hitchcock
(Patrykwalkowicz)
#1
Witam,
będę wdzięczny za pomoc z logami. Dodam, że mam problem z MBR PHYSICALDRIVE0.
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:00:52, on 24-04-2011
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Pasek &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.mks.com.pl
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service (adobe lm service) - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Usługa Google Update (gupdate1c9fb418d8715fa) (gupdate1c9fb418d8715fa) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 6859 bytes
Combofix:
ComboFix 11-04-23.02 - dom 24-04-2011 17:17:23.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1279.851 [GMT 2:00]
Uruchomiony z: c:\documents and settings\dom\Pulpit\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\dom\Recent\Thumbs.db
c:\documents and settings\dom\WINDOWS
C:\mtwb.dat
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchAssistant.dll
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\ToolBarBHO.dll
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\Gold VIP Club Casino
c:\program files\Gold VIP Club Casino\_patch\package_list.ini
c:\program files\Gold VIP Club Casino\_patch\package_list.ini.crc
c:\program files\Gold VIP Club Casino\bj.dll
c:\program files\Gold VIP Club Casino\casino.dll
c:\program files\Gold VIP Club Casino\casino.exe
c:\program files\Gold VIP Club Casino\casino.ico
c:\program files\Gold VIP Club Casino\casino.ini
c:\program files\Gold VIP Club Casino\directsound.dll
c:\program files\Gold VIP Club Casino\extgame.dll
c:\program files\Gold VIP Club Casino\fonts\albw.ttf
c:\program files\Gold VIP Club Casino\Gold VIP Club Casino.ico
c:\program files\Gold VIP Club Casino\Install.exe
c:\program files\Gold VIP Club Casino\installed\Blackjack - Common
c:\program files\Gold VIP Club Casino\installed\Blackjack - Common.ini
c:\program files\Gold VIP Club Casino\installed\Blackjack - Standard
c:\program files\Gold VIP Club Casino\installed\Blackjack - Standard.ini
c:\program files\Gold VIP Club Casino\installed\Extgame
c:\program files\Gold VIP Club Casino\installed\Extgame.ini
c:\program files\Gold VIP Club Casino\installed\Fonts - Latin
c:\program files\Gold VIP Club Casino\installed\Fonts - Latin.ini
c:\program files\Gold VIP Club Casino\installed\Lobby
c:\program files\Gold VIP Club Casino\installed\Lobby.ini
c:\program files\Gold VIP Club Casino\installed\packages
c:\program files\Gold VIP Club Casino\installed\SmartDownload
c:\program files\Gold VIP Club Casino\installed\SmartDownload.ini
c:\program files\Gold VIP Club Casino\lbyinst.exe
c:\program files\Gold VIP Club Casino\lobby.dll
c:\program files\Gold VIP Club Casino\lobby.ini
c:\program files\Gold VIP Club Casino\Microsoft.VC80.CRT.manifest
c:\program files\Gold VIP Club Casino\miniprocess.exe
c:\program files\Gold VIP Club Casino\msvcm80.dll
c:\program files\Gold VIP Club Casino\msvcp60.dll
c:\program files\Gold VIP Club Casino\msvcp80.dll
c:\program files\Gold VIP Club Casino\msvcr80.dll
c:\program files\Gold VIP Club Casino\msvcrt.dll
c:\program files\Gold VIP Club Casino\plibc32.dll
c:\program files\Gold VIP Club Casino\rsc\action_button.rsc
c:\program files\Gold VIP Club Casino\rsc\bj.en.st.rsc
c:\program files\Gold VIP Club Casino\rsc\blackjack32.en.rsc
c:\program files\Gold VIP Club Casino\rsc\card.rsc
c:\program files\Gold VIP Club Casino\rsc\cards32.rsc
c:\program files\Gold VIP Club Casino\rsc\casino.bd1.rsc
c:\program files\Gold VIP Club Casino\rsc\casino.cad.rsc
c:\program files\Gold VIP Club Casino\rsc\casino.chf.rsc
c:\program files\Gold VIP Club Casino\rsc\casino.cny.rsc
c:\program files\Gold VIP Club Casino\rsc\casino.en.rsc
c:\program files\Gold VIP Club Casino\rsc\casino.en.st.rsc
c:\program files\Gold VIP Club Casino\rsc\casino.eur.rsc
c:\program files\Gold VIP Club Casino\rsc\casino.gbp.rsc
c:\program files\Gold VIP Club Casino\rsc\casino.myr.rsc
c:\program files\Gold VIP Club Casino\rsc\casino.pen.rsc
c:\program files\Gold VIP Club Casino\rsc\casino.php.rsc
c:\program files\Gold VIP Club Casino\rsc\casino.pln.rsc
c:\program files\Gold VIP Club Casino\rsc\casino.rub.rsc
c:\program files\Gold VIP Club Casino\rsc\casino.usd.rsc
c:\program files\Gold VIP Club Casino\rsc\casino.zar.rsc
c:\program files\Gold VIP Club Casino\rsc\casino32.en.rsc
c:\program files\Gold VIP Club Casino\rsc\casino32.rsc
c:\program files\Gold VIP Club Casino\rsc\chips.bd1.rsc
c:\program files\Gold VIP Club Casino\rsc\chips.cad.rsc
c:\program files\Gold VIP Club Casino\rsc\chips.chf.rsc
c:\program files\Gold VIP Club Casino\rsc\chips.cny.rsc
c:\program files\Gold VIP Club Casino\rsc\chips.eur.rsc
c:\program files\Gold VIP Club Casino\rsc\chips.gbp.rsc
c:\program files\Gold VIP Club Casino\rsc\chips.myr.rsc
c:\program files\Gold VIP Club Casino\rsc\chips.pen.rsc
c:\program files\Gold VIP Club Casino\rsc\chips.php.rsc
c:\program files\Gold VIP Club Casino\rsc\chips.pln.rsc
c:\program files\Gold VIP Club Casino\rsc\chips.rub.rsc
c:\program files\Gold VIP Club Casino\rsc\chips.thb.rsc
c:\program files\Gold VIP Club Casino\rsc\chips.uah.rsc
c:\program files\Gold VIP Club Casino\rsc\chips.usd.rsc
c:\program files\Gold VIP Club Casino\rsc\chips.zar.rsc
c:\program files\Gold VIP Club Casino\rsc\chips32.cad.rsc
c:\program files\Gold VIP Club Casino\rsc\chips32.chf.rsc
c:\program files\Gold VIP Club Casino\rsc\chips32.cny.rsc
c:\program files\Gold VIP Club Casino\rsc\chips32.eur.rsc
c:\program files\Gold VIP Club Casino\rsc\chips32.myr.rsc
c:\program files\Gold VIP Club Casino\rsc\chips32.pen.rsc
c:\program files\Gold VIP Club Casino\rsc\chips32.php.rsc
c:\program files\Gold VIP Club Casino\rsc\chips32.pln.rsc
c:\program files\Gold VIP Club Casino\rsc\chips32.rub.rsc
c:\program files\Gold VIP Club Casino\rsc\chips32.thb.rsc
c:\program files\Gold VIP Club Casino\rsc\chips32.uah.rsc
c:\program files\Gold VIP Club Casino\rsc\chips32.usd.rsc
c:\program files\Gold VIP Club Casino\rsc\chips32.zar.rsc
c:\program files\Gold VIP Club Casino\rsc\downloaddlg.rsc
c:\program files\Gold VIP Club Casino\rsc\exit.en.rsc
c:\program files\Gold VIP Club Casino\rsc\extgame.en.st.rsc
c:\program files\Gold VIP Club Casino\rsc\history.rsc
c:\program files\Gold VIP Club Casino\rsc\lobby.en.st.rsc
c:\program files\Gold VIP Club Casino\rsc\lobby.rsc
c:\program files\Gold VIP Club Casino\rsc\logos.rsc
c:\program files\Gold VIP Club Casino\rsc\MaxPayoutInfo.rsc
c:\program files\Gold VIP Club Casino\rsc\options_new.rsc
c:\program files\Gold VIP Club Casino\rsc\rings.en.rsc
c:\program files\Gold VIP Club Casino\rsc\table.en.rsc
c:\program files\Gold VIP Club Casino\rsc\table.rsc
c:\program files\Gold VIP Club Casino\rsc\tables32.rsc
c:\program files\Gold VIP Club Casino\rsc\tbslot.en.rsc
c:\program files\Gold VIP Club Casino\sounds\Blackjack.ogg
c:\program files\Gold VIP Club Casino\sounds\Bust.ogg
c:\program files\Gold VIP Club Casino\sounds\cmn000.wav
c:\program files\Gold VIP Club Casino\sounds\cmn001.wav
c:\program files\Gold VIP Club Casino\sounds\cmn002.wav
c:\program files\Gold VIP Club Casino\sounds\cmn003.wav
c:\program files\Gold VIP Club Casino\sounds\cmn004.wav
c:\program files\Gold VIP Club Casino\sounds\cmn005.wav
c:\program files\Gold VIP Club Casino\sounds\cmn007.wav
c:\program files\Gold VIP Club Casino\sounds\HandScore_00.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_01.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_02.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_03.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_04.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_05.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_06.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_07.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_08.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_09.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_10.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_11.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_12.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_13.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_14.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_15.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_16.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_17.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_18.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_19.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_20.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_21.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_22.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_23.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_24.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_25.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_26.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_27.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_28.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_29.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_30.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_31.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_32.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_33.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_34.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_35.ogg
c:\program files\Gold VIP Club Casino\sounds\HandScore_36.ogg
c:\program files\Gold VIP Club Casino\sounds\Insurance.ogg
c:\program files\Gold VIP Club Casino\sounds\PlayerWins.ogg
c:\program files\Gold VIP Club Casino\sounds\Push.ogg
c:\program files\Gold VIP Club Casino\sounds\ShoeCardSound.ogg
c:\program files\Gold VIP Club Casino\sounds\Win.ogg
c:\program files\Gold VIP Club Casino\unicows.dll
c:\program files\Gold VIP Club Casino\winsound.dll
c:\program files\Gold VIP Club Casino\zlib.dll
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\program files\SGPSA\SearchAssistant.dll
c:\windows\system32\ccrpTmr6.dll
.
Zainfekowana kopia c:\windows\system32\kernel32.dll została znaleziona. Problem naprawiono
Plik odzyskano z - c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
.
.
((((((((((((((((((((((((( Pliki utworzone od 2011-03-24 do 2011-04-24 )))))))))))))))))))))))))))))))
.
.
2011-04-24 14:59 . 2011-04-24 14:59 388096 ----a-r- c:\documents and settings\dom\Dane aplikacji\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-24 14:59 . 2011-04-24 14:59 -------- d-----w- c:\program files\Trend Micro
2011-04-21 14:46 . 2011-04-21 14:46 -------- d--h--w- c:\windows\ie8
2011-04-21 14:39 . 2010-05-06 10:35 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-04-21 14:39 . 2010-05-06 10:35 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-04-21 14:39 . 2010-05-06 10:35 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-04-21 14:39 . 2010-05-06 10:35 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-04-21 14:39 . 2010-05-06 10:35 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-04-21 14:39 . 2010-05-06 10:35 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-04-21 14:39 . 2010-05-06 10:35 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-30 13:31 . 2008-03-30 13:31 20907376 ----a-w- c:\program files\aaw2007(dobreprogramy.pl).exe
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-01-02 09:06 365960 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-01-02 365960]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-01-02 365960]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7329:TCP"= 7329:TCP:Services
"7330:TCP"= 7330:TCP:Services
"6551:TCP"= 6551:TCP:Services
"6418:TCP"= 6418:TCP:Services
"2180:TCP"= 2180:TCP:Services
"4067:TCP"= 4067:TCP:Services
"3911:TCP"= 3911:TCP:Services
"7082:TCP"= 7082:TCP:Services
"6769:TCP"= 6769:TCP:Services
"5567:TCP"= 5567:TCP:Services
"6348:TCP"= 6348:TCP:Services
"7662:TCP"= 7662:TCP:Services
"6896:TCP"= 6896:TCP:Services
"8817:TCP"= 8817:TCP:Services
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27-01-2008 14:03 685816]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13-08-2008 19:46 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13-08-2008 19:46 17744]
R2 gupdate1c9fb418d8715fa;Usługa Google Update (gupdate1c9fb418d8715fa);c:\program files\Google\Update\GoogleUpdate.exe [02-07-2009 20:18 133104]
R3 xcpip;Sterownik protokołu TCP/IP;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;Sterownik IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 eovc65;eovc65; [x]
S3 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [05-11-2007 16:01 4224]
S3 UsbSagCom;Mobile Device Full USB Driver;c:\windows\system32\drivers\UsbSagCom.sys [29-06-2007 14:20 51712]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [11-07-2008 12:53 99648]
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 18:18]
.
2011-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 18:18]
.
2011-04-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-789336058-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 16:32]
.
2011-04-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-789336058-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 16:32]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
Trusted Zone: mks.com.pl\www
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-Locked - (no file)
AddRemove-Gadu-Gadu - c:\program files\Gadu-Gadu\Setup.exe
AddRemove-Gold VIP Club Casino - c:\program files\Gold VIP Club Casino\Install.exe
AddRemove-Mistrz Wizażu 2_is1 - g:\ola\MistrzWizażu2\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-24 17:28
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(3052)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\CTsvcCDA.exe
c:\windows\System32\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Czas ukończenia: 2011-04-24 17:29:27 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2011-04-24 15:29
ComboFix2.txt 2009-06-18 08:26
.
Przed: 1 150 779 392 bajtów wolnych
Po: 1 410 105 344 bajtów wolnych
.
- - End Of File - - AC3D7FA91FBC9355B95EDD7B9216AF3B
Acorus
(Acorus)
#2
hitchcock
(Patrykwalkowicz)
#3
2011/04/24 17:57:10.0781 1864 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/24 17:57:11.0609 1864 ================================================================================
2011/04/24 17:57:11.0609 1864 SystemInfo:
2011/04/24 17:57:11.0609 1864
2011/04/24 17:57:11.0609 1864 OS Version: 5.1.2600 ServicePack: 2.0
2011/04/24 17:57:11.0609 1864 Product type: Workstation
2011/04/24 17:57:11.0609 1864 ComputerName: DOM-MQI02892YJG
2011/04/24 17:57:11.0609 1864 UserName: dom
2011/04/24 17:57:11.0609 1864 Windows directory: C:\WINDOWS
2011/04/24 17:57:11.0609 1864 System windows directory: C:\WINDOWS
2011/04/24 17:57:11.0609 1864 Processor architecture: Intel x86
2011/04/24 17:57:11.0609 1864 Number of processors: 1
2011/04/24 17:57:11.0609 1864 Page size: 0x1000
2011/04/24 17:57:11.0609 1864 Boot type: Normal boot
2011/04/24 17:57:11.0609 1864 ================================================================================
2011/04/24 17:57:11.0937 1864 Initialize success
2011/04/24 17:57:15.0296 0292 ================================================================================
2011/04/24 17:57:15.0296 0292 Scan started
2011/04/24 17:57:15.0296 0292 Mode: Manual;
2011/04/24 17:57:15.0296 0292 ================================================================================
2011/04/24 17:57:16.0375 0292 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/04/24 17:57:16.0984 0292 AC2003 (abdae0ff36a5ca1def07657d4c34ffcb) C:\WINDOWS\system32\Drivers\AC2003.sys
2011/04/24 17:57:17.0078 0292 ACPI (a966410ecf83b81f3b0b8e07a71957d4) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/24 17:57:17.0125 0292 ACPIEC (66a42b7db194e24b973bbcce840a0f3f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/24 17:57:17.0515 0292 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/04/24 17:57:17.0640 0292 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/04/24 17:57:17.0796 0292 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/24 17:57:18.0421 0292 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
2011/04/24 17:57:18.0468 0292 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
2011/04/24 17:57:18.0531 0292 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/04/24 17:57:18.0593 0292 ALCXWDM (a886a879d2d05d942c3565c4d451ec23) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/04/24 17:57:19.0796 0292 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/04/24 17:57:20.0000 0292 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/04/24 17:57:20.0187 0292 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/04/24 17:57:20.0406 0292 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/04/24 17:57:20.0609 0292 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/04/24 17:57:20.0750 0292 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/24 17:57:20.0843 0292 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/24 17:57:21.0171 0292 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/24 17:57:21.0234 0292 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/24 17:57:21.0296 0292 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/24 17:57:21.0437 0292 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/24 17:57:21.0625 0292 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/24 17:57:21.0875 0292 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/24 17:57:22.0015 0292 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/24 17:57:22.0125 0292 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/24 17:57:22.0906 0292 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys
2011/04/24 17:57:23.0406 0292 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/24 17:57:23.0578 0292 dmboot (3b809ffad55dcebdb156d5ca1bd3da65) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/24 17:57:23.0687 0292 dmio (27725b6501201c3080ba73048bce389a) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/04/24 17:57:23.0734 0292 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/24 17:57:23.0906 0292 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/24 17:57:24.0234 0292 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/24 17:57:24.0578 0292 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/24 17:57:24.0687 0292 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/24 17:57:24.0750 0292 Fips (c5fb298257c0a6514ea17835e774ea0a) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/24 17:57:24.0859 0292 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/24 17:57:25.0046 0292 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/24 17:57:25.0109 0292 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/24 17:57:25.0156 0292 Ftdisk (ed6d921d8ab423138fb35beee6d6a6cb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/24 17:57:25.0281 0292 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/24 17:57:25.0500 0292 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/24 17:57:26.0156 0292 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/24 17:57:26.0687 0292 i8042prt (2656fdfe0a7916c3a16f374454c55dd9) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/24 17:57:26.0796 0292 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/24 17:57:27.0921 0292 intelppm (78a353438791c6d04c64013a5abec6bd) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/24 17:57:28.0062 0292 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/24 17:57:28.0140 0292 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/24 17:57:28.0250 0292 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/24 17:57:28.0437 0292 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/24 17:57:28.0562 0292 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/24 17:57:28.0734 0292 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/24 17:57:28.0781 0292 isapnp (01a9e68528f4f34e5702123d27c67bd4) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/24 17:57:28.0890 0292 Kbdclass (cc13db862f929ae33f64c3bedc01cd31) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/24 17:57:29.0078 0292 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/24 17:57:29.0171 0292 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/24 17:57:29.0484 0292 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/24 17:57:29.0609 0292 Modem (15f33d12d604d0198ce5561f102cd9c5) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/24 17:57:29.0718 0292 Mouclass (69c12b99ae8b6b99ec314e9b99833728) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/24 17:57:29.0921 0292 mouhid (ecec1e6cd558ab80f944f31326e9d3b5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/24 17:57:30.0015 0292 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/24 17:57:30.0390 0292 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/24 17:57:30.0578 0292 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/24 17:57:30.0703 0292 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/24 17:57:30.0843 0292 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/24 17:57:30.0968 0292 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/24 17:57:31.0109 0292 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/24 17:57:31.0250 0292 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/24 17:57:31.0437 0292 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/24 17:57:31.0531 0292 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/24 17:57:31.0750 0292 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/24 17:57:31.0843 0292 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/24 17:57:32.0031 0292 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/24 17:57:32.0093 0292 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/24 17:57:32.0218 0292 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/24 17:57:32.0328 0292 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/24 17:57:32.0375 0292 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/24 17:57:32.0484 0292 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/24 17:57:32.0593 0292 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/24 17:57:32.0734 0292 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/24 17:57:33.0062 0292 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/24 17:57:33.0171 0292 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/24 17:57:33.0390 0292 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/24 17:57:33.0468 0292 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/24 17:57:33.0531 0292 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/24 17:57:33.0656 0292 Parport (2ff48d8fdc815a8492fb2bd81e6999c2) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/24 17:57:33.0703 0292 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/24 17:57:33.0765 0292 ParVdm (453ec2c2a20a1382f564541918520eeb) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/24 17:57:36.0515 0292 PCANDIS5 (ceef86cb35abe95c40a88784f5b631ad) C:\WINDOWS\System32\PCANDIS5.SYS
2011/04/24 17:57:36.0609 0292 PCI (5fd05c92ec56f696eaa50b68cef1b84a) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/24 17:57:36.0828 0292 PCIIde (548cf2d6369eae441a4c6baa75bc4f0a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/24 17:57:36.0984 0292 Pcmcia (2849812217ecec059cb45f80eb6e52d4) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/24 17:57:38.0250 0292 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/24 17:57:38.0375 0292 Processor (0914733fb2fc58f69cda0e929bf2df22) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/24 17:57:38.0484 0292 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/24 17:57:38.0531 0292 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/24 17:57:38.0718 0292 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/24 17:57:39.0750 0292 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/24 17:57:39.0875 0292 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/24 17:57:39.0984 0292 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/24 17:57:40.0031 0292 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/24 17:57:40.0203 0292 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/24 17:57:40.0281 0292 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/24 17:57:40.0453 0292 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/24 17:57:40.0687 0292 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/24 17:57:40.0859 0292 redbook (bddcece9acdad26841c987d10376f6f7) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/24 17:57:41.0046 0292 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/04/24 17:57:41.0296 0292 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/04/24 17:57:41.0484 0292 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/24 17:57:41.0609 0292 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/24 17:57:41.0734 0292 Serial (859bc6f8c3d58cfda9181e9926c7ddb9) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/24 17:57:41.0859 0292 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/24 17:57:42.0250 0292 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/24 17:57:42.0640 0292 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/24 17:57:42.0843 0292 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/24 17:57:42.0843 0292 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/04/24 17:57:42.0859 0292 sptd - detected Locked file (1)
2011/04/24 17:57:43.0031 0292 sr (6145ca23bccda679a772ec0af42d6eb5) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/24 17:57:43.0234 0292 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/24 17:57:43.0437 0292 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/24 17:57:43.0562 0292 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/24 17:57:43.0625 0292 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/24 17:57:44.0515 0292 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/24 17:57:44.0734 0292 Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/24 17:57:44.0906 0292 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/24 17:57:45.0046 0292 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/24 17:57:45.0218 0292 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/24 17:57:45.0593 0292 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/24 17:57:45.0984 0292 Update (7b2170ee3d858ce8fbe503904cc9b663) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/24 17:57:46.0171 0292 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/24 17:57:46.0375 0292 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/24 17:57:46.0453 0292 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/24 17:57:46.0546 0292 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/24 17:57:46.0718 0292 UsbSagCom (83610e5275ecf5337912d19e49210a5a) C:\WINDOWS\system32\DRIVERS\UsbSagCom.sys
2011/04/24 17:57:46.0890 0292 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/24 17:57:47.0031 0292 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/24 17:57:47.0125 0292 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/24 17:57:47.0312 0292 V0420VID (e579144c0bfa5720e1da5a7783058e9a) C:\WINDOWS\system32\DRIVERS\V0420Vid.sys
2011/04/24 17:57:47.0437 0292 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/24 17:57:47.0750 0292 VolSnap (ecd173739b8ec10a814cc18653df5a36) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/24 17:57:47.0906 0292 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/24 17:57:48.0281 0292 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/24 17:57:48.0562 0292 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/04/24 17:57:48.0781 0292 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/24 17:57:48.0984 0292 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/24 17:57:49.0203 0292 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/24 17:57:49.0734 0292 \HardDisk0 - detected Rootkit.Win32.BackBoot.gen (1)
2011/04/24 17:57:49.0734 0292 ================================================================================
2011/04/24 17:57:49.0734 0292 Scan finished
2011/04/24 17:57:49.0734 0292 ================================================================================
2011/04/24 17:57:49.0765 4080 Detected object count: 2
2011/04/24 17:58:07.0750 4080 Locked file(sptd) - User select action: Skip
2011/04/24 17:58:07.0750 4080 Rootkit.Win32.BackBoot.gen(\HardDisk0) - User select action: Skip
2011/04/24 17:58:17.0937 3788 ================================================================================
2011/04/24 17:58:17.0937 3788 Scan started
2011/04/24 17:58:17.0937 3788 Mode: Manual;
2011/04/24 17:58:17.0937 3788 ================================================================================
2011/04/24 17:58:18.0296 3788 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/04/24 17:58:18.0734 3788 AC2003 (abdae0ff36a5ca1def07657d4c34ffcb) C:\WINDOWS\system32\Drivers\AC2003.sys
2011/04/24 17:58:18.0828 3788 ACPI (a966410ecf83b81f3b0b8e07a71957d4) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/24 17:58:18.0875 3788 ACPIEC (66a42b7db194e24b973bbcce840a0f3f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/24 17:58:19.0250 3788 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/04/24 17:58:19.0375 3788 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/04/24 17:58:19.0546 3788 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/24 17:58:20.0171 3788 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
2011/04/24 17:58:20.0218 3788 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
2011/04/24 17:58:20.0281 3788 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/04/24 17:58:20.0343 3788 ALCXWDM (a886a879d2d05d942c3565c4d451ec23) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/04/24 17:58:21.0593 3788 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/04/24 17:58:21.0796 3788 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/04/24 17:58:22.0093 3788 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/04/24 17:58:22.0296 3788 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/04/24 17:58:22.0593 3788 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/04/24 17:58:22.0734 3788 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/24 17:58:22.0828 3788 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/24 17:58:23.0203 3788 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/24 17:58:23.0250 3788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/24 17:58:23.0312 3788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/24 17:58:23.0468 3788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/24 17:58:23.0671 3788 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/24 17:58:24.0015 3788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/24 17:58:24.0140 3788 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/24 17:58:24.0312 3788 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/24 17:58:25.0328 3788 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys
2011/04/24 17:58:25.0843 3788 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/24 17:58:26.0109 3788 dmboot (3b809ffad55dcebdb156d5ca1bd3da65) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/24 17:58:26.0437 3788 dmio (27725b6501201c3080ba73048bce389a) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/04/24 17:58:26.0484 3788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/24 17:58:26.0671 3788 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/24 17:58:27.0031 3788 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/24 17:58:27.0468 3788 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/24 17:58:27.0671 3788 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/24 17:58:27.0750 3788 Fips (c5fb298257c0a6514ea17835e774ea0a) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/24 17:58:27.0859 3788 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/24 17:58:28.0046 3788 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/24 17:58:28.0109 3788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/24 17:58:28.0171 3788 Ftdisk (ed6d921d8ab423138fb35beee6d6a6cb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/24 17:58:28.0312 3788 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/24 17:58:28.0562 3788 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/24 17:58:29.0359 3788 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/24 17:58:29.0984 3788 i8042prt (2656fdfe0a7916c3a16f374454c55dd9) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/24 17:58:30.0125 3788 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/24 17:58:31.0437 3788 intelppm (78a353438791c6d04c64013a5abec6bd) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/24 17:58:31.0562 3788 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/24 17:58:31.0640 3788 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/24 17:58:31.0812 3788 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/24 17:58:32.0140 3788 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/24 17:58:32.0437 3788 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/24 17:58:32.0593 3788 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/24 17:58:32.0640 3788 isapnp (01a9e68528f4f34e5702123d27c67bd4) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/24 17:58:32.0765 3788 Kbdclass (cc13db862f929ae33f64c3bedc01cd31) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/24 17:58:32.0953 3788 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/24 17:58:33.0046 3788 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/24 17:58:33.0359 3788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/24 17:58:33.0468 3788 Modem (15f33d12d604d0198ce5561f102cd9c5) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/24 17:58:33.0578 3788 Mouclass (69c12b99ae8b6b99ec314e9b99833728) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/24 17:58:33.0796 3788 mouhid (ecec1e6cd558ab80f944f31326e9d3b5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/24 17:58:33.0906 3788 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/24 17:58:34.0312 3788 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/24 17:58:35.0234 3788 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/24 17:58:35.0671 3788 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/24 17:58:36.0640 3788 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/24 17:58:36.0796 3788 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/24 17:58:36.0937 3788 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/24 17:58:37.0078 3788 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/24 17:58:37.0265 3788 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/24 17:58:37.0375 3788 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/24 17:58:37.0562 3788 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/24 17:58:37.0671 3788 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/24 17:58:37.0890 3788 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/24 17:58:37.0953 3788 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/24 17:58:38.0078 3788 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/24 17:58:38.0203 3788 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/24 17:58:38.0250 3788 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/24 17:58:38.0343 3788 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/24 17:58:38.0468 3788 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/24 17:58:38.0593 3788 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/24 17:58:38.0812 3788 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/24 17:58:39.0109 3788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/24 17:58:40.0781 3788 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/24 17:58:40.0859 3788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/24 17:58:40.0937 3788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/24 17:58:41.0046 3788 Parport (2ff48d8fdc815a8492fb2bd81e6999c2) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/24 17:58:41.0093 3788 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/24 17:58:41.0140 3788 ParVdm (453ec2c2a20a1382f564541918520eeb) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/24 17:58:44.0843 3788 PCANDIS5 (ceef86cb35abe95c40a88784f5b631ad) C:\WINDOWS\System32\PCANDIS5.SYS
2011/04/24 17:58:44.0937 3788 PCI (5fd05c92ec56f696eaa50b68cef1b84a) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/24 17:58:45.0203 3788 PCIIde (548cf2d6369eae441a4c6baa75bc4f0a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/24 17:58:45.0343 3788 Pcmcia (2849812217ecec059cb45f80eb6e52d4) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/24 17:58:46.0718 3788 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/24 17:58:46.0859 3788 Processor (0914733fb2fc58f69cda0e929bf2df22) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/24 17:58:46.0984 3788 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/24 17:58:47.0031 3788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/24 17:58:47.0203 3788 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/24 17:58:48.0203 3788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/24 17:58:48.0312 3788 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/24 17:58:48.0437 3788 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/24 17:58:48.0468 3788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/24 17:58:48.0640 3788 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/24 17:58:48.0703 3788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/24 17:58:48.0890 3788 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/24 17:58:49.0093 3788 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/24 17:58:49.0250 3788 redbook (bddcece9acdad26841c987d10376f6f7) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/24 17:58:49.0437 3788 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/04/24 17:58:49.0671 3788 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/04/24 17:58:49.0859 3788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/24 17:58:49.0984 3788 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/24 17:58:50.0093 3788 Serial (859bc6f8c3d58cfda9181e9926c7ddb9) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/24 17:58:50.0203 3788 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/24 17:58:50.0578 3788 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/24 17:58:50.0953 3788 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/24 17:58:51.0140 3788 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/24 17:58:51.0140 3788 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/04/24 17:58:51.0156 3788 sptd - detected Locked file (1)
2011/04/24 17:58:51.0328 3788 sr (6145ca23bccda679a772ec0af42d6eb5) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/24 17:58:51.0531 3788 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/24 17:58:51.0718 3788 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/24 17:58:51.0890 3788 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/24 17:58:52.0000 3788 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/24 17:58:53.0140 3788 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/24 17:58:53.0343 3788 Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/24 17:58:53.0515 3788 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/24 17:58:53.0671 3788 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/24 17:58:54.0046 3788 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/24 17:58:54.0421 3788 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/24 17:58:55.0000 3788 Update (7b2170ee3d858ce8fbe503904cc9b663) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/24 17:58:55.0640 3788 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/24 17:58:55.0890 3788 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/24 17:58:56.0062 3788 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/24 17:58:56.0171 3788 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/24 17:58:56.0343 3788 UsbSagCom (83610e5275ecf5337912d19e49210a5a) C:\WINDOWS\system32\DRIVERS\UsbSagCom.sys
2011/04/24 17:58:56.0515 3788 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/24 17:58:56.0656 3788 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/24 17:58:56.0750 3788 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/24 17:58:56.0953 3788 V0420VID (e579144c0bfa5720e1da5a7783058e9a) C:\WINDOWS\system32\DRIVERS\V0420Vid.sys
2011/04/24 17:58:57.0062 3788 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/24 17:58:57.0375 3788 VolSnap (ecd173739b8ec10a814cc18653df5a36) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/24 17:58:57.0531 3788 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/24 17:58:57.0968 3788 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/24 17:58:58.0265 3788 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/04/24 17:58:58.0453 3788 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/24 17:58:58.0687 3788 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/24 17:58:58.0890 3788 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/24 17:58:59.0531 3788 \HardDisk0 - detected Rootkit.Win32.BackBoot.gen (1)
2011/04/24 17:58:59.0531 3788 ================================================================================
2011/04/24 17:58:59.0531 3788 Scan finished
2011/04/24 17:58:59.0531 3788 ================================================================================
2011/04/24 17:58:59.0562 0488 Detected object count: 2
Acorus
(Acorus)
#4
Przeskanuj jeszcze raz i przy tej pozycji " Rootkit.Win32.BackBoot.gen (1)"
daj na Cure.
hitchcock
(Patrykwalkowicz)
#5
Dziękuję bardzo za pomoc.
Jest coś do usunięcia w logu Hijackthis?