881993d75e02499f1e72f5e2
[BSP] dec9f0908d0564afbcbcc26fa1ab4266 : Standard MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 1927 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončené : << RKreport[1].txt >>
RKreport[1].txt

[vyosek]

Nedavejte prosim logy do quote

Heh, no je tam, krom teda jineho, pekna mrcha v podobe ZeroAcess - jeji leceni zatim je spise neuspesne nez uspesne, jelikoz dela se systemem silene psi kusy. I s kolegy ze zahranicnich for stale diskutujem a snazime se najit zpusob leceni, ale zatim format je nejjistejsi a neucinnejsi. Ale muzem se pokus o jeho vyleceni, ovsem vysledek nezarucuju.

Takze, pujdem do toho

[onkel1]

Určite podme, tu nieje čo stratiť a možno prídeme na niečo nové ....

[vyosek]

Spustte znovu RogueKiller

• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Kliknete na volbu Change parametrs
• V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
• Kliknete na OK
• Utilite prikazte, at skenuje - klik na Start Scan
• Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
• Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
• Pokud mate vsude Skip, kliknete na Continue
• Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

[onkel1]

Tak log z RK:
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spustené v : Normálny režim
Užívateľ: user [Práva Správcu]
Režim: Odebrať -- Dátum: 04/06/2012 12:31:13

¤¤¤ Škodlivé procesy: 2 ¤¤¤
[HJ NAME] svchost.exe -- \\.\globalroot\SystemRoot\system32\svchost.exe -> KILLED [TermProc]
[RESIDUE] svchost.exe -- \\.\globalroot\SystemRoot\system32\svchost.exe -> KILLED [TermProc]

¤¤¤ Záznamy Registrov: 0 ¤¤¤

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤
[FAKED] mf.sys : c:\windows\system32\drivers\mf.sys --> CANNOT FIX
[FAKED] netbt.sys : c:\windows\system32\drivers\netbt.sys --> CANNOT FIX
[FAKED] nic1394.sys : c:\windows\system32\drivers\nic1394.sys --> CANNOT FIX
[FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX

¤¤¤ Ovládač: [NAHRATÉ] ¤¤¤

¤¤¤ Nákaza : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ Súbor HOSTS: ¤¤¤


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6E040L0 +++++
--- User ---
[MBR] 637bf760da85dcfe04271171e221fec8
[BSP] 0e927195d6126622fddbeb01380ee729 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 9201 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 18844245 | Size: 29996 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: USB 2.0 Flash Disk USB Device +++++
--- User ---
[MBR] 16bb170d881993d75e02499f1e72f5e2
[BSP] dec9f0908d0564afbcbcc26fa1ab4266 : Standard MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 1927 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončené : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt


a este log aj z TSTSSKilleru

12:31:46.0184 3108 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
12:31:46.0294 3108 ============================================================
12:31:46.0294 3108 Current date / time: 2012/04/06 12:31:46.0294
12:31:46.0294 3108 SystemInfo:
12:31:46.0294 3108
12:31:46.0294 3108 OS Version: 5.1.2600 ServicePack: 2.0
12:31:46.0294 3108 Product type: Workstation
12:31:46.0294 3108 ComputerName: USER-8E69AB6B10
12:31:46.0294 3108 UserName: user
12:31:46.0294 3108 Windows directory: C:\WINDOWS
12:31:46.0294 3108 System windows directory: C:\WINDOWS
12:31:46.0294 3108 Processor architecture: Intel x86
12:31:46.0294 3108 Number of processors: 1
12:31:46.0294 3108 Page size: 0x1000
12:31:46.0294 3108 Boot type: Normal boot
12:31:46.0294 3108 ============================================================
12:31:47.0566 3108 Drive \Device\Harddisk0\DR0 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:31:47.0566 3108 Drive \Device\Harddisk1\DR7 - Size: 0x787FFE00 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:31:47.0566 3108 \Device\Harddisk0\DR0:
12:31:47.0566 3108 MBR used
12:31:47.0566 3108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11F8A16
12:31:47.0576 3108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11F8A94, BlocksNum 0x3A962B1
12:31:47.0576 3108 \Device\Harddisk1\DR7:
12:31:47.0576 3108 MBR used
12:31:47.0576 3108 \Device\Harddisk1\DR7\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3C3FC0
12:31:47.0686 3108 Initialize success
12:31:47.0686 3108 ============================================================
12:32:13.0984 3468 ============================================================
12:32:13.0984 3468 Scan started
12:32:13.0984 3468 Mode: Manual; SigCheck; TDLFS;
12:32:13.0984 3468 ============================================================
12:32:14.0204 3468 Abiosdsk - ok
12:32:14.0265 3468 abp480n5 - ok
12:32:14.0325 3468 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:32:16.0137 3468 ACPI - ok
12:32:16.0237 3468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:32:16.0528 3468 ACPIEC - ok
12:32:16.0618 3468 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:32:16.0638 3468 AdobeFlashPlayerUpdateSvc - ok
12:32:16.0698 3468 adpu160m - ok
12:32:16.0758 3468 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
12:32:17.0039 3468 aec - ok
12:32:17.0189 3468 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
12:32:17.0259 3468 AFD - ok
12:32:17.0309 3468 Aha154x - ok
12:32:17.0349 3468 aic78u2 - ok
12:32:17.0419 3468 aic78xx - ok
12:32:17.0479 3468 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
12:32:17.0770 3468 Alerter - ok
12:32:17.0840 3468 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
12:32:17.0970 3468 ALG - ok
12:32:18.0050 3468 AliIde - ok
12:32:18.0100 3468 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
12:32:18.0370 3468 AmdK7 - ok
12:32:18.0461 3468 AMService - ok
12:32:18.0531 3468 amsint - ok
12:32:18.0601 3468 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
12:32:18.0731 3468 AppMgmt - ok
12:32:18.0801 3468 asc - ok
12:32:18.0841 3468 asc3350p - ok
12:32:18.0881 3468 asc3550 - ok
12:32:19.0001 3468 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:32:19.0011 3468 aspnet_state - ok
12:32:19.0102 3468 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:32:19.0392 3468 AsyncMac - ok
12:32:19.0492 3468 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:32:19.0793 3468 atapi - ok
12:32:19.0853 3468 Atdisk - ok
12:32:19.0923 3468 ATIBTXBAR (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\starwindserviceae.dll
12:32:19.0923 3468 ATIBTXBAR ( Backdoor.Multi.ZAccess.gen ) - infected
12:32:19.0923 3468 ATIBTXBAR - detected Backdoor.Multi.ZAccess.gen (0)
12:32:20.0023 3468 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:32:20.0323 3468 Atmarpc - ok
12:32:20.0403 3468 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
12:32:20.0704 3468 AudioSrv - ok
12:32:20.0794 3468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:32:21.0074 3468 audstub - ok
12:32:21.0164 3468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:32:21.0435 3468 Beep - ok
12:32:21.0525 3468 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
12:32:21.0855 3468 BITS - ok
12:32:21.0916 3468 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
12:32:22.0226 3468 Browser - ok
12:32:22.0326 3468 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
12:32:22.0577 3468 BthEnum - ok
12:32:22.0637 3468 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
12:32:22.0977 3468 BthPan - ok
12:32:23.0067 3468 BTHPORT (95ef6f3f386d93ee1e4d9ca45a50252a) C:\WINDOWS\system32\Drivers\BTHport.sys
12:32:23.0117 3468 BTHPORT - ok
12:32:23.0177 3468 BthServ (a18cc8c9b3890b1b68bed213716fef6b) C:\WINDOWS\System32\bthserv.dll
12:32:23.0438 3468 BthServ - ok
12:32:23.0508 3468 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:32:23.0868 3468 BTHUSB - ok
12:32:23.0949 3468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:32:24.0229 3468 cbidf2k - ok
12:32:24.0309 3468 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:32:24.0599 3468 CCDECODE - ok
12:32:24.0670 3468 cd20xrnt - ok
12:32:24.0730 3468 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:32:25.0020 3468 Cdaudio - ok
12:32:25.0090 3468 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
12:32:25.0351 3468 Cdfs - ok
12:32:25.0451 3468 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:32:25.0761 3468 Cdrom - ok
12:32:25.0821 3468 Changer - ok
12:32:25.0881 3468 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
12:32:26.0142 3468 CiSvc - ok
12:32:26.0212 3468 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
12:32:26.0492 3468 ClipSrv - ok
12:32:26.0582 3468 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:32:26.0592 3468 clr_optimization_v2.0.50727_32 - ok
12:32:26.0652 3468 CmdIde - ok
12:32:26.0702 3468 COMSysApp - ok
12:32:26.0763 3468 Cpqarray - ok
12:32:26.0813 3468 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
12:32:27.0113 3468 CryptSvc - ok
12:32:27.0173 3468 dac2w2k - ok
12:32:27.0203 3468 dac960nt - ok
12:32:27.0293 3468 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
12:32:27.0423 3468 DcomLaunch - ok
12:32:27.0504 3468 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
12:32:27.0774 3468 Dhcp - ok
12:32:27.0874 3468 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
12:32:28.0175 3468 Disk - ok
12:32:28.0225 3468 dmadmin - ok
12:32:28.0335 3468 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
12:32:28.0685 3468 dmboot - ok
12:32:28.0775 3468 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
12:32:29.0016 3468 dmio - ok
12:32:29.0076 3468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:32:29.0356 3468 dmload - ok
12:32:29.0426 3468 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
12:32:29.0707 3468 dmserver - ok
12:32:29.0817 3468 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
12:32:30.0077 3468 DMusic - ok
12:32:30.0137 3468 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
12:32:30.0388 3468 Dnscache - ok
12:32:30.0478 3468 dpti2o - ok
12:32:30.0528 3468 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
12:32:30.0788 3468 drmkaud - ok
12:32:30.0868 3468 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
12:32:31.0139 3468 ERSvc - ok
12:32:31.0219 3468 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
12:32:31.0299 3468 Eventlog - ok
12:32:31.0389 3468 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll
12:32:31.0439 3468 EventSystem - ok
12:32:31.0529 3468 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
12:32:31.0790 3468 Fastfat - ok
12:32:31.0870 3468 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
12:32:32.0100 3468 FastUserSwitchingCompatibility - ok
12:32:32.0180 3468 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:32:32.0461 3468 Fdc - ok
12:32:32.0551 3468 FET5X86V (92cbce0913661ff966f9fb696a1775a5) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
12:32:32.0591 3468 FET5X86V - ok
12:32:32.0661 3468 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
12:32:32.0931 3468 Fips - ok
12:32:33.0002 3468 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:32:33.0232 3468 Flpydisk - ok
12:32:33.0322 3468 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:32:33.0582 3468 FltMgr - ok
12:32:33.0672 3468 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:32:33.0693 3468 FontCache3.0.0.0 - ok
12:32:33.0773 3468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:32:34.0053 3468 Fs_Rec - ok
12:32:34.0143 3468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:32:34.0384 3468 Ftdisk - ok
12:32:34.0454 3468 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
12:32:34.0764 3468 gameenum - ok
12:32:34.0844 3468 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:32:35.0155 3468 Gpc - ok
12:32:35.0225 3468 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:32:35.0235 3468 gupdate - ok
12:32:35.0255 3468 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:32:35.0275 3468 gupdatem - ok
12:32:35.0365 3468 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:32:35.0635 3468 helpsvc - ok
12:32:35.0685 3468 HidServ - ok
12:32:35.0776 3468 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:32:36.0066 3468 HidUsb - ok
12:32:36.0136 3468 hpn - ok
12:32:36.0216 3468 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
12:32:36.0266 3468 HTTP - ok
12:32:36.0326 3468 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
12:32:36.0587 3468 HTTPFilter - ok
12:32:36.0657 3468 i2omgmt - ok
12:32:36.0677 3468 i2omp - ok
12:32:36.0747 3468 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:32:37.0037 3468 i8042prt - ok
12:32:37.0168 3468 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:32:37.0258 3468 idsvc - ok
12:32:37.0358 3468 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:32:37.0598 3468 Imapi - ok
12:32:37.0668 3468 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
12:32:37.0889 3468 ImapiService - ok
12:32:37.0979 3468 ini910u - ok
12:32:38.0029 3468 IntelIde - ok
12:32:38.0089 3468 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:32:38.0359 3468 Ip6Fw - ok
12:32:38.0419 3468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:32:38.0690 3468 IpFilterDriver - ok
12:32:38.0770 3468 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:32:39.0000 3468 IpInIp - ok
12:32:39.0080 3468 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:32:39.0331 3468 IpNat - ok
12:32:39.0431 3468 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:32:39.0711 3468 IPSec - ok
12:32:39.0781 3468 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:32:39.0891 3468 IRENUM - ok
12:32:39.0962 3468 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:32:40.0202 3468 isapnp - ok
12:32:40.0282 3468 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:32:40.0552 3468 Kbdclass - ok
12:32:40.0653 3468 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
12:32:40.0843 3468 kmixer - ok
12:32:40.0953 3468 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
12:32:41.0023 3468 KSecDD - ok
12:32:41.0103 3468 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
12:32:41.0333 3468 lanmanserver - ok
12:32:41.0444 3468 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
12:32:41.0484 3468 lanmanworkstation - ok
12:32:41.0544 3468 lbrtfdc - ok
12:32:41.0594 3468 lcs - ok
12:32:41.0664 3468 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
12:32:41.0924 3468 LmHosts - ok
12:32:42.0024 3468 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
12:32:42.0145 3468 McComponentHostService - ok
12:32:42.0225 3468 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
12:32:42.0485 3468 Messenger - ok
12:32:42.0595 3468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:32:42.0796 3468 mnmdd - ok
12:32:42.0866 3468 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
12:32:43.0086 3468 mnmsrvc - ok
12:32:43.0166 3468 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
12:32:43.0406 3468 Modem - ok
12:32:43.0487 3468 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:32:43.0727 3468 Mouclass - ok
12:32:43.0817 3468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:32:44.0037 3468 mouhid - ok
12:32:44.0148 3468 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
12:32:44.0388 3468 MountMgr - ok
12:32:44.0448 3468 mraid35x - ok
12:32:44.0548 3468 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:32:44.0778 3468 MRxDAV - ok
12:32:44.0909 3468 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:32:44.0959 3468 MRxSmb - ok
12:32:45.0039 3468 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
12:32:45.0319 3468 MSDTC - ok
12:32:45.0399 3468 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
12:32:45.0640 3468 Msfs - ok
12:32:45.0680 3468 MSIServer - ok
12:32:45.0770 3468 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:32:46.0000 3468 MSKSSRV - ok
12:32:46.0090 3468 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:32:46.0301 3468 MSPCLOCK - ok
12:32:46.0401 3468 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
12:32:46.0631 3468 MSPQM - ok
12:32:46.0711 3468 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:32:46.0952 3468 mssmbios - ok
12:32:47.0042 3468 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
12:32:47.0262 3468 MSTEE - ok
12:32:47.0342 3468 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
12:32:47.0552 3468 ms_mpu401 - ok
12:32:47.0633 3468 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
12:32:47.0863 3468 Mup - ok
12:32:47.0923 3468 mzdsxczv - ok
12:32:48.0003 3468 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:32:48.0233 3468 NABTSFEC - ok
12:32:48.0324 3468 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
12:32:48.0524 3468 NDIS - ok
12:32:48.0604 3468 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:32:48.0834 3468 NdisIP - ok
12:32:48.0894 3468 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:32:49.0125 3468 NdisTapi - ok
12:32:49.0215 3468 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:32:49.0445 3468 Ndisuio - ok
12:32:49.0505 3468 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:32:49.0756 3468 NdisWan - ok
12:32:49.0836 3468 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
12:32:50.0056 3468 NDProxy - ok
12:32:50.0136 3468 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:32:50.0377 3468 NetBIOS - ok
12:32:50.0477 3468 NetBT (a711f4d3b8efc6e887648213f2a97374) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:32:50.0477 3468 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: a711f4d3b8efc6e887648213f2a97374, Fake md5: 0c80e410cd2f47134407ee7dd19cc86b
12:32:50.0487 3468 NetBT ( Virus.Win32.ZAccess.c ) - infected
12:32:50.0487 3468 NetBT - detected Virus.Win32.ZAccess.c (0)
12:32:50.0557 3468 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
12:32:50.0787 3468 NetDDE - ok
12:32:50.0807 3468 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
12:32:51.0067 3468 NetDDEdsdm - ok
12:32:51.0158 3468 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
12:32:51.0378 3468 Netlogon - ok
12:32:51.0478 3468 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
12:32:51.0718 3468 Netman - ok
12:32:51.0829 3468 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:32:51.0839 3468 NetTcpPortSharing - ok
12:32:52.0029 3468 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
12:32:52.0149 3468 Nla - ok
12:32:52.0309 3468 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
12:32:52.0560 3468 Npfs - ok
12:32:52.0670 3468 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
12:32:53.0030 3468 Ntfs - ok
12:32:53.0090 3468 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
12:32:53.0461 3468 NtLmSsp - ok
12:32:53.0571 3468 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
12:32:54.0012 3468 NtmsSvc - ok
12:32:54.0112 3468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:32:54.0512 3468 Null - ok
12:32:54.0673 3468 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:32:55.0153 3468 nv - ok
12:32:55.0274 3468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:32:55.0634 3468 NwlnkFlt - ok
12:32:55.0724 3468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:32:56.0115 3468 NwlnkFwd - ok
12:32:56.0185 3468 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:32:56.0205 3468 ose - ok
12:32:56.0285 3468 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
12:32:56.0726 3468 Parport - ok
12:32:56.0806 3468 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
12:32:57.0156 3468 PartMgr - ok
12:32:57.0246 3468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:32:57.0547 3468 ParVdm - ok
12:32:57.0657 3468 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
12:32:57.0947 3468 PCI - ok
12:32:57.0997 3468 PCIDump - ok
12:32:58.0048 3468 PCIIde - ok
12:32:58.0088 3468 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:32:58.0318 3468 Pcmcia - ok
12:32:58.0378 3468 PDCOMP - ok
12:32:58.0408 3468 PDFRAME - ok
12:32:58.0448 3468 PDRELI - ok
12:32:58.0478 3468 PDRFRAME - ok
12:32:58.0518 3468 perc2 - ok
12:32:58.0548 3468 perc2hib - ok
12:32:58.0628 3468 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
12:32:58.0739 3468 PlugPlay - ok
12:32:58.0809 3468 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
12:32:59.0039 3468 PolicyAgent - ok
12:32:59.0109 3468 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:32:59.0319 3468 PptpMiniport - ok
12:32:59.0379 3468 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
12:32:59.0600 3468 ProtectedStorage - ok
12:32:59.0670 3468 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
12:32:59.0870 3468 PSched - ok
12:32:59.0930 3468 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:32:59.0940 3468 PSI_SVC_2 - ok
12:33:00.0020 3468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:33:00.0271 3468 Ptilink - ok
12:33:00.0321 3468 ql1080 - ok
12:33:00.0361 3468 Ql10wnt - ok
12:33:00.0401 3468 ql12160 - ok
12:33:00.0441 3468 ql1240 - ok
12:33:00.0491 3468 ql1280 - ok
12:33:00.0551 3468 rampartsvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\Appn.dll
12:33:00.0551 3468 rampartsvc ( Backdoor.Multi.ZAccess.gen ) - infected
12:33:00.0551 3468 rampartsvc - detected Backdoor.Multi.ZAccess.gen (0)
12:33:00.0621 3468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:33:00.0832 3468 RasAcd - ok
12:33:00.0892 3468 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
12:33:01.0162 3468 RasAuto - ok
12:33:01.0242 3468 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:33:01.0442 3468 Rasl2tp - ok
12:33:01.0533 3468 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
12:33:01.0763 3468 RasMan - ok
12:33:01.0843 3468 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:33:02.0043 3468 RasPppoe - ok
12:33:02.0113 3468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:33:02.0344 3468 Raspti - ok
12:33:02.0414 3468 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:33:02.0634 3468 Rdbss - ok
12:33:02.0714 3468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:33:03.0165 3468 RDPCDD - ok
12:33:03.0255 3468 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:33:03.0475 3468 rdpdr - ok
12:33:03.0585 3468 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
12:33:03.0796 3468 RDPWD - ok
12:33:03.0896 3468 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
12:33:04.0126 3468 RDSessMgr - ok
12:33:04.0196 3468 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:33:04.0387 3468 redbook - ok
12:33:04.0467 3468 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
12:33:04.0687 3468 RemoteAccess - ok
12:33:04.0757 3468 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
12:33:05.0008 3468 RemoteRegistry - ok
12:33:05.0088 3468 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
12:33:05.0298 3468 RFCOMM - ok
12:33:05.0368 3468 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
12:33:05.0588 3468 RpcLocator - ok
12:33:05.0709 3468 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
12:33:05.0819 3468 RpcSs - ok
12:33:05.0889 3468 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:33:06.0149 3468 RSVP - ok
12:33:06.0249 3468 RT2500 (ae1e626f00180bfb3ca5a81fffc65332) C:\WINDOWS\system32\DRIVERS\RT2500.sys
12:33:06.0299 3468 RT2500 - ok
12:33:06.0380 3468 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\WINDOWS\system32\DRIVERS\s125bus.sys
12:33:06.0400 3468 s125bus - ok
12:33:06.0480 3468 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\WINDOWS\system32\DRIVERS\s125mdfl.sys
12:33:06.0490 3468 s125mdfl - ok
12:33:06.0560 3468 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\WINDOWS\system32\DRIVERS\s125mdm.sys
12:33:06.0570 3468 s125mdm - ok
12:33:06.0680 3468 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\WINDOWS\system32\DRIVERS\s125mgmt.sys
12:33:06.0700 3468 s125mgmt - ok
12:33:06.0780 3468 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\WINDOWS\system32\DRIVERS\s125obex.sys
12:33:06.0800 3468 s125obex - ok
12:33:06.0860 3468 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
12:33:07.0050 3468 SamSs - ok
12:33:07.0131 3468 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
12:33:07.0341 3468 SCardSvr - ok
12:33:07.0431 3468 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
12:33:07.0681 3468 Schedule - ok
12:33:07.0772 3468 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:33:07.0892 3468 Secdrv - ok
12:33:07.0952 3468 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
12:33:08.0182 3468 seclogon - ok
12:33:08.0252 3468 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
12:33:08.0473 3468 SENS - ok
12:33:08.0553 3468 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:33:08.0773 3468 serenum - ok
12:33:08.0853 3468 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
12:33:09.0073 3468 Serial - ok
12:33:09.0194 3468 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:33:09.0384 3468 Sfloppy - ok
12:33:09.0474 3468 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
12:33:09.0724 3468 SharedAccess - ok
12:33:09.0794 3468 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
12:33:10.0025 3468 ShellHWDetection - ok
12:33:10.0095 3468 Simbad - ok
12:33:10.0165 3468 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:33:10.0375 3468 SLIP - ok
12:33:10.0475 3468 Sparrow - ok
12:33:10.0525 3468 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
12:33:10.0746 3468 splitter - ok
12:33:10.0826 3468 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
12:33:11.0036 3468 Spooler - ok
12:33:11.0126 3468 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
12:33:11.0367 3468 sr - ok
12:33:11.0437 3468 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
12:33:11.0557 3468 srservice - ok
12:33:11.0667 3468 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
12:33:11.0727 3468 Srv - ok
12:33:11.0817 3468 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
12:33:11.0948 3468 SSDPSRV - ok
12:33:12.0028 3468 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
12:33:12.0238 3468 stisvc - ok
12:33:12.0328 3468 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:33:12.0548 3468 streamip - ok
12:33:12.0628 3468 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:33:12.0849 3468 swenum - ok
12:33:12.0929 3468 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
12:33:13.0129 3468 swmidi - ok
12:33:13.0189 3468 SwPrv - ok
12:33:13.0239 3468 symc810 - ok
12:33:13.0289 3468 symc8xx - ok
12:33:13.0340 3468 sym_hi - ok
12:33:13.0390 3468 sym_u3 - ok
12:33:13.0420 3468 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
12:33:13.0630 3468 sysaudio - ok
12:33:13.0720 3468 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
12:33:13.0920 3468 SysmonLog - ok
12:33:14.0010 3468 tangoservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\sweepsrv.sys.dll
12:33:14.0010 3468 tangoservice ( Backdoor.Multi.ZAccess.gen ) - infected
12:33:14.0010 3468 tangoservice - detected Backdoor.Multi.ZAccess.gen (0)
12:33:14.0121 3468 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
12:33:14.0311 3468 TapiSrv - ok
12:33:14.0411 3468 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:33:14.0521 3468 Tcpip - ok
12:33:14.0601 3468 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:33:14.0802 3468 TDPIPE - ok
12:33:14.0882 3468 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
12:33:15.0082 3468 TDTCP - ok
12:33:15.0172 3468 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:33:15.0352 3468 TermDD - ok
12:33:15.0443 3468 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
12:33:15.0673 3468 TermService - ok
12:33:15.0733 3468 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
12:33:15.0943 3468 Themes - ok
12:33:16.0023 3468 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
12:33:16.0134 3468 TlntSvr - ok
12:33:16.0194 3468 TosIde - ok
12:33:16.0264 3468 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
12:33:16.0454 3468 TrkWks - ok
12:33:16.0564 3468 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
12:33:16.0784 3468 uagp35 - ok
12:33:16.0875 3468 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
12:33:17.0085 3468 Udfs - ok
12:33:17.0145 3468 ultra - ok
12:33:17.0225 3468 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
12:33:17.0235 3468 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
12:33:17.0235 3468 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
12:33:17.0335 3468 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
12:33:17.0546 3468 Update - ok
12:33:17.0626 3468 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
12:33:17.0746 3468 upnphost - ok
12:33:17.0836 3468 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
12:33:18.0036 3468 UPS - ok
12:33:18.0116 3468 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:33:18.0317 3468 usbccgp - ok
12:33:18.0407 3468 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:33:18.0607 3468 usbehci - ok
12:33:18.0657 3468 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:33:18.0877 3468 usbhub - ok
12:33:18.0968 3468 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:33:19.0178 3468 usbscan - ok
12:33:19.0248 3468 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:33:19.0458 3468 USBSTOR - ok
12:33:19.0568 3468 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:33:19.0759 3468 usbuhci - ok
12:33:19.0839 3468 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
12:33:20.0029 3468 usbvideo - ok
12:33:20.0119 3468 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
12:33:20.0310 3468 VgaSave - ok
12:33:20.0420 3468 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:33:20.0630 3468 ViaIde - ok
12:33:20.0710 3468 VIAudio (5e02b47671ec147251ab5487d039474d) C:\WINDOWS\system32\drivers\vinyl97.sys
12:33:20.0760 3468 VIAudio - ok
12:33:20.0840 3468 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
12:33:21.0051 3468 VolSnap - ok
12:33:21.0151 3468 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
12:33:21.0271 3468 VSS - ok
12:33:21.0341 3468 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
12:33:21.0541 3468 W32Time - ok
12:33:21.0631 3468 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:33:21.0852 3468 Wanarp - ok
12:33:21.0922 3468 WDICA - ok
12:33:22.0002 3468 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
12:33:22.0232 3468 wdmaud - ok
12:33:22.0272 3468 WDM_YAMAHAAC97 - ok
12:33:22.0332 3468 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
12:33:22.0543 3468 WebClient - ok
12:33:22.0643 3468 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:33:22.0843 3468 winmgmt - ok
12:33:22.0993 3468 WmdmPmSN (c086483e3dba8c1c0a687ec8d5b3d4c1) C:\WINDOWS\system32\mspmsnsv.dll
12:33:23.0214 3468 WmdmPmSN - ok
12:33:23.0454 3468 Wmi (1081c185aed0660b2b5f173c3e023b23) C:\WINDOWS\System32\advapi32.dll
12:33:23.0624 3468 Wmi - ok
12:33:23.0744 3468 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:33:23.0975 3468 WmiApSrv - ok
12:33:24.0085 3468 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:33:24.0275 3468 WSTCODEC - ok
12:33:24.0355 3468 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
12:33:24.0556 3468 wuauserv - ok
12:33:24.0646 3468 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
12:33:24.0876 3468 WZCSVC - ok
12:33:24.0966 3468 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
12:33:25.0187 3468 xmlprov - ok
12:33:25.0267 3468 zhynbowcjiqat3 (30bc6dd10c7c38a2425fb8e435a256ca) C:\WINDOWS\system32\drivers\zhynbowcjiqat3.sys
12:33:25.0267 3468 Suspicious file (Hidden): C:\WINDOWS\system32\drivers\zhynbowcjiqat3.sys. md5: 30bc6dd10c7c38a2425fb8e435a256ca
12:33:25.0267 3468 zhynbowcjiqat3 ( HiddenFile.Multi.Generic ) - warning
12:33:25.0267 3468 zhynbowcjiqat3 - detected HiddenFile.Multi.Generic (1)
12:33:25.0377 3468 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:33:25.0537 3468 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:33:25.0537 3468 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:33:25.0567 3468 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR7
12:33:28.0031 3468 \Device\Harddisk1\DR7 - ok
12:33:28.0051 3468 Boot (0x1200) (4c217f2cd03213f8a2bc1e27f8bd979e) \Device\Harddisk0\DR0\Partition0
12:33:28.0051 3468 \Device\Harddisk0\DR0\Partition0 - ok
12:33:28.0091 3468 Boot (0x1200) (d94d46aa6f6f9f0320cb9e864465d6e8) \Device\Harddisk0\DR0\Partition1
12:33:28.0091 3468 \Device\Harddisk0\DR0\Partition1 - ok
12:33:28.0101 3468 Boot (0x1200) (0efa3c4f6f976ece34898cadfe3201ca) \Device\Harddisk1\DR7\Partition0
12:33:28.0101 3468 \Device\Harddisk1\DR7\Partition0 - ok
12:33:28.0121 3468 ============================================================
12:33:28.0121 3468 Scan finished
12:33:28.0121 3468 ============================================================
12:33:28.0281 0260 Detected object count: 7
12:33:28.0281 0260 Actual detected object count: 7
12:34:02.0650 0260 ATIBTXBAR ( Backdoor.Multi.ZAccess.gen ) - skipped by user
12:34:02.0650 0260 ATIBTXBAR ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
12:34:02.0660 0260 NetBT ( Virus.Win32.ZAccess.c ) - skipped by user
12:34:02.0660 0260 NetBT ( Virus.Win32.ZAccess.c ) - User select action: Skip
12:34:02.0690 0260 rampartsvc ( Backdoor.Multi.ZAccess.gen ) - skipped by user
12:34:02.0690 0260 rampartsvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
12:34:02.0700 0260 tangoservice ( Backdoor.Multi.ZAccess.gen ) - skipped by user
12:34:02.0700 0260 tangoservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
12:34:02.0711 0260 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:02.0711 0260 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:34:02.0731 0260 zhynbowcjiqat3 ( HiddenFile.Multi.Generic ) - skipped by user
12:34:02.0731 0260 zhynbowcjiqat3 ( HiddenFile.Multi.Generic ) - User select action: Skip
12:34:02.0741 0260 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:34:02.0741 0260 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
12:34:07.0497 3084 Deinitialize success

[vyosek]

Nyni znovu sken TDSSKillerem, nechte predvolene akce co budou, pouze u polozky \Device\Harddisk0\DR0 ( TDSS File System ) zkontrolujte jestli je tam Delete

Po restartu bude log, ten supnete sem

[onkel1]

Ospravedlnujem sa nedal som na prvykrat delete tak mam logy 2

13:08:42.0701 1028 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
13:08:42.0792 1028 ============================================================
13:08:42.0792 1028 Current date / time: 2012/04/06 13:08:42.0792
13:08:42.0792 1028 SystemInfo:
13:08:42.0792 1028
13:08:42.0792 1028 OS Version: 5.1.2600 ServicePack: 2.0
13:08:42.0792 1028 Product type: Workstation
13:08:42.0792 1028 ComputerName: USER-8E69AB6B10
13:08:42.0792 1028 UserName: user
13:08:42.0792 1028 Windows directory: C:\WINDOWS
13:08:42.0792 1028 System windows directory: C:\WINDOWS
13:08:42.0792 1028 Processor architecture: Intel x86
13:08:42.0792 1028 Number of processors: 1
13:08:42.0792 1028 Page size: 0x1000
13:08:42.0792 1028 Boot type: Normal boot
13:08:42.0792 1028 ============================================================
13:08:43.0082 1028 Drive \Device\Harddisk0\DR0 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:08:43.0092 1028 Drive \Device\Harddisk1\DR9 - Size: 0x787FFE00 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:08:43.0092 1028 \Device\Harddisk0\DR0:
13:08:43.0092 1028 MBR used
13:08:43.0092 1028 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11F8A16
13:08:43.0102 1028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11F8A94, BlocksNum 0x3A962B1
13:08:43.0102 1028 \Device\Harddisk1\DR9:
13:08:43.0102 1028 MBR used
13:08:43.0102 1028 \Device\Harddisk1\DR9\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3C3FC0
13:08:43.0172 1028 Initialize success
13:08:43.0172 1028 ============================================================
13:08:44.0955 3508 ============================================================
13:08:44.0955 3508 Scan started
13:08:44.0955 3508 Mode: Manual;
13:08:44.0955 3508 ============================================================
13:08:45.0716 3508 50819341 (58169ffb207940d4d84b4e85db02cc1e) C:\WINDOWS\system32\drivers\29854925.sys
13:08:45.0786 3508 Abiosdsk - ok
13:08:45.0836 3508 abp480n5 - ok
13:08:45.0896 3508 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:08:45.0906 3508 ACPI - ok
13:08:45.0956 3508 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:08:45.0966 3508 ACPIEC - ok
13:08:46.0056 3508 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:08:46.0066 3508 AdobeFlashPlayerUpdateSvc - ok
13:08:46.0126 3508 adpu160m - ok
13:08:46.0196 3508 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
13:08:46.0196 3508 aec - ok
13:08:46.0317 3508 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
13:08:46.0317 3508 AFD - ok
13:08:46.0397 3508 Aha154x - ok
13:08:46.0437 3508 aic78u2 - ok
13:08:46.0487 3508 aic78xx - ok
13:08:46.0537 3508 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
13:08:46.0537 3508 Alerter - ok
13:08:46.0607 3508 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
13:08:46.0607 3508 ALG - ok
13:08:46.0657 3508 AliIde - ok
13:08:46.0717 3508 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
13:08:46.0717 3508 AmdK7 - ok
13:08:46.0807 3508 AMService - ok
13:08:46.0897 3508 amsint - ok
13:08:46.0968 3508 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
13:08:46.0968 3508 AppMgmt - ok
13:08:47.0048 3508 asc - ok
13:08:47.0088 3508 asc3350p - ok
13:08:47.0118 3508 asc3550 - ok
13:08:47.0168 3508 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:08:47.0168 3508 aspnet_state - ok
13:08:47.0238 3508 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:08:47.0238 3508 AsyncMac - ok
13:08:47.0308 3508 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:08:47.0308 3508 atapi - ok
13:08:47.0348 3508 Atdisk - ok
13:08:47.0408 3508 ATIBTXBAR (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\starwindserviceae.dll
13:08:47.0408 3508 ATIBTXBAR ( Backdoor.Multi.ZAccess.gen ) - infected
13:08:47.0408 3508 ATIBTXBAR - detected Backdoor.Multi.ZAccess.gen (0)
13:08:47.0488 3508 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:08:47.0498 3508 Atmarpc - ok
13:08:47.0548 3508 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
13:08:47.0548 3508 AudioSrv - ok
13:08:47.0628 3508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:08:47.0628 3508 audstub - ok
13:08:47.0959 3508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:08:47.0959 3508 Beep - ok
13:08:48.0049 3508 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
13:08:48.0059 3508 BITS - ok
13:08:48.0079 3508 Scan interrupted by user!
13:08:48.0079 3508 Scan interrupted by user!
13:08:48.0079 3508 Scan interrupted by user!
13:08:48.0079 3508 ============================================================
13:08:48.0079 3508 Scan finished
13:08:48.0079 3508 ============================================================
13:08:48.0119 2576 Detected object count: 1
13:08:48.0119 2576 Actual detected object count: 1
13:08:49.0711 2576 C:\WINDOWS\system32\starwindserviceae.dll - copied to quarantine
13:08:49.0711 2576 HKLM\SYSTEM\ControlSet001\services\ATIBTXBAR - will be deleted on reboot
13:08:49.0732 2576 C:\WINDOWS\system32\starwindserviceae.dll - will be deleted on reboot
13:08:49.0732 2576 ATIBTXBAR ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
13:08:53.0827 2692 Deinitialize success



a ten druhy

13:08:54.0859 1740 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
13:08:54.0919 1740 ============================================================
13:08:54.0919 1740 Current date / time: 2012/04/06 13:08:54.0919
13:08:54.0919 1740 SystemInfo:
13:08:54.0919 1740
13:08:54.0919 1740 OS Version: 5.1.2600 ServicePack: 2.0
13:08:54.0919 1740 Product type: Workstation
13:08:54.0919 1740 ComputerName: USER-8E69AB6B10
13:08:54.0919 1740 UserName: user
13:08:54.0919 1740 Windows directory: C:\WINDOWS
13:08:54.0919 1740 System windows directory: C:\WINDOWS
13:08:54.0919 1740 Processor architecture: Intel x86
13:08:54.0919 1740 Number of processors: 1
13:08:54.0919 1740 Page size: 0x1000
13:08:54.0919 1740 Boot type: Normal boot
13:08:54.0919 1740 ============================================================
13:08:55.0209 1740 Drive \Device\Harddisk0\DR0 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:08:55.0209 1740 Drive \Device\Harddisk1\DR9 - Size: 0x787FFE00 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:08:55.0209 1740 \Device\Harddisk0\DR0:
13:08:55.0209 1740 MBR used
13:08:55.0209 1740 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11F8A16
13:08:55.0229 1740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11F8A94, BlocksNum 0x3A962B1
13:08:55.0229 1740 \Device\Harddisk1\DR9:
13:08:55.0229 1740 MBR used
13:08:55.0229 1740 \Device\Harddisk1\DR9\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3C3FC0
13:08:55.0300 1740 Initialize success
13:08:55.0300 1740 ============================================================
13:08:58.0764 2564 ============================================================
13:08:58.0764 2564 Scan started
13:08:58.0764 2564 Mode: Manual; SigCheck; TDLFS;
13:08:58.0764 2564 ============================================================
13:08:59.0295 2564 24229892 (58169ffb207940d4d84b4e85db02cc1e) C:\WINDOWS\system32\drivers\75733164.sys
13:08:59.0385 2564 50819341 (58169ffb207940d4d84b4e85db02cc1e) C:\WINDOWS\system32\drivers\29854925.sys
13:08:59.0455 2564 Abiosdsk - ok
13:08:59.0506 2564 abp480n5 - ok
13:08:59.0576 2564 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:08:59.0826 2564 ACPI - ok
13:08:59.0906 2564 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:09:00.0167 2564 ACPIEC - ok
13:09:00.0267 2564 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:09:00.0277 2564 AdobeFlashPlayerUpdateSvc - ok
13:09:00.0347 2564 adpu160m - ok
13:09:00.0427 2564 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
13:09:00.0677 2564 aec - ok
13:09:00.0817 2564 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
13:09:00.0827 2564 AFD - ok
13:09:00.0908 2564 Aha154x - ok
13:09:00.0958 2564 aic78u2 - ok
13:09:00.0998 2564 aic78xx - ok
13:09:01.0058 2564 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
13:09:01.0328 2564 Alerter - ok
13:09:01.0388 2564 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
13:09:01.0498 2564 ALG - ok
13:09:01.0569 2564 AliIde - ok
13:09:01.0649 2564 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
13:09:01.0909 2564 AmdK7 - ok
13:09:01.0989 2564 AMService - ok
13:09:02.0059 2564 amsint - ok
13:09:02.0129 2564 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
13:09:02.0239 2564 AppMgmt - ok
13:09:02.0310 2564 asc - ok
13:09:02.0360 2564 asc3350p - ok
13:09:02.0400 2564 asc3550 - ok
13:09:02.0510 2564 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:09:02.0530 2564 aspnet_state - ok
13:09:02.0620 2564 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:09:02.0880 2564 AsyncMac - ok
13:09:02.0940 2564 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:09:03.0181 2564 atapi - ok
13:09:03.0241 2564 Atdisk - ok
13:09:03.0301 2564 ATIBTXBAR (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\starwindserviceae.dll
13:09:03.0311 2564 ATIBTXBAR ( Backdoor.Multi.ZAccess.gen ) - infected
13:09:03.0311 2564 ATIBTXBAR - detected Backdoor.Multi.ZAccess.gen (0)
13:09:03.0401 2564 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:09:03.0672 2564 Atmarpc - ok
13:09:03.0742 2564 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
13:09:03.0992 2564 AudioSrv - ok
13:09:04.0082 2564 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:09:04.0363 2564 audstub - ok
13:09:04.0463 2564 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:09:04.0693 2564 Beep - ok
13:09:05.0174 2564 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
13:09:05.0434 2564 BITS - ok
13:09:05.0504 2564 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
13:09:05.0724 2564 Browser - ok
13:09:05.0815 2564 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
13:09:06.0085 2564 BthEnum - ok
13:09:06.0185 2564 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
13:09:06.0395 2564 BthPan - ok
13:09:06.0476 2564 BTHPORT (95ef6f3f386d93ee1e4d9ca45a50252a) C:\WINDOWS\system32\Drivers\BTHport.sys
13:09:06.0506 2564 BTHPORT - ok
13:09:06.0576 2564 BthServ (a18cc8c9b3890b1b68bed213716fef6b) C:\WINDOWS\System32\bthserv.dll
13:09:06.0896 2564 BthServ - ok
13:09:06.0976 2564 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
13:09:07.0277 2564 BTHUSB - ok
13:09:07.0357 2564 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:09:07.0577 2564 cbidf2k - ok
13:09:07.0677 2564 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:09:07.0948 2564 CCDECODE - ok
13:09:08.0028 2564 cd20xrnt - ok
13:09:08.0088 2564 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:09:08.0358 2564 Cdaudio - ok
13:09:08.0438 2564 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
13:09:08.0699 2564 Cdfs - ok
13:09:08.0769 2564 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:09:09.0029 2564 Cdrom - ok
13:09:09.0079 2564 Changer - ok
13:09:09.0139 2564 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
13:09:09.0340 2564 CiSvc - ok
13:09:09.0400 2564 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
13:09:09.0630 2564 ClipSrv - ok
13:09:09.0720 2564 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:09:09.0730 2564 clr_optimization_v2.0.50727_32 - ok
13:09:09.0790 2564 CmdIde - ok
13:09:09.0840 2564 COMSysApp - ok
13:09:09.0921 2564 Cpqarray - ok
13:09:09.0971 2564 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
13:09:10.0211 2564 CryptSvc - ok
13:09:10.0271 2564 dac2w2k - ok
13:09:10.0321 2564 dac960nt - ok
13:09:10.0421 2564 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
13:09:10.0521 2564 DcomLaunch - ok
13:09:10.0602 2564 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
13:09:10.0902 2564 Dhcp - ok
13:09:10.0982 2564 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
13:09:11.0252 2564 Disk - ok
13:09:11.0293 2564 dmadmin - ok
13:09:11.0383 2564 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
13:09:11.0643 2564 dmboot - ok
13:09:11.0753 2564 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
13:09:12.0044 2564 dmio - ok
13:09:12.0124 2564 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:09:12.0374 2564 dmload - ok
13:09:12.0424 2564 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
13:09:12.0715 2564 dmserver - ok
13:09:12.0795 2564 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
13:09:13.0055 2564 DMusic - ok
13:09:13.0125 2564 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
13:09:13.0386 2564 Dnscache - ok
13:09:13.0456 2564 dpti2o - ok
13:09:13.0506 2564 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
13:09:13.0746 2564 drmkaud - ok
13:09:13.0836 2564 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
13:09:14.0087 2564 ERSvc - ok
13:09:14.0147 2564 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
13:09:14.0227 2564 Eventlog - ok
13:09:14.0307 2564 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll
13:09:14.0347 2564 EventSystem - ok
13:09:14.0437 2564 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
13:09:14.0637 2564 Fastfat - ok
13:09:14.0717 2564 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
13:09:14.0938 2564 FastUserSwitchingCompatibility - ok
13:09:14.0998 2564 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:09:15.0218 2564 Fdc - ok
13:09:15.0298 2564 FET5X86V (92cbce0913661ff966f9fb696a1775a5) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
13:09:15.0308 2564 FET5X86V - ok
13:09:15.0378 2564 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
13:09:15.0659 2564 Fips - ok
13:09:15.0749 2564 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:09:16.0019 2564 Flpydisk - ok
13:09:16.0099 2564 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:09:16.0350 2564 FltMgr - ok
13:09:16.0480 2564 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:09:16.0490 2564 FontCache3.0.0.0 - ok
13:09:16.0560 2564 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:09:16.0840 2564 Fs_Rec - ok
13:09:16.0921 2564 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:09:17.0151 2564 Ftdisk - ok
13:09:17.0231 2564 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:09:17.0511 2564 gameenum - ok
13:09:17.0582 2564 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:09:17.0862 2564 Gpc - ok
13:09:17.0942 2564 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:09:17.0952 2564 gupdate - ok
13:09:17.0982 2564 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:09:17.0992 2564 gupdatem - ok
13:09:18.0072 2564 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:09:18.0373 2564 helpsvc - ok
13:09:18.0433 2564 HidServ - ok
13:09:18.0503 2564 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:09:18.0733 2564 HidUsb - ok
13:09:18.0813 2564 hpn - ok
13:09:18.0883 2564 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
13:09:18.0913 2564 HTTP - ok
13:09:18.0994 2564 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
13:09:19.0254 2564 HTTPFilter - ok
13:09:19.0314 2564 i2omgmt - ok
13:09:19.0374 2564 i2omp - ok
13:09:19.0424 2564 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:09:19.0624 2564 i8042prt - ok
13:09:19.0765 2564 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:09:19.0815 2564 idsvc - ok
13:09:19.0925 2564 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:09:20.0165 2564 Imapi - ok
13:09:20.0245 2564 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
13:09:20.0516 2564 ImapiService - ok
13:09:20.0596 2564 ini910u - ok
13:09:20.0676 2564 IntelIde - ok
13:09:20.0736 2564 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:09:20.0956 2564 Ip6Fw - ok
13:09:21.0037 2564 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:09:21.0247 2564 IpFilterDriver - ok
13:09:21.0337 2564 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:09:21.0567 2564 IpInIp - ok
13:09:21.0637 2564 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:09:21.0878 2564 IpNat - ok
13:09:21.0958 2564 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:09:22.0178 2564 IPSec - ok
13:09:22.0268 2564 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:09:22.0378 2564 IRENUM - ok
13:09:22.0459 2564 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:09:22.0699 2564 isapnp - ok
13:09:22.0789 2564 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:09:23.0069 2564 Kbdclass - ok
13:09:23.0150 2564 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
13:09:23.0360 2564 kmixer - ok
13:09:23.0430 2564 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
13:09:23.0460 2564 KSecDD - ok
13:09:23.0530 2564 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
13:09:23.0750 2564 lanmanserver - ok
13:09:23.0861 2564 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
13:09:23.0881 2564 lanmanworkstation - ok
13:09:23.0951 2564 lbrtfdc - ok
13:09:24.0001 2564 lcs - ok
13:09:24.0081 2564 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
13:09:24.0301 2564 LmHosts - ok
13:09:24.0401 2564 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
13:09:24.0451 2564 McComponentHostService - ok
13:09:24.0532 2564 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
13:09:24.0762 2564 Messenger - ok
13:09:24.0852 2564 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:09:25.0102 2564 mnmdd - ok
13:09:25.0182 2564 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
13:09:25.0383 2564 mnmsrvc - ok
13:09:25.0453 2564 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
13:09:25.0693 2564 Modem - ok
13:09:25.0763 2564 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:09:26.0024 2564 Mouclass - ok
13:09:26.0104 2564 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:09:26.0314 2564 mouhid - ok
13:09:26.0394 2564 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
13:09:26.0645 2564 MountMgr - ok
13:09:26.0715 2564 mraid35x - ok
13:09:26.0785 2564 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:09:26.0995 2564 MRxDAV - ok
13:09:27.0105 2564 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:09:27.0155 2564 MRxSmb - ok
13:09:27.0265 2564 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
13:09:27.0506 2564 MSDTC - ok
13:09:27.0606 2564 msdv (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\sglfb.dll
13:09:27.0606 2564 msdv ( Backdoor.Multi.ZAccess.gen ) - infected
13:09:27.0606 2564 msdv - detected Backdoor.Multi.ZAccess.gen (0)
13:09:27.0716 2564 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
13:09:27.0916 2564 Msfs - ok
13:09:27.0946 2564 MSIServer - ok
13:09:28.0037 2564 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:09:28.0247 2564 MSKSSRV - ok
13:09:28.0337 2564 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:09:28.0557 2564 MSPCLOCK - ok
13:09:28.0637 2564 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
13:09:28.0858 2564 MSPQM - ok
13:09:28.0938 2564 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:09:29.0148 2564 mssmbios - ok
13:09:29.0228 2564 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
13:09:29.0439 2564 MSTEE - ok
13:09:29.0519 2564 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
13:09:29.0729 2564 ms_mpu401 - ok
13:09:29.0789 2564 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
13:09:29.0999 2564 Mup - ok
13:09:30.0039 2564 mzdsxczv - ok
13:09:30.0130 2564 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:09:30.0350 2564 NABTSFEC - ok
13:09:30.0440 2564 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
13:09:30.0660 2564 NDIS - ok
13:09:30.0740 2564 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:09:30.0961 2564 NdisIP - ok
13:09:31.0031 2564 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:09:31.0231 2564 NdisTapi - ok
13:09:31.0301 2564 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:09:31.0522 2564 Ndisuio - ok
13:09:31.0602 2564 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:09:31.0812 2564 NdisWan - ok
13:09:31.0882 2564 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
13:09:32.0112 2564 NDProxy - ok
13:09:32.0193 2564 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:09:32.0383 2564 NetBIOS - ok
13:09:32.0483 2564 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\drivers\tsk1E4.tmp
13:09:32.0483 2564 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\tsk1E4.tmp. md5: 0c80e410cd2f47134407ee7dd19cc86b
13:09:32.0583 2564 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
13:09:32.0833 2564 NetDDE - ok
13:09:32.0864 2564 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
13:09:33.0064 2564 NetDDEdsdm - ok
13:09:33.0144 2564 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:09:33.0364 2564 Netlogon - ok
13:09:33.0434 2564 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
13:09:33.0655 2564 Netman - ok
13:09:33.0755 2564 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:09:33.0765 2564 NetTcpPortSharing - ok
13:09:33.0845 2564 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
13:09:33.0915 2564 Nla - ok
13:09:33.0985 2564 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
13:09:34.0195 2564 Npfs - ok
13:09:34.0286 2564 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
13:09:34.0516 2564 Ntfs - ok
13:09:34.0576 2564 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:09:34.0786 2564 NtLmSsp - ok
13:09:34.0866 2564 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
13:09:35.0137 2564 NtmsSvc - ok
13:09:35.0227 2564 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:09:35.0427 2564 Null - ok
13:09:35.0537 2564 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:09:35.0828 2564 nv - ok
13:09:35.0908 2564 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:09:36.0118 2564 NwlnkFlt - ok
13:09:36.0208 2564 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:09:36.0419 2564 NwlnkFwd - ok
13:09:36.0459 2564 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:09:36.0479 2564 ose - ok
13:09:36.0579 2564 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
13:09:36.0819 2564 Parport - ok
13:09:36.0889 2564 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
13:09:37.0100 2564 PartMgr - ok
13:09:37.0170 2564 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:09:37.0400 2564 ParVdm - ok
13:09:37.0470 2564 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
13:09:37.0670 2564 PCI - ok
13:09:37.0721 2564 PCIDump - ok
13:09:37.0761 2564 PCIIde - ok
13:09:37.0821 2564 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:09:38.0071 2564 Pcmcia - ok
13:09:38.0141 2564 PDCOMP - ok
13:09:38.0181 2564 PDFRAME - ok
13:09:38.0221 2564 PDRELI - ok
13:09:38.0261 2564 PDRFRAME - ok
13:09:38.0301 2564 perc2 - ok
13:09:38.0341 2564 perc2hib - ok
13:09:38.0472 2564 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
13:09:38.0552 2564 PlugPlay - ok
13:09:38.0612 2564 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:09:38.0802 2564 PolicyAgent - ok
13:09:38.0872 2564 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:09:39.0062 2564 PptpMiniport - ok
13:09:39.0102 2564 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:09:39.0303 2564 ProtectedStorage - ok
13:09:39.0373 2564 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
13:09:39.0573 2564 PSched - ok
13:09:39.0633 2564 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
13:09:39.0643 2564 PSI_SVC_2 - ok
13:09:39.0753 2564 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:09:39.0954 2564 Ptilink - ok
13:09:40.0004 2564 ql1080 - ok
13:09:40.0044 2564 Ql10wnt - ok
13:09:40.0084 2564 ql12160 - ok
13:09:40.0134 2564 ql1240 - ok
13:09:40.0184 2564 ql1280 - ok
13:09:40.0254 2564 rampartsvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\Appn.dll
13:09:40.0254 2564 rampartsvc ( Backdoor.Multi.ZAccess.gen ) - infected
13:09:40.0254 2564 rampartsvc - detected Backdoor.Multi.ZAccess.gen (0)
13:09:40.0344 2564 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:09:40.0555 2564 RasAcd - ok
13:09:40.0625 2564 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
13:09:40.0845 2564 RasAuto - ok
13:09:40.0915 2564 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:09:41.0135 2564 Rasl2tp - ok
13:09:41.0206 2564 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
13:09:41.0416 2564 RasMan - ok
13:09:41.0496 2564 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:09:41.0726 2564 RasPppoe - ok
13:09:41.0786 2564 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:09:41.0977 2564 Raspti - ok
13:09:42.0027 2564 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:09:42.0237 2564 Rdbss - ok
13:09:42.0277 2564 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:09:42.0467 2564 RDPCDD - ok
13:09:42.0537 2564 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:09:42.0738 2564 rdpdr - ok
13:09:42.0818 2564 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
13:09:43.0028 2564 RDPWD - ok
13:09:43.0138 2564 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
13:09:43.0329 2564 RDSessMgr - ok
13:09:43.0429 2564 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:09:43.0619 2564 redbook - ok
13:09:43.0689 2564 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
13:09:43.0889 2564 RemoteAccess - ok
13:09:43.0949 2564 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
13:09:44.0150 2564 RemoteRegistry - ok
13:09:44.0220 2564 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
13:09:44.0410 2564 RFCOMM - ok
13:09:44.0470 2564 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
13:09:44.0660 2564 RpcLocator - ok
13:09:44.0731 2564 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
13:09:44.0851 2564 RpcSs - ok
13:09:44.0941 2564 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:09:45.0131 2564 RSVP - ok
13:09:45.0211 2564 RT2500 (ae1e626f00180bfb3ca5a81fffc65332) C:\WINDOWS\system32\DRIVERS\RT2500.sys
13:09:45.0231 2564 RT2500 - ok
13:09:45.0311 2564 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\WINDOWS\system32\DRIVERS\s125bus.sys
13:09:45.0321 2564 s125bus - ok
13:09:45.0412 2564 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\WINDOWS\system32\DRIVERS\s125mdfl.sys
13:09:45.0422 2564 s125mdfl - ok
13:09:45.0482 2564 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\WINDOWS\system32\DRIVERS\s125mdm.sys
13:09:45.0492 2564 s125mdm - ok
13:09:45.0562 2564 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\WINDOWS\system32\DRIVERS\s125mgmt.sys
13:09:45.0582 2564 s125mgmt - ok
13:09:45.0652 2564 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\WINDOWS\system32\DRIVERS\s125obex.sys
13:09:45.0662 2564 s125obex - ok
13:09:45.0752 2564 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:09:45.0942 2564 SamSs - ok
13:09:46.0022 2564 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
13:09:46.0223 2564 SCardSvr - ok
13:09:46.0303 2564 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
13:09:46.0493 2564 Schedule - ok
13:09:46.0573 2564 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:09:46.0693 2564 Secdrv - ok
13:09:46.0753 2564 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
13:09:46.0964 2564 seclogon - ok
13:09:47.0004 2564 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
13:09:47.0204 2564 SENS - ok
13:09:47.0264 2564 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:09:47.0455 2564 serenum - ok
13:09:47.0525 2564 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
13:09:47.0725 2564 Serial - ok
13:09:47.0845 2564 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:09:48.0035 2564 Sfloppy - ok
13:09:48.0105 2564 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
13:09:48.0306 2564 SharedAccess - ok
13:09:48.0376 2564 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
13:09:48.0576 2564 ShellHWDetection - ok
13:09:48.0636 2564 Simbad - ok
13:09:48.0726 2564 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:09:48.0917 2564 SLIP - ok
13:09:48.0997 2564 Sparrow - ok
13:09:49.0067 2564 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
13:09:49.0247 2564 splitter - ok
13:09:49.0317 2564 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
13:09:49.0487 2564 Spooler - ok
13:09:49.0558 2564 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
13:09:49.0668 2564 sr - ok
13:09:49.0758 2564 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
13:09:49.0878 2564 srservice - ok
13:09:49.0968 2564 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
13:09:49.0998 2564 Srv - ok
13:09:50.0078 2564 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
13:09:50.0188 2564 SSDPSRV - ok
13:09:50.0249 2564 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
13:09:50.0449 2564 stisvc - ok
13:09:50.0519 2564 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:09:50.0719 2564 streamip - ok
13:09:50.0779 2564 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:09:50.0970 2564 swenum - ok
13:09:51.0020 2564 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
13:09:51.0210 2564 swmidi - ok
13:09:51.0260 2564 SwPrv - ok
13:09:51.0320 2564 symc810 - ok
13:09:51.0380 2564 symc8xx - ok
13:09:51.0420 2564 sym_hi - ok
13:09:51.0470 2564 sym_u3 - ok
13:09:51.0520 2564 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
13:09:51.0721 2564 sysaudio - ok
13:09:51.0791 2564 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
13:09:51.0981 2564 SysmonLog - ok
13:09:52.0061 2564 tangoservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\sweepsrv.sys.dll
13:09:52.0061 2564 tangoservice ( Backdoor.Multi.ZAccess.gen ) - infected
13:09:52.0061 2564 tangoservice - detected Backdoor.Multi.ZAccess.gen (0)
13:09:52.0141 2564 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
13:09:52.0332 2564 TapiSrv - ok
13:09:52.0412 2564 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:09:52.0502 2564 Tcpip - ok
13:09:52.0582 2564 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:09:52.0772 2564 TDPIPE - ok
13:09:52.0872 2564 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
13:09:53.0053 2564 TDTCP - ok
13:09:53.0143 2564 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:09:53.0333 2564 TermDD - ok
13:09:53.0393 2564 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
13:09:53.0593 2564 TermService - ok
13:09:53.0653 2564 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
13:09:53.0854 2564 Themes - ok
13:09:53.0924 2564 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
13:09:54.0024 2564 TlntSvr - ok
13:09:54.0094 2564 TosIde - ok
13:09:54.0154 2564 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
13:09:54.0354 2564 TrkWks - ok
13:09:54.0435 2564 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
13:09:54.0635 2564 uagp35 - ok
13:09:54.0735 2564 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
13:09:54.0915 2564 Udfs - ok
13:09:54.0975 2564 ultra - ok
13:09:55.0045 2564 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
13:09:55.0045 2564 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
13:09:55.0045 2564 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
13:09:55.0146 2564 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
13:09:55.0326 2564 Update - ok
13:09:55.0406 2564 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
13:09:55.0516 2564 upnphost - ok
13:09:55.0576 2564 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
13:09:55.0776 2564 UPS - ok
13:09:55.0837 2564 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:09:56.0027 2564 usbccgp - ok
13:09:56.0097 2564 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:09:56.0287 2564 usbehci - ok
13:09:56.0347 2564 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:09:56.0548 2564 usbhub - ok
13:09:56.0608 2564 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:09:56.0798 2564 usbscan - ok
13:09:56.0878 2564 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:09:57.0068 2564 USBSTOR - ok
13:09:57.0128 2564 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:09:57.0319 2564 usbuhci - ok
13:09:57.0379 2564 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:09:57.0569 2564 usbvideo - ok
13:09:57.0629 2564 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
13:09:57.0819 2564 VgaSave - ok
13:09:57.0910 2564 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:09:58.0090 2564 ViaIde - ok
13:09:58.0180 2564 VIAudio (5e02b47671ec147251ab5487d039474d) C:\WINDOWS\system32\drivers\vinyl97.sys
13:09:58.0200 2564 VIAudio - ok
13:09:58.0280 2564 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
13:09:58.0470 2564 VolSnap - ok
13:09:58.0550 2564 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
13:09:58.0651 2564 VSS - ok
13:09:58.0741 2564 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
13:09:58.0951 2564 W32Time - ok
13:09:59.0051 2564 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:09:59.0241 2564 Wanarp - ok
13:09:59.0312 2564 WDICA - ok
13:09:59.0372 2564 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
13:09:59.0572 2564 wdmaud - ok
13:09:59.0612 2564 WDM_YAMAHAAC97 - ok
13:09:59.0682 2564 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
13:09:59.0872 2564 WebClient - ok
13:09:59.0962 2564 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:10:00.0153 2564 winmgmt - ok
13:10:00.0283 2564 WmdmPmSN (c086483e3dba8c1c0a687ec8d5b3d4c1) C:\WINDOWS\system32\mspmsnsv.dll
13:10:00.0483 2564 WmdmPmSN - ok
13:10:00.0633 2564 Wmi (1081c185aed0660b2b5f173c3e023b23) C:\WINDOWS\System32\advapi32.dll
13:10:00.0724 2564 Wmi - ok
13:10:00.0864 2564 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:10:01.0054 2564 WmiApSrv - ok
13:10:01.0144 2564 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:10:01.0334 2564 WSTCODEC - ok
13:10:01.0395 2564 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
13:10:01.0595 2564 wuauserv - ok
13:10:01.0665 2564 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
13:10:01.0875 2564 WZCSVC - ok
13:10:01.0935 2564 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
13:10:02.0136 2564 xmlprov - ok
13:10:02.0206 2564 zhynbowcjiqat3 (30bc6dd10c7c38a2425fb8e435a256ca) C:\WINDOWS\system32\drivers\zhynbowcjiqat3.sys
13:10:02.0206 2564 Suspicious file (Hidden): C:\WINDOWS\system32\drivers\zhynbowcjiqat3.sys. md5: 30bc6dd10c7c38a2425fb8e435a256ca
13:10:02.0206 2564 zhynbowcjiqat3 ( HiddenFile.Multi.Generic ) - warning
13:10:02.0206 2564 zhynbowcjiqat3 - detected HiddenFile.Multi.Generic (1)
13:10:02.0286 2564 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:10:02.0536 2564 \Device\Harddisk0\DR0 - ok
13:10:02.0566 2564 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR9
13:10:05.0050 2564 \Device\Harddisk1\DR9 - ok
13:10:05.0070 2564 Boot (0x1200) (4c217f2cd03213f8a2bc1e27f8bd979e) \Device\Harddisk0\DR0\Partition0
13:10:05.0070 2564 \Device\Harddisk0\DR0\Partition0 - ok
13:10:05.0100 2564 Boot (0x1200) (d94d46aa6f6f9f0320cb9e864465d6e8) \Device\Harddisk0\DR0\Partition1
13:10:05.0110 2564 \Device\Harddisk0\DR0\Partition1 - ok
13:10:05.0130 2564 Boot (0x1200) (e4e947332a924a4bfb88f4a9142ea65e) \Device\Harddisk1\DR9\Partition0
13:10:05.0130 2564 \Device\Harddisk1\DR9\Partition0 - ok
13:10:05.0140 2564 ============================================================
13:10:05.0140 2564 Scan finished
13:10:05.0140 2564 ============================================================
13:10:05.0280 2824 Detected object count: 6
13:10:05.0280 2824 Actual detected object count: 6
13:10:17.0698 2824 C:\WINDOWS\system32\starwindserviceae.dll - copied to quarantine
13:10:17.0698 2824 HKLM\SYSTEM\ControlSet001\services\ATIBTXBAR - will be deleted on reboot
13:10:17.0708 2824 C:\WINDOWS\system32\starwindserviceae.dll - will be deleted on reboot
13:10:17.0708 2824 ATIBTXBAR ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
13:10:17.0828 2824 C:\WINDOWS\system32\sglfb.dll - copied to quarantine
13:10:17.0838 2824 HKLM\SYSTEM\ControlSet001\services\msdv - will be deleted on reboot
13:10:17.0848 2824 C:\WINDOWS\system32\sglfb.dll - will be deleted on reboot
13:10:17.0848 2824 msdv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
13:10:17.0908 2824 C:\WINDOWS\system32\Appn.dll - copied to quarantine
13:10:17.0908 2824 HKLM\SYSTEM\ControlSet001\services\rampartsvc - will be deleted on reboot
13:10:17.0908 2824 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
13:10:17.0918 2824 C:\WINDOWS\system32\Appn.dll - will be deleted on reboot
13:10:17.0918 2824 rampartsvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
13:10:18.0018 2824 C:\WINDOWS\system32\sweepsrv.sys.dll - copied to quarantine
13:10:18.0018 2824 HKLM\SYSTEM\ControlSet001\services\tangoservice - will be deleted on reboot
13:10:18.0018 2824 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
13:10:18.0028 2824 C:\WINDOWS\system32\sweepsrv.sys.dll - will be deleted on reboot
13:10:18.0028 2824 tangoservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
13:10:18.0048 2824 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:18.0048 2824 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:18.0059 2824 zhynbowcjiqat3 ( HiddenFile.Multi.Generic ) - skipped by user
13:10:18.0059 2824 zhynbowcjiqat3 ( HiddenFile.Multi.Generic ) - User select action: Skip
13:10:20.0232 2896 Deinitialize success

[vyosek]

Super, udelejte prosim nyni sken RoguKillerem (Prohledat), log opet sem...

[onkel1]

požadovaný log


RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spustené v : Normálny režim
Užívateľ: user [Práva Správcu]
Režim: Kontrola -- Dátum: 04/06/2012 13:28:31

¤¤¤ Škodlivé procesy: 1 ¤¤¤
[SUSP PATH] setup.exe -- C:\WINDOWS\TEMP\gvxjmp\setup.exe -> KILLED [TermProc]

¤¤¤ Záznamy Registrov: 0 ¤¤¤

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤
[FAKED] mf.sys : c:\windows\system32\drivers\mf.sys --> CANNOT FIX
[FAKED] nic1394.sys : c:\windows\system32\drivers\nic1394.sys --> CANNOT FIX
[FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX

¤¤¤ Ovládač: [NAHRATÉ] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6E040L0 +++++
--- User ---
[MBR] 637bf760da85dcfe04271171e221fec8
[BSP] 0e927195d6126622fddbeb01380ee729 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 9201 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 18844245 | Size: 29996 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: USB 2.0 Flash Disk USB Device +++++
--- User ---
[MBR] 16bb170d881993d75e02499f1e72f5e2
[BSP] dec9f0908d0564afbcbcc26fa1ab4266 : Standard MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 1927 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončené : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

[vyosek]

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[onkel1]

log z combofixu

ComboFix 12-04-06.02 - user 06.04.2012 13:42:20.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.767.605 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\ethost.dll
c:\documents and settings\LocalService\lsamsup.dll
c:\documents and settings\NetworkService\Application Data\hostperf.dll
c:\documents and settings\NetworkService\Local Settings\mslsams.dll
c:\documents and settings\user\Application Data\6816C279.exe
c:\windows\system32\dds_trash_log.cmd
c:\windows\WindowsUpdate.log
.
c:\windows\system32\drivers\zhynbowcjiqat3.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSERVICE
-------\Service_AMService
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 11:08 . 2012-04-06 11:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-06 10:16 . 2012-04-06 10:16 -------- d-----w- c:\program files\trend micro
2012-04-06 10:16 . 2012-04-06 10:16 -------- d-----w- C:\rsit
2012-04-06 09:33 . 2012-04-06 09:33 -------- d-----w- c:\windows\system32\LogFiles
2012-04-06 08:33 . 2012-04-06 08:33 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2012-04-06 08:32 . 2012-04-06 08:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-06 08:32 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-06 08:32 . 2012-04-06 08:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-06 08:31 . 2012-04-06 08:44 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-05 07:48 . 2012-04-05 07:49 -------- d-----w- C:\6d5e47130691582ec809376870f7
2012-03-22 14:29 . 2012-04-03 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\529C505A0000A21B6A4CC3162830AC72
2012-03-13 08:26 . 2012-04-06 09:27 -------- d-----w- C:\directory
2012-03-13 08:26 . 2012-03-13 08:26 -------- d-----w- c:\documents and settings\user\Application Data\install
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 11:10 . 2004-08-03 21:14 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-06 08:44 . 2011-07-01 12:06 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:43 . 2011-12-17 19:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-03 22:56 110592 -c--a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-28 11:57 136176 ----atw- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-06-13 06:16 528384 -c--a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1798:TCP"= 1798:TCP:@xpsp2res.dll,-22009
"19020:TCP"= 19020:TCP:@xpsp2res.dll,-22009
.
R1 zhynbowcjiqat3;zhynbowcjiqat3.sys;c:\windows\system32\drivers\zhynbowcjiqat3.sys [6.4.2012 10:49 72192]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.9.2010 11:18 136176]
S2 mzdsxczv;Mouse Class Helper;c:\windows\System32\svchost.exe -k netsvcs [4.8.2004 0:56 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6.4.2012 10:31 253600]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29.9.2010 11:18 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
WDM_YAMAHAAC97
lcs
mzdsxczv
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 08:44]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 09:18]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 09:18]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1957994488-854245398-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-28 11:57]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1957994488-854245398-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-28 11:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6E14FE1F-8624-4746-A216-D10E1543D62D}: NameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\y13d0ddj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-RkZCQTVCOUEyN0Q2ODBFOU - c:\documents and settings\All Users\ovsgukxd.exe
SafeBoot-24229892.sys
SafeBoot-50819341.sys
SafeBoot-76677534.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-HijackThis - F:\HijackThis.exe
AddRemove-Smart Fortress 2012 - c:\documents and settings\All Users\Application Data\529C505A0000A21B6A4CC3162830AC72\529C505A0000A21B6A4CC3162830AC72.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-06 13:49
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\system32\drivers\zhynbowcjiqat3.sys 72192 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-1957994488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F130BA5-9849-EFEF-8D0C-5C2D6112DE9B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"paanfffoljnlonpakanbgepihldpanap"=hex:61,62,66,63,6e,6e,65,68,6a,68,70,67,63,
64,61,6e,67,6a,68,6e,67,69,65,6c,6d,61,65,6a,67,67,67,6c,6a,63,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-04-06 13:52:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 11:52
.
Pre-Run: 276 615 168 bytes free
Post-Run: 457 330 688 voľných bajtov
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6514DC111A49AD477A69F1CCC79F2AEF

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  c:\windows\system32\drivers\zhynbowcjiqat3.sys
  
  Rootkit::
  c:\windows\system32\drivers\zhynbowcjiqat3.sys
  
  Driver::
  zhynbowcjiqat3
  gupdate
  gupdatem
  mzdsxczv
  
  NetSvc::
  WDM_YAMAHAAC97
  lcs
  mzdsxczv
  
  File::
  C:\WINDOWS\tasks\Adobe Flash Player Updater.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
  C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1957994488-854245398-1003Core.job
  C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1957994488-854245398-1003UA.job
  
  DDS::
  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
  
  Folder::
  c:\documents and settings\All Users\Application Data\529C505A0000A21B6A4CC3162830AC72
  C:\WINDOWS\$NtUninstallKB951376-v2$
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Skype"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  "C:\WINDOWS\Explorer.EXE"=-
  "C:\WINDOWS\system32\wininet.exe"=-
  
  RegNull::
  [HKEY_USERS\S-1-5-21-1060284298-1957994488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F130BA5-9849-EFEF-8D0C-5C2D6112DE9B}*]
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[onkel1]

vzdy ked toto spustim sa mi zasekne PC a ani po pol hodine sa neodsekol .....