Virus v operačnej pamäti Win32/Rustock trojsky kon

Zpráva

jozibaci · #1 Příspěvek od **jozibaci** » 19 dub 2012 20:18

Ahoj,

znamemu som nainstaloval do PC zo stranky Eset-u trial verziu NOD32 antivirus 5 a chcel som mu vlozit licencne udaje,ale po nainstalovani a restarte PC sa objavila chybova hlaska o naleze infiltracie. Po kliknuti na moznost VYLIECIT vyskoci hlaska - NIE JE MOZNE VYLIECIT,opakujte akciu....ale stale dookola to iste. Takze som dal neliecit a zavriet......PrintScreen hlasky pripajam v prilohe + pridavam log z RSIT. Dakujem vopred za radu....J.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-04-19 21:06:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (61%) free of 9 GB
Total RAM: 127 MB (9% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:07:04, on 19.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7130208031
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: wuauserv - Unknown owner - C:\WINDOWS\

--
End of file - 5790 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Obrázok 001.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e2tb9rs.default

prefs.js - "browser.startup.homepage" - "www.google.sk"
prefs.js - "extensions.enabledItems" - "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1, 6, 2, 41, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/flashplayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
nppdf32.dll
np_gp.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e2tb9rs.default\extensions\
{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
PCTools Site Guard - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2006-01-13 786144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
PCTools Browser Monitor - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2006-01-13 846560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-03-21 91432]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2002-09-11 46592]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 3080264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-05-03 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-03-21 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoSMConfigurePrograms"=1
"MemCheckBoxInRunDlg"=1
"NoSharedDocuments"=1
"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"MemCheckBoxInRunDlg"=1
"StartMenuFavorites"=0
"Start_ShowMyComputer"=1
"Start_ShowMyDocs"=1
"Start_ShowMyMusic"=0
"Start_ShowRun"=1
"Start_ShowSearch"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-04-19 21:06:46 ----D---- C:\Program Files\trend micro
2012-04-19 21:06:04 ----D---- C:\rsit
2012-04-16 16:31:31 ----ASH---- C:\hiberfil.sys
2012-04-16 16:26:46 ----A---- C:\WINDOWS\ntbtlog.txt
2012-04-16 16:15:25 ----D---- C:\Program Files\ESET

======List of files/folders modified in the last 1 month======

2012-04-19 21:06:46 ----RD---- C:\Program Files
2012-04-19 21:02:17 ----D---- C:\Program Files\Mozilla Firefox
2012-04-19 20:42:46 ----D---- C:\WINDOWS\Temp
2012-04-16 16:41:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-04-16 16:34:42 ----D---- C:\WINDOWS\Prefetch
2012-04-16 16:32:53 ----D---- C:\WINDOWS
2012-04-16 16:24:13 ----SHD---- C:\WINDOWS\Installer
2012-04-16 16:23:53 ----HD---- C:\Config.Msi
2012-04-16 16:23:16 ----HD---- C:\WINDOWS\inf
2012-04-16 16:23:16 ----D---- C:\WINDOWS\system32\drivers
2012-04-16 16:23:04 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-27 18:06:47 ----D---- C:\WINDOWS\system32
2012-03-27 18:06:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 SISAGP;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-05-03 37760]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
R1 ikhlayer;Kernel Anti-Spyware Driver; \??\C:\WINDOWS\system32\drivers\ikhlayer.sys []
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-09-16 941516]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-05-03 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-05-03 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-01-21 118656]
S3 FLASHSYS;FLASHSYS; \??\C:\WINDOWS\system32\DRIVERS\FLASHSYS.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-03-26 45568]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-03-20 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-03-20 26368]
S3 WEBNTACCESS;WEBNTACCESS; \??\C:\WINDOWS\system32\NTACCESS.SYS []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 SDhelper;PC Tools Spyware Doctor; C:\Program Files\Spyware Doctor\sdhelp.exe [2005-12-20 870624]
S3 getplushelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-05-03 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-05-03 14336]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 19 dub 2012 20:29

Zdravim a pekny vecer preji

Pekna zoo i s babkou pokladni tam zije

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

jozibaci · #3 Příspěvek od **jozibaci** » 19 dub 2012 20:45

JJ,znamemu pojem bezpecnost nic nehovori......

pripajam log z TDSSKiller-u............

21:36:39.0171 2140 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
21:36:40.0062 2140 ============================================================
21:36:40.0062 2140 Current date / time: 2012/04/19 21:36:40.0062
21:36:40.0062 2140 SystemInfo:
21:36:40.0062 2140
21:36:40.0078 2140 OS Version: 5.1.2600 ServicePack: 3.0
21:36:40.0078 2140 Product type: Workstation
21:36:40.0078 2140 ComputerName: EXPERIEN-BFE5C9
21:36:40.0250 2140 UserName: Administrator
21:36:40.0250 2140 Windows directory: C:\WINDOWS
21:36:40.0250 2140 System windows directory: C:\WINDOWS
21:36:40.0250 2140 Processor architecture: Intel x86
21:36:40.0250 2140 Number of processors: 1
21:36:40.0250 2140 Page size: 0x1000
21:36:40.0250 2140 Boot type: Normal boot
21:36:40.0250 2140 ============================================================
21:36:48.0109 2140 Drive \Device\Harddisk0\DR0 - Size: 0x9962B8000 (38.35 Gb), SectorSize: 0x200, Cylinders: 0x138D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:36:48.0171 2140 \Device\Harddisk0\DR0:
21:36:48.0171 2140 MBR partitions:
21:36:48.0171 2140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x121029C
21:36:48.0171 2140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x121031A, BlocksNum 0x3A9A172
21:36:48.0234 2140 D: <-> \Device\Harddisk0\DR0\Partition1
21:36:48.0281 2140 C: <-> \Device\Harddisk0\DR0\Partition0
21:36:48.0296 2140 Initialize success
21:36:48.0296 2140 ============================================================
21:37:31.0421 2952 ============================================================
21:37:31.0421 2952 Scan started
21:37:31.0421 2952 Mode: Manual; SigCheck; TDLFS;
21:37:31.0421 2952 ============================================================
21:37:35.0109 2952 Abiosdsk - ok
21:37:35.0812 2952 abp480n5 - ok
21:37:36.0609 2952 ACPI (7517e9b5fe4811cbd7712af820028cc4) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:37:44.0562 2952 ACPI - ok
21:37:45.0343 2952 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:37:46.0140 2952 ACPIEC - ok
21:37:46.0828 2952 adpu160m - ok
21:37:48.0156 2952 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:37:48.0656 2952 aec - ok
21:37:49.0453 2952 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
21:37:49.0609 2952 AFD - ok
21:37:50.0375 2952 Aha154x - ok
21:37:51.0140 2952 aic78u2 - ok
21:37:56.0421 2952 aic78xx - ok
21:37:57.0234 2952 ALCXWDM (97e3a6a6c6cf4a1d58fcd6ead2faa942) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:37:57.0453 2952 ALCXWDM ( UnsignedFile.Multi.Generic ) - warning
21:37:57.0453 2952 ALCXWDM - detected UnsignedFile.Multi.Generic (1)
21:37:58.0218 2952 Alerter (c10aab0bd5771db93e0d017c64bc8b75) C:\WINDOWS\system32\alrsvc.dll
21:37:58.0718 2952 Alerter - ok
21:37:59.0468 2952 ALG (1e90b499478527ebf6349cc86413a9a1) C:\WINDOWS\System32\alg.exe
21:37:59.0671 2952 ALG - ok
21:38:00.0437 2952 AliIde - ok
21:38:01.0281 2952 AmdK7 (fd49d821d014445751063d145344459b) C:\WINDOWS\system32\DRIVERS\amdk7.sys
21:38:01.0750 2952 AmdK7 - ok
21:38:02.0484 2952 amsint - ok
21:38:03.0171 2952 AppMgmt (bbf1f51ae53036101b9fa467a6621a0f) C:\WINDOWS\System32\appmgmts.dll
21:38:03.0484 2952 AppMgmt - ok
21:38:04.0187 2952 asc - ok
21:38:04.0890 2952 asc3350p - ok
21:38:05.0625 2952 asc3550 - ok
21:38:06.0468 2952 AsyncMac (34c951228c152a248357409cb680ce13) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:38:06.0937 2952 AsyncMac - ok
21:38:07.0875 2952 atapi (65ea06f8711fb3a64ec7d323e350f456) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:38:08.0296 2952 atapi - ok
21:38:09.0078 2952 Atdisk - ok
21:38:09.0796 2952 Atmarpc (ce372a820e4f4e808b574050ec35c049) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:38:10.0234 2952 Atmarpc - ok
21:38:11.0343 2952 AudioSrv (230ea31b318c2c85cc10f31ce7faaf64) C:\WINDOWS\System32\audiosrv.dll
21:38:11.0812 2952 AudioSrv - ok
21:38:12.0656 2952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:38:13.0062 2952 audstub - ok
21:38:13.0765 2952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:38:14.0328 2952 Beep - ok
21:38:16.0093 2952 BITS (2a18b9ddd9d297050bb7ad7c82bdae9a) C:\WINDOWS\system32\qmgr.dll
21:38:17.0859 2952 BITS - ok
21:38:20.0328 2952 Browser (63135147c2d86a374abf057f178907b7) C:\WINDOWS\System32\browser.dll
21:38:20.0968 2952 Browser - ok
21:38:23.0406 2952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:38:24.0046 2952 cbidf2k - ok
21:38:26.0296 2952 cd20xrnt - ok
21:38:28.0453 2952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:38:29.0218 2952 Cdaudio - ok
21:38:29.0953 2952 Cdfs (3a8d04c6533a344973ba5cce5be2609b) C:\WINDOWS\system32\drivers\Cdfs.sys
21:38:30.0671 2952 Cdfs - ok
21:38:31.0390 2952 Cdrom (0cc13b7fe6d2f64efc82cebfe9d2b8f0) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:38:31.0937 2952 Cdrom - ok
21:38:32.0593 2952 Changer - ok
21:38:33.0218 2952 CiSvc (95c63655de8f44334ada695a75516ac2) C:\WINDOWS\system32\cisvc.exe
21:38:33.0671 2952 CiSvc - ok
21:38:34.0484 2952 ClipSrv (31ccdf04cdf2688b78fbc4b9fd183c13) C:\WINDOWS\system32\clipsrv.exe
21:38:34.0953 2952 ClipSrv - ok
21:38:35.0671 2952 CmdIde - ok
21:38:36.0296 2952 COMSysApp - ok
21:38:37.0109 2952 Cpqarray - ok
21:38:37.0734 2952 CryptSvc (ed2b536ee810edd56cc2febcf4f40861) C:\WINDOWS\System32\cryptsvc.dll
21:38:38.0203 2952 CryptSvc - ok
21:38:38.0859 2952 dac2w2k - ok
21:38:39.0703 2952 dac960nt - ok
21:38:40.0625 2952 DcomLaunch (b29df40eb7b4210d0d4a2af78b621b07) C:\WINDOWS\system32\rpcss.dll
21:38:41.0218 2952 DcomLaunch - ok
21:38:41.0859 2952 Dhcp (e1d82d699ad0692a8caec1fed78a987c) C:\WINDOWS\System32\dhcpcsvc.dll
21:38:42.0359 2952 Dhcp - ok
21:38:43.0125 2952 Disk (db7ba51015765db476457bedd53d3cfe) C:\WINDOWS\system32\DRIVERS\disk.sys
21:38:43.0609 2952 Disk - ok
21:38:44.0312 2952 dmadmin - ok
21:38:45.0265 2952 dmboot (ba1f9637c50d105fb8ebe334d57bc16e) C:\WINDOWS\system32\drivers\dmboot.sys
21:38:45.0828 2952 dmboot - ok
21:38:46.0593 2952 dmio (a29d408f65291721091bc21a48ceed00) C:\WINDOWS\system32\drivers\dmio.sys
21:38:47.0031 2952 dmio - ok
21:38:47.0765 2952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:38:48.0156 2952 dmload - ok
21:38:48.0765 2952 dmserver (24542212c37896d5a7187dc054de588d) C:\WINDOWS\System32\dmserver.dll
21:38:49.0234 2952 dmserver - ok
21:38:49.0921 2952 DMusic (0fdc464e960b5c9665d89fe00bc972a3) C:\WINDOWS\system32\drivers\DMusic.sys
21:38:50.0421 2952 DMusic - ok
21:38:51.0109 2952 Dnscache (f3ab387a683b64180cdc07fd260e6595) C:\WINDOWS\System32\dnsrslvr.dll
21:38:51.0656 2952 Dnscache - ok
21:38:52.0453 2952 Dot3svc (452e6c285e5eb749ae7a96205edee541) C:\WINDOWS\System32\dot3svc.dll
21:38:53.0015 2952 Dot3svc - ok
21:38:53.0671 2952 dpti2o - ok
21:38:54.0437 2952 drmkaud (6d5ca8474cf00a2765b6d6b35a57e89c) C:\WINDOWS\system32\drivers\drmkaud.sys
21:38:54.0875 2952 drmkaud - ok
21:38:55.0562 2952 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
21:38:56.0656 2952 eamon - ok
21:38:57.0281 2952 EapHost (6afd4fe919df58ba897e9ef90e58c54e) C:\WINDOWS\System32\eapsvc.dll
21:38:57.0890 2952 EapHost - ok
21:38:58.0609 2952 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
21:38:58.0625 2952 ehdrv - ok
21:38:58.0890 2952 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
21:38:59.0265 2952 ekrn - ok
21:39:00.0046 2952 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
21:39:00.0078 2952 epfwtdir - ok
21:39:00.0718 2952 ERSvc (045911255e749274f5af0eb2bb9b23a7) C:\WINDOWS\System32\ersvc.dll
21:39:01.0265 2952 ERSvc - ok
21:39:01.0875 2952 Eventlog (c91018fe1f9b53de349398dd4aec6f8c) C:\WINDOWS\system32\services.exe
21:39:02.0437 2952 Eventlog - ok
21:39:03.0062 2952 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:39:03.0171 2952 EventSystem - ok
21:39:03.0187 2952 Suspicious service (NoAccess): f1f1ebd0
21:39:03.0875 2952 f1f1ebd0 (5d689ccb14db40784cdc894d54051ad6) C:\WINDOWS\System32\drivers\f1f1ebd0.sys
21:39:03.0875 2952 Suspicious file (NoAccess): C:\WINDOWS\System32\drivers\f1f1ebd0.sys. md5: 5d689ccb14db40784cdc894d54051ad6
21:39:03.0890 2952 f1f1ebd0 ( LockedService.Multi.Generic ) - warning
21:39:03.0890 2952 f1f1ebd0 - detected LockedService.Multi.Generic (1)
21:39:04.0578 2952 Fastfat (bb9c87cc84a747f68c4d0e24d5841e61) C:\WINDOWS\system32\drivers\Fastfat.sys
21:39:05.0250 2952 Fastfat - ok
21:39:05.0906 2952 FastUserSwitchingCompatibility (bbecaae6b47f775cc98fd38108386d93) C:\WINDOWS\System32\shsvcs.dll
21:39:06.0421 2952 FastUserSwitchingCompatibility - ok
21:39:07.0156 2952 Fdc (bafd3cc668a29f5070da63469c273127) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:39:07.0640 2952 Fdc - ok
21:39:08.0343 2952 Fips (cd7388a0e1f2585d0300c9533f4de221) C:\WINDOWS\system32\drivers\Fips.sys
21:39:08.0921 2952 Fips - ok
21:39:09.0656 2952 FLASHSYS - ok
21:39:10.0750 2952 Flpydisk (50cd9634d0d4e6c9c6e2e8ea27f8e2f6) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:39:11.0156 2952 Flpydisk - ok
21:39:12.0203 2952 FltMgr (d1338fb4160e250ae8a9202f8ac3860f) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:39:12.0625 2952 FltMgr - ok
21:39:13.0375 2952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:39:14.0046 2952 Fs_Rec - ok
21:39:14.0781 2952 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:39:15.0265 2952 Ftdisk - ok
21:39:16.0015 2952 gameenum (ddfb584551398e0d074d68d94c236e55) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:39:16.0531 2952 gameenum - ok
21:39:16.0609 2952 getplushelper (82b57e682c5ba5ce8dd8bb9efae2c189) C:\Program Files\NOS\bin\getPlus_Helper.dll
21:39:16.0812 2952 getplushelper - ok
21:39:16.0843 2952 GMSIPCI - ok
21:39:17.0546 2952 Gpc (8c7faa02a68d9eef68287a2842bb4f71) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:39:18.0031 2952 Gpc - ok
21:39:18.0171 2952 helpsvc (9e3707d2ff9ec12cd5f25e9b92a740cc) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:39:18.0625 2952 helpsvc - ok
21:39:19.0296 2952 HidServ - ok
21:39:20.0125 2952 hidusb (81d2ffea0965a205f257160f1328f18e) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:39:20.0515 2952 hidusb - ok
21:39:21.0265 2952 hkmsvc (5378f76f04b414fba2aaf8f1d9006115) C:\WINDOWS\System32\kmsvc.dll
21:39:21.0765 2952 hkmsvc - ok
21:39:22.0468 2952 hpn - ok
21:39:23.0187 2952 HTTP (34b3296ad3c624daaaf1884681633c82) C:\WINDOWS\system32\Drivers\HTTP.sys
21:39:23.0546 2952 HTTP - ok
21:39:24.0203 2952 HTTPFilter (b0efa984db514e933f9308c6b1f145e8) C:\WINDOWS\System32\w3ssl.dll
21:39:24.0828 2952 HTTPFilter - ok
21:39:25.0500 2952 i2omgmt - ok
21:39:26.0234 2952 i2omp - ok
21:39:26.0921 2952 i8042prt (f641d64e8fd069d91e60511bb5cf4a2d) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:39:27.0359 2952 i8042prt - ok
21:39:28.0046 2952 ikhlayer (b03903b8273848b340faf061635d7daf) C:\WINDOWS\system32\drivers\ikhlayer.sys
21:39:28.0140 2952 ikhlayer ( UnsignedFile.Multi.Generic ) - warning
21:39:28.0140 2952 ikhlayer - detected UnsignedFile.Multi.Generic (1)
21:39:28.0859 2952 Imapi (df47d4e6ed89cd0ad7248a7604af706e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:39:29.0296 2952 Imapi - ok
21:39:31.0375 2952 ImapiService (2f2740ac7721502f7600f1c0daf10d17) C:\WINDOWS\system32\imapi.exe
21:39:31.0812 2952 ImapiService - ok
21:39:33.0765 2952 ini910u - ok
21:39:35.0765 2952 IntelIde - ok
21:39:37.0703 2952 Ip6Fw (0f2a14149b767cd62559a4e060d63e0a) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:39:38.0250 2952 Ip6Fw - ok
21:39:38.0968 2952 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:39:39.0421 2952 IpFilterDriver - ok
21:39:40.0156 2952 IpInIp (f6e4f5f17ead48851b2ca24faf595693) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:39:40.0593 2952 IpInIp - ok
21:39:41.0296 2952 IpNat (04191cc82eda72c44f9c154bc094ea0d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:39:41.0765 2952 IpNat - ok
21:39:42.0437 2952 IPSec (84f6866f355c4c2185eb68206d55c591) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:39:42.0906 2952 IPSec - ok
21:39:43.0562 2952 IRENUM (ca98b430387b7d73d9b52eb4e0ab9d92) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:39:43.0750 2952 IRENUM - ok
21:39:44.0453 2952 isapnp (5a59964bfb9dca86af0c4ae8cc1d6a32) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:39:44.0828 2952 isapnp - ok
21:39:45.0734 2952 Kbdclass (4780a418e0fa859b09311c87980d0f7e) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:39:46.0156 2952 Kbdclass - ok
21:39:46.0828 2952 kmixer (e30be31b27e6fd0c3ab65e87f794e5df) C:\WINDOWS\system32\drivers\kmixer.sys
21:39:47.0203 2952 kmixer - ok
21:39:47.0875 2952 KSecDD (1e8c0c5ac7c40529961bd60451666932) C:\WINDOWS\system32\drivers\KSecDD.sys
21:39:48.0562 2952 KSecDD - ok
21:39:49.0296 2952 LanmanServer (88386e414010d1842561fd7678ff56e7) C:\WINDOWS\System32\srvsvc.dll
21:39:49.0718 2952 LanmanServer - ok
21:39:50.0468 2952 lanmanworkstation (8dfab3f3c80ee507714eb0f1a2a6009e) C:\WINDOWS\System32\wkssvc.dll
21:39:50.0875 2952 lanmanworkstation - ok
21:39:51.0687 2952 lbrtfdc - ok
21:39:52.0406 2952 LmHosts (ba50824346dd701a00aadcb314a92336) C:\WINDOWS\System32\lmhsvc.dll
21:39:52.0765 2952 LmHosts - ok
21:39:53.0500 2952 Messenger (b92fd1441485895bc65f40ea1041620b) C:\WINDOWS\System32\msgsvc.dll
21:39:54.0015 2952 Messenger - ok
21:39:54.0687 2952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:39:55.0187 2952 mnmdd - ok
21:39:55.0890 2952 mnmsrvc (094fba18ece5baeea122a3b9367ee310) C:\WINDOWS\system32\mnmsrvc.exe
21:39:56.0328 2952 mnmsrvc - ok
21:39:57.0062 2952 Modem (8c0f9f5a284b1db052c31ed629c2a5c3) C:\WINDOWS\system32\drivers\Modem.sys
21:39:57.0578 2952 Modem - ok
21:39:58.0312 2952 Mouclass (06515a5d8482b44e55bab35981888a0e) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:39:58.0796 2952 Mouclass - ok
21:39:59.0531 2952 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:39:59.0906 2952 mouhid - ok
21:40:00.0640 2952 MountMgr (8b64fa7814ed005e57d43155de88398a) C:\WINDOWS\system32\drivers\MountMgr.sys
21:40:01.0187 2952 MountMgr - ok
21:40:01.0843 2952 mraid35x - ok
21:40:02.0578 2952 MRxDAV (53cb9e3b300f4ea15d5b2679b102d09f) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:40:03.0015 2952 MRxDAV - ok
21:40:03.0718 2952 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:40:03.0875 2952 MRxSmb - ok
21:40:04.0500 2952 MSDTC (77ea719820518452341821c5198441ca) C:\WINDOWS\system32\msdtc.exe
21:40:04.0890 2952 MSDTC - ok
21:40:05.0625 2952 Msfs (79e4458da04664b431e6728a18199300) C:\WINDOWS\system32\drivers\Msfs.sys
21:40:06.0140 2952 Msfs - ok
21:40:06.0734 2952 MSIServer - ok
21:40:07.0437 2952 MSKSSRV (241e77138dee16d546080a794b80284b) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:40:07.0796 2952 MSKSSRV - ok
21:40:08.0500 2952 MSPCLOCK (f46de5b07ea15e0727f12eb12e710f71) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:40:08.0875 2952 MSPCLOCK - ok
21:40:09.0562 2952 MSPQM (c53927217ac0834dc547b396ffc495d9) C:\WINDOWS\system32\drivers\MSPQM.sys
21:40:09.0953 2952 MSPQM - ok
21:40:10.0703 2952 mssmbios (146e70915c378f02476a10bcec3a95c2) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:40:11.0125 2952 mssmbios - ok
21:40:11.0828 2952 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
21:40:12.0250 2952 ms_mpu401 - ok
21:40:12.0937 2952 Mup (254717fc83220bdc790f6c2e57c620bf) C:\WINDOWS\system32\drivers\Mup.sys
21:40:13.0562 2952 Mup - ok
21:40:14.0296 2952 napagent (4e455f8b26373ef7707e9d078c51bf66) C:\WINDOWS\System32\qagentrt.dll
21:40:14.0828 2952 napagent - ok
21:40:15.0562 2952 NDIS (aff1aed224d17c8bc38174ed932f68b6) C:\WINDOWS\system32\drivers\NDIS.sys
21:40:16.0109 2952 NDIS - ok
21:40:16.0812 2952 NdisTapi (eaeecd0001f1d43bb3e81b77e8b8483e) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:40:17.0218 2952 NdisTapi - ok
21:40:17.0875 2952 Ndisuio (077c330d7e12669d57ed16e4dfabf700) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:40:18.0281 2952 Ndisuio - ok
21:40:19.0031 2952 NdisWan (36a503c26f7c81fe7ce71b0b467605dd) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:40:19.0390 2952 NdisWan - ok
21:40:20.0234 2952 NDProxy (21769bbeb1b70ddad968002390100b3a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:40:20.0765 2952 NDProxy - ok
21:40:22.0625 2952 NetBIOS (4977fd4bad4b94188e7b101df0e017ef) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:40:23.0046 2952 NetBIOS - ok
21:40:23.0718 2952 NetBT (3294dc900631ee18c86f49e7c26e416b) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:40:24.0140 2952 NetBT - ok
21:40:24.0750 2952 NetDDE (fbd067229fa6244c93888034a1241a03) C:\WINDOWS\system32\netdde.exe
21:40:25.0171 2952 NetDDE - ok
21:40:25.0187 2952 NetDDEdsdm (fbd067229fa6244c93888034a1241a03) C:\WINDOWS\system32\netdde.exe
21:40:25.0593 2952 NetDDEdsdm - ok
21:40:26.0203 2952 Netlogon (809c3dfadc08d0eb15e5440f2a65434c) C:\WINDOWS\system32\lsass.exe
21:40:26.0593 2952 Netlogon - ok
21:40:27.0234 2952 Netman (682f6e2fde80b2a25cd39a771be41797) C:\WINDOWS\System32\netman.dll
21:40:27.0609 2952 Netman - ok
21:40:28.0218 2952 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
21:40:28.0375 2952 Nla - ok
21:40:29.0093 2952 Npfs (bff3844722d795df4c5066aaae957ec8) C:\WINDOWS\system32\drivers\Npfs.sys
21:40:29.0578 2952 Npfs - ok
21:40:29.0593 2952 NTACCESS - ok
21:40:30.0343 2952 Ntfs (d7f8a3f743c54c13d78954176ad483a2) C:\WINDOWS\system32\drivers\Ntfs.sys
21:40:30.0921 2952 Ntfs - ok
21:40:31.0656 2952 NtLmSsp (809c3dfadc08d0eb15e5440f2a65434c) C:\WINDOWS\system32\lsass.exe
21:40:32.0031 2952 NtLmSsp - ok
21:40:32.0671 2952 NtmsSvc (babceab5dc36947044bad417e1e3210e) C:\WINDOWS\system32\ntmssvc.dll
21:40:33.0234 2952 NtmsSvc - ok
21:40:33.0906 2952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:40:34.0421 2952 Null - ok
21:40:35.0375 2952 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:40:36.0406 2952 nv - ok
21:40:37.0078 2952 NVSvc (0febe37db6650faa5965c00545009d1d) C:\WINDOWS\system32\nvsvc32.exe
21:40:37.0203 2952 NVSvc - ok
21:40:39.0578 2952 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:40:40.0656 2952 NwlnkFlt - ok
21:40:41.0718 2952 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:40:42.0140 2952 NwlnkFwd - ok
21:40:42.0843 2952 Parport (9f84cffa068c474084a99bc68bf3ea63) C:\WINDOWS\system32\DRIVERS\parport.sys
21:40:43.0187 2952 Parport - ok
21:40:43.0875 2952 PartMgr (64fc948a8387d3a5fba3cdeb539b1514) C:\WINDOWS\system32\drivers\PartMgr.sys
21:40:44.0359 2952 PartMgr - ok
21:40:45.0015 2952 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:40:45.0562 2952 ParVdm - ok
21:40:46.0796 2952 PCI (ef6876118575c85ca4ad39ac6490656c) C:\WINDOWS\system32\DRIVERS\pci.sys
21:40:47.0281 2952 PCI - ok
21:40:48.0250 2952 PCIDump - ok
21:40:48.0968 2952 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:40:49.0328 2952 PCIIde - ok
21:40:50.0109 2952 Pcmcia (c1bc00b2c7a782cf5207f1a13745ab65) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:40:50.0765 2952 Pcmcia - ok
21:40:51.0625 2952 PDCOMP - ok
21:40:52.0500 2952 PDFRAME - ok
21:40:53.0359 2952 PDRELI - ok
21:40:54.0078 2952 PDRFRAME - ok
21:40:54.0765 2952 perc2 - ok
21:40:55.0500 2952 perc2hib - ok
21:40:56.0218 2952 PlugPlay (c91018fe1f9b53de349398dd4aec6f8c) C:\WINDOWS\system32\services.exe
21:40:56.0593 2952 PlugPlay - ok
21:40:57.0281 2952 PolicyAgent (809c3dfadc08d0eb15e5440f2a65434c) C:\WINDOWS\system32\lsass.exe
21:40:57.0656 2952 PolicyAgent - ok
21:40:58.0359 2952 PptpMiniport (7065eaef0b12cc5339425d575e5a71d3) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:40:58.0750 2952 PptpMiniport - ok
21:40:59.0406 2952 ProtectedStorage (809c3dfadc08d0eb15e5440f2a65434c) C:\WINDOWS\system32\lsass.exe
21:40:59.0750 2952 ProtectedStorage - ok
21:41:00.0468 2952 PSched (7c8c04b524b0823a29ee6b0818ecbbb3) C:\WINDOWS\system32\DRIVERS\psched.sys
21:41:00.0875 2952 PSched - ok
21:41:01.0718 2952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:41:02.0046 2952 Ptilink - ok
21:41:02.0687 2952 ql1080 - ok
21:41:03.0390 2952 Ql10wnt - ok
21:41:04.0140 2952 ql12160 - ok
21:41:04.0843 2952 ql1240 - ok
21:41:05.0531 2952 ql1280 - ok
21:41:06.0265 2952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:41:06.0609 2952 RasAcd - ok
21:41:07.0265 2952 RasAuto (90ae32d938d5585f2a2cce3a67e3c561) C:\WINDOWS\System32\rasauto.dll
21:41:07.0781 2952 RasAuto - ok
21:41:08.0515 2952 Rasl2tp (1d0743f4b97fd729511ad5022e0bcbc1) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:41:08.0843 2952 Rasl2tp - ok
21:41:09.0500 2952 RasMan (311bfcd7bfc070d5e544b974b4466daa) C:\WINDOWS\System32\rasmans.dll
21:41:09.0843 2952 RasMan - ok
21:41:10.0609 2952 RasPppoe (04a17ced474f4444d6eff7a1ba169a2e) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:41:10.0937 2952 RasPppoe - ok
21:41:11.0656 2952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:41:11.0984 2952 Raspti - ok
21:41:12.0671 2952 Rdbss (d2fd6bd47a5ad252745c96b61b55d7be) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:41:12.0984 2952 Rdbss - ok
21:41:13.0687 2952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:41:14.0046 2952 RDPCDD - ok
21:41:14.0734 2952 rdpdr (00f5b19217f0ea9a513789dd8214c79b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:41:15.0062 2952 rdpdr - ok
21:41:15.0812 2952 RDPWD (e92dd0b4ab8d73f72fef85282f8dd2e2) C:\WINDOWS\system32\drivers\RDPWD.sys
21:41:16.0312 2952 RDPWD - ok
21:41:17.0015 2952 RDSessMgr (0f7596da624e4a8294f2cf7a745d1f09) C:\WINDOWS\system32\sessmgr.exe
21:41:17.0375 2952 RDSessMgr - ok
21:41:18.0062 2952 redbook (bf1bfdad19fd920cc0856886ce91b208) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:41:18.0375 2952 redbook - ok
21:41:19.0015 2952 RemoteAccess (c71c52361793f479808e446bfdb8dcad) C:\WINDOWS\System32\mprdim.dll
21:41:19.0390 2952 RemoteAccess - ok
21:41:20.0046 2952 RemoteRegistry (7c233cffaf2680af8f3f56e20b7fe126) C:\WINDOWS\system32\regsvc.dll
21:41:20.0421 2952 RemoteRegistry - ok
21:41:21.0218 2952 RpcLocator (b0b057c4db9caccabf4f6989afd26bc5) C:\WINDOWS\system32\locator.exe
21:41:21.0546 2952 RpcLocator - ok
21:41:22.0421 2952 RpcSs (b29df40eb7b4210d0d4a2af78b621b07) C:\WINDOWS\system32\rpcss.dll
21:41:22.0843 2952 RpcSs - ok
21:41:23.0453 2952 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:41:23.0828 2952 RSVP - ok
21:41:24.0578 2952 RTL8023xp (67c9511a760149797e806ffd9f14ad37) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
21:41:24.0734 2952 RTL8023xp - ok
21:41:25.0453 2952 rtl8139 (d4453c6b7f627786bafc5ac5149b3a39) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
21:41:25.0531 2952 rtl8139 - ok
21:41:26.0187 2952 SamSs (809c3dfadc08d0eb15e5440f2a65434c) C:\WINDOWS\system32\lsass.exe
21:41:26.0546 2952 SamSs - ok
21:41:27.0203 2952 SCardSvr (f654d3e40f2b164969facb6cf32916bc) C:\WINDOWS\System32\SCardSvr.exe
21:41:27.0546 2952 SCardSvr - ok
21:41:28.0281 2952 Schedule (d77a0e39ff714d931f91052e357b5f04) C:\WINDOWS\system32\schedsvc.dll
21:41:28.0656 2952 Schedule - ok
21:41:28.0765 2952 SDhelper (186ee3b89521257c480e55063a91de77) C:\Program Files\Spyware Doctor\sdhelp.exe
21:41:28.0984 2952 SDhelper - ok
21:41:29.0656 2952 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:41:29.0843 2952 Secdrv - ok
21:41:30.0484 2952 seclogon (2a82ac49aa183d5a5115ab59d3ef9b56) C:\WINDOWS\System32\seclogon.dll
21:41:30.0843 2952 seclogon - ok
21:41:31.0468 2952 SENS (f52f0913880644f0b87ef855d6a5cde8) C:\WINDOWS\system32\sens.dll
21:41:31.0828 2952 SENS - ok
21:41:32.0531 2952 serenum (19f5a2b382c281ea02525566e8fe6980) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:41:32.0875 2952 serenum - ok
21:41:33.0578 2952 Serial (3dae0c3747f4065d18617ca36f63f104) C:\WINDOWS\system32\DRIVERS\serial.sys
21:41:33.0875 2952 Serial - ok
21:41:34.0609 2952 Sfloppy (0e0d508c42ed31e0ce4877bcbd1dac7e) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:41:35.0000 2952 Sfloppy - ok
21:41:35.0625 2952 SharedAccess (e51a2a4a58cd5bf69db8854fce239d20) C:\WINDOWS\System32\ipnathlp.dll
21:41:36.0046 2952 SharedAccess - ok
21:41:36.0671 2952 ShellHWDetection (bbecaae6b47f775cc98fd38108386d93) C:\WINDOWS\System32\shsvcs.dll
21:41:37.0000 2952 ShellHWDetection - ok
21:41:37.0671 2952 Simbad - ok
21:41:38.0375 2952 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
21:41:38.0421 2952 SISAGP - ok
21:41:39.0093 2952 Sparrow - ok
21:41:39.0859 2952 splitter (d15d4f064889adae4ef9a44797361a95) C:\WINDOWS\system32\drivers\splitter.sys
21:41:40.0203 2952 splitter - ok
21:41:40.0843 2952 Spooler (037b1c61e298180a43a6401a6d12bd76) C:\WINDOWS\system32\spoolsv.exe
21:41:41.0171 2952 Spooler - ok
21:41:41.0828 2952 sr (b0a078e4f5c4b11ddca9fe48e860687f) C:\WINDOWS\system32\DRIVERS\sr.sys
21:41:42.0015 2952 sr - ok
21:41:42.0625 2952 srservice (f7e4331a79ba927333f3009e3fcd3772) C:\WINDOWS\system32\srsvc.dll
21:41:42.0859 2952 srservice - ok
21:41:43.0562 2952 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
21:41:43.0750 2952 Srv - ok
21:41:44.0390 2952 SSDPSRV (18ab8811ffdacde62f36573abdf19ea1) C:\WINDOWS\System32\ssdpsrv.dll
21:41:44.0578 2952 SSDPSRV - ok
21:41:45.0218 2952 stisvc (254559635688d4cd65e8625c1087f24f) C:\WINDOWS\system32\wiaservc.dll
21:41:45.0593 2952 stisvc - ok
21:41:46.0328 2952 swenum (52ca69522d2780008679f486ff2d16a9) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:41:46.0640 2952 swenum - ok
21:41:47.0359 2952 swmidi (d9f7f799db20ce348d2c7f374aae5133) C:\WINDOWS\system32\drivers\swmidi.sys
21:41:47.0703 2952 swmidi - ok
21:41:48.0328 2952 SwPrv - ok
21:41:49.0015 2952 symc810 - ok
21:41:49.0671 2952 symc8xx - ok
21:41:50.0343 2952 sym_hi - ok
21:41:51.0125 2952 sym_u3 - ok
21:41:51.0828 2952 sysaudio (ac17b7e3da6fc911466962bbe1596239) C:\WINDOWS\system32\drivers\sysaudio.sys
21:41:52.0140 2952 sysaudio - ok
21:41:52.0734 2952 SysmonLog (53ed5e1e439bfe582e5fa6255314f85f) C:\WINDOWS\system32\smlogsvc.exe
21:41:53.0093 2952 SysmonLog - ok
21:41:53.0718 2952 TapiSrv (531ef469a192ac3266ea18e7d62ef79c) C:\WINDOWS\System32\tapisrv.dll
21:41:54.0046 2952 TapiSrv - ok
21:41:54.0718 2952 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:41:54.0937 2952 Tcpip - ok
21:41:55.0734 2952 TDPIPE (acbb991ba7710ca13e3f7c581365eec0) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:41:56.0140 2952 TDPIPE - ok
21:41:56.0796 2952 TDTCP (b4b829f1accaa80686a9f9264f2050d0) C:\WINDOWS\system32\drivers\TDTCP.sys
21:41:57.0218 2952 TDTCP - ok
21:41:57.0906 2952 TermDD (9357984830dc4f40c3c82489b56ec95b) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:41:58.0218 2952 TermDD - ok
21:41:58.0890 2952 TermService (c143d487e0cac3de4714754843140d4a) C:\WINDOWS\System32\termsrv.dll
21:41:59.0218 2952 TermService - ok
21:41:59.0843 2952 Themes (bbecaae6b47f775cc98fd38108386d93) C:\WINDOWS\System32\shsvcs.dll
21:42:00.0140 2952 Themes - ok
21:42:00.0859 2952 TlntSvr (34daa86c8ca3a5e8fdcf6f50308e0c1c) C:\WINDOWS\system32\tlntsvr.exe
21:42:01.0062 2952 TlntSvr - ok
21:42:01.0703 2952 TosIde - ok
21:42:02.0359 2952 TrkWks (3647dcf024f6d1e045a479a131e70e83) C:\WINDOWS\system32\trkwks.dll
21:42:02.0671 2952 TrkWks - ok
21:42:03.0390 2952 Udfs (007c5857eca3624845005d800986e400) C:\WINDOWS\system32\drivers\Udfs.sys
21:42:03.0812 2952 Udfs - ok
21:42:04.0593 2952 ultra - ok
21:42:05.0343 2952 Update (4b633414b8231060c8ceac4575fcb00e) C:\WINDOWS\system32\DRIVERS\update.sys
21:42:05.0718 2952 Update - ok
21:42:06.0406 2952 upnphost (6e900663dc8cc03689d6437b1d7cb2c5) C:\WINDOWS\System32\upnphost.dll
21:42:06.0656 2952 upnphost - ok
21:42:08.0125 2952 UPS (206526c0dea504598a2be679714bdf83) C:\WINDOWS\System32\ups.exe
21:42:08.0453 2952 UPS - ok
21:42:10.0546 2952 usbhub (32889e8b3bb890d5dbcdf866598a2b45) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:42:10.0875 2952 usbhub - ok
21:42:12.0656 2952 usbohci (4a5f04ade6c2ce8eb1fe966b498b47cd) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:42:13.0000 2952 usbohci - ok
21:42:15.0687 2952 usbprint (0c92e95006b083ba25c0e805e6e7b1d6) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:42:16.0046 2952 usbprint - ok
21:42:17.0828 2952 USBSTOR (4c11e52f58b8f691099f9c1b0432a6a6) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:42:18.0187 2952 USBSTOR - ok
21:42:20.0265 2952 VgaSave (27573609ed1a48065a7174fa6b7f36e5) C:\WINDOWS\System32\drivers\vga.sys
21:42:28.0968 2952 VgaSave - ok
21:42:30.0156 2952 ViaIde - ok
21:42:31.0984 2952 VolSnap (999a7ab63b8f364f4df130d48ba7e972) C:\WINDOWS\system32\drivers\VolSnap.sys
21:42:35.0046 2952 VolSnap - ok
21:42:37.0515 2952 VSS (a8c250f3bba8334331c82d12719c1907) C:\WINDOWS\System32\vssvc.exe
21:42:39.0203 2952 VSS - ok
21:42:40.0984 2952 W32Time (db923b55d65325a4154bb89c70f15961) C:\WINDOWS\system32\w32time.dll
21:42:41.0531 2952 W32Time - ok
21:42:43.0515 2952 Wanarp (4d91cdfecb032a34c550080b62720e15) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:42:43.0859 2952 Wanarp - ok
21:42:46.0453 2952 WDICA - ok
21:42:49.0453 2952 wdmaud (971260ff2bdf0371c11e811fa9c64bd8) C:\WINDOWS\system32\drivers\wdmaud.sys
21:42:49.0781 2952 wdmaud - ok
21:42:51.0468 2952 WebClient (e831020f15d67d85eabce6f266ec1c17) C:\WINDOWS\System32\webclnt.dll
21:42:51.0937 2952 WebClient - ok
21:42:53.0921 2952 WEBNTACCESS - ok
21:42:56.0875 2952 winmgmt (99808420ee5fd0ad9af33a15e92c3323) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:42:59.0343 2952 winmgmt - ok
21:43:01.0062 2952 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:43:02.0500 2952 WmdmPmSN - ok
21:43:04.0140 2952 Wmi (5effac3c259f665b874a5b68ad2ea1dc) C:\WINDOWS\System32\advapi32.dll
21:43:04.0687 2952 Wmi - ok
21:43:06.0703 2952 WmiApSrv (c0b67974a399f3cf92e7fbdbb540bef0) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:43:07.0125 2952 WmiApSrv - ok
21:43:07.0781 2952 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:43:08.0546 2952 WMPNetworkSvc - ok
21:43:10.0203 2952 wscsvc (e7b0dc69df7f9d268daece02e71801b3) C:\WINDOWS\system32\wscsvc.dll
21:43:11.0546 2952 wscsvc - ok
21:43:13.0765 2952 wuauserv (3dbc95a7535991885ebd1c58a0be5dd5) C:\WINDOWS\system32\wuauserv.dll
21:43:15.0062 2952 wuauserv - ok
21:43:17.0031 2952 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:43:17.0437 2952 WudfPf - ok
21:43:19.0390 2952 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:43:19.0453 2952 WudfRd - ok
21:43:20.0281 2952 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:43:20.0421 2952 WudfSvc - ok
21:43:21.0093 2952 WZCSVC (8be3db3344987eb3767440512736a105) C:\WINDOWS\System32\wzcsvc.dll
21:43:21.0484 2952 WZCSVC - ok
21:43:22.0140 2952 xmlprov (89cce39ddbc280f4950baadca5377ce4) C:\WINDOWS\System32\xmlprov.dll
21:43:22.0578 2952 xmlprov - ok
21:43:22.0734 2952 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (5867ce254625645345c833510d24f124) C:\Program Files\CyberLink\PowerDVD8\000.fcl
21:43:23.0390 2952 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
21:43:23.0421 2952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:43:24.0484 2952 \Device\Harddisk0\DR0 - ok
21:43:24.0531 2952 Boot (0x1200) (1fcd0d26df54736d4d0bf1b56692816e) \Device\Harddisk0\DR0\Partition0
21:43:24.0531 2952 \Device\Harddisk0\DR0\Partition0 - ok
21:43:24.0578 2952 Boot (0x1200) (cadcddf75affa77623de5b74691174fe) \Device\Harddisk0\DR0\Partition1
21:43:24.0578 2952 \Device\Harddisk0\DR0\Partition1 - ok
21:43:24.0578 2952 ============================================================
21:43:24.0578 2952 Scan finished
21:43:24.0578 2952 ============================================================
21:43:25.0109 2932 Detected object count: 3
21:43:25.0125 2932 Actual detected object count: 3
21:43:42.0640 2932 ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:43:42.0640 2932 ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:43:42.0640 2932 f1f1ebd0 ( LockedService.Multi.Generic ) - skipped by user
21:43:42.0640 2932 f1f1ebd0 ( LockedService.Multi.Generic ) - User select action: Skip
21:43:42.0640 2932 ikhlayer ( UnsignedFile.Multi.Generic ) - skipped by user
21:43:42.0640 2932 ikhlayer ( UnsignedFile.Multi.Generic ) - User select action: Skip

#4 Příspěvek od **vyosek** » 19 dub 2012 20:48

Fajn, tak havet se nam ukazala, jdem ji smazat

Nechte ComboFixu nainstalovat Konzolu pro zotaveni, asi ji bude potrebovat pro mazani

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

jozibaci · #5 Příspěvek od **jozibaci** » 19 dub 2012 22:35

ComboFix 12-04-19.01 - Administrator 19.04.2012 22:53:52.1.1 - x86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\windows\system32\drivers\f1f1ebd0.sys
c:\windows\system32\kspydoc.log . . . . Failed to delete
.
c:\windows\system32\drivers\usbehci.sys . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_f1f1ebd0
.
.
((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
.
.
2012-04-19 19:06 . 2012-04-19 19:07 -------- d-----w- c:\program files\trend micro
2012-04-19 19:06 . 2012-04-19 19:07 -------- d-----w- C:\rsit
2012-04-16 14:15 . 2012-04-16 14:15 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"SoundMan"="SOUNDMAN.EXE" [2002-09-11 46592]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-01-10 960000]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-05-03 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-12-20 124928]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-3-15 3450608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 19:24 41456]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
S3 FLASHSYS;FLASHSYS;\??\c:\windows\system32\DRIVERS\FLASHSYS.sys --> c:\windows\system32\DRIVERS\FLASHSYS.sys [?]
S3 WEBNTACCESS;WEBNTACCESS;\??\c:\windows\system32\NTACCESS.SYS --> c:\windows\system32\NTACCESS.SYS [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.10.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e2tb9rs.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-19 23:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3168)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Doctor\sdhelp.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2012-04-19 23:33:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-19 21:33
.
Pre-Run: 5 717 569 536 bytes free
Post-Run: 6 105 210 880 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3CEB52DA4C6E73E6518CA641037D8294

#6 Příspěvek od **vyosek** » 20 dub 2012 07:36

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Rootkit::
c:\windows\system32\kspydoc.log

Mia::
c:\windows\system32\drivers\usbehci.sys

Restore::
c:\windows\system32\drivers\usbehci.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"=-
"PDVD8LanguageShortcut"=-
"BDRegion"=-
"HP Software Update"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]
"ImagePath"=hex(2):25,73,79,73,74,65,6D,72,6F,6F,74,25,5C,73,\
  79,73,74,65,6D,33,32,5C,73,76,63,68,6F,73,74,2E,65,78,65,20,2D,6B,20,\
  6E,65,74,73,76,63,73,00
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv]
"ImagePath"=hex(2):25,73,79,73,74,65,6D,72,6F,6F,74,25,5C,73,\
  79,73,74,65,6D,33,32,5C,73,76,63,68,6F,73,74,2E,65,78,65,20,2D,6B,20,\
  6E,65,74,73,76,63,73,00
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

jozibaci · #7 Příspěvek od **jozibaci** » 29 dub 2012 09:10

Zdravím,

síce neskôr,ale pokračujeme......takže po vytvorení a následnom presunutí ikony CFScriptu nad ikonu ComboFixu vybehla hláška,že ComboFix expiroval. Boli ponúknuté 2 možnosti - pokračovať s obmedzenou funkčnosťou CF alebo zrušiť akciu. Vybral som pokračovanie. Udialo sa nasledovné - ikona CF z plochy zmizla a nedialo sa nič ďaľšieho. Stiahol som CF znovu a dal som ho na plochu. Vytvoreny CFScript som presunul nad ikonu CF znovu. Prebehol cely scan CF a jeho log sem vkladam. Nie som si teda istý,či sa CFScript prejavil,alebo nie.
Dúfam,že som neurobil žiadnu blbosť,že som takto postupoval. Počas činnosti CF neboli žiadne problémy pri reštarte PC/vytvorila sa konzola pre zotavenie Win a klasicky reštart/.

Tu je teda log......

ComboFix 12-04-28.01 - Administrator 29.04.2012 9:24.2.1 - x86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\wiaserva.log
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\ac3filter.ax
c:\windows\system32\acelpdec.ax
c:\windows\system32\divxdec.ax
c:\windows\system32\DVobSub.ax
c:\windows\system32\g711codc.ax
c:\windows\system32\iac25_32.ax
c:\windows\system32\ir41_32.ax
c:\windows\system32\ivfsrc.ax
c:\windows\system32\ksproxy.ax
c:\windows\system32\l3codecx.ax
c:\windows\system32\mpeg2data.ax
c:\windows\system32\mpg2splt.ax
c:\windows\system32\mpg4ds32.ax
c:\windows\system32\msadds32.ax
c:\windows\system32\msscds32.ax
c:\windows\system32\vbicodec.ax
c:\windows\system32\vbisurf.ax
c:\windows\system32\wiasf.ax
c:\windows\system32\wmv8ds32.ax
c:\windows\system32\wmvds32.ax
c:\windows\system32\wstpager.ax
c:\windows\system32\wstrenderer.ax
c:\windows\system32\xvid.ax
c:\windows\system32\kspydoc.log . . . . Failed to delete
.
c:\windows\system32\drivers\usbehci.sys . . . is infected!!
.
c:\windows\system32\drivers\usbehci.sys . . . is missing!!
.
c:\windows\system32\drivers\usbehci.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-19 19:06 . 2012-04-19 19:07 -------- d-----w- c:\program files\trend micro
2012-04-19 19:06 . 2012-04-19 19:07 -------- d-----w- C:\rsit
2012-04-16 14:15 . 2012-04-16 14:15 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-09-11 46592]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-01-10 960000]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-05-03 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-3-15 3450608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 19:24 41456]
S3 FLASHSYS;FLASHSYS;\??\c:\windows\system32\DRIVERS\FLASHSYS.sys --> c:\windows\system32\DRIVERS\FLASHSYS.sys [?]
S3 WEBNTACCESS;WEBNTACCESS;\??\c:\windows\system32\NTACCESS.SYS --> c:\windows\system32\NTACCESS.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.10.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e2tb9rs.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-29 09:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3700)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Doctor\sdhelp.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-04-29 10:02:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-29 08:01
ComboFix2.txt 2012-04-19 21:33
.
Pre-Run: 5 998 485 504 bytes free
Post-Run: 6 256 590 848 voľných bajtov
.
- - End Of File - - 583213EC0A2CB9DADF048566C8CB5E81

#8 Příspěvek od **vyosek** » 29 dub 2012 10:30

Super, jaksi ale nam chybi jeden systemovy soubor

Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu

Do okna vlozte skript nize
Kód: Vybrat vše
```
:filefind
usbehci.sys
```
Kliknete na Look
Tlacitko Look se zmeni na Scanning a zsedne
Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

jozibaci · #9 Příspěvek od **jozibaci** » 29 dub 2012 12:19

SystemLook 30.07.11 by jpshortstuff
Log created at 13:21 on 29/04/2012 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "usbehci.sys"
No files found.

-= EOF =-

#10 Příspěvek od **vyosek** » 01 kvě 2012 07:35

Stahnete usbehci.sys odsud http://vyosek.ic.cz/pro_usery/usbehci.sys a ulozte primo na disk c:\

Stahnete Avenger http://forum.viry.cz/viewtopic.php?f=11&t=19832

Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

Kód: Vybrat vše

Begin copying here:

Files to delete:
c:\windows\system32\kspydoc.log

Files to move:
c:\usbehci.sys | c:\windows\system32\drivers\usbehci.sys

Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

jozibaci · #11 Příspěvek od **jozibaci** » 03 kvě 2012 17:50

zdravím,bol som na cestách,takže pokračujeme..........

tu je log z avengeru -

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\kspydoc.log" deleted successfully.
File move operation "c:\usbehci.sys|c:\windows\system32\drivers\usbehci.sys" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

#12 Příspěvek od **vyosek** » 04 kvě 2012 09:45

Zdravim

jak se chova nas pacient

jozibaci · #13 Příspěvek od **jozibaci** » 06 kvě 2012 08:34

Zdravím,
pacient sa chová nasledovne -

hláška o infiltrácii už zmizla,takže som aktualizoval NOD32 a urobil kontrolu. Všetko OK. Updatol som Windows,kde chybalo kopec aktualizacii. Prebehol som system CCleaner-om a antispyware-om. Zdá sa byť OK,len ide strašne pomaly. Viem,tento comp je totálne starý,ale ak by bola možnosť ho nejako zrýchliť,bolo by fajn. Blbosti ako toolbary a rôzne nepotrebné veci po štarte som odinštaloval a povypínal.

Pre úplnosť prikladám aktuálny log z RSIT.....

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-05-06 09:29:29
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (45%) free of 9 GB
Total RAM: 127 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:30:25, on 6.5.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17109)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\WGA Remover\wgaremover.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arccosine.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WGA Remover] "C:\Program Files\WGA Remover\wgaremover.exe" -silent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7130208031
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O20 - Winlogon Notify: AutorunsDisabled - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4067 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e2tb9rs.default

prefs.js - "browser.startup.homepage" - "www.google.sk"
prefs.js - "extensions.enabledItems" - "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1, 6, 2, 41, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"
prefs.js - "keyword.URL" - "http://www.arccosine.com/search.php?q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/flashplayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsILegitCheckPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npLegitCheckPlugin.dll
nppdf32.dll
np_gp.dll

C:\Program Files\Mozilla Firefox\searchplugins\
arccosine.xml
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e2tb9rs.default\extensions\
{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2002-09-11 46592]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"WGA Remover"=C:\Program Files\WGA Remover\wgaremover.exe [2012-01-12 920576]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 3080264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-05-03 15360]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
C:\WINDOWS\system32\antiwpa.dll [2006-07-22 5376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoSMConfigurePrograms"=1
"MemCheckBoxInRunDlg"=1
"NoSharedDocuments"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"MemCheckBoxInRunDlg"=1
"StartMenuFavorites"=0
"Start_ShowMyComputer"=1
"Start_ShowMyDocs"=1
"Start_ShowMyMusic"=0
"Start_ShowRun"=1
"Start_ShowSearch"=0
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-05-06 08:59:55 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-05-06 08:19:37 ----ASH---- C:\hiberfil.sys
2012-05-05 23:35:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2492386$
2012-05-05 23:13:45 ----D---- C:\WINDOWS\system32\XPSViewer
2012-05-05 23:13:10 ----D---- C:\Program Files\MSBuild
2012-05-05 23:12:23 ----D---- C:\Program Files\Reference Assemblies
2012-05-05 23:09:07 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2012-05-05 23:09:07 ----N---- C:\WINDOWS\system32\prntvpt.dll
2012-05-05 23:09:06 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2012-05-05 22:58:47 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2012-05-05 22:54:30 ----RSD---- C:\WINDOWS\assembly
2012-05-05 22:54:28 ----D---- C:\WINDOWS\Microsoft.NET
2012-05-05 22:54:22 ----D---- C:\WINDOWS\system32\URTTemp
2012-05-05 22:42:17 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2012-05-05 21:49:20 ----D---- C:\Program Files\uTorrent
2012-05-05 21:24:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2012-05-05 21:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2012-05-05 20:59:51 ----D---- C:\Program Files\ESET
2012-05-05 20:59:51 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2012-05-03 18:46:56 ----D---- C:\Avenger
2012-05-03 18:46:56 ----A---- C:\avenger.txt
2012-05-03 18:42:34 ----A---- C:\WINDOWS\system32\drivers\usbehci.sys
2012-05-03 18:14:56 ----D---- C:\Program Files\WGA Remover
2012-05-03 17:22:40 ----A---- C:\WINDOWS\system32\antiwpa.dll
2012-04-29 12:18:22 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2012-04-29 12:17:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2641653$
2012-04-29 12:17:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2012-04-29 12:16:52 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2012-04-29 12:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2012-04-29 12:16:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2012-04-29 12:15:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2012-04-29 12:15:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2012-04-29 12:15:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2012-04-29 12:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-04-29 12:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2012-04-29 12:13:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2012-04-29 12:13:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2012-04-29 12:13:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2012-04-29 12:12:35 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2012-04-29 12:11:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2012-04-29 12:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2012-04-29 12:10:36 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2012-04-29 12:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2012-04-29 12:09:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2012-04-29 12:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2012-04-29 12:08:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2012-04-29 12:08:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2012-04-29 12:08:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2012-04-29 12:07:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2012-04-29 12:07:37 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2012-04-29 12:07:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2012-04-29 12:06:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2012-04-29 12:06:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2012-04-29 12:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2012-04-29 12:06:05 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2012-04-29 12:05:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2510581$
2012-04-29 12:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2012-04-29 12:04:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2012-04-29 12:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2012-04-29 12:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2012-04-29 12:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2012-04-29 12:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2012-04-29 12:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2641690$
2012-04-29 12:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2012-04-29 12:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2012-04-29 12:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2012-04-29 12:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2012-04-29 12:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2012-04-29 12:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2012-04-29 11:59:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2012-04-29 11:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2012-04-29 11:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2012-04-29 11:58:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2012-04-29 11:58:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2012-04-29 11:57:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2012-04-29 11:57:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2012-04-29 11:57:28 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2012-04-29 11:57:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2012-04-29 11:56:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2012-04-29 11:56:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2012-04-29 11:55:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2621440$
2012-04-29 11:55:40 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2012-04-29 11:55:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2012-04-29 11:55:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2012-04-29 11:54:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2012-04-29 11:54:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2012-04-29 11:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2012-04-29 11:48:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2012-04-29 11:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2012-04-29 11:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2012-04-29 11:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2012-04-29 11:42:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2012-04-29 11:37:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2012-04-29 11:33:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2647518$
2012-04-29 11:29:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2633952$
2012-04-29 11:26:30 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2012-04-29 11:25:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2012-04-29 11:24:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2012-04-29 11:23:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2012-04-29 11:21:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2012-04-29 11:20:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2012-04-29 11:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2012-04-29 11:20:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2012-04-29 11:19:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2012-04-29 11:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2012-04-29 11:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2012-04-29 11:18:44 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2012-04-29 11:18:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2012-04-29 11:18:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2012-04-29 11:17:41 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2012-04-29 11:17:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2012-04-29 11:17:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2012-04-29 11:17:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-04-29 11:16:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2012-04-29 11:16:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2633171$
2012-04-29 11:15:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2012-04-29 11:15:32 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2012-04-29 11:15:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2012-04-29 11:14:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2012-04-29 10:41:28 ----N---- C:\WINDOWS\system32\browserchoice.exe
2012-04-29 10:17:47 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-04-29 10:08:15 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2012-04-29 10:02:26 ----D---- C:\WINDOWS\temp
2012-04-29 10:02:09 ----A---- C:\ComboFix.txt
2012-04-29 09:54:01 ----SHD---- C:\RECYCLER
2012-04-29 09:07:04 ----A---- C:\WINDOWS\zip.exe
2012-04-29 09:07:04 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-04-29 09:07:04 ----A---- C:\WINDOWS\SWSC.exe
2012-04-29 09:07:04 ----A---- C:\WINDOWS\SWREG.exe
2012-04-29 09:07:04 ----A---- C:\WINDOWS\sed.exe
2012-04-29 09:07:04 ----A---- C:\WINDOWS\PEV.exe
2012-04-29 09:07:04 ----A---- C:\WINDOWS\NIRCMD.exe
2012-04-29 09:07:04 ----A---- C:\WINDOWS\MBR.exe
2012-04-29 09:07:04 ----A---- C:\WINDOWS\grep.exe
2012-04-19 22:48:48 ----A---- C:\Boot.bak
2012-04-19 22:48:18 ----RASHD---- C:\cmdcons
2012-04-19 22:37:47 ----D---- C:\WINDOWS\ERDNT
2012-04-19 22:37:35 ----D---- C:\Qoobox
2012-04-19 21:36:39 ----A---- C:\TDSSKiller.2.7.29.0_19.04.2012_21.36.39_log.txt
2012-04-19 21:06:46 ----D---- C:\Program Files\trend micro
2012-04-19 21:06:04 ----D---- C:\rsit

======List of files/folders modified in the last 1 month======

2012-05-06 09:28:09 ----D---- C:\Program Files\Mozilla Firefox
2012-05-06 09:22:16 ----D---- C:\WINDOWS
2012-05-06 09:12:47 ----D---- C:\WINDOWS\Prefetch
2012-05-06 09:10:09 ----RD---- C:\Program Files
2012-05-06 09:09:29 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-05-06 07:48:41 ----D---- C:\WINDOWS\system32
2012-05-06 07:47:04 ----D---- C:\WINDOWS\AppPatch
2012-05-06 07:47:03 ----D---- C:\Config.Msi
2012-05-05 23:37:28 ----HD---- C:\WINDOWS\inf
2012-05-05 23:36:12 ----D---- C:\WINDOWS\system32\dllcache
2012-05-05 23:35:09 ----HD---- C:\WINDOWS\$hf_mig$
2012-05-05 23:34:27 ----SHD---- C:\WINDOWS\Installer
2012-05-05 23:27:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-05-05 23:26:43 ----D---- C:\WINDOWS\WinSxS
2012-05-05 23:13:17 ----D---- C:\WINDOWS\system32\en-US
2012-05-05 23:12:52 ----RSD---- C:\WINDOWS\Fonts
2012-05-05 23:09:17 ----D---- C:\WINDOWS\system32\CatRoot2
2012-05-05 23:05:24 ----D---- C:\WINDOWS\security
2012-05-05 23:04:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-05-05 22:56:51 ----D---- C:\WINDOWS\Registration
2012-05-05 22:55:04 ----D---- C:\WINDOWS\system32\mui
2012-05-05 21:23:30 ----D---- C:\WINDOWS\system32\drivers
2012-05-03 17:12:36 ----HD---- C:\Program Files\InstallShield Installation Information
2012-05-03 17:12:23 ----D---- C:\Program Files\Common Files
2012-05-03 17:06:42 ----D---- C:\WINDOWS\Debug
2012-04-29 13:16:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-04-29 12:28:02 ----SD---- C:\WINDOWS\Tasks
2012-04-29 12:21:03 ----D---- C:\WINDOWS\system32\wbem
2012-04-29 12:15:10 ----D---- C:\WINDOWS\ie7updates
2012-04-29 11:24:48 ----D---- C:\Program Files\Outlook Express
2012-04-29 11:21:49 ----D---- C:\Program Files\Internet Explorer
2012-04-29 11:20:25 ----D---- C:\Program Files\Movie Maker
2012-04-29 10:04:11 ----D---- C:\WINDOWS\Help
2012-04-29 09:55:22 ----A---- C:\WINDOWS\system.ini
2012-04-29 09:51:26 ----D---- C:\WINDOWS\system32\drivers\etc
2012-04-19 23:22:36 ----D---- C:\WINDOWS\system32\config
2012-04-19 22:48:48 ----RASH---- C:\boot.ini
2012-04-19 22:45:26 ----SHD---- C:\System Volume Information
2012-04-19 22:45:26 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 SISAGP;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-05-03 37760]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-05-03 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-09-16 941516]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-05-03 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-05-03 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-01-21 118656]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 FLASHSYS;FLASHSYS; \??\C:\WINDOWS\system32\DRIVERS\FLASHSYS.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-03-26 45568]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-03-20 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-03-20 26368]
S3 WEBNTACCESS;WEBNTACCESS; \??\C:\WINDOWS\system32\NTACCESS.SYS []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getplushelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-05-03 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-05-03 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#14 Příspěvek od **vyosek** » 06 kvě 2012 10:17

Prvni vec, nelegalni OS, priste bude pomoc odmitnuta

Druha vec

System drive C: has 4 GB (45%) free of 9 GB
Total RAM: 127 MB (29% free)

Tady je problem

VIRY.CZ

Virus v operačnej pamäti Win32/Rustock trojsky kon

Virus v operačnej pamäti Win32/Rustock trojsky kon

Re: Virus v operačnej pamäti Win32/Rustock trojsky kon

Re: Virus v operačnej pamäti Win32/Rustock trojsky kon

Re: Virus v operačnej pamäti Win32/Rustock trojsky kon

Re: Virus v operačnej pamäti Win32/Rustock trojsky kon

Re: Virus v operačnej pamäti Win32/Rustock trojsky kon

Re: Virus v operačnej pamäti Win32/Rustock trojsky kon

Re: Virus v operačnej pamäti Win32/Rustock trojsky kon

Re: Virus v operačnej pamäti Win32/Rustock trojsky kon

Re: Virus v operačnej pamäti Win32/Rustock trojsky kon

Re: Virus v operačnej pamäti Win32/Rustock trojsky kon

Re: Virus v operačnej pamäti Win32/Rustock trojsky kon

Re: Virus v operačnej pamäti Win32/Rustock trojsky kon

Re: Virus v operačnej pamäti Win32/Rustock trojsky kon