VIRY.CZ

pouzi TDSSKiller vid motji http://www.viry.cz/forum/viewtopic.php? ... er#p989855

2011/05/31 15:03:52.0251 4020 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/31 15:03:54.0251 4020 ================================================================================
2011/05/31 15:03:54.0251 4020 SystemInfo:
2011/05/31 15:03:54.0251 4020
2011/05/31 15:03:54.0251 4020 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/31 15:03:54.0251 4020 Product type: Workstation
2011/05/31 15:03:54.0251 4020 ComputerName: UJP_TOTH
2011/05/31 15:03:54.0251 4020 UserName: toth
2011/05/31 15:03:54.0251 4020 Windows directory: C:\WINDOWS
2011/05/31 15:03:54.0251 4020 System windows directory: C:\WINDOWS
2011/05/31 15:03:54.0251 4020 Processor architecture: Intel x86
2011/05/31 15:03:54.0251 4020 Number of processors: 1
2011/05/31 15:03:54.0251 4020 Page size: 0x1000
2011/05/31 15:03:54.0251 4020 Boot type: Normal boot
2011/05/31 15:03:54.0251 4020 ================================================================================
2011/05/31 15:03:55.0470 4020 Initialize success
2011/05/31 15:03:59.0720 2596 ================================================================================
2011/05/31 15:03:59.0720 2596 Scan started
2011/05/31 15:03:59.0720 2596 Mode: Manual;
2011/05/31 15:03:59.0720 2596 ================================================================================
2011/05/31 15:04:01.0361 2596 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/31 15:04:01.0517 2596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/31 15:04:01.0626 2596 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/31 15:04:01.0751 2596 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/31 15:04:01.0876 2596 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/31 15:04:02.0314 2596 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/31 15:04:02.0423 2596 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/31 15:04:02.0626 2596 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/31 15:04:02.0767 2596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/31 15:04:02.0861 2596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/31 15:04:03.0142 2596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/31 15:04:03.0329 2596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/31 15:04:03.0392 2596 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/31 15:04:03.0517 2596 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/31 15:04:03.0814 2596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/31 15:04:04.0017 2596 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/31 15:04:04.0204 2596 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/31 15:04:04.0282 2596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/31 15:04:04.0392 2596 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/31 15:04:04.0564 2596 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/31 15:04:04.0657 2596 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/31 15:04:04.0892 2596 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/31 15:04:05.0032 2596 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/31 15:04:05.0095 2596 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/31 15:04:05.0189 2596 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/31 15:04:05.0282 2596 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/31 15:04:05.0407 2596 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/05/31 15:04:05.0564 2596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/31 15:04:05.0673 2596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/31 15:04:05.0814 2596 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/31 15:04:05.0954 2596 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/31 15:04:06.0189 2596 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/31 15:04:06.0501 2596 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/31 15:04:06.0642 2596 ialm (50d909fdaf6df35b04c6b6a4bcb6d675) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/31 15:04:06.0767 2596 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/31 15:04:06.0939 2596 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/31 15:04:07.0048 2596 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/31 15:04:07.0111 2596 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/31 15:04:07.0204 2596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/31 15:04:07.0314 2596 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/31 15:04:07.0407 2596 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/31 15:04:07.0548 2596 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/31 15:04:07.0642 2596 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/31 15:04:07.0798 2596 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/31 15:04:07.0861 2596 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/31 15:04:07.0986 2596 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/31 15:04:08.0079 2596 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/31 15:04:08.0361 2596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/31 15:04:08.0486 2596 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/31 15:04:08.0579 2596 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/31 15:04:08.0673 2596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/31 15:04:08.0814 2596 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/31 15:04:08.0923 2596 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/31 15:04:09.0064 2596 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/31 15:04:09.0236 2596 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/31 15:04:09.0329 2596 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/31 15:04:09.0407 2596 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/31 15:04:09.0454 2596 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/31 15:04:09.0564 2596 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/31 15:04:09.0689 2596 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/31 15:04:09.0798 2596 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
2011/05/31 15:04:09.0954 2596 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/31 15:04:10.0048 2596 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/31 15:04:10.0142 2596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/31 15:04:10.0282 2596 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/31 15:04:10.0376 2596 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/31 15:04:10.0564 2596 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/31 15:04:10.0611 2596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/31 15:04:10.0782 2596 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/31 15:04:10.0861 2596 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/31 15:04:11.0064 2596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/31 15:04:11.0157 2596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/31 15:04:11.0267 2596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/31 15:04:11.0361 2596 OkiPar (be9f279455113ce13e5bfee0659461e5) C:\WINDOWS\System32\DRIVERS\OKIPAR.SYS
2011/05/31 15:04:11.0501 2596 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/31 15:04:11.0579 2596 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/31 15:04:11.0720 2596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/31 15:04:11.0829 2596 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/31 15:04:11.0986 2596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/31 15:04:12.0142 2596 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/31 15:04:12.0595 2596 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
2011/05/31 15:04:12.0751 2596 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/31 15:04:12.0814 2596 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/31 15:04:12.0861 2596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/31 15:04:12.0970 2596 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/31 15:04:13.0267 2596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/31 15:04:13.0361 2596 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/31 15:04:13.0470 2596 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/31 15:04:13.0579 2596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/31 15:04:13.0720 2596 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/31 15:04:13.0814 2596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/31 15:04:13.0954 2596 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/31 15:04:14.0048 2596 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/31 15:04:14.0189 2596 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/31 15:04:14.0376 2596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/31 15:04:14.0486 2596 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/31 15:04:14.0595 2596 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/31 15:04:14.0704 2596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/31 15:04:14.0907 2596 smwdm (bf208c85119770e6a9b6577019a3d810) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/31 15:04:15.0095 2596 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/31 15:04:15.0204 2596 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/31 15:04:15.0361 2596 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/31 15:04:15.0548 2596 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/05/31 15:04:15.0611 2596 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/05/31 15:04:15.0751 2596 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/05/31 15:04:15.0892 2596 ssm_bus (14622ae81c72b08691eedaabc1d4a129) C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
2011/05/31 15:04:16.0001 2596 ssm_mdfl (43ee5e9fda61a5e0eac4c1de699e6e4d) C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
2011/05/31 15:04:16.0111 2596 ssm_mdm (918cfd32c7feb174f356a0a6fad11f4b) C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
2011/05/31 15:04:16.0157 2596 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/05/31 15:04:16.0267 2596 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/31 15:04:16.0392 2596 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/31 15:04:16.0704 2596 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/31 15:04:16.0798 2596 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/31 15:04:16.0954 2596 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/31 15:04:17.0017 2596 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/31 15:04:17.0157 2596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/31 15:04:17.0298 2596 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/31 15:04:17.0532 2596 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/31 15:04:17.0704 2596 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/31 15:04:17.0782 2596 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/31 15:04:17.0923 2596 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/31 15:04:17.0986 2596 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/31 15:04:18.0126 2596 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/31 15:04:18.0189 2596 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/05/31 15:04:18.0361 2596 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/31 15:04:18.0501 2596 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/31 15:04:18.0657 2596 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/31 15:04:18.0751 2596 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/05/31 15:04:18.0986 2596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/31 15:04:19.0251 2596 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/31 15:04:19.0392 2596 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/31 15:04:19.0548 2596 {6080A529-897E-4629-A488-ABA0C29B635E} (1a301c3c65a3d119803fbac5ab65897f) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/05/31 15:04:19.0657 2596 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (4afee4b1625d5146b16526e48953d7a6) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/05/31 15:04:19.0704 2596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/31 15:04:19.0892 2596 ================================================================================
2011/05/31 15:04:19.0892 2596 Scan finished
2011/05/31 15:04:19.0892 2596 ================================================================================
2011/05/31 15:04:19.0923 2592 Detected object count: 0
2011/05/31 15:04:19.0923 2592 Actual detected object count: 0

vypada to nejake posahane, ale bez virusov ,,,
skus:
1. ComboFIX v nudzovom rezime
2. odinstalovat NOD, nainstalovat Aviru
3. uplny scan s MBAM
4. prescanovanie s USBFix

JaRon píše:vypada to nejake posahane, ale bez virusov ,,,
skus:
1. ComboFIX v nudzovom rezime stále som mimo PC, ale ak nebude rady, odbehnem z roboty
2. odinstalovat NOD, nainstalovat Aviru ja nod nemám nainštalovaný, nedá sa mi tam nainštalovať a chcem ho mať tam, kedže ho používam legálne
3. uplny scan s MBAM mbam log nižšie
4. prescanovanie s USBFixnerobil som, ale čítal, kedže nie som pri PC, nemôžem tam dať Flasku, ale tá už je je preliečená, používam flash desinfector

Kód: Vybrat vše

http://www.precisesecurity.com/tools-resources/adware-tools/flash-disinfector/

[/color]

Malwarebytes' Anti-Malware 1.51.0.1200
http://www.malwarebytes.org

Verzia databázy: 6705

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1. 6. 2011 8:57:55
mbam-log-2011-06-01 (08-57-55).txt

Typ kontroly: Úplná kontrola (C:\|)
Objektov kontrolovaných: 195339
Uplynutý čas: 29 min, 46 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 2
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 1

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-01WE-AAX2-5657QCA554112} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-01WE-AAX2-5657QCA554112} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
c:\program files\common files\acd systems\patch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

2. Aviru som myslel, iba docasne do uzavretia pripadu ,,, inac skus http://kb.eset.com/esetkb/index?page=co ... d=SOLN2116 - ak ani po odinstalovani podla navodu nepojde, obrat sa na ESET podporu
4. USBFix - nie som si isty, ci Ti nezhodi spojenie, rob radsej priamo na PC

idem skúsiť nainštalovať znovu nod4 - skúsil som, stále zle

v podobnom topicu na esetpage ako si mi radil som našiel aj utilitu na unistall esset tak som použil tú
combofix sa podaril v safe mode, log tu:


ComboFix 11-05-29.02 - toth . 06. 2011 10:22:02.6.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.503.380 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\Application Data\OfferBox
c:\documents and settings\user\WINDOWS
c:\program files\OfferBox
c:\program files\OfferBox\OfferBoxBHO.dll
c:\program files\OfferBox\OfferBoxEngine.dll
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.xpt
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome.manifest
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\events.js
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\overlay.xul
c:\program files\OfferBox\offerboxffx@offerbox.com\install.rdf
c:\program files\OfferBox\OfferBoxChromeExtension.crx
c:\program files\OfferBox\OfferBoxLauncher.exe
c:\program files\OfferBox\res\language.xml
c:\program files\OfferBox\res\loader.gif
c:\program files\OfferBox\uninst.exe
c:\windows\system\MSCOMCTL.OCX
c:\windows\system32\raddrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-01 to 2011-06-01 )))))))))))))))))))))))))))))))
.
.
2016-04-12 00:01 . 2011-05-31 17:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2016-04-12 00:01 . 2016-04-12 00:01 -------- d-----w- c:\windows\Zuma's Revenge!
2016-04-12 00:01 . 2011-05-13 11:16 -------- d-----w- c:\program files\Zuma's Revenge!
2011-06-01 06:24 . 2011-06-01 06:24 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2011-06-01 06:24 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-01 06:24 . 2011-06-01 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-01 06:24 . 2011-06-01 06:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-01 06:24 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-30 09:55 . 2011-05-30 09:55 -------- d-----w- c:\program files\ives
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-28 08:03 . 2011-03-28 08:03 1409 ----a-w- c:\windows\QTFont.for
2011-03-07 05:33 . 2009-07-14 06:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-03 22:56 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-03 21:17 1857920 ----a-w- c:\windows\system32\win32k.sys
2004-12-08 09:39 . 2009-07-14 07:30 138 ----a-w- c:\program files\Zmaz_index_pri_chybe_profilu.cmd
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-07-14 155648]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-12-10 116056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-07-14 155648]
"LanguageMonitor"="c:\windows\system32\Oplmsb01.exe" [2004-01-09 94208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SymmTime.lnk - c:\program files\Symmetricom\SymmTime\SymmTime.exe [2009-7-14 778240]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4899:TCP"= 4899:TCP:radm
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [29. 3. 2010 8:26 238952]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1. 6. 2011 8:24 366640]
S2 OkiPar;OkiPar;c:\windows\system32\drivers\OkiPar.sys [15. 7. 2009 9:36 36928]
S2 r_server;Remote Administrator Service;c:\windows\system32\r_server.exe [14. 7. 2009 9:47 708608]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [29. 3. 2010 8:26 36608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1. 6. 2011 8:24 22712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1. 6. 2011 8:24 39984]
.
Contents of the 'Scheduled Tasks' folder
.
2016-04-12 c:\windows\Tasks\User_Feed_Synchronization-{36E62522-80E9-42D2-81A3-A2FBEDFB0F5A}.job
- c:\windows\system32\msfeedssync.exe [2010-04-30 02:31]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NPSStartup - (no file)
AddRemove-OfferBox Browser - c:\program files\OfferBox\uninst.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-01 10:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-01 10:31:04
ComboFix-quarantined-files.txt 2011-06-01 08:30
.
Pre-Run: 31 455 764 480 bytes free
Post-Run: 16 adresárov, 31 429 435 392 voľných bajtov
.
- - End Of File - - 524D2822C10127D973AC180F19E2A717

ESET: ak Ti nepomohol uvedeny navod, ostava uz len vykopat SW z registrov ,,,
regedit > klucove slovo NOD32 >> vymazat zaznamy potom klucove slovo ekrn a detto
len opatrne, aby to nebola sucast nejakeho dlhsieho slova napr. nekrnosil

no pri mazaní v registroch mi nedovolilo vymazať niektoré kúče, to bude ten problém. ide o legacy_ekrn. Našiel som aj niečo a nete len nie som dobrý v angličtine, ale myslím že je to môj problém.

pomoze si prekladacom http://translate.google.sk/translate?hl ... 69719.html

samozrejme som použil google translator aj pred tým môj naj nástroj

ale tam píšu niečo o malwarebyte a to v PC nemám(myslím ak som správne prekladal)ale pomazal som všetko v registroch čo malo niečo spoločné z nod32, eset, ekrn. niečo nešlo, dal som len povolenia a potom som to zmazal, natešený som dal instal nod a vrátenie akcie späť ako doteraz

neviem, spytam sa kolegov, ale potom uz len podpora ESET-u

tak som zvedavý čo povedia kolegovia bo už ma táto mašinka začína hnevať, ale predpokladám že nebude problém v nejakej hávedi, skôr si myslím že je to pozostatok z niečoho čo to napáchalo, aj keď tento PC nebol nejak zahunusobený čo si pamatám. Inak veľké díky Vám všetkým ktorý sa tu podielate na "radcovaní". Niekedy dávnejšie som prispel na Vaše forum(pod nickom herodeso), mal by som asi zas.

ty múj kvítku medový odinštaloval som microsoft activesync na synchronizáciu, nejaké drivere na samsung smartfone a ajhla inštalácia prebehla, dávam to za príčinu active sync


ale aj tak ďakujem, bolo to dlhé trápenie. zase som o niečo múdrejší.

za malo - aj nabuduce
nejake smejdy sme odstranili a problem s NOD-om si si opravil sam

len pre uplnost doplnim, ze problemom byva aplikacia
Samsung New PC Studio
staci zmenit poradie instalacie a je po probleme