NOD32 hlásí - Adresa byla zablokována

Zpráva

bundaboy · #1 Příspěvek od **bundaboy** » 04 črc 2010 19:46

Prosim pomozte - uz nekolik dni mi NOD vyhazuje tohle okynko, kdyz spustim Firefox a vlezu na nejakou stranku. U IE to dela taky.

Obrázek

V nem se stridaly ruzne www adresy, ktere jsem posbiral a zatim v hosts souboru poslal na 127.0.0.0.

System jsem si projel nejnovejsim NODem, Spyware Terminatorem, Malwarebytes' Anti-Malware, Spybotem.

Jediny Malwarebytes' Anti-Malware nasel tohle (vypis z logu):

Infikované moduly v paměti:
C:\WINDOWS\CP1640.dll (Trojan.Agent.Gen) -> Delete on reboot.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xgomiqohuwude (Trojan.Agent.Gen) -> Delete on reboot.

Infikované soubory:
C:\WINDOWS\CP1640.dll (Trojan.Agent.Gen) -> Delete on reboot.

Bohuzel to bud nebylo ono, nebo se nesmazalo po rebootu vsechno a NOD porad vyskakoval, dokud jsem ty adresy v "hosts" nebloknul.

LOG z RSIT:

Logfile of random's system information tool 1.07 (written by random/random)
Run by bundaboy at 2010-07-04 20:14:10
Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (47%) free of 50 GB
Total RAM: 3007 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:15:14, on 4.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\GiPo@Utilities\JIT Scheduler\sched.exe
C:\Program Files\Restore Desktop\RestoreDesktop.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\DVBViewer\dvbviewer.exe
C:\Program Files\PopTray\PopTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\GiPo@Utilities\JIT Scheduler\schednt.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\BOINC\boinc.exe
Y:\mIRCczLite\mirc.exe
C:\Program Files\Firefox\firefox.exe
C:\Program Files\BOINC\Data\projects\www.worldcommunitygrid.org\wcg_hcmd2_maxdo_6.14_windows_intelx86
C:\Program Files\BOINC\Data\projects\www.freehal.net_freehal_at_home\freehalboinc_1.46_windows_intelx86.exe
C:\Program Files\BOINC\Data\projects\wuprop.boinc-af.org\data_collect_1.32_windows_intelx86__nci.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\BOINC\Data\projects\www.worldcommunitygrid.org\wcg_hcmd2_maxdo_6.14_windows_intelx86
D:\prace\RSIT.exe
C:\Program Files\trend micro\bundaboy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [ussshreg] C:\PROGRA~1\ULEADS~1.0\Ussshreg.exe /r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [JITScheduler] "C:\Program Files\GiPo@Utilities\JIT Scheduler\sched.exe"
O4 - HKCU\..\Run: [RestoreDesktop] C:\Program Files\Restore Desktop\RestoreDesktop.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DVBViewer Pro.lnk = C:\Program Files\DVBViewer\dvbviewer.exe
O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe
O4 - Global Startup: Total Commander.lnk = C:\Program Files\totalcmd\TOTALCMD.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JIT Scheduler - Gibin Software House
http://www.gibinsoft.com - C:\Program Files\GiPo@Utilities\JIT Scheduler\schednt.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6885 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-06-25 1241552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-06-25 1241552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
"P17Helper"=Rundll32 SPIRun.dll,RunDLLEntry []
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2003-06-22 1297920]
"ussshreg"=C:\PROGRA~1\ULEADS~1.0\Ussshreg.exe [2000-04-20 32768]
"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2006-07-28 122880]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-09-23 1657448]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"boincmgr"=C:\Program Files\BOINC\boincmgr.exe [2010-05-14 4825856]
"boinctray"=C:\Program Files\BOINC\boinctray.exe [2010-05-14 58112]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-07-04 2176512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"=C:\Program Files\TrueCrypt\TrueCrypt.exe [2009-08-22 1369792]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"JITScheduler"=C:\Program Files\GiPo@Utilities\JIT Scheduler\sched.exe [2008-03-24 188416]
"RestoreDesktop"=C:\Program Files\Restore Desktop\RestoreDesktop.exe [2003-03-11 45056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Total Commander.lnk - C:\Program Files\totalcmd\TOTALCMD.EXE

C:\Documents and Settings\bundaboy\Start Menu\Programs\Startup
DVBViewer Pro.lnk - C:\Program Files\DVBViewer\dvbviewer.exe
PopTray.lnk - C:\Program Files\PopTray\PopTray.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181
"NoSMHelp"=0x01000000
"NoDriveAutoRun"=0xDFFFFF03
"NoLogoff"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"Y:\mIRCczLite\mirc.exe"="Y:\mIRCczLite\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\WinSCP4\WinSCP.exe"="C:\Program Files\WinSCP4\WinSCP.exe:*:Enabled:WinSCP: SFTP, FTP and SCP client"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\bundaboy\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\bundaboy\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Program Files\TeamViewer\TeamViewer.exe"="C:\Program Files\TeamViewer\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-07-04 20:14:10 ----D---- C:\rsit
2010-07-04 20:14:10 ----D---- C:\Program Files\trend micro
2010-07-04 14:11:31 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-07-04 14:11:31 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-04 13:55:26 ----D---- C:\Documents and Settings\bundaboy\Application Data\Malwarebytes
2010-07-04 13:55:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-04 13:55:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-04 11:42:27 ----D---- C:\Program Files\Crawler
2010-07-04 11:42:24 ----D---- C:\Documents and Settings\bundaboy\Application Data\Spyware Terminator
2010-07-04 11:42:23 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2010-07-04 11:42:21 ----D---- C:\Program Files\Spyware Terminator
2010-07-01 11:19:22 ----SHD---- C:\Config.Msi
2010-06-29 00:48:27 ----D---- C:\Program Files\CoreTemp
2010-06-28 17:11:13 ----D---- C:\Documents and Settings\bundaboy\Application Data\Unity
2010-06-27 21:52:08 ----D---- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
2010-06-22 22:44:11 ----D---- C:\Documents and Settings\bundaboy\Application Data\AIMP
2010-06-22 22:43:24 ----D---- C:\Program Files\Aimp
2010-06-16 23:20:37 ----D---- C:\Program Files\DVR-Studio HD 2
2010-06-13 12:54:09 ----D---- C:\Program Files\Tools
2010-06-13 00:43:47 ----D---- C:\Program Files\TeamViewer
2010-06-13 00:07:07 ----D---- C:\Documents and Settings\bundaboy\Application Data\TeamViewer
2010-06-10 00:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-10 00:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-10 00:06:50 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-10 00:06:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-10 00:06:41 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-10 00:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-10 00:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-06-09 22:16:26 ----D---- C:\Documents and Settings\bundaboy\Application Data\queuelocks
2010-06-08 22:46:46 ----A---- C:\WINDOWS\system32\MediaInfo.dll

======List of files/folders modified in the last 1 months======

2010-07-04 20:14:11 ----D---- C:\WINDOWS\Temp
2010-07-04 20:14:10 ----RD---- C:\Program Files
2010-07-04 16:05:42 ----D---- C:\WINDOWS\system32
2010-07-04 16:05:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-04 16:01:51 ----D---- C:\Program Files\Firefox
2010-07-04 15:59:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-04 14:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2010-07-04 14:01:26 ----D---- C:\WINDOWS\system32\drivers
2010-07-04 14:01:26 ----D---- C:\WINDOWS
2010-07-03 11:55:04 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-02 23:59:57 ----A---- C:\WINDOWS\winamp.ini
2010-07-02 13:11:42 ----A---- C:\WINDOWS\WDICT32.INI
2010-07-01 11:19:56 ----SHD---- C:\WINDOWS\Installer
2010-06-30 22:59:18 ----HD---- C:\WINDOWS\inf
2010-06-30 22:58:54 ----RSD---- C:\WINDOWS\assembly
2010-06-30 22:58:42 ----D---- C:\WINDOWS\system32\DirectX
2010-06-29 17:18:43 ----D---- C:\WINDOWS\Minidump
2010-06-24 16:17:54 ----N---- C:\WINDOWS\win.ini
2010-06-24 12:25:15 ----D---- C:\Program Files\Grabovani
2010-06-23 12:03:10 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-23 11:51:02 ----D---- C:\WINDOWS\WinSxS
2010-06-22 22:44:57 ----D---- C:\Documents and Settings\bundaboy\Application Data\foobar2000
2010-06-15 22:19:53 ----D---- C:\Program Files\totalcmd
2010-06-13 12:55:23 ----D---- C:\WINDOWS\Prefetch
2010-06-11 18:39:09 ----D---- C:\Program Files\BOINC
2010-06-11 18:38:31 ----D---- C:\WINDOWS\Downloaded Installations
2010-06-10 00:07:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-10 00:07:12 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-10 00:07:03 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2009-08-22 217664]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2009-08-05 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2009-08-05 41424]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R3 AF15BDA;AF9015 BDA Filter; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2008-01-24 327296]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-12-08 142336]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2006-08-07 162176]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-12-08 114688]
R3 P17xfi;Sound Blaster X-Fi Xtreme Audio; C:\WINDOWS\system32\drivers\P17xfi.sys [2007-11-21 1174528]
R3 p17xfilt;p17xfilt; C:\WINDOWS\system32\drivers\p17xfilt.sys [2007-10-10 1664384]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 TTUSB2BDA;TTUSB2BDA USB 2.0 Driver; C:\WINDOWS\system32\DRIVERS\ttusb2bda.sys [2007-08-31 571904]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2009-08-05 91472]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2009-08-05 99472]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-07-26 248832]
S1 bead;bead; \??\C:\WINDOWS\system32\bead.sys []
S3 ahp81go4;ahp81go4; C:\WINDOWS\system32\drivers\ahp81go4.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-22 153376]
R2 JIT Scheduler;JIT Scheduler; C:\Program Files\GiPo@Utilities\JIT Scheduler\schednt.exe [2008-03-24 176128]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-11-03 1332480]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-07-04 488960]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Dekuju predem za jakoukoliv radu.

EDIT: Jeste pridam vypis tech www adres z hosts, treba to pomuze:

Kód: Vybrat vše

127.0.0.1       m01n83kjf7.com                  # spyware
127.0.0.1       clkh71yhks66.com                # spyware
127.0.0.1       7gafd33ja90a.com                # spyware
127.0.0.1       n1mo661s6cx0.com                # spyware
127.0.0.1       j00k877x.cc                     # spyware
127.0.0.1       30xc1cjh91.com                  # spyware

bundaboy · #2 Příspěvek od **bundaboy** » 04 črc 2010 21:03

GMER LOG hned po spusteni:

Kód: Vybrat vše

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-04 21:43:58
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\bundaboy\LOCALS~1\Temp\fxtdapow.sys

---- System - GMER 1.0.15 ----

SSDT            sptd.sys                                 ZwEnumerateKey [0xB7ED3A92]
SSDT            sptd.sys                                 ZwEnumerateValueKey [0xB7ED3E20]

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                   8A4D51E8

AttachedDevice  \FileSystem\Ntfs \Ntfs                   eamon.sys (Amon monitor/ESET)
AttachedDevice  \Driver\Tcpip \Device\Tcp                epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device           -> \Driver\atapi \Device\Harddisk0\DR0  8A311EC5

---- Files - GMER 1.0.15 ----

File            C:\WINDOWS\system32\drivers\atapi.sys    suspicious modification

---- EOF - GMER 1.0.15 ----

Ted jsem tedy odskrtnul Sections a IAT/EAT a nechal zaskrtly jen C:\ a dal scan.

Mimochodem je normalni, ze pri tom druhem scanu zacnou pc vytezovat "lsass.exe" a "mstsc.exe" na 100%?

bundaboy · #3 Příspěvek od **bundaboy** » 04 črc 2010 21:11

Pardon, ja jen chtel zachovat log v txt podobe beze zmen.

Jsem jinak rad, ze uz asi vidis pricinu, trochu se mi ulevilo...

Druhy scan porad jede... Jak dlouho to tak prumerne trva? Na C: mam cca 25GB dat...

bundaboy · #4 Příspěvek od **bundaboy** » 05 črc 2010 10:34

No ja to zkousel vydrzet do 1h v noci, ale pak jsem musel jit taky spat. Navic s PC se v te dobe uz nedalo skoro nic delat, odezva byla tak 1minutu

a kdyz jsem se pokousel zavrit gmer, tak na me vybafl BSOD... Takze to ted zkusim pustim znovu.

bundaboy · #5 Příspěvek od **bundaboy** » 05 črc 2010 11:32

GMER LOG 2 (snad je to kompletni), ted to dojelo za 45minut. To jsem z toho blazen.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-05 12:25:30
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\bundaboy\LOCALS~1\Temp\fxtdapow.sys

---- System - GMER 1.0.15 ----

SSDT 89A3B580 ZwAssignProcessToJobObject
SSDT sptd.sys ZwCreateKey [0xB7ECE0B0]
SSDT 89A3C100 ZwDebugActiveProcess
SSDT 89A3BB30 ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey [0xB7ED3A92]
SSDT sptd.sys ZwEnumerateValueKey [0xB7ED3E20]
SSDT sptd.sys ZwOpenKey [0xB7ECE090]
SSDT 89A3ACC0 ZwOpenProcess
SSDT 89A3AFC0 ZwOpenThread
SSDT 89A3B9C0 ZwProtectVirtualMemory
SSDT sptd.sys ZwQueryKey [0xB7ED3EF8]
SSDT sptd.sys ZwQueryValueKey [0xB7ED3D78]
SSDT 89A3B860 ZwSetContextThread
SSDT 89A3B6E0 ZwSetInformationThread
SSDT 89A38700 ZwSetSecurityObject
SSDT sptd.sys ZwSetValueKey [0xB7ED3F8A]
SSDT 89A3B420 ZwSuspendProcess
SSDT 89A3B2C0 ZwSuspendThread
SSDT 89A3AE50 ZwTerminateProcess
SSDT 89A3B150 ZwTerminateThread
SSDT 89A3BF50 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A4D51E8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\usbuhci \Device\USBPDO-0 8A1C9980
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A4631E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A4631E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A4631E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A4631E8
Device \Driver\usbuhci \Device\USBPDO-1 8A1C9980
Device \Driver\usbehci \Device\USBPDO-2 8A1A2690
Device \Driver\usbehci \Device\USBPDO-3 8A1A2690
Device \Driver\usbuhci \Device\USBPDO-4 8A1C9980
Device \Driver\NetBT \Device\NetBT_Tcpip_{C082AA3E-4AAC-49C3-8A15-02F0971521DB} 89988980

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device \Driver\usbuhci \Device\USBPDO-5 8A1C9980
Device \Driver\usbuhci \Device\USBPDO-6 8A1C9980
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A4D71E8
Device \Driver\Cdrom \Device\CdRom0 8A18C5A0
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A4D71E8
Device \Driver\Cdrom \Device\CdRom1 8A18C5A0
Device \Driver\atapi \Device\Ide\IdePort0 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 89988980
Device \Driver\NetBT \Device\NetbiosSmb 89988980
Device \Driver\PCI_NTPNP3308 \Device\0000004d sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{B9003F00-6DB5-4720-ACC1-E8E6B893E9AE} 89988980
Device \Driver\usbuhci \Device\USBFDO-0 8A1C9980
Device \Driver\usbuhci \Device\USBFDO-1 8A1C9980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89972980
Device \Driver\usbehci \Device\USBFDO-2 8A1A2690
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89972980
Device \Driver\usbuhci \Device\USBFDO-3 8A1C9980
Device \Driver\usbuhci \Device\USBFDO-4 8A1C9980
Device \Driver\Ftdisk \Device\FtControl 8A4D71E8
Device \Driver\usbuhci \Device\USBFDO-5 8A1C9980
Device \Driver\usbehci \Device\USBFDO-6 8A1A2690
Device \Driver\asd58877 \Device\Scsi\asd588771 8A10E8A8
Device \Driver\asd58877 \Device\Scsi\asd588771Port6Path0Target0Lun0 8A10E8A8
Device \FileSystem\Cdfs \Cdfs 8A26F940
Device -> \Driver\atapi \Device\Harddisk0\DR0 8A324EC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -731693287
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -2076454870
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0xE9 0x38 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCF 0x27 0x1C 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC6 0x78 0x36 0xDA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0xE9 0x38 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCF 0x27 0x1C 0x1C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC6 0x78 0x36 0xDA ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION E3D3160FC65A4168EA1DB392B5DF7558F207CDA6BDD7EDB25E6CD5529F5FA593C1DBBEF03D075132EEF846C6CABB98C04F7515ABC8CA17E50C1529CADAEEB1B903C68FE3E66B3DD71549F6B10540EF06B7E1084ABD64A66464A4929E9D147BAD4DC98A819633288D649154482DB83A8339C161ED782E1B4F1BA29B53793BDDFB161DA586B14A6A69BADEE11F9C336FF6B41051A5E976A6313599C2921214E795AAFDCBD5B3629165C8BC95F14580B805E1CAFBA59752B0F68E9A77A9A213DED1A92DD9F4A96F5CDF91BD5CA028B6F136C8F67A471797FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CBA7FD869164D6794AE53747C969D822F79392BED22752847E30D82C087583EEBD0EC4E0C5CF36732A2486E88E33D03BA2F8AED426C57F6EB02C767677E0FB9C3737E3E16D2E6B5378A71294BA52EFB1B350008CF4EABBE2A49230F49AD5FA68F5A663BC66A4272035E0220EE01A6677D22777B3216250F718CC722923190CB9DB6B6B2F9AD85B7694B96A4210B83D454BEB41E850A150CF452C399F11C908283EAE2E210975934FE30ADDC13CE42E7D6885F1AEE61F56F2B5506469BF16FB7988E4660EC9D06A89C24283FF9CB86D67EB1026B13C6E1834F8363C9472C626C79ED9

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

bundaboy · #6 Příspěvek od **bundaboy** » 05 črc 2010 12:01

ComboFix LOG:

ComboFix 10-07-04.04 - bundaboy 05.07.2010 12:52:50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3007.2640 [GMT 2:00]
Spuštěný z: c:\documents and settings\bundaboy\Desktop\abraka.com.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.
ComboFix zaznamenal kritickou chybu!! Prosím uploadněte tento soubor - C:\ComboFix_error.dat
na toto umístění: http://www.bleepingcomputer.com/submit- ... ?channel=4

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Možné infikované stránky -----

hxxp://nefertum.security.cpas.cz
Nakažená kopie c:\windows\system32\drivers\pciide.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-05 do 2010-07-05 )))))))))))))))))))))))))))))))
.

2010-07-05 10:55 . 2010-07-05 10:55 42163 ----a-w- C:\ComboFix_error.dat
2010-07-04 19:43 . 2009-12-15 09:24 293376 ----a-w- C:\gmer.exe
2010-07-04 18:14 . 2010-07-04 18:15 -------- d-----w- C:\rsit
2010-07-04 18:14 . 2010-07-04 18:15 -------- d-----w- c:\program files\trend micro
2010-07-04 12:11 . 2010-07-04 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-04 12:11 . 2010-07-04 12:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-04 11:55 . 2010-07-04 11:55 -------- d-----w- c:\documents and settings\bundaboy\Application Data\Malwarebytes
2010-07-04 11:55 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-04 11:55 . 2010-07-04 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-04 11:55 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 11:55 . 2010-07-04 11:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-04 09:42 . 2010-07-04 09:42 -------- d-----w- c:\program files\Crawler
2010-07-04 09:42 . 2010-07-04 09:44 -------- d-----w- c:\documents and settings\bundaboy\Application Data\Spyware Terminator
2010-07-04 09:42 . 2010-07-04 09:42 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2010-07-04 09:42 . 2010-07-04 09:42 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2010-07-04 09:42 . 2010-07-04 09:42 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-07-04 09:42 . 2010-07-04 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-07-04 09:42 . 2010-07-04 10:14 -------- d-----w- c:\program files\Spyware Terminator
2010-06-28 22:48 . 2010-06-28 22:48 -------- d-----w- c:\program files\CoreTemp
2010-06-28 15:11 . 2010-06-28 15:11 -------- d-----w- c:\documents and settings\bundaboy\Application Data\Unity
2010-06-28 15:05 . 2010-06-28 15:05 -------- d-----w- c:\documents and settings\bundaboy\Local Settings\Application Data\Unity
2010-06-27 19:52 . 2010-06-27 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2010-06-22 20:44 . 2010-06-28 20:35 -------- d-----w- c:\documents and settings\bundaboy\Application Data\AIMP
2010-06-22 20:43 . 2010-06-22 20:44 -------- d-----w- c:\program files\Aimp
2010-06-16 21:20 . 2010-06-16 21:20 -------- d-----w- c:\program files\DVR-Studio HD 2
2010-06-13 10:54 . 2010-06-13 10:54 -------- d-----w- c:\program files\Tools
2010-06-12 22:43 . 2010-06-12 22:43 -------- d-----w- c:\program files\TeamViewer
2010-06-12 22:07 . 2010-06-12 22:07 -------- d-----w- c:\documents and settings\bundaboy\Application Data\TeamViewer
2010-06-12 22:07 . 2010-06-12 22:07 -------- d-----w- c:\documents and settings\bundaboy\temp
2010-06-11 16:39 . 2010-06-11 16:39 284646 ----a-r- c:\documents and settings\bundaboy\Application Data\Microsoft\Installer\{BD55C983-7989-4F2F-8D24-2D892C621D9D}\BOINCMGRLink_B65C4A4D2B2A46CCA2D918164C6297B8.exe
2010-06-11 16:39 . 2010-06-11 16:39 284646 ----a-r- c:\documents and settings\bundaboy\Application Data\Microsoft\Installer\{BD55C983-7989-4F2F-8D24-2D892C621D9D}\ARPPRODUCTICON.exe
2010-06-09 20:16 . 2010-06-29 12:18 -------- d-----w- c:\documents and settings\bundaboy\Application Data\queuelocks
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31906\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31906\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31906\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31906\AcrobatUpdater.exe
2010-06-08 20:46 . 2009-11-13 08:39 2072576 ----a-w- c:\windows\system32\MediaInfo.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 10:53 . 2009-08-22 12:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-05 10:53 . 2009-08-22 12:40 2850 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-07-05 10:30 . 2009-08-22 12:59 -------- d-----w- c:\program files\Firefox
2010-06-24 10:25 . 2009-08-22 15:17 -------- d-----w- c:\program files\Grabovani
2010-06-22 20:44 . 2010-05-04 11:01 -------- d-----w- c:\documents and settings\bundaboy\Application Data\foobar2000
2010-06-15 20:19 . 2009-08-22 12:54 -------- d-----w- c:\program files\totalcmd
2010-06-11 16:39 . 2009-08-22 17:15 -------- d-----w- c:\program files\BOINC
2010-05-28 19:03 . 2010-05-28 19:03 -------- d-----w- c:\program files\DVR-Studio HD
2010-05-28 19:02 . 2010-05-28 19:02 484198 ----a-w- c:\documents and settings\bundaboy\Application Data\Haenlein-Software\DVR-Studio HD\Temp\Setup.exe
2010-05-24 19:02 . 2010-04-23 10:29 -------- d-----w- c:\documents and settings\bundaboy\Application Data\Haenlein-Software
2010-05-21 12:18 . 2009-09-21 14:49 -------- d-----w- c:\program files\Paint.NET
2010-05-19 15:25 . 2010-05-19 15:25 -------- d-----w- c:\documents and settings\bundaboy\Application Data\eFMer
2010-05-19 15:25 . 2010-05-19 15:25 -------- d-----w- c:\program files\BoincTasks
2010-05-14 13:10 . 2010-05-14 13:10 815872 ----a-w- c:\windows\boinc.scr
2010-05-02 05:22 . 2008-04-13 23:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-25 14:53 . 2010-04-25 14:53 323624 ----a-w- c:\windows\system32\wiaaut.dll
2010-04-20 05:30 . 2008-04-14 03:39 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2008-04-14 03:42 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2008-04-14 03:41 81920 ----a-w- c:\windows\system32\ieencode.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2009-08-22 1369792]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"JITScheduler"="c:\program files\GiPo@Utilities\JIT Scheduler\sched.exe" [2008-03-23 188416]
"RestoreDesktop"="c:\program files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"P17Helper"="SPIRun.dll" [2006-07-03 10752]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2003-06-22 1297920]
"ussshreg"="c:\progra~1\ULEADS~1.0\Ussshreg.exe" [2000-04-20 32768]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2010-05-14 4825856]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2010-05-14 58112]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-07-04 2176512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\bundaboy\Start Menu\Programs\Startup\
DVBViewer Pro.lnk - c:\program files\DVBViewer\dvbviewer.exe [2009-8-22 1364064]
PopTray.lnk - c:\program files\PopTray\PopTray.exe [2006-9-16 1666048]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Total Commander.lnk - c:\program files\totalcmd\TOTALCMD.EXE [2009-8-22 1091768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Grabovani\\JDee\\JDee.exe"=
"c:\\Documents and Settings\\bundaboy\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.7.2010 11:42 142592]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [28.8.2009 14:16 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [28.8.2009 14:16 41424]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 JIT Scheduler;JIT Scheduler;c:\program files\GiPo@Utilities\JIT Scheduler\schednt.exe [21.12.2009 0:56 176128]
R3 TTUSB2BDA;TTUSB2BDA USB 2.0 Driver;c:\windows\system32\drivers\ttusb2bda.sys [22.8.2009 16:28 571904]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [28.8.2009 14:16 91472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [5.8.2009 16:20 99472]
S1 bead;bead;\??\c:\windows\system32\bead.sys --> c:\windows\system32\bead.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.8.2009 17:19 646392]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\bundaboy\Application Data\Mozilla\Firefox\Profiles\4ivzdi5l.default\
FF - plugin: c:\documents and settings\bundaboy\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-mIRC - y:\mircczlite\mirc.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 12:55
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-583907252-152049171-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:ad,94,35,5d,d8,8a,f9,26,1d,d5,69,8c,ef,bf,25,c7,4f,cc,df,86,c6,
24,71,50,c4,f6,4b,b0,d2,2a,2e,2e,0d,4a,60,58,18,a6,bc,69,01,67,5c,f4,3f,02,\
"rkeysecu"=hex:5a,80,37,4a,5c,72,bb,f1,0b,ba,26,29,37,f8,68,b3

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="E3D3160FC65A4168EA1DB392B5DF7558F207CDA6BDD7EDB25E6CD5529F5FA593C1DBBEF03D075132EEF846C6CABB98C04F7515ABC8CA17E50C1529CADAEEB1B903C68FE3E66B3DD71549F6B10540EF06B7E1084ABD64A66464A4929E9D147BAD4DC98A819633288D649154482DB83A8339C161ED782E1B4F1BA29B53793BDDFB161DA586B14A6A69BADEE11F9C336FF6B41051A5E976A6313599C2921214E795AAFDCBD5B3629165C8BC95F14580B805E1CAFBA59752B0F68E9A77A9A213DED1A92DD9F4A96F5CDF91BD5CA028B6F136C8F67A471797FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CBA7FD869164D6794AE53747C969D822F79392BED22752847E30D82C087583EEBD0EC4E0C5CF36732A2486E88E33D03BA2F8AED426C57F6EB02C767677E0FB9C3737E3E16D2E6B5378A71294BA52EFB1B350008CF4EABBE2A49230F49AD5FA68F5A663BC66A4272035E0220EE01A6677D22777B3216250F718CC722923190CB9DB6B6B2F9AD85B7694B96A4210B83D454BEB41E850A150CF452C399F11C908283EAE2E210975934FE30ADDC13CE42E7D6885F1AEE61F56F2B5506469BF16FB7988E4660EC9D06A89C24283FF9CB86D67EB1026B13C6E1834F8363C9472C626C79ED9C13FAA478ECDF6D4E1912F5966F091E0D659E5C992AE07F151CB0374237078709B52785C46A2A09C90D1533DD0EF8E8532DBDB400D6A39FB58597758C3FE30F8ED9DF8F9F201E29A70D485F6A2794DF0CBDA5591D129DEE46273FBAE0C3F86D99E19B8463A0A8305C64EEC770C2E504D3E30CC41E781B2CAB736FD08514723C7585529A8D10F4373DAED2B1C67ABB0AA840AA67D1392AC9AE30F3F363183FCB5451017B40AB740C05DC43D3660027DB6F4A41252E999E6C7A799CD506C6969FCB25A745C1BFDBACD13411D7F0147E18ECCC91D6C77110F021BCBB1C9E2FED6F54334C09FA2F25D026CB115D260F5D0FCFE1E3C75CAD5866153C2B5D04F002A6CB05F54F7BEE0C5E68131E776FDC1F46A4FE80394B4E960CB091C5292DC1536573F6B18FF20C937363C815AD577CE878E068385C9966B05B2EA5E980B6EB267E71B59139B8227FDFC402D7F88C011E125B37DC5CED1FC97D3036FB56634B02794FC7282E4765D9A79F27CBCBE090EBB4CD5AC45415B55052B95864151753B311F8848F443A1BEF846AF6DB86CCE7BD365A134AD2FD79F1EA34718E1A5907CAB64017E3C4561ED162FE807481EA56C6208377CC5DBDCEA10EEABC6AB559801C0DDBFEC56FFE5C55E21CA80707793E7EAFAFEFAF6C8AAD17378EC769AD67EB3F6AE311DA75405793D7E3A889D6DB179C572B3DD8E942A3CD1334F686B9F78D90DCD6"
.
Celkový čas: 2010-07-05 12:56:47
ComboFix-quarantined-files.txt 2010-07-05 10:56

Před spuštěním: 24 916 810 752 bytes free
Po spuštění: 24 934 526 976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 82A335DB00CA2DE8D91989C538F032DD

Co ted? Mel bych asi resnout Windows, protoze vedle hodin neni vubec nic...

bundaboy · #7 Příspěvek od **bundaboy** » 05 črc 2010 12:32

Ano soubor jsem upnul, to cos chtel mas v PM a ja jdu na restart...

bundaboy · #8 Příspěvek od **bundaboy** » 05 črc 2010 12:56

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:55 on 05/07/2010 (bundaboy)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools -> Removed
HKLM:DAEMON Tools -> Removed

Checking for services/drivers...
SPTD -> Already disabled

-=E.O.F=-

OK?

bundaboy · #9 Příspěvek od **bundaboy** » 05 črc 2010 12:57

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

bundaboy · #10 Příspěvek od **bundaboy** » 05 črc 2010 12:59

mbr.exe -t log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

bundaboy · #11 Příspěvek od **bundaboy** » 05 črc 2010 13:01

Kratky GMER Log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-05 14:01:25
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\bundaboy\LOCALS~1\Temp\fxtdapow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- EOF - GMER 1.0.15 ----

bundaboy · #12 Příspěvek od **bundaboy** » 05 črc 2010 13:30

OTL.txt LOG:

OTL logfile created on: 5.7.2010 14:23:36 - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\bundaboy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 23,23 Gb Free Space | 47,57% Space Free | Partition Type: NTFS
Drive D: | 341,80 Gb Total Space | 99,36 Gb Free Space | 29,07% Space Free | Partition Type: NTFS
Drive E: | 540,88 Gb Total Space | 52,79 Gb Free Space | 9,76% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: bundaboy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.07.05 14:21:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bundaboy\Desktop\OTL.exe
PRC - [2010.07.04 11:42:24 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010.06.25 22:10:02 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Firefox\firefox.exe
PRC - [2010.05.14 15:10:06 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2009.08.22 15:02:46 | 001,369,792 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2009.05.14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.05.14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008.11.03 12:45:46 | 001,332,480 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2008.08.08 07:04:10 | 001,091,768 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE
PRC - [2008.04.14 05:42:42 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.24 01:00:00 | 000,188,416 | ---- | M] (Gibin Software House
http://www.gibinsoft.com) -- C:\Program Files\GiPo@Utilities\JIT Scheduler\sched.exe
PRC - [2008.03.24 01:00:00 | 000,176,128 | ---- | M] (Gibin Software House
http://www.gibinsoft.com) -- C:\Program Files\GiPo@Utilities\JIT Scheduler\schednt.exe
PRC - [2006.09.16 15:01:16 | 001,666,048 | ---- | M] (Renier Crause) -- C:\Program Files\PopTray\PopTray.exe
PRC - [2006.07.28 09:56:48 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2003.06.22 16:38:28 | 001,297,920 | ---- | M] (Hagel Technologies) -- C:\Program Files\DU Meter\DUMeter.exe
PRC - [2003.03.11 10:52:16 | 000,045,056 | ---- | M] (Kanex Group, Inc.) -- C:\Program Files\Restore Desktop\RestoreDesktop.exe

========== Modules (SafeList) ==========

MOD - [2010.07.05 14:21:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bundaboy\Desktop\OTL.exe
MOD - [2008.04.14 05:42:04 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008.04.14 05:42:04 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008.04.14 05:42:04 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008.04.14 05:42:02 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008.04.14 05:41:54 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008.04.14 05:41:52 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008.04.14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010.07.04 11:42:24 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009.05.14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.05.14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008.11.03 12:45:46 | 001,332,480 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.03.24 01:00:00 | 000,176,128 | ---- | M] (Gibin Software House
http://www.gibinsoft.com) [Auto | Running] -- C:\Program Files\GiPo@Utilities\JIT Scheduler\schednt.exe -- (JIT Scheduler)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\bundaboy\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\bead.sys -- (bead)
DRV - [2010.07.04 11:42:24 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009.09.30 00:20:34 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2009.09.27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009.08.22 15:02:47 | 000,217,664 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009.08.05 16:21:14 | 000,041,424 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2009.08.05 16:20:00 | 000,099,472 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2009.08.05 16:20:00 | 000,091,472 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009.08.05 16:19:56 | 000,115,856 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2009.05.14 15:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.05.14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.05.14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.04.14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008.02.05 01:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008.01.24 15:05:24 | 000,327,296 | ---- | M] (AfaTech ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2007.11.21 17:06:26 | 001,174,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17xfi.sys -- (P17xfi)
DRV - [2007.10.10 19:31:08 | 001,664,384 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\p17xfilt.sys -- (p17xfilt)
DRV - [2007.08.31 08:03:39 | 000,571,904 | R--- | M] (TechnoTrend AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ttusb2bda.sys -- (TTUSB2BDA)
DRV - [2006.08.07 13:30:52 | 000,162,176 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2006.07.26 08:56:00 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005.12.08 05:54:52 | 000,114,688 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005.12.08 05:54:44 | 000,142,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.04.01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-583907252-152049171-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-583907252-152049171-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0.1
FF - prefs.js..extensions.enabledItems: {5556F97E-11A5-46b0-9082-32AD74AAA920}:0.4.2.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.7
FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.19
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {54BB9F3F-07E5-486c-9B39-C7398B99391C}:3.1.2009110201
FF - prefs.js..extensions.enabledItems: tinyurl.addon@fast-chat.co.uk:2.0.0

FF - HKLM\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010.07.04 11:42:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Firefox\components [2010.06.25 22:10:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Firefox\plugins [2010.07.01 11:19:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.08.22 14:47:03 | 000,000,000 | ---D | M]

[2009.08.22 14:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Mozilla\Extensions
[2010.07.04 12:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Mozilla\Firefox\Profiles\4ivzdi5l.default\extensions
[2010.05.09 13:33:23 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Documents and Settings\bundaboy\Application Data\Mozilla\Firefox\Profiles\4ivzdi5l.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2009.11.06 21:58:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bundaboy\Application Data\Mozilla\Firefox\Profiles\4ivzdi5l.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}
[2010.05.09 13:33:23 | 000,000,000 | ---D | M] (AutoFormer) -- C:\Documents and Settings\bundaboy\Application Data\Mozilla\Firefox\Profiles\4ivzdi5l.default\extensions\{5556F97E-11A5-46b0-9082-32AD74AAA920}
[2010.01.23 15:11:26 | 000,000,000 | ---D | M] (Image Toolbar) -- C:\Documents and Settings\bundaboy\Application Data\Mozilla\Firefox\Profiles\4ivzdi5l.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
[2010.05.09 13:33:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\bundaboy\Application Data\Mozilla\Firefox\Profiles\4ivzdi5l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.10.14 00:22:48 | 000,000,000 | ---D | M] (ImageTweak) -- C:\Documents and Settings\bundaboy\Application Data\Mozilla\Firefox\Profiles\4ivzdi5l.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}
[2010.06.29 17:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bundaboy\Application Data\Mozilla\Firefox\Profiles\4ivzdi5l.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.06.11 13:10:57 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\bundaboy\Application Data\Mozilla\Firefox\Profiles\4ivzdi5l.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.06.18 21:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Mozilla\Firefox\Profiles\4ivzdi5l.default\extensions\tinyurl.addon@fast-chat.co.uk

O1 HOSTS File: ([2010.07.05 12:55:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-583907252-152049171-1177238915-1003\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\SPIRUN.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [ussshreg] C:\Program Files\Ulead SmartSaver Pro 3.0\Ussshreg.exe ()
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-583907252-152049171-1177238915-1003..\Run: [JITScheduler] C:\Program Files\GiPo@Utilities\JIT Scheduler\sched.exe (Gibin Software House
http://www.gibinsoft.com)
O4 - HKU\S-1-5-21-583907252-152049171-1177238915-1003..\Run: [RestoreDesktop] C:\Program Files\Restore Desktop\RestoreDesktop.exe (Kanex Group, Inc.)
O4 - HKU\S-1-5-21-583907252-152049171-1177238915-1003..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Total Commander.lnk = C:\Program Files\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.)
O4 - Startup: C:\Documents and Settings\bundaboy\Start Menu\Programs\Startup\DVBViewer Pro.lnk = C:\Program Files\DVBViewer\dvbviewer.exe (CM&V Hackbart)
O4 - Startup: C:\Documents and Settings\bundaboy\Start Menu\Programs\Startup\PopTray.lnk = C:\Program Files\PopTray\PopTray.exe (Renier Crause)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-152049171-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-152049171-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-583907252-152049171-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-583907252-152049171-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-583907252-152049171-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-583907252-152049171-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.92.155.1 81.92.158.236
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\bundaboy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\bundaboy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.22 14:40:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 7 Days ==========

[2010.07.05 14:21:09 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bundaboy\Desktop\OTL.exe
[2010.07.05 14:12:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bundaboy\Recent
[2010.07.05 12:50:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.07.05 12:48:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.07.05 12:48:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.07.05 12:48:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.07.05 12:48:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.07.05 12:48:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.07.05 12:44:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.07.04 20:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.07.04 20:14:10 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.04 14:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.07.04 14:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010.07.04 13:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bundaboy\Application Data\Malwarebytes
[2010.07.04 13:55:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.04 13:55:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.04 13:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.07.04 13:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.04 11:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2010.07.04 11:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bundaboy\Application Data\Spyware Terminator
[2010.07.04 11:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2010.07.04 11:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010.07.01 11:19:22 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.06.29 00:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\CoreTemp
[2010.06.28 17:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bundaboy\Application Data\Unity
[2010.06.28 17:05:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bundaboy\Local Settings\Application Data\Unity
[2009.08.22 15:09:56 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.07.05 14:23:34 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.05 14:23:34 | 000,433,518 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.05 14:23:34 | 000,068,294 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.07.05 14:21:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bundaboy\Desktop\OTL.exe
[2010.07.05 14:19:05 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.07.05 14:19:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.05 14:19:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.05 14:18:56 | 000,246,461 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010.07.05 14:08:04 | 000,001,509 | ---- | M] () -- C:\Documents and Settings\bundaboy\Desktop\Notepad.lnk
[2010.07.05 13:57:01 | 000,077,312 | ---- | M] () -- C:\mbr.exe
[2010.07.05 13:55:52 | 000,000,280 | ---- | M] () -- C:\Documents and Settings\bundaboy\defogger_reenable
[2010.07.05 13:53:50 | 000,050,477 | ---- | M] () -- C:\Defogger.exe
[2010.07.05 13:49:53 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\bundaboy\NTUSER.DAT
[2010.07.05 13:47:17 | 000,001,780 | -H-- | M] () -- C:\Documents and Settings\bundaboy\My Documents\Default.rdp
[2010.07.05 13:33:30 | 000,000,600 | ---- | M] () -- C:\WINDOWS\winscp.RND
[2010.07.05 12:55:59 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.05 12:55:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.07.05 12:55:13 | 000,042,163 | ---- | M] () -- C:\ComboFix_error.dat
[2010.07.05 12:50:19 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.07.05 12:36:49 | 003,726,382 | R--- | M] () -- C:\Documents and Settings\bundaboy\Desktop\abraka.com.exe
[2010.07.04 14:11:40 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\bundaboy\Desktop\Spybot - Search & Destroy.lnk
[2010.07.04 13:55:07 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.04 11:43:47 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2010.07.04 11:42:24 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.07.04 11:21:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.03 18:26:03 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\bundaboy\Application Data\winscp.rnd
[2010.07.02 23:59:57 | 000,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010.07.02 15:44:04 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\bundaboy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.02 13:11:42 | 000,001,242 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2010.06.30 22:58:22 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sniper Ghost Warrior.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.07.05 13:57:00 | 000,077,312 | ---- | C] () -- C:\mbr.exe
[2010.07.05 13:55:50 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\bundaboy\defogger_reenable
[2010.07.05 13:53:50 | 000,050,477 | ---- | C] () -- C:\Defogger.exe
[2010.07.05 12:55:13 | 000,042,163 | ---- | C] () -- C:\ComboFix_error.dat
[2010.07.05 12:50:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.07.05 12:50:18 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.07.05 12:48:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.07.05 12:48:57 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.07.05 12:48:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.07.05 12:48:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.07.05 12:48:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.07.05 12:36:27 | 003,726,382 | R--- | C] () -- C:\Documents and Settings\bundaboy\Desktop\abraka.com.exe
[2010.07.04 21:43:15 | 000,293,376 | ---- | C] () -- C:\gmer.exe
[2010.07.04 14:11:40 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\bundaboy\Desktop\Spybot - Search & Destroy.lnk
[2010.07.04 13:55:07 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.04 11:43:47 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2010.07.04 11:42:24 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.06.30 22:58:22 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sniper Ghost Warrior.lnk
[2010.01.08 14:29:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OODCNT.INI
[2009.11.09 19:17:55 | 000,000,271 | ---- | C] () -- C:\WINDOWS\game.ini
[2009.08.31 18:25:11 | 000,000,152 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2009.08.25 13:28:54 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\Sslsvc.dll
[2009.08.25 13:28:54 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009.08.25 13:28:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2009.08.25 13:28:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009.08.23 15:26:11 | 000,001,242 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2009.08.22 21:23:30 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009.08.22 18:46:39 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009.08.22 16:03:06 | 000,886,360 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009.08.22 16:02:53 | 000,198,232 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009.08.22 16:02:49 | 000,155,528 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2009.08.22 15:15:26 | 000,019,216 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009.08.22 15:12:38 | 000,018,972 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.08.22 15:12:38 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009.08.22 15:12:27 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.08.22 15:10:49 | 000,022,478 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2009.08.22 15:10:49 | 000,000,054 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009.08.22 15:09:56 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll
[2009.08.22 15:09:56 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2009.08.22 15:09:56 | 000,008,251 | R--- | C] () -- C:\WINDOWS\sfsyn.ini
[2009.08.22 15:09:10 | 000,001,869 | ---- | C] () -- C:\WINDOWS\TVAfaDrv.ini
[2009.08.22 15:09:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.08.22 15:06:40 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.08.22 15:06:39 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.08.22 15:05:34 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.08.22 15:05:33 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

========== LOP Check ==========

[2009.08.22 16:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CMUV
[2009.12.13 14:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cypheros
[2009.08.22 14:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009.08.22 17:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010.06.27 21:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2010.07.04 12:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2010.06.28 22:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\AIMP
[2009.10.07 15:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\com.fox.dollhouse.VirtualEcho.8DB2FB41E3AF9617470F9C3E78FDAAA51EF66383.1
[2010.05.19 17:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\eFMer
[2010.06.22 22:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\foobar2000
[2010.05.24 21:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Haenlein-Software
[2010.02.15 21:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\mkvtoolnix
[2009.09.28 19:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Notepad++
[2010.06.29 14:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\queuelocks
[2010.07.04 11:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Spyware Terminator
[2010.06.13 00:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\TeamViewer
[2009.08.22 19:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\TrueCrypt
[2010.06.28 17:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Unity

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"TrueCrypt" = "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences -- [2009.08.22 15:02:46 | 001,369,792 | ---- | M] (TrueCrypt Foundation)
"JITScheduler" = "C:\Program Files\GiPo@Utilities\JIT Scheduler\sched.exe" -- [2008.03.24 01:00:00 | 000,188,416 | ---- | M] (Gibin Software House
http://www.gibinsoft.com)
"RestoreDesktop" = C:\Program Files\Restore Desktop\RestoreDesktop.exe -- [2003.03.11 10:52:16 | 000,045,056 | ---- | M] (Kanex Group, Inc.)

< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2010.07.05 13:53:50 | 000,050,477 | ---- | M] () -- C:\Defogger.exe
[2009.12.15 11:24:48 | 000,293,376 | ---- | M] () -- C:\gmer.exe
[2010.07.05 13:57:01 | 000,077,312 | ---- | M] () -- C:\mbr.exe

< %ALLUSERSPROFILE%\Application Data\*. >
[2010.01.18 17:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009.08.22 16:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CMUV
[2009.08.22 21:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Creative
[2009.12.13 14:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cypheros
[2009.08.22 14:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009.08.22 17:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010.06.27 21:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2010.07.04 13:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009.09.03 16:32:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010.03.25 12:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009.09.15 13:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2009.09.26 11:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010.07.04 14:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010.07.04 12:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2010.06.09 10:06:33 | 000,331,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31906\AcrobatUpdater.exe
[2010.06.09 10:06:33 | 000,976,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31906\AdobeARM.exe
[2010.06.09 10:06:33 | 000,331,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31906\ReaderUpdater.exe
[2009.08.22 15:24:29 | 006,657,680 | ---- | M] (Creative Technology Ltd) -- C:\Documents and Settings\All Users\Application Data\Creative\Software Update\cache\Creative SoundFont Bank Manager 3.21.00__\SFBM_PCAPP_LB_3_21_00.exe
[2010.03.24 13:21:53 | 001,924,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
[2009.10.27 22:04:44 | 001,962,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
[2010.07.04 11:42:24 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe

< %APPDATA%\*. >
[2009.10.12 13:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Adobe
[2010.06.28 22:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\AIMP
[2009.10.07 15:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\com.fox.dollhouse.VirtualEcho.8DB2FB41E3AF9617470F9C3E78FDAAA51EF66383.1
[2010.05.19 17:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\eFMer
[2010.06.22 22:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\foobar2000
[2010.05.24 21:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Haenlein-Software
[2009.08.22 17:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Help
[2009.08.22 14:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Identities
[2009.08.22 21:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Macromedia
[2010.07.04 13:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Malwarebytes
[2009.08.22 20:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Media Player Classic
[2009.09.29 20:12:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\bundaboy\Application Data\Microsoft
[2010.02.15 21:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\mkvtoolnix
[2009.08.22 14:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Mozilla
[2009.09.28 19:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Notepad++
[2010.06.29 14:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\queuelocks
[2009.10.07 23:35:57 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\bundaboy\Application Data\SecuROM
[2010.04.21 19:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Skype
[2010.04.21 16:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\skypePM
[2010.07.04 11:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Spyware Terminator
[2009.08.22 17:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Sun
[2010.06.13 00:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\TeamViewer
[2009.08.22 19:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\TrueCrypt
[2010.06.28 17:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\Unity
[2009.08.22 15:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bundaboy\Application Data\WinRAR

< %APPDATA%\*.exe /s >
[2010.05.28 21:02:20 | 000,484,198 | ---- | M] () -- C:\Documents and Settings\bundaboy\Application Data\Haenlein-Software\DVR-Studio HD\Temp\Setup.exe
[2009.12.31 01:16:36 | 000,038,784 | ---- | M] () -- C:\Documents and Settings\bundaboy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.06.11 18:39:10 | 000,284,646 | R--- | M] () -- C:\Documents and Settings\bundaboy\Application Data\Microsoft\Installer\{BD55C983-7989-4F2F-8D24-2D892C621D9D}\ARPPRODUCTICON.exe
[2010.06.11 18:39:10 | 000,284,646 | R--- | M] () -- C:\Documents and Settings\bundaboy\Application Data\Microsoft\Installer\{BD55C983-7989-4F2F-8D24-2D892C621D9D}\BOINCMGRLink_B65C4A4D2B2A46CCA2D918164C6297B8.exe

< MD5 for: AGP440.SYS >
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\system32\drivers\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008.04.14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: BEEP.SYS >
[2001.08.23 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2001.08.23 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001.08.23 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: CDROM.SYS >
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2008.04.14 05:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2008.04.14 05:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 00:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 00:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 00:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\system32\drivers\isapnp.sys
[2008.04.14 00:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: PCIIDE.SYS >
[2001.08.17 13:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=CCF5F451BB1A5A2A522A76E670000FF0 -- C:\WINDOWS\system32\dllcache\pciide.sys
[2001.08.23 14:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=CCF5F451BB1A5A2A522A76E670000FF0 -- C:\WINDOWS\system32\drivers\pciide.sys
[2001.08.23 14:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=CCF5F451BB1A5A2A522A76E670000FF0 -- C:\WINDOWS\system32\drivers\system32\drivers\pciide.sys
[2001.08.23 14:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=CCF5F451BB1A5A2A522A76E670000FF0 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\pciide.sys
[2001.08.17 13:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=CCF5F451BB1A5A2A522A76E670000FF0 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\pciide.sys

< MD5 for: SCECLI.DLL >
[2008.04.14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 05:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.08.22 16:25:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.08.22 16:25:31 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.08.22 16:25:31 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0OODBS\0\0

< %systemroot%\system32\drivers\*.sys /3 >
[2010.07.04 11:42:24 | 000,142,592 | ---- | M] () -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

< %systemroot%\system32\*.* /3 >
[2010.07.05 14:19:05 | 000,253,748 | ---- | M] () -- C:\WINDOWS\system32\NvApps.xml
[2010.07.05 14:18:56 | 000,246,461 | ---- | M] () -- C:\WINDOWS\system32\oodbs.lor
[2010.07.05 14:23:34 | 000,068,294 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.07.05 14:23:34 | 000,433,518 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.07.05 14:23:34 | 000,508,956 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.07.04 11:21:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

Jen trosku nechapu tu poznamku s OTH...

Snad jsem to udelal dobre.

bundaboy · #13 Příspěvek od **bundaboy** » 05 črc 2010 13:32

Sken souboru atapi.sys:

http://www.virustotal.com/cs/analisis/b ... 1278332672

bundaboy · #14 Příspěvek od **bundaboy** » 05 črc 2010 14:26

Tak jsem zatim otestoval C:\WINDOWS\System32\WBEM\WMIADAP.EXE

http://www.virustotal.com/cs/analisis/a ... 1278336086

U C:\WINDOWS\system32\bead.sys mi system hlasi, ze soubor nebyl nalezen... Toz nevim co s tim?

Ted jdu zkusit znova ten ComboFix. Za ten spatny rename se omlouvam, takova zacatecnicka chyba

bundaboy · #15 Příspěvek od **bundaboy** » 05 črc 2010 14:47

Novy ComboFix LOG:

ComboFix 10-07-04.04 - bundaboy 05.07.2010 15:42:01.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3007.2537 [GMT 2:00]
Spuštěný z: c:\documents and settings\bundaboy\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-05 do 2010-07-05 )))))))))))))))))))))))))))))))
.

2010-07-05 11:57 . 2010-07-05 11:57 77312 ----a-w- C:\mbr.exe
2010-07-05 11:53 . 2010-07-05 11:53 50477 ----a-w- C:\Defogger.exe
2010-07-04 19:43 . 2009-12-15 09:24 293376 ----a-w- C:\gmer.exe
2010-07-04 18:14 . 2010-07-04 18:15 -------- d-----w- C:\rsit
2010-07-04 18:14 . 2010-07-04 18:15 -------- d-----w- c:\program files\trend micro
2010-07-04 12:11 . 2010-07-04 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-04 12:11 . 2010-07-04 12:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-04 11:55 . 2010-07-04 11:55 -------- d-----w- c:\documents and settings\bundaboy\Application Data\Malwarebytes
2010-07-04 11:55 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-04 11:55 . 2010-07-04 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-04 11:55 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 11:55 . 2010-07-04 11:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-04 09:42 . 2010-07-04 09:42 -------- d-----w- c:\program files\Crawler
2010-07-04 09:42 . 2010-07-04 09:44 -------- d-----w- c:\documents and settings\bundaboy\Application Data\Spyware Terminator
2010-07-04 09:42 . 2010-07-04 09:42 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2010-07-04 09:42 . 2010-07-04 09:42 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2010-07-04 09:42 . 2010-07-04 09:42 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-07-04 09:42 . 2010-07-04 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-07-04 09:42 . 2010-07-04 10:14 -------- d-----w- c:\program files\Spyware Terminator
2010-06-28 22:48 . 2010-06-28 22:48 -------- d-----w- c:\program files\CoreTemp
2010-06-28 15:11 . 2010-06-28 15:11 -------- d-----w- c:\documents and settings\bundaboy\Application Data\Unity
2010-06-28 15:05 . 2010-06-28 15:05 -------- d-----w- c:\documents and settings\bundaboy\Local Settings\Application Data\Unity
2010-06-27 19:52 . 2010-06-27 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2010-06-22 20:44 . 2010-06-28 20:35 -------- d-----w- c:\documents and settings\bundaboy\Application Data\AIMP
2010-06-22 20:43 . 2010-06-22 20:44 -------- d-----w- c:\program files\Aimp
2010-06-16 21:20 . 2010-06-16 21:20 -------- d-----w- c:\program files\DVR-Studio HD 2
2010-06-13 10:54 . 2010-06-13 10:54 -------- d-----w- c:\program files\Tools
2010-06-12 22:43 . 2010-06-12 22:43 -------- d-----w- c:\program files\TeamViewer
2010-06-12 22:07 . 2010-06-12 22:07 -------- d-----w- c:\documents and settings\bundaboy\Application Data\TeamViewer
2010-06-12 22:07 . 2010-06-12 22:07 -------- d-----w- c:\documents and settings\bundaboy\temp
2010-06-11 16:39 . 2010-06-11 16:39 284646 ----a-r- c:\documents and settings\bundaboy\Application Data\Microsoft\Installer\{BD55C983-7989-4F2F-8D24-2D892C621D9D}\BOINCMGRLink_B65C4A4D2B2A46CCA2D918164C6297B8.exe
2010-06-11 16:39 . 2010-06-11 16:39 284646 ----a-r- c:\documents and settings\bundaboy\Application Data\Microsoft\Installer\{BD55C983-7989-4F2F-8D24-2D892C621D9D}\ARPPRODUCTICON.exe
2010-06-09 20:16 . 2010-06-29 12:18 -------- d-----w- c:\documents and settings\bundaboy\Application Data\queuelocks
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31906\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31906\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31906\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31906\AcrobatUpdater.exe
2010-06-08 20:46 . 2009-11-13 08:39 2072576 ----a-w- c:\windows\system32\MediaInfo.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 13:30 . 2009-08-22 12:59 -------- d-----w- c:\program files\Firefox
2010-07-05 10:53 . 2009-08-22 12:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-05 10:53 . 2009-08-22 12:40 2850 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-24 10:25 . 2009-08-22 15:17 -------- d-----w- c:\program files\Grabovani
2010-06-22 20:44 . 2010-05-04 11:01 -------- d-----w- c:\documents and settings\bundaboy\Application Data\foobar2000
2010-06-15 20:19 . 2009-08-22 12:54 -------- d-----w- c:\program files\totalcmd
2010-06-11 16:39 . 2009-08-22 17:15 -------- d-----w- c:\program files\BOINC
2010-05-28 19:03 . 2010-05-28 19:03 -------- d-----w- c:\program files\DVR-Studio HD
2010-05-28 19:02 . 2010-05-28 19:02 484198 ----a-w- c:\documents and settings\bundaboy\Application Data\Haenlein-Software\DVR-Studio HD\Temp\Setup.exe
2010-05-24 19:02 . 2010-04-23 10:29 -------- d-----w- c:\documents and settings\bundaboy\Application Data\Haenlein-Software
2010-05-21 12:18 . 2009-09-21 14:49 -------- d-----w- c:\program files\Paint.NET
2010-05-19 15:25 . 2010-05-19 15:25 -------- d-----w- c:\documents and settings\bundaboy\Application Data\eFMer
2010-05-19 15:25 . 2010-05-19 15:25 -------- d-----w- c:\program files\BoincTasks
2010-05-14 13:10 . 2010-05-14 13:10 815872 ----a-w- c:\windows\boinc.scr
2010-05-02 05:22 . 2008-04-13 23:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-25 14:53 . 2010-04-25 14:53 323624 ----a-w- c:\windows\system32\wiaaut.dll
2010-04-20 05:30 . 2008-04-14 03:39 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2008-04-14 03:42 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2008-04-14 03:41 81920 ----a-w- c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-05_10.55.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-05 12:19 . 2010-07-05 12:19 16384 c:\windows\Temp\Perflib_Perfdata_400.dat
+ 2001-08-23 12:00 . 2010-07-05 12:23 68294 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2010-07-05 10:34 68294 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-07-05 12:23 433518 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-07-05 10:34 433518 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2009-08-22 1369792]
"JITScheduler"="c:\program files\GiPo@Utilities\JIT Scheduler\sched.exe" [2008-03-23 188416]
"RestoreDesktop"="c:\program files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"P17Helper"="SPIRun.dll" [2006-07-03 10752]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2003-06-22 1297920]
"ussshreg"="c:\progra~1\ULEADS~1.0\Ussshreg.exe" [2000-04-20 32768]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2010-05-14 4825856]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2010-05-14 58112]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-07-04 2176512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\bundaboy\Start Menu\Programs\Startup\
DVBViewer Pro.lnk - c:\program files\DVBViewer\dvbviewer.exe [2009-8-22 1364064]
PopTray.lnk - c:\program files\PopTray\PopTray.exe [2006-9-16 1666048]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Total Commander.lnk - c:\program files\totalcmd\TOTALCMD.EXE [2009-8-22 1091768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Grabovani\\JDee\\JDee.exe"=
"c:\\Documents and Settings\\bundaboy\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.7.2010 11:42 142592]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [28.8.2009 14:16 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [28.8.2009 14:16 41424]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 JIT Scheduler;JIT Scheduler;c:\program files\GiPo@Utilities\JIT Scheduler\schednt.exe [21.12.2009 0:56 176128]
R3 TTUSB2BDA;TTUSB2BDA USB 2.0 Driver;c:\windows\system32\drivers\ttusb2bda.sys [22.8.2009 16:28 571904]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [28.8.2009 14:16 91472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [5.8.2009 16:20 99472]
S1 bead;bead;\??\c:\windows\system32\bead.sys --> c:\windows\system32\bead.sys [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\bundaboy\Application Data\Mozilla\Firefox\Profiles\4ivzdi5l.default\
FF - plugin: c:\documents and settings\bundaboy\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 15:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-583907252-152049171-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:ad,94,35,5d,d8,8a,f9,26,1d,d5,69,8c,ef,bf,25,c7,4f,cc,df,86,c6,
24,71,50,c4,f6,4b,b0,d2,2a,2e,2e,0d,4a,60,58,18,a6,bc,69,01,67,5c,f4,3f,02,\
"rkeysecu"=hex:5a,80,37,4a,5c,72,bb,f1,0b,ba,26,29,37,f8,68,b3

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="E3D3160FC65A4168EA1DB392B5DF7558F207CDA6BDD7EDB25E6CD5529F5FA593C1DBBEF03D075132EEF846C6CABB98C04F7515ABC8CA17E50C1529CADAEEB1B903C68FE3E66B3DD71549F6B10540EF06B7E1084ABD64A66464A4929E9D147BAD4DC98A819633288D649154482DB83A8339C161ED782E1B4F1BA29B53793BDDFB161DA586B14A6A69BADEE11F9C336FF6B41051A5E976A6313599C2921214E795AAFDCBD5B3629165C8BC95F14580B805E1CAFBA59752B0F68E9A77A9A213DED1A92DD9F4A96F5CDF91BD5CA028B6F136C8F67A471797FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CBA7FD869164D6794AE53747C969D822F79392BED22752847E30D82C087583EEBD0EC4E0C5CF36732A2486E88E33D03BA2F8AED426C57F6EB02C767677E0FB9C3737E3E16D2E6B5378A71294BA52EFB1B350008CF4EABBE2A49230F49AD5FA68F5A663BC66A4272035E0220EE01A6677D22777B3216250F718CC722923190CB9DB6B6B2F9AD85B7694B96A4210B83D454BEB41E850A150CF452C399F11C908283EAE2E210975934FE30ADDC13CE42E7D6885F1AEE61F56F2B5506469BF16FB7988E4660EC9D06A89C24283FF9CB86D67EB1026B13C6E1834F8363C9472C626C79ED9C13FAA478ECDF6D4E1912F5966F091E0D659E5C992AE07F151CB0374237078709B52785C46A2A09C90D1533DD0EF8E8532DBDB400D6A39FB58597758C3FE30F8ED9DF8F9F201E29A70D485F6A2794DF0CBDA5591D129DEE46273FBAE0C3F86D99E19B8463A0A8305C64EEC770C2E504D3E30CC41E781B2CAB736FD08514723C7585529A8D10F4373DAED2B1C67ABB0AA840AA67D1392AC9AE30F3F363183FCB5451017B40AB740C05DC43D3660027DB6F4A41252E999E6C7A799CD506C6969FCB25A745C1BFDBACD13411D7F0147E18ECCC91D6C77110F021BCBB1C9E2FED6F54334C09FA2F25D026CB115D260F5D0FCFE1E3C75CAD5866153C2B5D04F002A6CB05F54F7BEE0C5E68131E776FDC1F46A4FE80394B4E960CB091C5292DC1536573F6B18FF20C937363C815AD577CE878E068385C9966B05B2EA5E980B6EB267E71B59139B8227FDFC402D7F88C011E125B37DC5CED1FC97D3036FB56634B02794FC7282E4765D9A79F27CBCBE090EBB4CD5AC45415B55052B95864151753B311F8848F443A1BEF846AF6DB86CCE7BD365A134AD2FD79F1EA34718E1A5907CAB64017E3C4561ED162FE807481EA56C6208377CC5DBDCEA10EEABC6AB559801C0DDBFEC56FFE5C55E21CA80707793E7EAFAFEFAF6C8AAD17378EC769AD67EB3F6AE311DA75405793D7E3A889D6DB179C572B3DD8E942A3CD1334F686B9F78D90DCD6"
.
Celkový čas: 2010-07-05 15:44:01
ComboFix-quarantined-files.txt 2010-07-05 13:44
ComboFix2.txt 2010-07-05 10:56

Před spuštěním: 24 840 095 744 bytes free
Po spuštění: 24 830 588 928 bytes free

- - End Of File - - BB580EC1316A88C713DB449CDB27BB79

VIRY.CZ

NOD32 hlásí - Adresa byla zablokována

NOD32 hlásí - Adresa byla zablokována

Re: NOD32 hlásí - Adresa byla zablokována

Re: NOD32 hlásí - Adresa byla zablokována

Re: NOD32 hlásí - Adresa byla zablokována

Re: NOD32 hlásí - Adresa byla zablokována

Re: NOD32 hlásí - Adresa byla zablokována

Re: NOD32 hlásí - Adresa byla zablokována

Re: NOD32 hlásí - Adresa byla zablokována

Re: NOD32 hlásí - Adresa byla zablokována

Re: NOD32 hlásí - Adresa byla zablokována

Re: NOD32 hlásí - Adresa byla zablokována

Re: NOD32 hlásí - Adresa byla zablokována

Re: NOD32 hlásí - Adresa byla zablokována

Re: NOD32 hlásí - Adresa byla zablokována

Re: NOD32 hlásí - Adresa byla zablokována