Proszę o pomoc z logiem z Hijackthis i Combofix


(Patrykwalkowicz) #1

Witam,

będę wdzięczny za pomoc z logami. Dodam, że mam problem z MBR PHYSICALDRIVE0.

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:00:52, on 24-04-2011

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll

O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll

O3 - Toolbar: Pasek &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O15 - Trusted Zone: http://www.mks.com.pl

O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) - 

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service (adobe lm service) - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Usługa Google Update (gupdate1c9fb418d8715fa) (gupdate1c9fb418d8715fa) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe


--

End of file - 6859 bytes

Combofix:

ComboFix 11-04-23.02 - dom 24-04-2011 17:17:23.2.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1279.851 [GMT 2:00]

Uruchomiony z: c:\documents and settings\dom\Pulpit\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\dom\Recent\Thumbs.db

c:\documents and settings\dom\WINDOWS

C:\mtwb.dat

c:\program files\Fast Browser Search

c:\program files\Fast Browser Search\IE\1.bat

c:\program files\Fast Browser Search\IE\about.html

c:\program files\Fast Browser Search\IE\affid.dat

c:\program files\Fast Browser Search\IE\basis.xml

c:\program files\Fast Browser Search\IE\basis_br.xml

c:\program files\Fast Browser Search\IE\basis_de.xml

c:\program files\Fast Browser Search\IE\basis_en.xml

c:\program files\Fast Browser Search\IE\basis_es.xml

c:\program files\Fast Browser Search\IE\basis_fr.xml

c:\program files\Fast Browser Search\IE\basis_it.xml

c:\program files\Fast Browser Search\IE\basis_nr.xml

c:\program files\Fast Browser Search\IE\basis_pt.xml

c:\program files\Fast Browser Search\IE\basis_ru.xml

c:\program files\Fast Browser Search\IE\basis_tr.xml

c:\program files\Fast Browser Search\IE\BHO.dll

c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe

c:\program files\Fast Browser Search\IE\error.html

c:\program files\Fast Browser Search\IE\FBSPlugin.dll

c:\program files\Fast Browser Search\IE\fbsProtection.xml

c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml

c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe

c:\program files\Fast Browser Search\IE\FBStoolbar.dll

c:\program files\Fast Browser Search\IE\fbstoolbar.jar

c:\program files\Fast Browser Search\IE\fbstoolbar.manifest

c:\program files\Fast Browser Search\IE\icons.bmp

c:\program files\Fast Browser Search\IE\info.txt

c:\program files\Fast Browser Search\IE\local.xml

c:\program files\Fast Browser Search\IE\logobg.bmp

c:\program files\Fast Browser Search\IE\MTWBtoolbar.html

c:\program files\Fast Browser Search\IE\search.bmp

c:\program files\Fast Browser Search\IE\search_br.bmp

c:\program files\Fast Browser Search\IE\search_de.bmp

c:\program files\Fast Browser Search\IE\search_es.bmp

c:\program files\Fast Browser Search\IE\search_fr.bmp

c:\program files\Fast Browser Search\IE\search_it.bmp

c:\program files\Fast Browser Search\IE\search_pt.bmp

c:\program files\Fast Browser Search\IE\search_ru.bmp

c:\program files\Fast Browser Search\IE\SearchAssistant.dll

c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe

c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico

c:\program files\Fast Browser Search\IE\SGPU.ico

c:\program files\Fast Browser Search\IE\sgpUpdater.exe

c:\program files\Fast Browser Search\IE\sgpUpdater.xml

c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe

c:\program files\Fast Browser Search\IE\tbhelper.dll

c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js

c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js

c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js

c:\program files\Fast Browser Search\IE\Toolbar Help.htm

c:\program files\Fast Browser Search\IE\ToolBarBHO.dll

c:\program files\Fast Browser Search\IE\uninstall.exe

c:\program files\Fast Browser Search\IE\uninstalSGP.exe

c:\program files\Fast Browser Search\IE\uninstalSGPU.exe

c:\program files\Fast Browser Search\IE\update.exe

c:\program files\Fast Browser Search\IE\version.txt

c:\program files\Gold VIP Club Casino

c:\program files\Gold VIP Club Casino\_patch\package_list.ini

c:\program files\Gold VIP Club Casino\_patch\package_list.ini.crc

c:\program files\Gold VIP Club Casino\bj.dll

c:\program files\Gold VIP Club Casino\casino.dll

c:\program files\Gold VIP Club Casino\casino.exe

c:\program files\Gold VIP Club Casino\casino.ico

c:\program files\Gold VIP Club Casino\casino.ini

c:\program files\Gold VIP Club Casino\directsound.dll

c:\program files\Gold VIP Club Casino\extgame.dll

c:\program files\Gold VIP Club Casino\fonts\albw.ttf

c:\program files\Gold VIP Club Casino\Gold VIP Club Casino.ico

c:\program files\Gold VIP Club Casino\Install.exe

c:\program files\Gold VIP Club Casino\installed\Blackjack - Common

c:\program files\Gold VIP Club Casino\installed\Blackjack - Common.ini

c:\program files\Gold VIP Club Casino\installed\Blackjack - Standard

c:\program files\Gold VIP Club Casino\installed\Blackjack - Standard.ini

c:\program files\Gold VIP Club Casino\installed\Extgame

c:\program files\Gold VIP Club Casino\installed\Extgame.ini

c:\program files\Gold VIP Club Casino\installed\Fonts - Latin

c:\program files\Gold VIP Club Casino\installed\Fonts - Latin.ini

c:\program files\Gold VIP Club Casino\installed\Lobby

c:\program files\Gold VIP Club Casino\installed\Lobby.ini

c:\program files\Gold VIP Club Casino\installed\packages

c:\program files\Gold VIP Club Casino\installed\SmartDownload

c:\program files\Gold VIP Club Casino\installed\SmartDownload.ini

c:\program files\Gold VIP Club Casino\lbyinst.exe

c:\program files\Gold VIP Club Casino\lobby.dll

c:\program files\Gold VIP Club Casino\lobby.ini

c:\program files\Gold VIP Club Casino\Microsoft.VC80.CRT.manifest

c:\program files\Gold VIP Club Casino\miniprocess.exe

c:\program files\Gold VIP Club Casino\msvcm80.dll

c:\program files\Gold VIP Club Casino\msvcp60.dll

c:\program files\Gold VIP Club Casino\msvcp80.dll

c:\program files\Gold VIP Club Casino\msvcr80.dll

c:\program files\Gold VIP Club Casino\msvcrt.dll

c:\program files\Gold VIP Club Casino\plibc32.dll

c:\program files\Gold VIP Club Casino\rsc\action_button.rsc

c:\program files\Gold VIP Club Casino\rsc\bj.en.st.rsc

c:\program files\Gold VIP Club Casino\rsc\blackjack32.en.rsc

c:\program files\Gold VIP Club Casino\rsc\card.rsc

c:\program files\Gold VIP Club Casino\rsc\cards32.rsc

c:\program files\Gold VIP Club Casino\rsc\casino.bd1.rsc

c:\program files\Gold VIP Club Casino\rsc\casino.cad.rsc

c:\program files\Gold VIP Club Casino\rsc\casino.chf.rsc

c:\program files\Gold VIP Club Casino\rsc\casino.cny.rsc

c:\program files\Gold VIP Club Casino\rsc\casino.en.rsc

c:\program files\Gold VIP Club Casino\rsc\casino.en.st.rsc

c:\program files\Gold VIP Club Casino\rsc\casino.eur.rsc

c:\program files\Gold VIP Club Casino\rsc\casino.gbp.rsc

c:\program files\Gold VIP Club Casino\rsc\casino.myr.rsc

c:\program files\Gold VIP Club Casino\rsc\casino.pen.rsc

c:\program files\Gold VIP Club Casino\rsc\casino.php.rsc

c:\program files\Gold VIP Club Casino\rsc\casino.pln.rsc

c:\program files\Gold VIP Club Casino\rsc\casino.rub.rsc

c:\program files\Gold VIP Club Casino\rsc\casino.usd.rsc

c:\program files\Gold VIP Club Casino\rsc\casino.zar.rsc

c:\program files\Gold VIP Club Casino\rsc\casino32.en.rsc

c:\program files\Gold VIP Club Casino\rsc\casino32.rsc

c:\program files\Gold VIP Club Casino\rsc\chips.bd1.rsc

c:\program files\Gold VIP Club Casino\rsc\chips.cad.rsc

c:\program files\Gold VIP Club Casino\rsc\chips.chf.rsc

c:\program files\Gold VIP Club Casino\rsc\chips.cny.rsc

c:\program files\Gold VIP Club Casino\rsc\chips.eur.rsc

c:\program files\Gold VIP Club Casino\rsc\chips.gbp.rsc

c:\program files\Gold VIP Club Casino\rsc\chips.myr.rsc

c:\program files\Gold VIP Club Casino\rsc\chips.pen.rsc

c:\program files\Gold VIP Club Casino\rsc\chips.php.rsc

c:\program files\Gold VIP Club Casino\rsc\chips.pln.rsc

c:\program files\Gold VIP Club Casino\rsc\chips.rub.rsc

c:\program files\Gold VIP Club Casino\rsc\chips.thb.rsc

c:\program files\Gold VIP Club Casino\rsc\chips.uah.rsc

c:\program files\Gold VIP Club Casino\rsc\chips.usd.rsc

c:\program files\Gold VIP Club Casino\rsc\chips.zar.rsc

c:\program files\Gold VIP Club Casino\rsc\chips32.cad.rsc

c:\program files\Gold VIP Club Casino\rsc\chips32.chf.rsc

c:\program files\Gold VIP Club Casino\rsc\chips32.cny.rsc

c:\program files\Gold VIP Club Casino\rsc\chips32.eur.rsc

c:\program files\Gold VIP Club Casino\rsc\chips32.myr.rsc

c:\program files\Gold VIP Club Casino\rsc\chips32.pen.rsc

c:\program files\Gold VIP Club Casino\rsc\chips32.php.rsc

c:\program files\Gold VIP Club Casino\rsc\chips32.pln.rsc

c:\program files\Gold VIP Club Casino\rsc\chips32.rub.rsc

c:\program files\Gold VIP Club Casino\rsc\chips32.thb.rsc

c:\program files\Gold VIP Club Casino\rsc\chips32.uah.rsc

c:\program files\Gold VIP Club Casino\rsc\chips32.usd.rsc

c:\program files\Gold VIP Club Casino\rsc\chips32.zar.rsc

c:\program files\Gold VIP Club Casino\rsc\downloaddlg.rsc

c:\program files\Gold VIP Club Casino\rsc\exit.en.rsc

c:\program files\Gold VIP Club Casino\rsc\extgame.en.st.rsc

c:\program files\Gold VIP Club Casino\rsc\history.rsc

c:\program files\Gold VIP Club Casino\rsc\lobby.en.st.rsc

c:\program files\Gold VIP Club Casino\rsc\lobby.rsc

c:\program files\Gold VIP Club Casino\rsc\logos.rsc

c:\program files\Gold VIP Club Casino\rsc\MaxPayoutInfo.rsc

c:\program files\Gold VIP Club Casino\rsc\options_new.rsc

c:\program files\Gold VIP Club Casino\rsc\rings.en.rsc

c:\program files\Gold VIP Club Casino\rsc\table.en.rsc

c:\program files\Gold VIP Club Casino\rsc\table.rsc

c:\program files\Gold VIP Club Casino\rsc\tables32.rsc

c:\program files\Gold VIP Club Casino\rsc\tbslot.en.rsc

c:\program files\Gold VIP Club Casino\sounds\Blackjack.ogg

c:\program files\Gold VIP Club Casino\sounds\Bust.ogg

c:\program files\Gold VIP Club Casino\sounds\cmn000.wav

c:\program files\Gold VIP Club Casino\sounds\cmn001.wav

c:\program files\Gold VIP Club Casino\sounds\cmn002.wav

c:\program files\Gold VIP Club Casino\sounds\cmn003.wav

c:\program files\Gold VIP Club Casino\sounds\cmn004.wav

c:\program files\Gold VIP Club Casino\sounds\cmn005.wav

c:\program files\Gold VIP Club Casino\sounds\cmn007.wav

c:\program files\Gold VIP Club Casino\sounds\HandScore_00.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_01.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_02.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_03.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_04.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_05.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_06.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_07.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_08.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_09.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_10.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_11.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_12.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_13.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_14.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_15.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_16.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_17.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_18.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_19.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_20.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_21.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_22.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_23.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_24.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_25.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_26.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_27.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_28.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_29.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_30.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_31.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_32.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_33.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_34.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_35.ogg

c:\program files\Gold VIP Club Casino\sounds\HandScore_36.ogg

c:\program files\Gold VIP Club Casino\sounds\Insurance.ogg

c:\program files\Gold VIP Club Casino\sounds\PlayerWins.ogg

c:\program files\Gold VIP Club Casino\sounds\Push.ogg

c:\program files\Gold VIP Club Casino\sounds\ShoeCardSound.ogg

c:\program files\Gold VIP Club Casino\sounds\Win.ogg

c:\program files\Gold VIP Club Casino\unicows.dll

c:\program files\Gold VIP Club Casino\winsound.dll

c:\program files\Gold VIP Club Casino\zlib.dll

c:\program files\Search Guard Plus

c:\program files\Search Guard Plus\fbsProtection.xml

c:\program files\Search Guard Plus\fbsSearchProvider.xml

c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe

c:\program files\Search Guard Plus\SearchGuardPlus.exe

c:\program files\Search Guard Plus\SearchGuardPlus.ico

c:\program files\Search Guard Plus\uninstalSGP.exe

c:\program files\Search Guard PlusU

c:\program files\Search Guard PlusU\SGPU.ico

c:\program files\Search Guard PlusU\sgpUpdater.exe

c:\program files\Search Guard PlusU\sgpUpdater.xml

c:\program files\Search Guard PlusU\sgpUpdaters.exe

c:\program files\Search Guard PlusU\uninstalSGPU.exe

c:\program files\SGPSA

c:\program files\SGPSA\BHO.dll

c:\program files\SGPSA\SearchAssistant.dll

c:\windows\system32\ccrpTmr6.dll

.

Zainfekowana kopia c:\windows\system32\kernel32.dll została znaleziona. Problem naprawiono 

Plik odzyskano z - c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll 

.

.

((((((((((((((((((((((((( Pliki utworzone od 2011-03-24 do 2011-04-24 )))))))))))))))))))))))))))))))

.

.

2011-04-24 14:59 . 2011-04-24 14:59	388096	----a-r-	c:\documents and settings\dom\Dane aplikacji\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-04-24 14:59 . 2011-04-24 14:59	--------	d-----w-	c:\program files\Trend Micro

2011-04-21 14:46 . 2011-04-21 14:46	--------	d--h--w-	c:\windows\ie8

2011-04-21 14:39 . 2010-05-06 10:35	599040	------w-	c:\windows\system32\dllcache\msfeeds.dll

2011-04-21 14:39 . 2010-05-06 10:35	55296	------w-	c:\windows\system32\dllcache\msfeedsbs.dll

2011-04-21 14:39 . 2010-05-06 10:35	12800	------w-	c:\windows\system32\dllcache\xpshims.dll

2011-04-21 14:39 . 2010-05-06 10:35	247808	------w-	c:\windows\system32\dllcache\ieproxy.dll

2011-04-21 14:39 . 2010-05-06 10:35	1985536	------w-	c:\windows\system32\dllcache\iertutil.dll

2011-04-21 14:39 . 2010-05-06 10:35	743424	------w-	c:\windows\system32\dllcache\iedvtool.dll

2011-04-21 14:39 . 2010-05-06 10:35	11076096	------w-	c:\windows\system32\dllcache\ieframe.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-30 13:31 . 2008-03-30 13:31	20907376	----a-w-	c:\program files\aaw2007(dobreprogramy.pl).exe

.

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2009-01-02 09:06	365960	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-01-02 365960]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-01-02 365960]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"7329:TCP"= 7329:TCP:Services

"7330:TCP"= 7330:TCP:Services

"6551:TCP"= 6551:TCP:Services

"6418:TCP"= 6418:TCP:Services

"2180:TCP"= 2180:TCP:Services

"4067:TCP"= 4067:TCP:Services

"3911:TCP"= 3911:TCP:Services

"7082:TCP"= 7082:TCP:Services

"6769:TCP"= 6769:TCP:Services

"5567:TCP"= 5567:TCP:Services

"6348:TCP"= 6348:TCP:Services

"7662:TCP"= 7662:TCP:Services

"6896:TCP"= 6896:TCP:Services

"8817:TCP"= 8817:TCP:Services

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27-01-2008 14:03 685816]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13-08-2008 19:46 294608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13-08-2008 19:46 17744]

R2 gupdate1c9fb418d8715fa;Usługa Google Update (gupdate1c9fb418d8715fa);c:\program files\Google\Update\GoogleUpdate.exe [02-07-2009 20:18 133104]

R3 xcpip;Sterownik protokołu TCP/IP;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

R3 xpsec;Sterownik IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S0 eovc65;eovc65; [x]

S3 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [05-11-2007 16:01 4224]

S3 UsbSagCom;Mobile Device Full USB Driver;c:\windows\system32\drivers\UsbSagCom.sys [29-06-2007 14:20 51712]

S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [11-07-2008 12:53 99648]

.

Zawartość folderu 'Zaplanowane zadania'

.

2011-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 18:18]

.

2011-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 18:18]

.

2011-04-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-789336058-725345543-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 16:32]

.

2011-04-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-789336058-725345543-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 16:32]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.onet.pl/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s

IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe

Trusted Zone: mks.com.pl\www

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

- - - - USUNIĘTO PUSTE WPISY - - - -

.

Toolbar-Locked - (no file)

AddRemove-Gadu-Gadu - c:\program files\Gadu-Gadu\Setup.exe

AddRemove-Gold VIP Club Casino - c:\program files\Gold VIP Club Casino\Install.exe

AddRemove-Mistrz Wizażu 2_is1 - g:\ola\MistrzWizażu2\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-24 17:28

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

.

skanowanie ukrytych procesów ...  

.

skanowanie ukrytych wpisów autostartu ... 

.

skanowanie ukrytych plików ...  

.

skanowanie pomyślnie ukończone

ukryte pliki: 0

.

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

.

- - - - - - - > 'explorer.exe'(3052)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\browselc.dll

c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\SOUNDMAN.EXE

c:\windows\system32\CTsvcCDA.exe

c:\windows\System32\FTRTSVC.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Spyware Terminator\sp_rsser.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\imapi.exe

.

**************************************************************************

.

Czas ukończenia: 2011-04-24 17:29:27 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2011-04-24 15:29

ComboFix2.txt 2009-06-18 08:26

.

Przed: 1 150 779 392 bajtów wolnych

Po: 1 410 105 344 bajtów wolnych

.

- - End Of File - - AC3D7FA91FBC9355B95EDD7B9216AF3B

(Acorus) #2

otl-gmer-rsit-dss-inne-instrukcje-t370405.html

Daj log z TDSSKiller http://support.kaspersky.com/viruses/so ... =208280684 Jak coś znajdzie daj na skip.


(Patrykwalkowicz) #3
2011/04/24 17:57:10.0781 1864	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/24 17:57:11.0609 1864	================================================================================

2011/04/24 17:57:11.0609 1864	SystemInfo:

2011/04/24 17:57:11.0609 1864	

2011/04/24 17:57:11.0609 1864	OS Version: 5.1.2600 ServicePack: 2.0

2011/04/24 17:57:11.0609 1864	Product type: Workstation

2011/04/24 17:57:11.0609 1864	ComputerName: DOM-MQI02892YJG

2011/04/24 17:57:11.0609 1864	UserName: dom

2011/04/24 17:57:11.0609 1864	Windows directory: C:\WINDOWS

2011/04/24 17:57:11.0609 1864	System windows directory: C:\WINDOWS

2011/04/24 17:57:11.0609 1864	Processor architecture: Intel x86

2011/04/24 17:57:11.0609 1864	Number of processors: 1

2011/04/24 17:57:11.0609 1864	Page size: 0x1000

2011/04/24 17:57:11.0609 1864	Boot type: Normal boot

2011/04/24 17:57:11.0609 1864	================================================================================

2011/04/24 17:57:11.0937 1864	Initialize success

2011/04/24 17:57:15.0296 0292	================================================================================

2011/04/24 17:57:15.0296 0292	Scan started

2011/04/24 17:57:15.0296 0292	Mode: Manual; 

2011/04/24 17:57:15.0296 0292	================================================================================

2011/04/24 17:57:16.0375 0292	Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/04/24 17:57:16.0984 0292	AC2003 (abdae0ff36a5ca1def07657d4c34ffcb) C:\WINDOWS\system32\Drivers\AC2003.sys

2011/04/24 17:57:17.0078 0292	ACPI (a966410ecf83b81f3b0b8e07a71957d4) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/04/24 17:57:17.0125 0292	ACPIEC (66a42b7db194e24b973bbcce840a0f3f) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/04/24 17:57:17.0515 0292	aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2011/04/24 17:57:17.0640 0292	AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

2011/04/24 17:57:17.0796 0292	agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/04/24 17:57:18.0421 0292	alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys

2011/04/24 17:57:18.0468 0292	alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys

2011/04/24 17:57:18.0531 0292	ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

2011/04/24 17:57:18.0593 0292	ALCXWDM (a886a879d2d05d942c3565c4d451ec23) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2011/04/24 17:57:19.0796 0292	aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/04/24 17:57:20.0000 0292	aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/04/24 17:57:20.0187 0292	aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/04/24 17:57:20.0406 0292	aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys

2011/04/24 17:57:20.0609 0292	aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/04/24 17:57:20.0750 0292	AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/04/24 17:57:20.0843 0292	atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/04/24 17:57:21.0171 0292	Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/04/24 17:57:21.0234 0292	audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/04/24 17:57:21.0296 0292	Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/04/24 17:57:21.0437 0292	cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/04/24 17:57:21.0625 0292	CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/04/24 17:57:21.0875 0292	Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/04/24 17:57:22.0015 0292	Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/04/24 17:57:22.0125 0292	Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/04/24 17:57:22.0906 0292	CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys

2011/04/24 17:57:23.0406 0292	Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/04/24 17:57:23.0578 0292	dmboot (3b809ffad55dcebdb156d5ca1bd3da65) C:\WINDOWS\system32\drivers\dmboot.sys

2011/04/24 17:57:23.0687 0292	dmio (27725b6501201c3080ba73048bce389a) C:\WINDOWS\system32\DRIVERS\dmio.sys

2011/04/24 17:57:23.0734 0292	dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/04/24 17:57:23.0906 0292	DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/04/24 17:57:24.0234 0292	drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/04/24 17:57:24.0578 0292	Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/04/24 17:57:24.0687 0292	Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/04/24 17:57:24.0750 0292	Fips (c5fb298257c0a6514ea17835e774ea0a) C:\WINDOWS\system32\drivers\Fips.sys

2011/04/24 17:57:24.0859 0292	Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/04/24 17:57:25.0046 0292	FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/04/24 17:57:25.0109 0292	Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/04/24 17:57:25.0156 0292	Ftdisk (ed6d921d8ab423138fb35beee6d6a6cb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/04/24 17:57:25.0281 0292	Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/04/24 17:57:25.0500 0292	HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/04/24 17:57:26.0156 0292	HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/04/24 17:57:26.0687 0292	i8042prt (2656fdfe0a7916c3a16f374454c55dd9) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/04/24 17:57:26.0796 0292	Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/04/24 17:57:27.0921 0292	intelppm (78a353438791c6d04c64013a5abec6bd) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/04/24 17:57:28.0062 0292	Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/04/24 17:57:28.0140 0292	IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/04/24 17:57:28.0250 0292	IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/04/24 17:57:28.0437 0292	IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/04/24 17:57:28.0562 0292	IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/04/24 17:57:28.0734 0292	IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/04/24 17:57:28.0781 0292	isapnp (01a9e68528f4f34e5702123d27c67bd4) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/04/24 17:57:28.0890 0292	Kbdclass (cc13db862f929ae33f64c3bedc01cd31) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/04/24 17:57:29.0078 0292	kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

2011/04/24 17:57:29.0171 0292	KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/04/24 17:57:29.0484 0292	mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/04/24 17:57:29.0609 0292	Modem (15f33d12d604d0198ce5561f102cd9c5) C:\WINDOWS\system32\drivers\Modem.sys

2011/04/24 17:57:29.0718 0292	Mouclass (69c12b99ae8b6b99ec314e9b99833728) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/04/24 17:57:29.0921 0292	mouhid (ecec1e6cd558ab80f944f31326e9d3b5) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/04/24 17:57:30.0015 0292	MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/04/24 17:57:30.0390 0292	MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/04/24 17:57:30.0578 0292	MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/04/24 17:57:30.0703 0292	Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/04/24 17:57:30.0843 0292	MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/04/24 17:57:30.0968 0292	MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/04/24 17:57:31.0109 0292	MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/04/24 17:57:31.0250 0292	mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/04/24 17:57:31.0437 0292	MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/04/24 17:57:31.0531 0292	Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/04/24 17:57:31.0750 0292	NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/04/24 17:57:31.0843 0292	NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/04/24 17:57:32.0031 0292	NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/04/24 17:57:32.0093 0292	NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/04/24 17:57:32.0218 0292	Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/04/24 17:57:32.0328 0292	NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/04/24 17:57:32.0375 0292	NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/04/24 17:57:32.0484 0292	NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/04/24 17:57:32.0593 0292	NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/04/24 17:57:32.0734 0292	Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/04/24 17:57:33.0062 0292	Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/04/24 17:57:33.0171 0292	Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/04/24 17:57:33.0390 0292	nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/04/24 17:57:33.0468 0292	NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/04/24 17:57:33.0531 0292	NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/04/24 17:57:33.0656 0292	Parport (2ff48d8fdc815a8492fb2bd81e6999c2) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/04/24 17:57:33.0703 0292	PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/04/24 17:57:33.0765 0292	ParVdm (453ec2c2a20a1382f564541918520eeb) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/04/24 17:57:36.0515 0292	PCANDIS5 (ceef86cb35abe95c40a88784f5b631ad) C:\WINDOWS\System32\PCANDIS5.SYS

2011/04/24 17:57:36.0609 0292	PCI (5fd05c92ec56f696eaa50b68cef1b84a) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/04/24 17:57:36.0828 0292	PCIIde (548cf2d6369eae441a4c6baa75bc4f0a) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/04/24 17:57:36.0984 0292	Pcmcia (2849812217ecec059cb45f80eb6e52d4) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/04/24 17:57:38.0250 0292	PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/04/24 17:57:38.0375 0292	Processor (0914733fb2fc58f69cda0e929bf2df22) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/04/24 17:57:38.0484 0292	PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/04/24 17:57:38.0531 0292	Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/04/24 17:57:38.0718 0292	PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/04/24 17:57:39.0750 0292	RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/04/24 17:57:39.0875 0292	Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/04/24 17:57:39.0984 0292	RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/04/24 17:57:40.0031 0292	Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/04/24 17:57:40.0203 0292	Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/04/24 17:57:40.0281 0292	RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/04/24 17:57:40.0453 0292	rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/04/24 17:57:40.0687 0292	RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/04/24 17:57:40.0859 0292	redbook (bddcece9acdad26841c987d10376f6f7) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/04/24 17:57:41.0046 0292	rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/04/24 17:57:41.0296 0292	SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys

2011/04/24 17:57:41.0484 0292	Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/04/24 17:57:41.0609 0292	serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/04/24 17:57:41.0734 0292	Serial (859bc6f8c3d58cfda9181e9926c7ddb9) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/04/24 17:57:41.0859 0292	Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/04/24 17:57:42.0250 0292	SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/04/24 17:57:42.0640 0292	splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

2011/04/24 17:57:42.0843 0292	sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys

2011/04/24 17:57:42.0843 0292	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329

2011/04/24 17:57:42.0859 0292	sptd - detected Locked file (1)

2011/04/24 17:57:43.0031 0292	sr (6145ca23bccda679a772ec0af42d6eb5) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/04/24 17:57:43.0234 0292	Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/04/24 17:57:43.0437 0292	streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/04/24 17:57:43.0562 0292	swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/04/24 17:57:43.0625 0292	swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/04/24 17:57:44.0515 0292	sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/04/24 17:57:44.0734 0292	Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/04/24 17:57:44.0906 0292	TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/04/24 17:57:45.0046 0292	TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/04/24 17:57:45.0218 0292	TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/04/24 17:57:45.0593 0292	Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/04/24 17:57:45.0984 0292	Update (7b2170ee3d858ce8fbe503904cc9b663) C:\WINDOWS\system32\DRIVERS\update.sys

2011/04/24 17:57:46.0171 0292	usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/04/24 17:57:46.0375 0292	usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/04/24 17:57:46.0453 0292	usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/04/24 17:57:46.0546 0292	usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/04/24 17:57:46.0718 0292	UsbSagCom (83610e5275ecf5337912d19e49210a5a) C:\WINDOWS\system32\DRIVERS\UsbSagCom.sys

2011/04/24 17:57:46.0890 0292	usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/04/24 17:57:47.0031 0292	USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/04/24 17:57:47.0125 0292	usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/04/24 17:57:47.0312 0292	V0420VID (e579144c0bfa5720e1da5a7783058e9a) C:\WINDOWS\system32\DRIVERS\V0420Vid.sys

2011/04/24 17:57:47.0437 0292	VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/04/24 17:57:47.0750 0292	VolSnap (ecd173739b8ec10a814cc18653df5a36) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/04/24 17:57:47.0906 0292	Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/04/24 17:57:48.0281 0292	wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/04/24 17:57:48.0562 0292	WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/04/24 17:57:48.0781 0292	WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/04/24 17:57:48.0984 0292	WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/04/24 17:57:49.0203 0292	WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/04/24 17:57:49.0734 0292	\HardDisk0 - detected Rootkit.Win32.BackBoot.gen (1)

2011/04/24 17:57:49.0734 0292	================================================================================

2011/04/24 17:57:49.0734 0292	Scan finished

2011/04/24 17:57:49.0734 0292	================================================================================

2011/04/24 17:57:49.0765 4080	Detected object count: 2

2011/04/24 17:58:07.0750 4080	Locked file(sptd) - User select action: Skip 

2011/04/24 17:58:07.0750 4080	Rootkit.Win32.BackBoot.gen(\HardDisk0) - User select action: Skip 

2011/04/24 17:58:17.0937 3788	================================================================================

2011/04/24 17:58:17.0937 3788	Scan started

2011/04/24 17:58:17.0937 3788	Mode: Manual; 

2011/04/24 17:58:17.0937 3788	================================================================================

2011/04/24 17:58:18.0296 3788	Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/04/24 17:58:18.0734 3788	AC2003 (abdae0ff36a5ca1def07657d4c34ffcb) C:\WINDOWS\system32\Drivers\AC2003.sys

2011/04/24 17:58:18.0828 3788	ACPI (a966410ecf83b81f3b0b8e07a71957d4) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/04/24 17:58:18.0875 3788	ACPIEC (66a42b7db194e24b973bbcce840a0f3f) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/04/24 17:58:19.0250 3788	aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2011/04/24 17:58:19.0375 3788	AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

2011/04/24 17:58:19.0546 3788	agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/04/24 17:58:20.0171 3788	alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys

2011/04/24 17:58:20.0218 3788	alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys

2011/04/24 17:58:20.0281 3788	ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

2011/04/24 17:58:20.0343 3788	ALCXWDM (a886a879d2d05d942c3565c4d451ec23) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2011/04/24 17:58:21.0593 3788	aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/04/24 17:58:21.0796 3788	aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/04/24 17:58:22.0093 3788	aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/04/24 17:58:22.0296 3788	aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys

2011/04/24 17:58:22.0593 3788	aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/04/24 17:58:22.0734 3788	AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/04/24 17:58:22.0828 3788	atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/04/24 17:58:23.0203 3788	Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/04/24 17:58:23.0250 3788	audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/04/24 17:58:23.0312 3788	Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/04/24 17:58:23.0468 3788	cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/04/24 17:58:23.0671 3788	CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/04/24 17:58:24.0015 3788	Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/04/24 17:58:24.0140 3788	Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/04/24 17:58:24.0312 3788	Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/04/24 17:58:25.0328 3788	CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys

2011/04/24 17:58:25.0843 3788	Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/04/24 17:58:26.0109 3788	dmboot (3b809ffad55dcebdb156d5ca1bd3da65) C:\WINDOWS\system32\drivers\dmboot.sys

2011/04/24 17:58:26.0437 3788	dmio (27725b6501201c3080ba73048bce389a) C:\WINDOWS\system32\DRIVERS\dmio.sys

2011/04/24 17:58:26.0484 3788	dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/04/24 17:58:26.0671 3788	DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/04/24 17:58:27.0031 3788	drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/04/24 17:58:27.0468 3788	Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/04/24 17:58:27.0671 3788	Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/04/24 17:58:27.0750 3788	Fips (c5fb298257c0a6514ea17835e774ea0a) C:\WINDOWS\system32\drivers\Fips.sys

2011/04/24 17:58:27.0859 3788	Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/04/24 17:58:28.0046 3788	FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/04/24 17:58:28.0109 3788	Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/04/24 17:58:28.0171 3788	Ftdisk (ed6d921d8ab423138fb35beee6d6a6cb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/04/24 17:58:28.0312 3788	Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/04/24 17:58:28.0562 3788	HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/04/24 17:58:29.0359 3788	HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/04/24 17:58:29.0984 3788	i8042prt (2656fdfe0a7916c3a16f374454c55dd9) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/04/24 17:58:30.0125 3788	Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/04/24 17:58:31.0437 3788	intelppm (78a353438791c6d04c64013a5abec6bd) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/04/24 17:58:31.0562 3788	Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/04/24 17:58:31.0640 3788	IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/04/24 17:58:31.0812 3788	IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/04/24 17:58:32.0140 3788	IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/04/24 17:58:32.0437 3788	IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/04/24 17:58:32.0593 3788	IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/04/24 17:58:32.0640 3788	isapnp (01a9e68528f4f34e5702123d27c67bd4) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/04/24 17:58:32.0765 3788	Kbdclass (cc13db862f929ae33f64c3bedc01cd31) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/04/24 17:58:32.0953 3788	kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

2011/04/24 17:58:33.0046 3788	KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/04/24 17:58:33.0359 3788	mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/04/24 17:58:33.0468 3788	Modem (15f33d12d604d0198ce5561f102cd9c5) C:\WINDOWS\system32\drivers\Modem.sys

2011/04/24 17:58:33.0578 3788	Mouclass (69c12b99ae8b6b99ec314e9b99833728) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/04/24 17:58:33.0796 3788	mouhid (ecec1e6cd558ab80f944f31326e9d3b5) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/04/24 17:58:33.0906 3788	MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/04/24 17:58:34.0312 3788	MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/04/24 17:58:35.0234 3788	MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/04/24 17:58:35.0671 3788	Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/04/24 17:58:36.0640 3788	MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/04/24 17:58:36.0796 3788	MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/04/24 17:58:36.0937 3788	MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/04/24 17:58:37.0078 3788	mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/04/24 17:58:37.0265 3788	MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/04/24 17:58:37.0375 3788	Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/04/24 17:58:37.0562 3788	NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/04/24 17:58:37.0671 3788	NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/04/24 17:58:37.0890 3788	NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/04/24 17:58:37.0953 3788	NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/04/24 17:58:38.0078 3788	Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/04/24 17:58:38.0203 3788	NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/04/24 17:58:38.0250 3788	NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/04/24 17:58:38.0343 3788	NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/04/24 17:58:38.0468 3788	NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/04/24 17:58:38.0593 3788	Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/04/24 17:58:38.0812 3788	Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/04/24 17:58:39.0109 3788	Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/04/24 17:58:40.0781 3788	nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/04/24 17:58:40.0859 3788	NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/04/24 17:58:40.0937 3788	NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/04/24 17:58:41.0046 3788	Parport (2ff48d8fdc815a8492fb2bd81e6999c2) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/04/24 17:58:41.0093 3788	PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/04/24 17:58:41.0140 3788	ParVdm (453ec2c2a20a1382f564541918520eeb) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/04/24 17:58:44.0843 3788	PCANDIS5 (ceef86cb35abe95c40a88784f5b631ad) C:\WINDOWS\System32\PCANDIS5.SYS

2011/04/24 17:58:44.0937 3788	PCI (5fd05c92ec56f696eaa50b68cef1b84a) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/04/24 17:58:45.0203 3788	PCIIde (548cf2d6369eae441a4c6baa75bc4f0a) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/04/24 17:58:45.0343 3788	Pcmcia (2849812217ecec059cb45f80eb6e52d4) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/04/24 17:58:46.0718 3788	PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/04/24 17:58:46.0859 3788	Processor (0914733fb2fc58f69cda0e929bf2df22) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/04/24 17:58:46.0984 3788	PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/04/24 17:58:47.0031 3788	Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/04/24 17:58:47.0203 3788	PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/04/24 17:58:48.0203 3788	RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/04/24 17:58:48.0312 3788	Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/04/24 17:58:48.0437 3788	RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/04/24 17:58:48.0468 3788	Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/04/24 17:58:48.0640 3788	Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/04/24 17:58:48.0703 3788	RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/04/24 17:58:48.0890 3788	rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/04/24 17:58:49.0093 3788	RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/04/24 17:58:49.0250 3788	redbook (bddcece9acdad26841c987d10376f6f7) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/04/24 17:58:49.0437 3788	rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/04/24 17:58:49.0671 3788	SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys

2011/04/24 17:58:49.0859 3788	Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/04/24 17:58:49.0984 3788	serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/04/24 17:58:50.0093 3788	Serial (859bc6f8c3d58cfda9181e9926c7ddb9) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/04/24 17:58:50.0203 3788	Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/04/24 17:58:50.0578 3788	SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/04/24 17:58:50.0953 3788	splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

2011/04/24 17:58:51.0140 3788	sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys

2011/04/24 17:58:51.0140 3788	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329

2011/04/24 17:58:51.0156 3788	sptd - detected Locked file (1)

2011/04/24 17:58:51.0328 3788	sr (6145ca23bccda679a772ec0af42d6eb5) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/04/24 17:58:51.0531 3788	Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/04/24 17:58:51.0718 3788	streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/04/24 17:58:51.0890 3788	swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/04/24 17:58:52.0000 3788	swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/04/24 17:58:53.0140 3788	sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/04/24 17:58:53.0343 3788	Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/04/24 17:58:53.0515 3788	TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/04/24 17:58:53.0671 3788	TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/04/24 17:58:54.0046 3788	TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/04/24 17:58:54.0421 3788	Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/04/24 17:58:55.0000 3788	Update (7b2170ee3d858ce8fbe503904cc9b663) C:\WINDOWS\system32\DRIVERS\update.sys

2011/04/24 17:58:55.0640 3788	usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/04/24 17:58:55.0890 3788	usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/04/24 17:58:56.0062 3788	usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/04/24 17:58:56.0171 3788	usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/04/24 17:58:56.0343 3788	UsbSagCom (83610e5275ecf5337912d19e49210a5a) C:\WINDOWS\system32\DRIVERS\UsbSagCom.sys

2011/04/24 17:58:56.0515 3788	usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/04/24 17:58:56.0656 3788	USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/04/24 17:58:56.0750 3788	usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/04/24 17:58:56.0953 3788	V0420VID (e579144c0bfa5720e1da5a7783058e9a) C:\WINDOWS\system32\DRIVERS\V0420Vid.sys

2011/04/24 17:58:57.0062 3788	VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/04/24 17:58:57.0375 3788	VolSnap (ecd173739b8ec10a814cc18653df5a36) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/04/24 17:58:57.0531 3788	Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/04/24 17:58:57.0968 3788	wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/04/24 17:58:58.0265 3788	WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/04/24 17:58:58.0453 3788	WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/04/24 17:58:58.0687 3788	WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/04/24 17:58:58.0890 3788	WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/04/24 17:58:59.0531 3788	\HardDisk0 - detected Rootkit.Win32.BackBoot.gen (1)

2011/04/24 17:58:59.0531 3788	================================================================================

2011/04/24 17:58:59.0531 3788	Scan finished

2011/04/24 17:58:59.0531 3788	================================================================================

2011/04/24 17:58:59.0562 0488	Detected object count: 2

(Acorus) #4

Przeskanuj jeszcze raz i przy tej pozycji " Rootkit.Win32.BackBoot.gen (1)"

daj na Cure.


(Patrykwalkowicz) #5

Dziękuję bardzo za pomoc.

Jest coś do usunięcia w logu Hijackthis?