prosím o kontrolu logu, nějak pomalý počítač

[motji]

Ale ještě to není dobré. Bud je to falešná detekce combofixu, nebo je tam ještě nějaká mrška zašitá .


odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC


Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe
- spustte,
- potvrdte disabled
-log vložte zde



Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde [/quote]

[Andrade]

SPTD mi nejde dát "uninstall"
Defogger:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:19 on 28/11/2010 (Tuan)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
d347prt -> Disabled (Service running -> reboot required)
SPTD -> Already disabled
d347bus -> Disabled (Service running -> reboot required)


-=E.O.F=-

gmer:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-28 20:17:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e SAMSUNG_HD080HJ rev.WT100-33
Running: gmer.exe; Driver: C:\DOCUME~1\Tuan\LOCALS~1\Temp\fwdoykob.sys


---- System - GMER 1.0.15 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF84F12A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF84FC910]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 819B9F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 819B9F00
Device \Driver\atapi \Device\Ide\IdePort1 819B9F00
Device \Driver\atapi \Device\Ide\IdePort2 819B9F00
Device \Driver\atapi \Device\Ide\IdePort3 819B9F00
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 819B9F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 818D47F0
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 818D47F0
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 818D47F0
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 818D47F0
Device \Driver\d347prt \Device\Scsi\d347prt1 818D47F0
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 822BA960

AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- Modules - GMER 1.0.15 ----

Module _________ F8453000-F846B000 (98304 bytes)

---- EOF - GMER 1.0.15 ----

MBR:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD080HJ rev.WT100-33 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x819B9F00]<<
1 TUKERNEL!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82386AB8]
3 CLASSPNP[0xF8576FD7] -> TUKERNEL!IofCallDriver[0x804E37D5] -> \Device\00000071[0x823DEB10]
5 ACPI[0xF84C7620] -> TUKERNEL!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP2T0L0-e[0x82375030]
\Driver\atapi[0x822BB8F0] -> IRP_MJ_CREATE -> 0x819B9F00
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi -> 0x819b9f00
user & kernel MBR OK
Warning: possible MBR rootkit infection !

[motji]

A velký gmer máte?

[Andrade]

z gmeru mám jen tohle, pak se kousl a nešel spustit
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-29 10:12:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e SAMSUNG_HD080HJ rev.WT100-33
Running: gmer.exe; Driver: C:\DOCUME~1\Tuan\LOCALS~1\Temp\fwdoykob.sys


---- System - GMER 1.0.15 ----

SSDT 813E1580 ZwAssignProcessToJobObject
SSDT 813E2100 ZwDebugActiveProcess
SSDT 813E1B30 ZwDuplicateObject
SSDT 813E0CC0 ZwOpenProcess
SSDT 813E0FC0 ZwOpenThread
SSDT 813E19C0 ZwProtectVirtualMemory
SSDT 813E1860 ZwSetContextThread
SSDT 813E16E0 ZwSetInformationThread
SSDT 813DE700 ZwSetSecurityObject
SSDT 813E1420 ZwSuspendProcess
SSDT 813E12C0 ZwSuspendThread
SSDT 813E0E50 ZwTerminateProcess
SSDT 813E1150 ZwTerminateThread
SSDT 813E1F50 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[812] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2132] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\Tuan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3728] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\prodrv06 \Device\ProDrv06 E153A398
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E1013C28

AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0xCA 0x93 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0xCA 0x93 0x59 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{738e59c7-5c45-4ad9-b0aa-984a159c2f52}@Model 93
Reg HKLM\SOFTWARE\Classes\CLSID\{738e59c7-5c45-4ad9-b0aa-984a159c2f52}@Therad 15
Reg HKLM\SOFTWARE\Classes\CLSID\{738e59c7-5c45-4ad9-b0aa-984a159c2f52}@MData 0x2B 0x8F 0x78 0x29 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x47 0xB6 0x85 0xA4 ...

[motji]

Stáhněte Bootkit Remover http://www.esagelab.com/files/bootkit_remover.rar
-uložte ho na plochu a spusťte
- pravým tlačítkem myši klikněte do černého okna, zvolte Vybrat vše, stiskněte CTRL+C a pak zde na foru CTRL+V.


Návod od kolegy Stella

Stiahnite si prosím TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe a uložte ho na plochu.

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom adresari

[Andrade]

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: ee7fe9f24bc949ea3a78cf7064fbe50b

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;

TDSS :
2010/12/05 17:20:15.0656 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/05 17:20:15.0656 ================================================================================
2010/12/05 17:20:15.0656 SystemInfo:
2010/12/05 17:20:15.0656
2010/12/05 17:20:15.0656 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/05 17:20:15.0656 Product type: Workstation
2010/12/05 17:20:15.0656 ComputerName: DOMA-DF6B95AB6A
2010/12/05 17:20:15.0656 UserName: Tuan
2010/12/05 17:20:15.0656 Windows directory: C:\WINDOWS
2010/12/05 17:20:15.0656 System windows directory: C:\WINDOWS
2010/12/05 17:20:15.0656 Processor architecture: Intel x86
2010/12/05 17:20:15.0656 Number of processors: 1
2010/12/05 17:20:15.0656 Page size: 0x1000
2010/12/05 17:20:15.0656 Boot type: Normal boot
2010/12/05 17:20:15.0656 ================================================================================
2010/12/05 17:20:16.0187 Initialize success
2010/12/05 17:20:18.0156 ================================================================================
2010/12/05 17:20:18.0156 Scan started
2010/12/05 17:20:18.0156 Mode: Manual;
2010/12/05 17:20:18.0156 ================================================================================
2010/12/05 17:20:19.0078 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/05 17:20:19.0171 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/05 17:20:19.0281 adusbser (b49ddd6196584aaded16ee11aa72e1e2) C:\WINDOWS\system32\DRIVERS\adusbser.sys
2010/12/05 17:20:19.0359 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/05 17:20:19.0453 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/05 17:20:19.0734 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/12/05 17:20:20.0046 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/05 17:20:20.0125 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/05 17:20:20.0375 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/05 17:20:20.0484 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/05 17:20:20.0562 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/05 17:20:20.0640 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/12/05 17:20:20.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/05 17:20:20.0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/05 17:20:20.0875 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/05 17:20:20.0906 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/05 17:20:21.0234 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/05 17:20:21.0515 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
2010/12/05 17:20:21.0562 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\System32\Drivers\d347prt.sys
2010/12/05 17:20:21.0687 DgiVecp (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys
2010/12/05 17:20:21.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/05 17:20:21.0828 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/05 17:20:21.0890 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/05 17:20:21.0937 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/05 17:20:22.0015 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/05 17:20:22.0093 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/05 17:20:22.0171 eamon (1ceb779239965000b8f6adee17d4515b) C:\WINDOWS\system32\DRIVERS\eamon.sys
2010/12/05 17:20:22.0296 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2010/12/05 17:20:22.0343 epfw (15bfe00f030ea20955117bb0677e9668) C:\WINDOWS\system32\DRIVERS\epfw.sys
2010/12/05 17:20:22.0421 Epfwndis (52310e0e603d7da79ecca7d764937a91) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2010/12/05 17:20:22.0468 epfwtdi (bdde7dd8fcdb1de7e879bb320b0605c0) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
2010/12/05 17:20:22.0546 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/05 17:20:22.0625 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/05 17:20:22.0656 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/05 17:20:22.0687 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/05 17:20:22.0718 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/05 17:20:22.0796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/05 17:20:22.0859 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/05 17:20:23.0000 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/05 17:20:23.0062 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/05 17:20:23.0187 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/05 17:20:23.0312 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/05 17:20:23.0359 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/05 17:20:23.0468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/05 17:20:23.0546 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/05 17:20:23.0578 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/05 17:20:23.0640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/05 17:20:23.0671 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/05 17:20:23.0718 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/05 17:20:23.0812 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/05 17:20:23.0843 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/05 17:20:23.0890 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/05 17:20:23.0937 KMWDFilter (4476fe98aaf505acdcd3ee6360aabec1) C:\WINDOWS\System32\Drivers\KMWDFilter.SYS
2010/12/05 17:20:23.0984 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
2010/12/05 17:20:24.0015 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/05 17:20:24.0187 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/05 17:20:24.0234 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/05 17:20:24.0265 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/05 17:20:24.0296 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/05 17:20:24.0328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/05 17:20:24.0421 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/05 17:20:24.0500 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/05 17:20:24.0593 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/05 17:20:24.0671 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/05 17:20:24.0718 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/05 17:20:24.0750 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/05 17:20:24.0828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/05 17:20:24.0859 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/05 17:20:24.0937 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/05 17:20:24.0968 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/05 17:20:25.0031 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/05 17:20:25.0062 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/05 17:20:25.0109 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/05 17:20:25.0156 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/05 17:20:25.0218 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/05 17:20:25.0312 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/12/05 17:20:25.0359 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/12/05 17:20:25.0421 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/05 17:20:25.0500 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/05 17:20:25.0578 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/05 17:20:25.0609 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2010/12/05 17:20:25.0671 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/05 17:20:25.0718 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/05 17:20:25.0828 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/05 17:20:25.0875 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/05 17:20:25.0921 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/05 17:20:25.0984 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/12/05 17:20:26.0031 PCGenFAM (97290b7229520c8d7e62dc65d618b192) C:\WINDOWS\system32\DRIVERS\PCGenFAM.sys
2010/12/05 17:20:26.0062 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/05 17:20:26.0156 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/05 17:20:26.0250 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/05 17:20:26.0328 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/12/05 17:20:26.0609 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/05 17:20:26.0671 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/05 17:20:26.0750 prodrv06 (09921a58b4278bc16efa91a8fe480c50) C:\WINDOWS\System32\drivers\prodrv06.sys
2010/12/05 17:20:26.0781 prohlp02 (97184f49aa0733f6eea28ada265ba8da) C:\WINDOWS\system32\drivers\prohlp02.sys
2010/12/05 17:20:26.0828 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys
2010/12/05 17:20:26.0875 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/05 17:20:26.0921 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/05 17:20:27.0093 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/05 17:20:27.0140 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/05 17:20:27.0171 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/05 17:20:27.0218 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/05 17:20:27.0281 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/05 17:20:27.0343 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/05 17:20:27.0390 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/05 17:20:27.0453 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/05 17:20:27.0500 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/05 17:20:27.0625 se59bus (7c38fc284136981ebe002252fa0900d3) C:\WINDOWS\system32\DRIVERS\se59bus.sys
2010/12/05 17:20:27.0828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/05 17:20:27.0937 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/05 17:20:27.0968 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/05 17:20:28.0046 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
2010/12/05 17:20:28.0093 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/05 17:20:28.0265 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/05 17:20:28.0359 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/05 17:20:28.0421 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/05 17:20:28.0515 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/05 17:20:28.0593 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/05 17:20:28.0625 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/05 17:20:28.0796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/05 17:20:28.0890 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/05 17:20:28.0937 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/05 17:20:29.0000 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/05 17:20:29.0046 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/05 17:20:29.0171 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/05 17:20:29.0250 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/05 17:20:29.0328 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/12/05 17:20:29.0375 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/05 17:20:29.0421 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/05 17:20:29.0453 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/05 17:20:29.0531 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/05 17:20:29.0593 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/05 17:20:29.0687 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/05 17:20:29.0750 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2010/12/05 17:20:29.0812 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/12/05 17:20:29.0859 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/05 17:20:29.0953 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/05 17:20:30.0015 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/05 17:20:30.0125 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/05 17:20:30.0171 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/05 17:20:30.0312 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/05 17:20:30.0453 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/05 17:20:30.0562 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/05 17:20:30.0609 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/05 17:20:30.0718 yukonwxp (a5d4eae27e68625296d685a786897491) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2010/12/05 17:20:30.0953 ================================================================================
2010/12/05 17:20:30.0953 Scan finished
2010/12/05 17:20:30.0953 ================================================================================

[motji]

Z konzoly zotavení udělejte opravu Mbr sektoru
zadáte příkaz

fixmbr \device\harddisk0

-přesně takto, za FIXMBR je mezera

Restart počítače a nový log z MBr.exe a bootkit removeru.

[Andrade]

Prosím vás kde najdu konzoli pro zotavení? Nejsem v počítačích moc přeborník.

[motji]

Měl by jste ji mít nainstalovanou od combofixu, když restartujete počítač, měla by Vám vyskočit nabídka mezi systémem a konzolí. Pokud to tak nemáte, máte inst. cd? Na něm ta konzole také je.

Tady je podrobnější návod na tu opravu
http://viry.cz/forum/viewtopic.php?f=11&t=7294