Olmarik

[ivo81]

Zdravím. Potreboval by som pomoc. ESET mi stále vyhadzuje v operačnej pamäti Win32/Olmarik trójsky kôň. Keď ho dám liečiť, píše, že operácia nie je povolená. Spustil som ComboFix a vyhodilo mi nižšie uvedený log. Ak mi pomôžete, budem vďačný.

ComboFix 11-01-31.02 - zdenka 02.02.2011 15:25:12.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.286 [GMT 1:00]
Spuštěný z: c:\documents and settings\zdenka\Dokumenty\Stažené soubory\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2011-01-02 do 2011-02-02 )))))))))))))))))))))))))))))))
.

2011-02-02 13:31 . 2008-04-14 03:21 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-02-02 13:31 . 2008-04-14 03:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-02-02 13:30 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-02-02 13:30 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-02-01 12:14 . 2001-10-24 10:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-02-01 12:14 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-02-01 12:14 . 2008-04-14 02:29 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-02-01 12:14 . 2008-04-14 02:29 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-02-01 12:14 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-02-01 12:14 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 07:45 . 2009-11-26 19:54 36938240 ----a-w- c:\program files\ess_nt32_sky.msi
2009-12-03 18:01 . 2009-12-03 18:01 3081354 ----a-w- c:\program files\progr. na zobrazenie mapy.EXE
2009-08-27 19:05 . 2009-08-27 19:05 13194651 ----a-w- c:\program files\aScTimeTables.exe
2009-07-22 09:52 . 2009-07-22 09:52 714528 ----a-w- c:\program files\JavaSetup6u14.exe
2009-06-25 08:09 . 2009-02-20 15:13 2113094 ----a-w- c:\program files\HappyFotoSetupSlk.exe
2009-05-25 06:55 . 2009-05-25 06:55 29825044 ----a-w- c:\program files\HF Designer.exe
2009-05-12 08:52 . 2009-05-12 08:49 10053112 ----a-w- c:\program files\picasa3-setup.exe
2009-05-12 08:23 . 2009-05-12 08:23 64366423 ----a-w- c:\program files\AlbumMaker_5_5_3_8_e.exe
2009-03-10 10:48 . 2009-03-10 10:47 2398208 ----a-w- c:\program files\implugin.exe
2009-01-05 18:04 . 2009-01-05 18:03 8981504 ----a-w- c:\program files\winamp5541_full_emusic-7plus_en-us.exe
2009-01-05 17:45 . 2009-01-05 17:45 2897821 ----a-w- c:\program files\bsplayer137.826.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-09 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-20 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\zdenka\\.Koala\\plugins\\ViEVO\\VIEVOnogl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.12.2008 15:24 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.2.2010 17:57 135664]
.
Obsah adresáře 'Naplánované úlohy'

2009-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 16:57]

2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 16:57]

2009-05-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 20:18]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\zdenka\Data aplikací\Mozilla\Firefox\Profiles\oqj5ltjc.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-02 15:36
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3120023A rev.3.33 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82278EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x81869872; SUB DWORD [EBP-0x4], 0x8186912e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8234AAB8]
3 CLASSPNP[0xF8576FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000056[0x8233EEB0]
5 ACPI[0xF83D5620] -> nt!IofCallDriver[0x804E37D5] -> [0x82340D98]
[0x823E3190] -> IRP_MJ_CREATE -> 0x82278EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3120023A______________________________3.33____#4b33314151485157202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x82278AEA
user & kernel MBR OK
sectors 234441646 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2324)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-02-02 15:42:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-02 14:42
ComboFix2.txt 2011-02-01 15:09

Před spuštěním: 4 777 578 496
Po spuštění: 4 842 844 160

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6E8F8D49EF06C07014311C300CB12CF5

[Rudy]

Stahnete TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe . Pak použijte tento návod od kolegy:

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

[ivo81]

Postupoval som podľa návodu. Vyhodilo to nasledujúci log. Zatiaľ ďakujem za pomoc. PS: zdá sa, že je to na dobrej ceste, lebo eset mi po reštarte prestal vyhadzovať "olmarik".

2011/02/15 13:45:05.0531 1452 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/15 13:45:05.0531 1452 ================================================================================
2011/02/15 13:45:05.0531 1452 SystemInfo:
2011/02/15 13:45:05.0531 1452
2011/02/15 13:45:05.0531 1452 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/15 13:45:05.0531 1452 Product type: Workstation
2011/02/15 13:45:05.0531 1452 ComputerName: JACKOVCI
2011/02/15 13:45:05.0531 1452 UserName: zdenka
2011/02/15 13:45:05.0531 1452 Windows directory: C:\WINDOWS
2011/02/15 13:45:05.0531 1452 System windows directory: C:\WINDOWS
2011/02/15 13:45:05.0531 1452 Processor architecture: Intel x86
2011/02/15 13:45:05.0531 1452 Number of processors: 1
2011/02/15 13:45:05.0531 1452 Page size: 0x1000
2011/02/15 13:45:05.0531 1452 Boot type: Normal boot
2011/02/15 13:45:05.0531 1452 ================================================================================
2011/02/15 13:45:07.0093 1452 Initialize success
2011/02/15 13:45:10.0406 0532 ================================================================================
2011/02/15 13:45:10.0406 0532 Scan started
2011/02/15 13:45:10.0406 0532 Mode: Manual;
2011/02/15 13:45:10.0406 0532 ================================================================================
2011/02/15 13:45:11.0734 0532 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/15 13:45:11.0843 0532 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/15 13:45:12.0062 0532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/15 13:45:12.0187 0532 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/15 13:45:12.0750 0532 ALCXWDM (34b9d50a34679da69ed51e3cda41bc1e) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/02/15 13:45:13.0078 0532 AmdK7 (3980814f8027d27ea003e2e3d9d4f604) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/02/15 13:45:13.0609 0532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/15 13:45:13.0718 0532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/15 13:45:13.0953 0532 ati2mtag (86be5339a67c0a309f3e3ef8b0901ee5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/02/15 13:45:14.0093 0532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/15 13:45:14.0218 0532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/15 13:45:14.0375 0532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/15 13:45:14.0562 0532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/15 13:45:14.0734 0532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/15 13:45:14.0859 0532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/15 13:45:14.0984 0532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/15 13:45:15.0625 0532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/15 13:45:15.0796 0532 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/15 13:45:15.0953 0532 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/15 13:45:16.0078 0532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/15 13:45:16.0203 0532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/15 13:45:16.0453 0532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/15 13:45:16.0562 0532 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/02/15 13:45:16.0703 0532 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/02/15 13:45:16.0859 0532 epfw (39f48a0784be8465cd1ac80b36d61613) C:\WINDOWS\system32\DRIVERS\epfw.sys
2011/02/15 13:45:16.0984 0532 Epfwndis (3b47010b2425b69826004767e59045ba) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2011/02/15 13:45:17.0109 0532 epfwtdi (763c43360a541c92ef6c97452b312f3b) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
2011/02/15 13:45:17.0250 0532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/15 13:45:17.0375 0532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/15 13:45:17.0484 0532 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/15 13:45:17.0593 0532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/15 13:45:17.0703 0532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/15 13:45:17.0843 0532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/15 13:45:17.0953 0532 Ftdisk (07c0836405093475dd890ad557d0f1d9) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/15 13:45:17.0953 0532 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: 07c0836405093475dd890ad557d0f1d9, Fake md5: 4e664d8541db4a66b73a24257e322e1f
2011/02/15 13:45:17.0984 0532 Ftdisk - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/02/15 13:45:18.0078 0532 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/02/15 13:45:18.0187 0532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/15 13:45:18.0328 0532 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/15 13:45:18.0500 0532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/15 13:45:18.0750 0532 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/15 13:45:18.0890 0532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/15 13:45:19.0171 0532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/15 13:45:19.0296 0532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/15 13:45:19.0406 0532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/15 13:45:19.0515 0532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/15 13:45:19.0640 0532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/15 13:45:19.0734 0532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/15 13:45:19.0859 0532 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/15 13:45:20.0031 0532 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/15 13:45:20.0171 0532 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/15 13:45:20.0296 0532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/15 13:45:20.0406 0532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/15 13:45:20.0671 0532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/15 13:45:20.0781 0532 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/15 13:45:20.0890 0532 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/15 13:45:21.0015 0532 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/15 13:45:21.0156 0532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/15 13:45:21.0390 0532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/15 13:45:21.0531 0532 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/15 13:45:21.0703 0532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/15 13:45:21.0875 0532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/15 13:45:21.0984 0532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/15 13:45:22.0093 0532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/15 13:45:22.0218 0532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/15 13:45:22.0328 0532 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/15 13:45:22.0468 0532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/15 13:45:22.0593 0532 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/15 13:45:22.0703 0532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/15 13:45:22.0828 0532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/15 13:45:22.0968 0532 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/15 13:45:23.0078 0532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/15 13:45:23.0203 0532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/15 13:45:23.0390 0532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/15 13:45:23.0546 0532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/15 13:45:23.0718 0532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/15 13:45:23.0890 0532 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/15 13:45:24.0062 0532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/15 13:45:24.0187 0532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/15 13:45:24.0312 0532 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/15 13:45:24.0437 0532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/15 13:45:24.0578 0532 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/15 13:45:24.0687 0532 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/15 13:45:24.0968 0532 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/15 13:45:25.0718 0532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/15 13:45:25.0859 0532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/15 13:45:25.0968 0532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/15 13:45:26.0078 0532 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/15 13:45:26.0593 0532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/15 13:45:26.0703 0532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/15 13:45:26.0843 0532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/15 13:45:26.0953 0532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/15 13:45:27.0078 0532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/15 13:45:27.0203 0532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/15 13:45:27.0343 0532 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/15 13:45:27.0484 0532 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/15 13:45:27.0640 0532 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/15 13:45:27.0828 0532 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/02/15 13:45:27.0984 0532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/15 13:45:28.0140 0532 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/15 13:45:28.0265 0532 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/15 13:45:28.0406 0532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/15 13:45:28.0687 0532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/15 13:45:28.0890 0532 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/02/15 13:45:28.0890 0532 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/02/15 13:45:28.0937 0532 sptd - detected Locked file (1)
2011/02/15 13:45:29.0031 0532 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/15 13:45:29.0171 0532 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/15 13:45:29.0343 0532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/15 13:45:29.0484 0532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/15 13:45:29.0984 0532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/15 13:45:30.0156 0532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/15 13:45:30.0281 0532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/15 13:45:30.0406 0532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/15 13:45:30.0531 0532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/15 13:45:30.0781 0532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/15 13:45:31.0031 0532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/15 13:45:31.0187 0532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/15 13:45:31.0296 0532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/15 13:45:31.0437 0532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/15 13:45:31.0562 0532 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/15 13:45:31.0687 0532 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/15 13:45:31.0812 0532 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/15 13:45:31.0953 0532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/15 13:45:32.0078 0532 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/15 13:45:32.0218 0532 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/15 13:45:32.0343 0532 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/15 13:45:32.0515 0532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/15 13:45:32.0750 0532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/15 13:45:33.0046 0532 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/15 13:45:33.0187 0532 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/15 13:45:33.0437 0532 ================================================================================
2011/02/15 13:45:33.0437 0532 Scan finished
2011/02/15 13:45:33.0437 0532 ================================================================================
2011/02/15 13:45:33.0484 0472 Detected object count: 2
2011/02/15 13:46:42.0250 0472 Ftdisk (07c0836405093475dd890ad557d0f1d9) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/15 13:46:42.0250 0472 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: 07c0836405093475dd890ad557d0f1d9, Fake md5: 4e664d8541db4a66b73a24257e322e1f
2011/02/15 13:46:43.0328 0472 Backup copy found, using it..
2011/02/15 13:46:43.0343 0472 C:\WINDOWS\system32\DRIVERS\ftdisk.sys - will be cured after reboot
2011/02/15 13:46:43.0343 0472 Rootkit.Win32.TDSS.tdl3(Ftdisk) - User select action: Cure
2011/02/15 13:46:43.0343 0472 Locked file(sptd) - User select action: Skip
2011/02/15 13:46:53.0390 2868 Deinitialize success

[Rudy]

Ano, byl smazán.

[ivo81]

Ďakujem pekne za pomoc.

[Rudy]

Nemáte zač!