prosím o kontrolu logu

Zpráva

Interpol · #1 Příspěvek od **Interpol** » 10 pro 2010 15:45

mám pravděpodobně nějakého rookita můžete mi prosím pomoc

zde výpis

ComboFix 10-12-08.04 - Admin 09.12.2010 19:47:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2327 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\UA000106.DLL

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-09 do 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-08 20:07 . 2010-12-08 20:07 -------- d-----w- c:\documents and settings\Admin\Data aplikací\MaskMyIP
2010-12-08 20:07 . 2010-12-08 20:07 -------- d-----w- c:\program files\MaskMyIP
2010-12-08 20:05 . 2010-12-08 20:06 -------- d---a-w- c:\program files\AdvTor
2010-12-07 17:42 . 2010-12-07 17:42 -------- d-----w- c:\program files\Team17
2010-12-07 17:41 . 2010-12-07 17:41 -------- d-----w- C:\xx
2010-12-06 19:40 . 2010-12-06 19:53 -------- d-----w- c:\program files\wormsarm
2010-12-04 17:28 . 2010-12-04 17:28 -------- d-----w- c:\documents and settings\Evicka\Local Settings\Data aplikací\O&O
2010-11-28 15:10 . 2010-11-28 15:10 -------- d-----w- c:\documents and settings\Evicka\Data aplikací\Ulead Systems
2010-11-28 12:09 . 2010-11-28 12:13 -------- d-----w- c:\program files\AdorageI-GfxDatas
2010-11-27 13:42 . 2010-11-27 13:47 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Apache
2010-11-27 11:26 . 2010-11-27 12:46 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Ulead Systems
2010-11-27 11:24 . 2008-04-01 20:40 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-11-27 11:24 . 2008-04-01 20:40 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-11-27 11:24 . 2008-04-01 20:40 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-11-27 11:24 . 2008-04-01 20:40 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-11-27 11:24 . 2008-04-01 20:40 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-11-27 11:24 . 2008-04-01 20:40 24720 ----a-w- c:\windows\system32\IVIresize.dll
2010-11-27 11:24 . 2000-01-04 05:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2010-11-27 11:23 . 2010-11-27 11:23 -------- d-----w- c:\program files\Windows Media Components
2010-11-27 11:23 . 2010-11-27 11:23 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-11-27 11:22 . 2010-11-27 11:23 -------- d-----w- c:\program files\Corel
2010-11-21 17:22 . 2010-11-21 17:22 -------- d-----w- c:\documents and settings\Admin\.oces
2010-11-19 19:35 . 2010-11-19 19:35 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-11-18 09:47 . 2010-11-18 09:47 -------- d-----w- c:\documents and settings\Admin\Data aplikací\U3
2010-11-18 06:25 . 2004-08-18 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-11-18 05:26 . 2010-11-18 05:26 75048 ----a-r- c:\documents and settings\Admin\Data aplikací\Microsoft\Installer\{7EE8ED57-682B-4AB0-860C-2E079BCD90B1}\ARPPRODUCTICON.exe
2010-11-18 05:16 . 2010-11-28 13:06 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Pinnacle
2010-11-17 21:00 . 2010-11-17 21:00 -------- d-----w- c:\documents and settings\Evicka\Local Settings\Data aplikací\Electronic Arts
2010-11-15 15:44 . 2010-11-15 15:44 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Electronic Arts
2010-11-15 15:07 . 2008-04-14 07:52 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-11-14 16:58 . 2010-11-18 05:03 -------- d-----w- c:\documents and settings\Admin\Data aplikací\proDAD
2010-11-14 16:58 . 2010-11-18 05:03 -------- d-----w- c:\program files\proDAD
2010-11-14 16:58 . 2004-03-29 15:23 90112 ----a-w- c:\windows\unvise32.exe
2010-11-14 16:58 . 2010-11-14 16:58 -------- d-----w- c:\program files\LooksBuilderSE
2010-11-14 16:58 . 2003-07-01 15:49 69632 ----a-w- c:\windows\system32\MtxPreview.dll
2010-11-14 16:58 . 2003-07-01 15:49 49152 ----a-w- c:\windows\system32\MtxParhBFXPreview.dll
2010-11-14 16:58 . 2003-06-26 09:04 237568 ----a-r- c:\windows\system32\qtmlClient.dll
2010-11-14 16:58 . 2003-07-09 09:43 45056 ----a-w- c:\windows\system32\BFXSrcFilter.ax
2010-11-14 16:58 . 2003-01-20 08:08 49152 ----a-w- c:\windows\system32\CvoAPI.dll
2010-11-14 16:58 . 2010-11-14 16:58 -------- d-----w- c:\program files\Boris FX, Inc
2010-11-14 16:57 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2010-11-14 16:57 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2010-11-14 16:57 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2010-11-14 16:57 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2010-11-14 16:57 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2010-11-14 16:57 . 2010-11-14 16:57 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2010-11-14 16:57 . 2010-11-14 16:57 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2010-11-14 13:27 . 2010-11-14 13:27 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Downloaded Installations
2010-11-14 13:27 . 2010-11-14 17:24 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2010-11-14 13:19 . 2010-11-28 12:09 -------- d-----w- c:\program files\Pinnacle
2010-11-14 13:19 . 2010-11-14 13:19 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-11-14 12:57 . 2010-11-14 12:57 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Activision
2010-11-12 16:02 . 2010-11-12 16:04 -------- d-----w- c:\program files\SMBX

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-28 14:01 . 2010-09-29 08:11 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-28 14:01 . 2010-09-29 08:11 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-28 14:01 . 2010-09-29 08:11 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-08 07:14 . 2010-10-08 07:14 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-10-08 07:14 . 2010-10-08 07:14 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-10-08 07:14 . 2010-10-08 07:14 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-10-08 07:14 . 2010-10-08 07:14 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-10-06 05:25 . 2010-09-29 08:11 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-05 06:18 . 2005-12-08 10:12 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-05 06:18 . 2005-12-08 10:08 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-27 08:29 . 2010-09-27 08:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-18 10:23 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-10-01 11:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2010-10-01 11:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-09-26 136176]
"WallpaperDownloader"="c:\program files\WallpaperDownloader\WallpaperDownloader.exe" [2010-10-06 657920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"uTorrent"="c:\program files\TC UP\PLUGINS\Media\uTorrent\utorrent.exe" [2010-10-05 328056]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"CTHelper"="CTHELPER.EXE" [2005-12-08 16384]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-11-02 136544]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2010-10-27 139264]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2005-12-08 25600]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]

c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FreeRapid 0.85alpha3.lnk - c:\program files\FreeRapid-0.85alpha3\frd.exe [2010-10-1 35840]

c:\documents and settings\Evicka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Tapety 2.01.lnk - c:\program files\Tapety 2.01\Tapety.exe [2002-1-6 167936]

c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FreeRapid 0.85alpha3.lnk - c:\program files\FreeRapid-0.85alpha3\frd.exe [2010-10-1 35840]

c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FreeRapid 0.85alpha3.lnk - c:\program files\FreeRapid-0.85alpha3\frd.exe [2010-10-1 35840]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965]
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2010-9-25 192512]

c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FreeRapid 0.85alpha3.lnk - c:\program files\FreeRapid-0.85alpha3\frd.exe [2010-10-1 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^MacSound.lnk]
path=c:\documents and settings\Admin\Nabídka Start\Programy\Po spuštění\MacSound.lnk
backup=c:\windows\pss\MacSound.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-11-02 16:57 906288 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2009-11-02 16:49 1346000 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\floAt's Media Control]
2005-08-29 10:09 916480 ----a-w- c:\program files\FloatMediaCtrl\floAtMediaCtrl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.9.2010 9:29 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.9.2010 20:30 165584]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [8.10.2010 4:58 20088]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [25.9.2010 20:11 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [25.10.2009 17:30 16384]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 10:28 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.9.2010 20:30 17744]
R2 Iprip;Naslouchání RIP;c:\windows\System32\svchost.exe -k netsvcs [18.8.2004 13:00 14336]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 13:39 490280]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 6:24 95528]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2.11.2009 17:52 431456]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 6:24 1365288]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [25.9.2010 20:04 28160]
R3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [25.9.2010 20:04 50176]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [25.9.2010 20:11 65576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 cpuz131;cpuz131;\??\c:\docume~1\Admin\LOCALS~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\Admin\LOCALS~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 DigiCellDriver;DigiCellDriver;\??\c:\program files\MSI\DigiCell\NTGLM7X.sys --> c:\program files\MSI\DigiCell\NTGLM7X.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 9:25 30969208]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [10.5.2010 9:44 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [10.5.2010 9:44 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [10.5.2010 9:44 16696]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - NVR0DEV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'

2010-11-09 c:\windows\Tasks\Admin.job
- c:\program files\Nero\Nero 10\Nero BackItUp\NBCore.exe [2010-03-26 08:52]

2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{C5B9EE86-0D05-4A62-9D94-F28FEB77CE4A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{D84CE8C8-2F94-4DA1-A7FD-09525D9B82AE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
.
.
------- Asociace souborů -------
.
.scr=scr
.txt=txt
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-09 20:01
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160827AS rev.3.42 -> Harddisk1\DR1 -> \Device\00000095

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AEAE1F8]<<
_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x8aeae008; MOV EAX, 0xb7ec6fee; CALL EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk1\DR1[0x8ADE2AB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000093[0x8ADBAA08]
5 ACPI[0xB7E74620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000091[0x8ADB6030]
\Driver\nvata[0x8AEBA8A0] -> IRP_MJ_CREATE -> 0x8AEAE1F8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 312581806 (+190): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="7352FA196B4ADEC3CE5C5C0A369B4C65E56A5458458D6403682E180DA3A4A2F17946AA875BB5B0CD015DF05F6A0CDB993A680AC700ADD571256879908F25505138C32B2B2F6559626C2A3A4A4BB195DF970D8C0720A1C3890E244320932C8D27248674C14FC731976DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555FEBC9E127BECC74C8EDD5E5BE2F6E66764ADE50490C24B1AD361BE195F50B77E5D6E30557EED04EAF42EF9855D5187E7407C28A2B2E2CDFD2BF3DD731FE8A1060B782DFCD7F5AE3B5B160644E430BBA580AB2ADAF2E766531D6740C2AF75F6DE7C9564A038F4C4CA05B85C351747A7A6C2FCCAB5D5E5788AFA6BFC68968828DDD1FE4613461BDD72047DE6C15B7F2AE6ACA20A52A1A44EE6189F4FD31B6686AC30E464BCEAC87360EEC0AFE55BF80A3AE3C80C5F649E15FECE1C928CCA874947436AF518569467965FD067320884EE47950B1B246C05DEC07AEACB2D77180BFDB626D43479C67CEA77F3614A93A9E48970FA23F84F3A20E9FC889E6237F7C8F5BEA281350ADC598655E0176675225CCD291DB5CB64D5B31039E75471613D67A80E5F9E5183898968A3C4A254675DA9B9F5E9879C4824D4991BEE5D2D94AF2A62DF50F2552230FCE089BEC3726A7D8541144FF082DAA327C20BF8C902314B3E43F1DAE89EE9EC8617B86260B5C1D90C31C2AE6F25C188AE1C7CD150ED5CC0B04106DB1122208CDE0462397FA6F2FB3FA7C4DBA3C2E1BA5408E33C4A827E75F324E0219B66CE101F75BC3E4CE04AA18016E2A153ABE9D467BEB96EB56746825D894C6D610744AC480D04611716D7BE1A46E73AE5C64A26984D7893B4D4A4322AE196F7DB3213CB3EC0F486D3886BF939CF245AE80C35B27C12A4C70D9ACD8676F091ECAC2C918C46DA53861B1220ACEBA3E9248E0AA4330D40BF1FA81BBBB3C5D112E9134CD83F8E78E52D271FCE66290413B129DF54112761549D954CAAA2FDEEF182F8FD48E8A38C77B9592E1769C686F88F34C4C3ED0D50ED3E86371D6EE88A0F3E674080C47B5BD561B4D55C2C8318FD3F4A80B61CE33D9C6E4FFC576937B84B978E2669BE6CFE53CB623CC5587E7582B4AE72B7A2B5ABF7916CCC621878630B7DC0D6ACF8B0E54815AC1FBD4DBBB270DAC4898FBDEDF3157CF86E0B32A4C4B953F40E37C869518ECB05CE741EA436B38E954CD15D5F4013F839BCE3A316EFC4EE451BBB38995704F5FDAE5C1206BA3A1F4E54CEA4409191C61124418D8A4A9C1EF1613184A8E08C8A5037AC200FCE78D2BE4E236A28BB35168C293C45A50A379CDCD7519F61AD0E76D774E17A545667E1DDFA273B9566A68D58603252EB3D8F200E091AAE734D731994083981CE8680FA44B07C5669"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2316)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\MSI\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\SearchIndexer.exe
c:\documents and settings\Admin\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\NetSoftware\NetSoftware.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\Java\jre6\launch4j-tmp\frd.exe
c:\progra~1\MSI\BLUETO~1\BTSTAC~1.EXE
c:\program files\MSI\DualCoreCenter\DualCoreCenter.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Celkový čas: 2010-12-09 20:11:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-09 19:11

Před spuštěním: Volných bajtů: 19 464 060 928
Po spuštění: Volných bajtů: 31 917 162 496

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

Current=3 Default=3 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 779ED10839ABB2C3D1B4124B1AFAB51C

#2 Příspěvek od **vyosek** » 10 pro 2010 15:52

Zdravim a pekny den preji

ComboFix neni hracka na skenovani - ma se pouzivat jen na doporuceni - vizte nize

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

No mate tam opravdu pekneho hajzlika

Udelejte sken dle navodu kolegy - log mi sem vlozte

stell píše: Stiahnite si prosím TDSSKiller a uložte ho na plochu.

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom adresári (zvyčajne C:\ zložka) vo forme "TDSSKiller. _log.txt". Prosím, skopírujte a vložte obsah súboru tu.

Stahnete SPTD http://www.duplexsecure.com/en/downloads

Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
Ulozte na plochu a spustte
Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

Ulozte na plochu a spustte
Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe ale nespoustejte

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\plocha\mbr" -t
```
Kliknete na OK
Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Interpol · #3 Příspěvek od **Interpol** » 10 pro 2010 17:18

2010/12/10 17:17:40.0515 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/10 17:17:40.0515 ================================================================================
2010/12/10 17:17:40.0515 SystemInfo:
2010/12/10 17:17:40.0515
2010/12/10 17:17:40.0515 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/10 17:17:40.0515 Product type: Workstation
2010/12/10 17:17:40.0515 ComputerName: BADY-16377385A9
2010/12/10 17:17:40.0515 UserName: Admin
2010/12/10 17:17:40.0515 Windows directory: C:\WINDOWS
2010/12/10 17:17:40.0515 System windows directory: C:\WINDOWS
2010/12/10 17:17:40.0515 Processor architecture: Intel x86
2010/12/10 17:17:40.0515 Number of processors: 2
2010/12/10 17:17:40.0515 Page size: 0x1000
2010/12/10 17:17:40.0515 Boot type: Normal boot
2010/12/10 17:17:40.0515 ================================================================================
2010/12/10 17:17:41.0093 !crdlk
2010/12/10 17:17:43.0203 Initialize success
2010/12/10 17:17:46.0625 ================================================================================
2010/12/10 17:17:46.0625 Scan started
2010/12/10 17:17:46.0625 Mode: Manual;
2010/12/10 17:17:46.0625 ================================================================================
2010/12/10 17:17:47.0531 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/12/10 17:17:47.0640 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/10 17:17:47.0687 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/10 17:17:47.0750 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/10 17:17:47.0812 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/10 17:17:47.0968 AmdK8 (fcffa85cfd4bf7a4711012847048dca3) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/12/10 17:17:48.0031 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/10 17:17:48.0156 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/12/10 17:17:48.0187 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/12/10 17:17:48.0218 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/12/10 17:17:48.0250 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/12/10 17:17:48.0281 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/12/10 17:17:48.0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/10 17:17:48.0343 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/10 17:17:48.0531 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/10 17:17:48.0578 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/10 17:17:48.0656 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys
2010/12/10 17:17:48.0687 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
2010/12/10 17:17:48.0734 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/10 17:17:48.0812 btaudio (760b30a34dc9a981a74255e080d4c95e) C:\WINDOWS\system32\drivers\btaudio.sys
2010/12/10 17:17:48.0859 BTDriver (0ab3c8276df52e50aec183c2e70fd868) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/12/10 17:17:48.0937 BTKRNL (63cad765a65d573f0c86964634c9b55e) C:\WINDOWS\system32\drivers\btkrnl.sys
2010/12/10 17:17:49.0171 BTWDNDIS (93ad77d88d94b9cd00eb74ab965372b5) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/12/10 17:17:49.0218 BTWUSB (fed57fec0fc5a6db34f80e9d2ee2a671) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/12/10 17:17:49.0281 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/10 17:17:49.0312 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/10 17:17:49.0375 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/10 17:17:49.0406 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/10 17:17:49.0468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/10 17:17:49.0656 ctac32k (3cfb715f2e3b0e475e984f78cdfada57) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/12/10 17:17:49.0734 ctaud2k (b640816f7d3ffeaaefea831242fe5e8c) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/12/10 17:17:49.0796 ctdvda2k (c4333325d325efa668888d0d3177c6ff) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2010/12/10 17:17:49.0828 ctprxy2k (a9f9a48406e99134cd3879b410e9139d) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/12/10 17:17:49.0875 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/12/10 17:17:50.0015 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/10 17:17:50.0078 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/10 17:17:50.0140 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/10 17:17:50.0187 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/10 17:17:50.0250 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/10 17:17:50.0312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/10 17:17:50.0484 DualCoreCenter (994d42a1c15f0a64662d9c06b3345964) C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys
2010/12/10 17:17:50.0656 emupia (05377ddedf219d9bd3102bd9fbdc3eae) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/12/10 17:17:50.0750 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/10 17:17:50.0812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/10 17:17:50.0843 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/10 17:17:50.0875 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/10 17:17:50.0921 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/10 17:17:50.0984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/10 17:17:51.0062 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/10 17:17:51.0125 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/12/10 17:17:51.0156 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2010/12/10 17:17:51.0203 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/10 17:17:51.0296 ha10kx2k (5da1af9485b591e4406924803969ccf0) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2010/12/10 17:17:51.0359 hap16v2k (9f7eec8d49279052e4d70971246ac7cd) C:\WINDOWS\system32\drivers\hap16v2k.sys
2010/12/10 17:17:51.0406 hap17v2k (c34fbfcf18332927c9d7dfb44f1cc84f) C:\WINDOWS\system32\drivers\hap17v2k.sys
2010/12/10 17:17:51.0484 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/10 17:17:51.0578 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/10 17:17:51.0796 HWiNFO32 (e766c3a458fe598cc67ce1264b26c3f1) C:\Program Files\HWiNFO32\HWiNFO32.SYS
2010/12/10 17:17:52.0000 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/10 17:17:52.0031 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/10 17:17:52.0140 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/10 17:17:52.0203 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/10 17:17:52.0234 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/10 17:17:52.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/10 17:17:52.0312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/10 17:17:52.0390 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/12/10 17:17:52.0453 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/10 17:17:52.0500 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2010/12/10 17:17:52.0546 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/10 17:17:52.0578 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/10 17:17:52.0625 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/10 17:17:52.0703 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/10 17:17:52.0765 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/10 17:17:52.0890 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/10 17:17:52.0937 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/10 17:17:52.0984 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/10 17:17:53.0046 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/10 17:17:53.0062 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/10 17:17:53.0109 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/10 17:17:53.0156 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/10 17:17:53.0218 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/10 17:17:53.0390 MSI_DVD_010507 (09a00b8c911d32a0cfeb747be9ce5dab) C:\PROGRA~1\MSI\MSIWDev\DVDSYS32_100507.sys
2010/12/10 17:17:53.0421 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\PROGRA~1\MSI\MSIWDev\msibios32_100507.sys
2010/12/10 17:17:53.0468 MSI_VGASYS_010507 (8d603678c3961bed302163964ad6a38e) C:\PROGRA~1\MSI\MSIWDev\VGASYS32_100507.sys
2010/12/10 17:17:53.0625 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/10 17:17:53.0671 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/10 17:17:53.0703 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/10 17:17:53.0734 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/10 17:17:53.0781 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/10 17:17:53.0828 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/10 17:17:53.0859 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/10 17:17:53.0921 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/10 17:17:53.0953 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/10 17:17:54.0000 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/10 17:17:54.0015 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/10 17:17:54.0031 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/10 17:17:54.0062 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/10 17:17:54.0093 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/10 17:17:54.0125 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/10 17:17:54.0203 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/10 17:17:54.0218 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/10 17:17:54.0281 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/10 17:17:54.0390 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/10 17:17:54.0843 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/10 17:17:55.0484 nvata (4d6c6b46b3edf6f2e219a86b61d104ae) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/12/10 17:17:55.0546 NVENETFD (1b83b60541be1b6db81641c448007f21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/12/10 17:17:55.0609 nvnetbus (57b669f9234604a350174b86764444b0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/12/10 17:17:55.0656 NVR0Dev (8cc5a4045a80a822cbc1e9eadff8e533) C:\WINDOWS\nvoclock.sys
2010/12/10 17:17:56.0171 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/10 17:17:56.0203 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/10 17:17:56.0250 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/10 17:17:56.0328 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/12/10 17:17:56.0406 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/10 17:17:56.0437 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/10 17:17:56.0515 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/10 17:17:56.0531 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/10 17:17:56.0609 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/10 17:17:56.0640 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/10 17:17:56.0875 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/10 17:17:56.0890 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/10 17:17:56.0921 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/10 17:17:56.0968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/10 17:17:57.0109 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/10 17:17:57.0187 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/12/10 17:17:57.0218 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/10 17:17:57.0250 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/10 17:17:57.0281 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/10 17:17:57.0328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/10 17:17:57.0375 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/10 17:17:57.0437 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/10 17:17:57.0484 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/10 17:17:57.0687 RushTopDevice2 (a75e4617f627f0ea4b0ea604584f6412) C:\Program Files\MSI\DualCoreCenter\RushTop.sys
2010/12/10 17:17:57.0875 SbFw (419883201ca9ad697ccfb8fc46dd6f78) C:\WINDOWS\system32\drivers\SbFw.sys
2010/12/10 17:17:57.0921 SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
2010/12/10 17:17:57.0968 sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys
2010/12/10 17:17:58.0046 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/10 17:17:58.0093 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/10 17:17:58.0156 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/10 17:17:58.0234 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/10 17:17:58.0328 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/10 17:17:58.0390 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
2010/12/10 17:17:58.0812 SNPSTD3 (cafcdaf9e361d28a7c039e6b5990f8b8) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
2010/12/10 17:17:59.0250 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2010/12/10 17:17:59.0328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/10 17:17:59.0421 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/10 17:17:59.0421 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/12/10 17:17:59.0421 sptd - detected Locked file (1)
2010/12/10 17:17:59.0453 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/10 17:17:59.0531 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/10 17:17:59.0593 StMp3Rec (e9f084ea27604d6d1c90206381e18770) C:\WINDOWS\system32\Drivers\StMp3Rec.sys
2010/12/10 17:17:59.0625 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/10 17:17:59.0656 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/10 17:17:59.0718 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/10 17:17:59.0843 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/10 17:17:59.0921 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/10 17:17:59.0984 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/12/10 17:18:00.0031 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/10 17:18:00.0109 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
2010/12/10 17:18:00.0140 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/10 17:18:00.0187 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/10 17:18:00.0296 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2010/12/10 17:18:00.0312 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
2010/12/10 17:18:00.0437 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/12/10 17:18:00.0484 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/10 17:18:00.0578 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/10 17:18:00.0640 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/10 17:18:00.0671 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/10 17:18:00.0734 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/10 17:18:00.0781 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/10 17:18:00.0812 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/10 17:18:00.0828 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/10 17:18:00.0875 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/10 17:18:00.0921 VD_FileDisk (eb532174b0c331b02a08125bc5d21d5f) C:\WINDOWS\system32\drivers\VD_FileDisk.sys
2010/12/10 17:18:01.0000 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/10 17:18:01.0078 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/10 17:18:01.0140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/10 17:18:01.0187 wceusbsh (a2a8cacb5b80ac45cc69692e60621864) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/12/10 17:18:01.0250 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/10 17:18:01.0421 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/10 17:18:01.0500 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/10 17:18:01.0531 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/10 17:18:12.0359 ================================================================================
2010/12/10 17:18:12.0359 Scan finished
2010/12/10 17:18:12.0359 ================================================================================
2010/12/10 17:18:12.0390 Detected object count: 1
2010/12/10 17:18:18.0828 Locked file(sptd) - User select action: Skip

Interpol · #4 Příspěvek od **Interpol** » 10 pro 2010 18:05

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-10 18:04:47
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\0000008b ST3160827AS rev.3.42
Running: mbr.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\kwkoyaod.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xB36A09D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

Interpol · #5 Příspěvek od **Interpol** » 10 pro 2010 19:18

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160827AS rev.3.42 -> Harddisk1\DR1 -> \Device\00000089

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
C:\WINDOWS\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce(TM) IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk1\DR1[0x8AC5CAB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000087[0x8AC669E8]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000085[0x8AC5E030]
kernel: MBR read successfully
user != kernel MBR !!!
sectors 312581806 (+190): user != kernel

#6 Příspěvek od **vyosek** » 10 pro 2010 19:29

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\plocha\mbr" -f
```
Kliknete na OK

Restart PC

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\plocha\mbr" -t
```
Kliknete na OK
Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Interpol · #7 Příspěvek od **Interpol** » 10 pro 2010 19:49

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160827AS rev.3.42 -> Harddisk1\DR1 -> \Device\00000090

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 312581806 (+190): user != kernel

Interpol · #8 Příspěvek od **Interpol** » 10 pro 2010 19:55

ještě jsem měl několikrát zápis na disk se nezdařil.....

#9 Příspěvek od **vyosek** » 10 pro 2010 20:27

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"=-
"SunJavaUpdateSched"=-

File::
c:\windows\Tasks\Admin.job
c:\windows\Tasks\User_Feed_Synchronization-{C5B9EE86-0D05-4A62-9D94-F28FEB77CE4A}.job
c:\windows\Tasks\User_Feed_Synchronization-{D84CE8C8-2F94-4DA1-A7FD-09525D9B82AE}.job

DDS::
uInternet Settings,ProxyServer = http=;ftp=;https=;
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi

MBR::

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Interpol · #10 Příspěvek od **Interpol** » 10 pro 2010 21:39

ComboFix 10-12-09.04 - Admin 10.12.2010 20:46:54.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2510 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

FILE ::
"c:\windows\Tasks\Admin.job"
"c:\windows\Tasks\User_Feed_Synchronization-{C5B9EE86-0D05-4A62-9D94-F28FEB77CE4A}.job"
"c:\windows\Tasks\User_Feed_Synchronization-{D84CE8C8-2F94-4DA1-A7FD-09525D9B82AE}.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\Tasks\Admin.job
c:\windows\Tasks\User_Feed_Synchronization-{C5B9EE86-0D05-4A62-9D94-F28FEB77CE4A}.job
c:\windows\Tasks\User_Feed_Synchronization-{D84CE8C8-2F94-4DA1-A7FD-09525D9B82AE}.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-10 do 2010-12-10 )))))))))))))))))))))))))))))))
.

2010-12-10 18:28 . 2010-12-10 18:28 -------- d---a-w- c:\windows\rundll16.exe
2010-12-10 18:28 . 2010-12-10 18:28 -------- d---a-w- c:\windows\logo1_.exe
2010-12-10 18:09 . 2010-12-10 18:10 -------- d-----w- c:\documents and settings\Admin\Data aplikací\PCToolsFirewallPlus
2010-12-10 18:09 . 2010-11-25 09:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-10 18:09 . 2010-03-29 10:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-10 18:09 . 2010-11-17 09:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-10 18:09 . 2010-12-10 18:09 -------- d-----w- c:\program files\Common Files\PC Tools
2010-12-10 18:09 . 2010-11-24 08:18 89192 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-12-10 18:09 . 2010-07-08 08:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-12-10 18:09 . 2010-02-05 08:26 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-12-10 18:09 . 2010-11-25 09:42 124992 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-12-10 18:09 . 2010-12-10 18:10 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-12-10 17:13 . 2010-12-10 17:13 -------- d-----w- C:\rsit
2010-12-10 17:13 . 2010-12-10 17:13 -------- d-----w- c:\program files\trend micro
2010-12-09 20:14 . 2010-12-09 20:14 -------- d---a-w- c:\windows\VDLL.DLL
2010-12-09 20:14 . 2010-12-09 20:14 -------- d---a-w- c:\windows\system32\runouce.exe
2010-12-09 20:14 . 2010-12-09 20:14 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-12-09 20:14 . 2010-12-09 20:14 -------- d---a-w- c:\windows\logo_1.exe
2010-12-09 20:10 . 2010-12-09 20:10 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-12-09 20:10 . 2010-12-09 20:10 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-12-09 20:10 . 2010-12-09 20:10 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-12-09 20:10 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2010-12-09 20:10 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2010-12-09 20:10 . 2010-12-09 20:10 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-12-08 20:07 . 2010-12-08 20:07 -------- d-----w- c:\documents and settings\Admin\Data aplikací\MaskMyIP
2010-12-08 20:05 . 2010-12-08 20:06 -------- d---a-w- c:\program files\AdvTor
2010-12-07 17:42 . 2010-12-07 17:42 -------- d-----w- c:\program files\Team17
2010-12-07 17:41 . 2010-12-07 17:41 -------- d-----w- C:\xx
2010-12-06 19:40 . 2010-12-06 19:53 -------- d-----w- c:\program files\wormsarm
2010-12-04 17:28 . 2010-12-04 17:28 -------- d-----w- c:\documents and settings\Evicka\Local Settings\Data aplikací\O&O
2010-11-28 15:10 . 2010-11-28 15:10 -------- d-----w- c:\documents and settings\Evicka\Data aplikací\Ulead Systems
2010-11-28 12:09 . 2010-11-28 12:13 -------- d-----w- c:\program files\AdorageI-GfxDatas
2010-11-27 13:42 . 2010-11-27 13:47 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Apache
2010-11-27 11:26 . 2010-11-27 12:46 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Ulead Systems
2010-11-27 11:24 . 2008-04-01 20:40 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-11-27 11:24 . 2008-04-01 20:40 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-11-27 11:24 . 2008-04-01 20:40 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-11-27 11:24 . 2008-04-01 20:40 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-11-27 11:24 . 2008-04-01 20:40 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-11-27 11:24 . 2008-04-01 20:40 24720 ----a-w- c:\windows\system32\IVIresize.dll
2010-11-27 11:24 . 2000-01-04 05:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2010-11-27 11:23 . 2010-11-27 11:23 -------- d-----w- c:\program files\Windows Media Components
2010-11-27 11:23 . 2010-11-27 11:23 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-11-27 11:22 . 2010-11-27 11:23 -------- d-----w- c:\program files\Corel
2010-11-21 17:22 . 2010-11-21 17:22 -------- d-----w- c:\documents and settings\Admin\.oces
2010-11-19 19:35 . 2010-11-19 19:35 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-11-18 09:47 . 2010-11-18 09:47 -------- d-----w- c:\documents and settings\Admin\Data aplikací\U3
2010-11-18 06:25 . 2004-08-18 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-11-18 05:26 . 2010-11-18 05:26 75048 ----a-r- c:\documents and settings\Admin\Data aplikací\Microsoft\Installer\{7EE8ED57-682B-4AB0-860C-2E079BCD90B1}\ARPPRODUCTICON.exe
2010-11-18 05:16 . 2010-11-28 13:06 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Pinnacle
2010-11-17 21:00 . 2010-11-17 21:00 -------- d-----w- c:\documents and settings\Evicka\Local Settings\Data aplikací\Electronic Arts
2010-11-15 15:44 . 2010-11-15 15:44 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Electronic Arts
2010-11-15 15:07 . 2008-04-14 07:52 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-11-14 16:58 . 2010-11-18 05:03 -------- d-----w- c:\documents and settings\Admin\Data aplikací\proDAD
2010-11-14 16:58 . 2010-11-18 05:03 -------- d-----w- c:\program files\proDAD
2010-11-14 16:58 . 2004-03-29 15:23 90112 ----a-w- c:\windows\unvise32.exe
2010-11-14 16:58 . 2010-11-14 16:58 -------- d-----w- c:\program files\LooksBuilderSE
2010-11-14 16:58 . 2003-07-01 15:49 69632 ----a-w- c:\windows\system32\MtxPreview.dll
2010-11-14 16:58 . 2003-07-01 15:49 49152 ----a-w- c:\windows\system32\MtxParhBFXPreview.dll
2010-11-14 16:58 . 2003-06-26 09:04 237568 ----a-r- c:\windows\system32\qtmlClient.dll
2010-11-14 16:58 . 2003-07-09 09:43 45056 ----a-w- c:\windows\system32\BFXSrcFilter.ax
2010-11-14 16:58 . 2003-01-20 08:08 49152 ----a-w- c:\windows\system32\CvoAPI.dll
2010-11-14 16:58 . 2010-11-14 16:58 -------- d-----w- c:\program files\Boris FX, Inc
2010-11-14 16:57 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2010-11-14 16:57 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2010-11-14 16:57 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2010-11-14 16:57 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2010-11-14 16:57 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2010-11-14 16:57 . 2010-11-14 16:57 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2010-11-14 16:57 . 2010-11-14 16:57 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2010-11-14 13:27 . 2010-11-14 13:27 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Downloaded Installations
2010-11-14 13:27 . 2010-11-14 17:24 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2010-11-14 13:19 . 2010-11-28 12:09 -------- d-----w- c:\program files\Pinnacle
2010-11-14 13:19 . 2010-11-14 13:19 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-11-14 12:57 . 2010-11-14 12:57 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Activision
2010-11-12 16:02 . 2010-11-12 16:04 -------- d-----w- c:\program files\SMBX

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 16:19 . 2010-09-27 08:29 420920 ----a-w- c:\windows\system32\drivers\sptd.sys.98238503
2010-12-09 20:16 . 2010-12-09 20:16 8578811 ----a-w- c:\windows\REGBK00.ZIP
2010-11-28 14:01 . 2010-09-29 08:11 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-28 14:01 . 2010-09-29 08:11 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-28 14:01 . 2010-09-29 08:11 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-08 07:14 . 2010-10-08 07:14 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-10-08 07:14 . 2010-10-08 07:14 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-10-08 07:14 . 2010-10-08 07:14 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-10-08 07:14 . 2010-10-08 07:14 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-10-06 05:25 . 2010-09-29 08:11 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-05 06:18 . 2005-12-08 10:12 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-05 06:18 . 2005-12-08 10:08 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-18 10:23 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-10-01 11:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2010-10-01 11:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WallpaperDownloader"="c:\program files\WallpaperDownloader\WallpaperDownloader.exe" [2010-10-06 657920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"CTHelper"="CTHELPER.EXE" [2005-12-08 16384]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-11-02 136544]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2010-10-27 139264]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2005-12-08 25600]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]

c:\documents and settings\Evicka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Tapety 2.01.lnk - c:\program files\Tapety 2.01\Tapety.exe [2002-1-6 167936]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965]
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2010-9-25 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^MacSound.lnk]
path=c:\documents and settings\Admin\Nabídka Start\Programy\Po spuštění\MacSound.lnk
backup=c:\windows\pss\MacSound.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-11-02 16:57 906288 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2009-11-02 16:49 1346000 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\floAt's Media Control]
2005-08-29 10:09 916480 ----a-w- c:\program files\FloatMediaCtrl\floAtMediaCtrl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.9.2010 20:30 165584]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [8.10.2010 4:58 20088]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [10.12.2010 19:09 249616]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [25.10.2009 17:30 16384]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 10:28 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.9.2010 20:30 17744]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 13:39 490280]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [10.12.2010 19:09 160448]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2.11.2009 17:52 431456]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [25.9.2010 20:04 28160]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [10.12.2010 19:09 89192]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [10.12.2010 19:09 57536]
R3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [25.9.2010 20:04 50176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 DTWVZNPQKYFVQO;DTWVZNPQKYFVQO;c:\docume~1\Admin\LOCALS~1\Temp\DTWVZNPQKYFVQO.exe --> c:\docume~1\Admin\LOCALS~1\Temp\DTWVZNPQKYFVQO.exe [?]
S3 KZSKLPLF;KZSKLPLF;c:\docume~1\Admin\LOCALS~1\Temp\KZSKLPLF.exe --> c:\docume~1\Admin\LOCALS~1\Temp\KZSKLPLF.exe [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 9:25 30969208]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [10.5.2010 9:44 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [10.5.2010 9:44 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [10.5.2010 9:44 16696]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [10.12.2010 19:09 57536]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [10.12.2010 19:09 124992]
S3 WEZBLR;WEZBLR;c:\docume~1\Admin\LOCALS~1\Temp\WEZBLR.exe --> c:\docume~1\Admin\LOCALS~1\Temp\WEZBLR.exe [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - NVR0Dev

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
WINRM REG_MULTI_SZ WINRM
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-10 21:01
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-12-10 21:07:53
ComboFix-quarantined-files.txt 2010-12-10 20:07
ComboFix2.txt 2010-12-09 19:11

Před spuštěním: Volných bajtů: 30 253 391 872
Po spuštění: Volných bajtů: 31 836 639 232

- - End Of File - - E0393689771157DD64B30F84F59FABF3

#11 Příspěvek od **vyosek** » 11 pro 2010 10:50

No nejake mrsky pekne vylezly na povrch, takze jeste jeden skript pro CF - postup je opet stejny - vytvorit skript, pretahnout nad CF, log pak sem

Kód: Vybrat vše

Driver::
DTWVZNPQKYFVQO
KZSKLPLF
WEZBLR
NVR0Dev

Collect::
c:\docume~1\Admin\LOCALS~1\Temp\DTWVZNPQKYFVQO.exe
c:\docume~1\Admin\LOCALS~1\Temp\KZSKLPLF.exe
c:\docume~1\Admin\LOCALS~1\Temp\WEZBLR.exe

Interpol · #12 Příspěvek od **Interpol** » 11 pro 2010 19:14

ComboFix 10-12-11.01 - Admin 11.12.2010 18:50:59.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2478 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DTWVZNPQKYFVQO
-------\Legacy_KZSKLPLF
-------\Legacy_NVR0DEV
-------\Legacy_WEZBLR
-------\Service_DTWVZNPQKYFVQO
-------\Service_KZSKLPLF
-------\Service_WEZBLR
-------\Legacy_NVR0DEV

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-11 do 2010-12-11 )))))))))))))))))))))))))))))))
.

2010-12-10 20:50 . 2010-12-10 20:51 -------- d-----w- c:\documents and settings\Evicka\Data aplikací\PCToolsFirewallPlus
2010-12-10 18:28 . 2010-12-10 18:28 -------- d---a-w- c:\windows\rundll16.exe
2010-12-10 18:28 . 2010-12-10 18:28 -------- d---a-w- c:\windows\logo1_.exe
2010-12-10 18:09 . 2010-12-10 18:10 -------- d-----w- c:\documents and settings\Admin\Data aplikací\PCToolsFirewallPlus
2010-12-10 18:09 . 2010-11-25 09:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-10 18:09 . 2010-03-29 10:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-10 18:09 . 2010-11-17 09:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-10 18:09 . 2010-12-10 18:09 -------- d-----w- c:\program files\Common Files\PC Tools
2010-12-10 18:09 . 2010-11-24 08:18 89192 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-12-10 18:09 . 2010-07-08 08:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-12-10 18:09 . 2010-02-05 08:26 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-12-10 18:09 . 2010-11-25 09:42 124992 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-12-10 18:09 . 2010-12-10 18:10 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-12-10 17:13 . 2010-12-10 17:13 -------- d-----w- C:\rsit
2010-12-10 17:13 . 2010-12-10 17:13 -------- d-----w- c:\program files\trend micro
2010-12-09 20:14 . 2010-12-09 20:14 -------- d---a-w- c:\windows\VDLL.DLL
2010-12-09 20:14 . 2010-12-09 20:14 -------- d---a-w- c:\windows\system32\runouce.exe
2010-12-09 20:14 . 2010-12-09 20:14 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-12-09 20:14 . 2010-12-09 20:14 -------- d---a-w- c:\windows\logo_1.exe
2010-12-09 20:10 . 2010-12-09 20:10 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-12-09 20:10 . 2010-12-09 20:10 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-12-09 20:10 . 2010-12-09 20:10 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-12-09 20:10 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2010-12-09 20:10 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2010-12-09 20:10 . 2010-12-09 20:10 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-12-08 20:07 . 2010-12-08 20:07 -------- d-----w- c:\documents and settings\Admin\Data aplikací\MaskMyIP
2010-12-08 20:05 . 2010-12-08 20:06 -------- d---a-w- c:\program files\AdvTor
2010-12-07 17:42 . 2010-12-07 17:42 -------- d-----w- c:\program files\Team17
2010-12-07 17:41 . 2010-12-07 17:41 -------- d-----w- C:\xx
2010-12-06 19:40 . 2010-12-06 19:53 -------- d-----w- c:\program files\wormsarm
2010-12-04 17:28 . 2010-12-04 17:28 -------- d-----w- c:\documents and settings\Evicka\Local Settings\Data aplikací\O&O
2010-11-28 15:10 . 2010-11-28 15:10 -------- d-----w- c:\documents and settings\Evicka\Data aplikací\Ulead Systems
2010-11-28 12:09 . 2010-11-28 12:13 -------- d-----w- c:\program files\AdorageI-GfxDatas
2010-11-27 13:42 . 2010-11-27 13:47 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Apache
2010-11-27 11:26 . 2010-11-27 12:46 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Ulead Systems
2010-11-27 11:24 . 2008-04-01 20:40 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-11-27 11:24 . 2008-04-01 20:40 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-11-27 11:24 . 2008-04-01 20:40 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-11-27 11:24 . 2008-04-01 20:40 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-11-27 11:24 . 2008-04-01 20:40 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-11-27 11:24 . 2008-04-01 20:40 24720 ----a-w- c:\windows\system32\IVIresize.dll
2010-11-27 11:24 . 2000-01-04 05:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2010-11-27 11:23 . 2010-11-27 11:23 -------- d-----w- c:\program files\Windows Media Components
2010-11-27 11:23 . 2010-11-27 11:23 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-11-27 11:22 . 2010-11-27 11:23 -------- d-----w- c:\program files\Corel
2010-11-21 17:22 . 2010-11-21 17:22 -------- d-----w- c:\documents and settings\Admin\.oces
2010-11-19 19:35 . 2010-11-19 19:35 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-11-18 09:47 . 2010-11-18 09:47 -------- d-----w- c:\documents and settings\Admin\Data aplikací\U3
2010-11-18 06:25 . 2004-08-18 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-11-18 05:26 . 2010-11-18 05:26 75048 ----a-r- c:\documents and settings\Admin\Data aplikací\Microsoft\Installer\{7EE8ED57-682B-4AB0-860C-2E079BCD90B1}\ARPPRODUCTICON.exe
2010-11-18 05:16 . 2010-11-28 13:06 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Pinnacle
2010-11-17 21:00 . 2010-11-17 21:00 -------- d-----w- c:\documents and settings\Evicka\Local Settings\Data aplikací\Electronic Arts
2010-11-15 15:44 . 2010-11-15 15:44 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Electronic Arts
2010-11-15 15:07 . 2008-04-14 07:52 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-11-14 16:58 . 2010-11-18 05:03 -------- d-----w- c:\documents and settings\Admin\Data aplikací\proDAD
2010-11-14 16:58 . 2010-11-18 05:03 -------- d-----w- c:\program files\proDAD
2010-11-14 16:58 . 2004-03-29 15:23 90112 ----a-w- c:\windows\unvise32.exe
2010-11-14 16:58 . 2010-11-14 16:58 -------- d-----w- c:\program files\LooksBuilderSE
2010-11-14 16:58 . 2003-07-01 15:49 69632 ----a-w- c:\windows\system32\MtxPreview.dll
2010-11-14 16:58 . 2003-07-01 15:49 49152 ----a-w- c:\windows\system32\MtxParhBFXPreview.dll
2010-11-14 16:58 . 2003-06-26 09:04 237568 ----a-r- c:\windows\system32\qtmlClient.dll
2010-11-14 16:58 . 2003-07-09 09:43 45056 ----a-w- c:\windows\system32\BFXSrcFilter.ax
2010-11-14 16:58 . 2003-01-20 08:08 49152 ----a-w- c:\windows\system32\CvoAPI.dll
2010-11-14 16:58 . 2010-11-14 16:58 -------- d-----w- c:\program files\Boris FX, Inc
2010-11-14 16:57 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2010-11-14 16:57 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2010-11-14 16:57 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2010-11-14 16:57 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2010-11-14 16:57 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2010-11-14 16:57 . 2010-11-14 16:57 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2010-11-14 16:57 . 2010-11-14 16:57 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2010-11-14 13:27 . 2010-11-14 13:27 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Downloaded Installations
2010-11-14 13:27 . 2010-11-14 17:24 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2010-11-14 13:19 . 2010-11-28 12:09 -------- d-----w- c:\program files\Pinnacle
2010-11-14 13:19 . 2010-11-14 13:19 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-11-14 12:57 . 2010-11-14 12:57 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Activision
2010-11-12 16:02 . 2010-11-12 16:04 -------- d-----w- c:\program files\SMBX

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 16:19 . 2010-09-27 08:29 420920 ----a-w- c:\windows\system32\drivers\sptd.sys.98238503
2010-12-09 20:16 . 2010-12-09 20:16 8578811 ----a-w- c:\windows\REGBK00.ZIP
2010-11-28 14:01 . 2010-09-29 08:11 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-28 14:01 . 2010-09-29 08:11 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-28 14:01 . 2010-09-29 08:11 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-08 07:14 . 2010-10-08 07:14 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-10-08 07:14 . 2010-10-08 07:14 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-10-08 07:14 . 2010-10-08 07:14 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-10-08 07:14 . 2010-10-08 07:14 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-10-06 05:25 . 2010-09-29 08:11 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-05 06:18 . 2005-12-08 10:12 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-05 06:18 . 2005-12-08 10:08 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-18 10:23 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-10-01 11:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2010-10-01 11:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

((((((((((((((((((((((((((((( SnapShot@2010-12-10_20.03.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-11 17:43 . 2010-12-11 17:43 16384 c:\windows\Temp\Perflib_Perfdata_c34.dat
+ 2010-12-11 18:02 . 2010-12-11 18:02 16384 c:\windows\Temp\Perflib_Perfdata_84c.dat
+ 2010-12-11 18:02 . 2010-12-11 18:02 16384 c:\windows\Temp\Perflib_Perfdata_274.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WallpaperDownloader"="c:\program files\WallpaperDownloader\WallpaperDownloader.exe" [2010-10-06 657920]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"CTHelper"="CTHELPER.EXE" [2005-12-08 16384]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-11-02 136544]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2010-10-27 139264]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2005-12-08 25600]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]

c:\documents and settings\Evicka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Tapety 2.01.lnk - c:\program files\Tapety 2.01\Tapety.exe [2002-1-6 167936]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965]
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2010-9-25 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^MacSound.lnk]
path=c:\documents and settings\Admin\Nabídka Start\Programy\Po spuštění\MacSound.lnk
backup=c:\windows\pss\MacSound.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-11-02 16:57 906288 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2009-11-02 16:49 1346000 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\floAt's Media Control]
2005-08-29 10:09 916480 ----a-w- c:\program files\FloatMediaCtrl\floAtMediaCtrl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.9.2010 20:30 165584]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [8.10.2010 4:58 20088]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [10.12.2010 19:09 249616]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [25.10.2009 17:30 16384]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 10:28 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.9.2010 20:30 17744]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 13:39 490280]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [10.12.2010 19:09 160448]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2.11.2009 17:52 431456]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [25.9.2010 20:04 28160]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [10.12.2010 19:09 89192]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [10.12.2010 19:09 57536]
R3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [25.9.2010 20:04 50176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 9:25 30969208]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [10.5.2010 9:44 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [10.5.2010 9:44 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [10.5.2010 9:44 16696]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [10.12.2010 19:09 57536]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [10.12.2010 19:09 124992]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - NVR0DEV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
WINRM REG_MULTI_SZ WINRM
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 19:05
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160827AS rev.3.42 -> Harddisk1\DR1 -> \Device\00000090

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
c:\windows\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce(TM) IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk1\DR1[0x8AC5FAB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000008e[0x8AC648F0]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000008c[0x8AC31030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 312581806 (+190): user != kernel

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(4768)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\MSI\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\NetSoftware\NetSoftware.exe
c:\progra~1\MSI\BLUETO~1\BTSTAC~1.EXE
c:\program files\MSI\DualCoreCenter\DualCoreCenter.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
.
**************************************************************************
.
Celkový čas: 2010-12-11 19:13:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-11 18:12
ComboFix2.txt 2010-12-10 20:07
ComboFix3.txt 2010-12-09 19:11

Před spuštěním: Volných bajtů: 33 853 558 784
Po spuštění: Volných bajtů: 33 860 526 080

- - End Of File - - 2B59CA5FCBCF912D53407197A628CB80

#13 Příspěvek od **vyosek** » 11 pro 2010 19:20

Udelejte znovu sken pomoci TDSS Killeru, log pak sem...

Interpol · #14 Příspěvek od **Interpol** » 11 pro 2010 20:19

2010/12/11 20:18:28.0703 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/11 20:18:28.0703 ================================================================================
2010/12/11 20:18:28.0703 SystemInfo:
2010/12/11 20:18:28.0703
2010/12/11 20:18:28.0703 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/11 20:18:28.0703 Product type: Workstation
2010/12/11 20:18:28.0703 ComputerName: BADY-16377385A9
2010/12/11 20:18:28.0703 UserName: Admin
2010/12/11 20:18:28.0703 Windows directory: C:\WINDOWS
2010/12/11 20:18:28.0703 System windows directory: C:\WINDOWS
2010/12/11 20:18:28.0703 Processor architecture: Intel x86
2010/12/11 20:18:28.0703 Number of processors: 2
2010/12/11 20:18:28.0703 Page size: 0x1000
2010/12/11 20:18:28.0703 Boot type: Normal boot
2010/12/11 20:18:28.0703 ================================================================================
2010/12/11 20:18:29.0078 Initialize success
2010/12/11 20:18:33.0578 ================================================================================
2010/12/11 20:18:33.0578 Scan started
2010/12/11 20:18:33.0578 Mode: Manual;
2010/12/11 20:18:33.0578 ================================================================================
2010/12/11 20:18:33.0984 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/12/11 20:18:34.0093 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/11 20:18:34.0125 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/11 20:18:34.0187 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/11 20:18:34.0250 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/11 20:18:34.0390 AmdK8 (fcffa85cfd4bf7a4711012847048dca3) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/12/11 20:18:34.0453 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/11 20:18:34.0562 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/12/11 20:18:34.0578 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/12/11 20:18:34.0593 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/12/11 20:18:34.0625 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/12/11 20:18:34.0656 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/12/11 20:18:34.0687 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/11 20:18:34.0734 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/11 20:18:34.0781 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/11 20:18:34.0843 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/11 20:18:34.0906 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys
2010/12/11 20:18:34.0953 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
2010/12/11 20:18:35.0000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/11 20:18:35.0062 btaudio (760b30a34dc9a981a74255e080d4c95e) C:\WINDOWS\system32\drivers\btaudio.sys
2010/12/11 20:18:35.0125 BTDriver (0ab3c8276df52e50aec183c2e70fd868) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/12/11 20:18:35.0218 BTKRNL (63cad765a65d573f0c86964634c9b55e) C:\WINDOWS\system32\drivers\btkrnl.sys
2010/12/11 20:18:35.0328 BTWDNDIS (93ad77d88d94b9cd00eb74ab965372b5) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/12/11 20:18:35.0375 BTWUSB (fed57fec0fc5a6db34f80e9d2ee2a671) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/12/11 20:18:35.0687 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/11 20:18:35.0734 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/11 20:18:35.0781 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/11 20:18:35.0812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/11 20:18:35.0875 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/11 20:18:36.0015 ctac32k (3cfb715f2e3b0e475e984f78cdfada57) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/12/11 20:18:36.0046 ctaud2k (b640816f7d3ffeaaefea831242fe5e8c) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/12/11 20:18:36.0078 ctdvda2k (c4333325d325efa668888d0d3177c6ff) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2010/12/11 20:18:36.0125 ctprxy2k (a9f9a48406e99134cd3879b410e9139d) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/12/11 20:18:36.0156 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/12/11 20:18:36.0234 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/11 20:18:36.0296 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/11 20:18:36.0328 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/11 20:18:36.0375 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/11 20:18:36.0406 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/11 20:18:36.0468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/11 20:18:36.0625 DualCoreCenter (994d42a1c15f0a64662d9c06b3345964) C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys
2010/12/11 20:18:36.0796 emupia (05377ddedf219d9bd3102bd9fbdc3eae) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/12/11 20:18:36.0875 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/11 20:18:36.0921 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/11 20:18:36.0968 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/11 20:18:37.0000 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/11 20:18:37.0062 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/11 20:18:37.0093 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/11 20:18:37.0140 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/11 20:18:37.0203 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/12/11 20:18:37.0234 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2010/12/11 20:18:37.0281 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/11 20:18:37.0375 ha10kx2k (5da1af9485b591e4406924803969ccf0) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2010/12/11 20:18:37.0406 hap16v2k (9f7eec8d49279052e4d70971246ac7cd) C:\WINDOWS\system32\drivers\hap16v2k.sys
2010/12/11 20:18:37.0437 hap17v2k (c34fbfcf18332927c9d7dfb44f1cc84f) C:\WINDOWS\system32\drivers\hap17v2k.sys
2010/12/11 20:18:37.0484 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/11 20:18:37.0578 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/11 20:18:37.0671 HWiNFO32 (e766c3a458fe598cc67ce1264b26c3f1) C:\Program Files\HWiNFO32\HWiNFO32.SYS
2010/12/11 20:18:37.0875 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/11 20:18:37.0921 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/11 20:18:38.0000 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/11 20:18:38.0062 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/11 20:18:38.0093 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/11 20:18:38.0125 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/11 20:18:38.0156 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/11 20:18:38.0203 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/12/11 20:18:38.0234 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/11 20:18:38.0265 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2010/12/11 20:18:38.0312 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/11 20:18:38.0328 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/11 20:18:38.0375 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/11 20:18:38.0406 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/11 20:18:38.0468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/11 20:18:38.0546 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/11 20:18:38.0609 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/11 20:18:38.0640 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/11 20:18:38.0703 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/11 20:18:38.0718 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/11 20:18:38.0765 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/11 20:18:38.0828 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/11 20:18:38.0890 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/11 20:18:39.0015 MSI_DVD_010507 (09a00b8c911d32a0cfeb747be9ce5dab) C:\PROGRA~1\MSI\MSIWDev\DVDSYS32_100507.sys
2010/12/11 20:18:39.0046 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\PROGRA~1\MSI\MSIWDev\msibios32_100507.sys
2010/12/11 20:18:39.0062 MSI_VGASYS_010507 (8d603678c3961bed302163964ad6a38e) C:\PROGRA~1\MSI\MSIWDev\VGASYS32_100507.sys
2010/12/11 20:18:39.0218 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/11 20:18:39.0250 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/11 20:18:39.0281 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/11 20:18:39.0312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/11 20:18:39.0359 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/11 20:18:39.0390 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/11 20:18:39.0437 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/11 20:18:39.0484 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/11 20:18:39.0515 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/11 20:18:39.0546 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/11 20:18:39.0578 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/11 20:18:39.0593 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/11 20:18:39.0625 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/11 20:18:39.0656 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/11 20:18:39.0687 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/11 20:18:39.0734 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/11 20:18:39.0765 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/11 20:18:39.0812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/11 20:18:39.0875 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/11 20:18:40.0343 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/11 20:18:40.0781 nvata (4d6c6b46b3edf6f2e219a86b61d104ae) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/12/11 20:18:40.0843 NVENETFD (1b83b60541be1b6db81641c448007f21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/12/11 20:18:40.0875 nvnetbus (57b669f9234604a350174b86764444b0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/12/11 20:18:40.0921 NVR0Dev (8cc5a4045a80a822cbc1e9eadff8e533) C:\WINDOWS\nvoclock.sys
2010/12/11 20:18:40.0968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/11 20:18:40.0984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/11 20:18:41.0031 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/11 20:18:41.0093 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/12/11 20:18:41.0187 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/11 20:18:41.0203 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/11 20:18:41.0265 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/11 20:18:41.0281 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/11 20:18:41.0328 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/11 20:18:41.0375 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/11 20:18:41.0421 PCTAppEvent (f767f3b35c3ecf8a60b2a65beec50ef5) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2010/12/11 20:18:41.0453 PCTFW-PacketFilter (58db891ca76a2d49e33ba9fa13b86c89) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
2010/12/11 20:18:41.0515 pctgntdi (b76c829f00b9b534405b4ed5f58b8f52) C:\WINDOWS\system32\drivers\pctgntdi.sys
2010/12/11 20:18:41.0546 pctNdis (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
2010/12/11 20:18:41.0546 pctNdisMP (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
2010/12/11 20:18:41.0593 pctplfw (78d871114e7cb3115e058d1f85751c7f) C:\WINDOWS\system32\drivers\pctplfw.sys
2010/12/11 20:18:41.0781 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/11 20:18:41.0796 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/11 20:18:41.0828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/11 20:18:41.0859 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/11 20:18:41.0984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/11 20:18:42.0031 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/12/11 20:18:42.0078 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/11 20:18:42.0093 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/11 20:18:42.0109 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/11 20:18:42.0140 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/11 20:18:42.0171 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/11 20:18:42.0234 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/11 20:18:42.0281 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/11 20:18:42.0453 RushTopDevice2 (a75e4617f627f0ea4b0ea604584f6412) C:\Program Files\MSI\DualCoreCenter\RushTop.sys
2010/12/11 20:18:42.0609 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/11 20:18:42.0656 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/11 20:18:42.0671 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/11 20:18:42.0734 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/11 20:18:42.0796 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/11 20:18:42.0843 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
2010/12/11 20:18:43.0250 SNPSTD3 (cafcdaf9e361d28a7c039e6b5990f8b8) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
2010/12/11 20:18:43.0703 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2010/12/11 20:18:43.0750 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/11 20:18:43.0796 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/11 20:18:43.0843 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/11 20:18:43.0906 StMp3Rec (e9f084ea27604d6d1c90206381e18770) C:\WINDOWS\system32\Drivers\StMp3Rec.sys
2010/12/11 20:18:43.0937 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/11 20:18:43.0984 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/11 20:18:44.0015 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/11 20:18:44.0125 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/11 20:18:44.0203 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/11 20:18:44.0265 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/12/11 20:18:44.0296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/11 20:18:44.0359 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
2010/12/11 20:18:44.0406 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/11 20:18:44.0437 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/11 20:18:44.0515 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2010/12/11 20:18:44.0531 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
2010/12/11 20:18:44.0609 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/12/11 20:18:44.0640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/11 20:18:44.0703 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/11 20:18:44.0781 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/11 20:18:44.0796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/11 20:18:44.0859 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/11 20:18:44.0890 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/11 20:18:44.0921 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/11 20:18:44.0937 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/11 20:18:45.0000 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/11 20:18:45.0046 VD_FileDisk (eb532174b0c331b02a08125bc5d21d5f) C:\WINDOWS\system32\drivers\VD_FileDisk.sys
2010/12/11 20:18:45.0109 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/11 20:18:45.0156 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/11 20:18:45.0187 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/11 20:18:45.0234 wceusbsh (a2a8cacb5b80ac45cc69692e60621864) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/12/11 20:18:45.0281 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/11 20:18:45.0390 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/11 20:18:45.0437 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/11 20:18:45.0484 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/11 20:18:45.0718 ================================================================================
2010/12/11 20:18:45.0718 Scan finished
2010/12/11 20:18:45.0718 ================================================================================

#15 Příspěvek od **vyosek** » 11 pro 2010 21:06

Pokud mate na plose log mbr.txt tak jej smazte

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\plocha\mbr" -t
```
Kliknete na OK
Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Dejte logy z Gmeru - viz muj podpis - dejte log z rychleho i pote dlouheho skenu...pokud by se sekal, tak jej aplikujte v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

VIRY.CZ

prosím o kontrolu logu

prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu