Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Combofix hlásí rootkit
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Combofix hlásí rootkit
Ahoj prosim o kontrolu logu Combofix hlásí rootkit
diky
ComboFix 10-01-26.06 - Irma 27.01.2010 15:34:09.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.959.176 [GMT 1:00]
Spuštěný z: c:\users\Irma\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-27 do 2010-01-27 )))))))))))))))))))))))))))))))
.
2010-01-27 14:43 . 2010-01-27 14:45 -------- d-----w- c:\users\Irma\AppData\Local\temp
2010-01-27 14:43 . 2010-01-27 14:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-27 14:43 . 2010-01-27 14:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-27 11:15 . 2010-01-27 11:15 -------- d-----w- c:\program files\Kaspersky Lab
2010-01-27 11:12 . 2010-01-27 11:12 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-01-27 10:01 . 2010-01-27 10:01 -------- d-----w- c:\program files\CCleaner
2010-01-27 09:31 . 2010-01-27 11:08 -------- d-----w- c:\programdata\PC Tools
2010-01-27 08:35 . 2010-01-27 08:35 -------- d-----w- c:\users\Irma\AppData\Roaming\URSoft
2010-01-27 08:35 . 2010-01-27 08:35 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-01-12 22:43 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 22:43 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-09 10:28 . 2010-01-09 10:36 -------- d-----w- c:\users\Irma\AppData\Roaming\U3
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 11:32 . 2007-04-28 15:51 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-01-27 08:32 . 2007-01-08 21:09 598600 ----a-w- c:\windows\system32\perfh005.dat
2010-01-27 08:32 . 2007-01-08 21:09 114808 ----a-w- c:\windows\system32\perfc005.dat
2010-01-14 10:12 . 2009-10-03 11:13 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 22:53 . 2007-04-13 09:46 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 22:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-02 06:38 . 2010-01-21 20:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 20:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 20:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 20:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-20 08:16 . 2009-12-20 08:16 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-13 19:18 . 2009-12-13 19:18 -------- d-----w- c:\program files\MSXML 4.0
2009-12-09 22:58 . 2009-12-09 22:58 -------- d-----w- c:\program files\Software602
2009-12-04 13:04 . 2009-12-04 13:04 -------- d-----w- c:\program files\AVG
2009-12-04 12:51 . 2009-12-04 12:51 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-04 12:50 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-04 12:50 . 2009-12-04 12:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-03 05:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-03 05:16 . 2009-12-03 05:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-11-28 14:57 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-11-28 14:57 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-11-26 21:31 . 2007-10-23 07:00 99864 ----a-w- c:\users\Irma\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-09 12:31 . 2009-12-13 19:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-13 19:17 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-13 19:17 411648 ----a-w- c:\windows\system32\drivers\http.sys
2004-12-02 05:18 . 2007-04-13 10:17 222390 --sha-r- c:\windows\ConfigSetRoot\IO.SYS
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Remote Control.lnk - c:\program files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe [2007-7-12 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):76,ac,b4,1d,d9,73,ca,01
R3 3xHybrid;3xHybrid service;c:\windows\System32\drivers\3xHybrid.sys [20.4.2007 12:34 674048]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\System32\drivers\wf2kvcap.sys [4.10.2004 10:34 75925]
S3 EZAIALOWSF;EZAIALOWSF;c:\users\Irma\AppData\Local\Temp\EZAIALOWSF.exe --> c:\users\Irma\AppData\Local\Temp\EZAIALOWSF.exe [?]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [8.6.2008 9:20 21504]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2.11.2006 11:32 1083520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-01-27 c:\windows\Tasks\User_Feed_Synchronization-{0023ABC7-74C2-496E-9CE7-01F885722655}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ctivex.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 15:44
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85005AB8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82bbdd24
\Driver\ACPI -> acpi.sys @ 0x80616d68
\Driver\atapi -> 0x8588ca28
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-01-27 15:50:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-27 14:50
ComboFix2.txt 2010-01-27 09:12
Před spuštěním: Volných bajtů: 186 433 114 112
Po spuštění: Volných bajtů: 186 316 488 704
- - End Of File - - 15C537E97F974687FC4375ED81FFFFA6
diky
ComboFix 10-01-26.06 - Irma 27.01.2010 15:34:09.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.959.176 [GMT 1:00]
Spuštěný z: c:\users\Irma\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-27 do 2010-01-27 )))))))))))))))))))))))))))))))
.
2010-01-27 14:43 . 2010-01-27 14:45 -------- d-----w- c:\users\Irma\AppData\Local\temp
2010-01-27 14:43 . 2010-01-27 14:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-27 14:43 . 2010-01-27 14:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-27 11:15 . 2010-01-27 11:15 -------- d-----w- c:\program files\Kaspersky Lab
2010-01-27 11:12 . 2010-01-27 11:12 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-01-27 10:01 . 2010-01-27 10:01 -------- d-----w- c:\program files\CCleaner
2010-01-27 09:31 . 2010-01-27 11:08 -------- d-----w- c:\programdata\PC Tools
2010-01-27 08:35 . 2010-01-27 08:35 -------- d-----w- c:\users\Irma\AppData\Roaming\URSoft
2010-01-27 08:35 . 2010-01-27 08:35 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-01-12 22:43 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 22:43 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-09 10:28 . 2010-01-09 10:36 -------- d-----w- c:\users\Irma\AppData\Roaming\U3
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 11:32 . 2007-04-28 15:51 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-01-27 08:32 . 2007-01-08 21:09 598600 ----a-w- c:\windows\system32\perfh005.dat
2010-01-27 08:32 . 2007-01-08 21:09 114808 ----a-w- c:\windows\system32\perfc005.dat
2010-01-14 10:12 . 2009-10-03 11:13 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 22:53 . 2007-04-13 09:46 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 22:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-02 06:38 . 2010-01-21 20:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 20:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 20:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 20:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-20 08:16 . 2009-12-20 08:16 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-13 19:18 . 2009-12-13 19:18 -------- d-----w- c:\program files\MSXML 4.0
2009-12-09 22:58 . 2009-12-09 22:58 -------- d-----w- c:\program files\Software602
2009-12-04 13:04 . 2009-12-04 13:04 -------- d-----w- c:\program files\AVG
2009-12-04 12:51 . 2009-12-04 12:51 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-04 12:50 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-04 12:50 . 2009-12-04 12:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-03 05:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-03 05:16 . 2009-12-03 05:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-11-28 14:57 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-11-28 14:57 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-11-26 21:31 . 2007-10-23 07:00 99864 ----a-w- c:\users\Irma\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-09 12:31 . 2009-12-13 19:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-13 19:17 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-13 19:17 411648 ----a-w- c:\windows\system32\drivers\http.sys
2004-12-02 05:18 . 2007-04-13 10:17 222390 --sha-r- c:\windows\ConfigSetRoot\IO.SYS
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Remote Control.lnk - c:\program files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe [2007-7-12 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):76,ac,b4,1d,d9,73,ca,01
R3 3xHybrid;3xHybrid service;c:\windows\System32\drivers\3xHybrid.sys [20.4.2007 12:34 674048]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\System32\drivers\wf2kvcap.sys [4.10.2004 10:34 75925]
S3 EZAIALOWSF;EZAIALOWSF;c:\users\Irma\AppData\Local\Temp\EZAIALOWSF.exe --> c:\users\Irma\AppData\Local\Temp\EZAIALOWSF.exe [?]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [8.6.2008 9:20 21504]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2.11.2006 11:32 1083520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-01-27 c:\windows\Tasks\User_Feed_Synchronization-{0023ABC7-74C2-496E-9CE7-01F885722655}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ctivex.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 15:44
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85005AB8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82bbdd24
\Driver\ACPI -> acpi.sys @ 0x80616d68
\Driver\atapi -> 0x8588ca28
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-01-27 15:50:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-27 14:50
ComboFix2.txt 2010-01-27 09:12
Před spuštěním: Volných bajtů: 186 433 114 112
Po spuštění: Volných bajtů: 186 316 488 704
- - End Of File - - 15C537E97F974687FC4375ED81FFFFA6
Re: Combofix hlásí rootkit
Ahoj,
sem to pak projel antivirem+rootkit a antispamem a myslel jsem ze to je vpoho po odstaneni haveti co to naslo ale pro jistotu jsem pak ho spustil jeste jednou combofix a ten samej problem.
ComboFix-quarantined-files.txt
2010-01-27 14:42:08 . 2010-01-27 14:42:08 3,765 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-01-27 14:06:05 . 2010-01-27 14:34:09 215 ----a-w- C:\Qoobox\Quarantine\catchme.log
ComboFix2.txt
ComboFix 10-01-26.02 - Irma 27.01.2010 9:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.959.173 [GMT 1:00]
Spuštěný z: c:\users\Irma\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2210734124-3313158550-2263523583-500
c:\$recycle.bin\S-1-5-21-2975896864-1140630541-4158382633-500
c:\$recycle.bin\S-1-5-21-3756814594-934791744-2934890308-500
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.0.850\Data\config.md
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.0.850\FF\install.rdf
c:\program files\Media Access Startup\1.5.0.850\HPCommon.dll
c:\program files\Media Access Startup\1.5.0.850\hppx.exe
c:\program files\Media Access Startup\1.5.0.850\MAHelper.exe
c:\program files\Media Access Startup\1.5.0.850\unins000.dat
c:\program files\Media Access Startup\1.5.0.850\unins000.exe
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-27 do 2010-01-27 )))))))))))))))))))))))))))))))
.
2010-01-27 08:35 . 2010-01-27 08:35 -------- d-----w- c:\users\Irma\AppData\Roaming\URSoft
2010-01-27 08:35 . 2010-01-27 08:35 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-01-12 22:43 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 22:43 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-09 10:28 . 2010-01-09 10:36 -------- d-----w- c:\users\Irma\AppData\Roaming\U3
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 08:32 . 2007-01-08 21:09 598600 ----a-w- c:\windows\system32\perfh005.dat
2010-01-27 08:32 . 2007-01-08 21:09 114808 ----a-w- c:\windows\system32\perfc005.dat
2010-01-14 10:12 . 2009-10-03 11:13 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 22:53 . 2007-04-13 09:46 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 22:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-02 06:38 . 2010-01-21 20:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 20:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 20:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 20:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-20 08:16 . 2009-12-20 08:16 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-13 19:18 . 2009-12-13 19:18 -------- d-----w- c:\program files\MSXML 4.0
2009-12-09 22:58 . 2009-12-09 22:58 -------- d-----w- c:\program files\Software602
2009-12-04 13:04 . 2009-12-04 13:04 -------- d-----w- c:\program files\AVG
2009-12-04 12:51 . 2009-12-04 12:51 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-04 12:50 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-04 12:50 . 2009-12-04 12:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-03 05:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-03 05:16 . 2009-12-03 05:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-11-28 14:57 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-11-28 14:57 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-11-26 21:31 . 2007-10-23 07:00 99864 ----a-w- c:\users\Irma\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-09 12:31 . 2009-12-13 19:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-13 19:17 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-13 19:17 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:17 . 2009-11-25 22:51 2048 ----a-w- c:\windows\system32\tzres.dll
2004-12-02 05:18 . 2007-04-13 10:17 222390 --sha-r- c:\windows\ConfigSetRoot\IO.SYS
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Remote Control.lnk - c:\program files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe [2007-7-12 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):76,ac,b4,1d,d9,73,ca,01
R3 3xHybrid;3xHybrid service;c:\windows\System32\drivers\3xHybrid.sys [20.4.2007 12:34 674048]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\System32\drivers\wf2kvcap.sys [4.10.2004 10:34 75925]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [8.6.2008 9:20 21504]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2.11.2006 11:32 1083520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-01-27 c:\windows\Tasks\User_Feed_Synchronization-{0023ABC7-74C2-496E-9CE7-01F885722655}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ctivex.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{CDBFB47B-58A8-4111-BF95-06178DCE326D} - c:\program files\System Search Dispatcher\1.3.0.840\ssd.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.0.850\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehRecvr.exe
.
**************************************************************************
.
Celkový čas: 2010-01-27 10:12:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-27 09:12
Před spuštěním: Volných bajtů: 187 002 626 048
Po spuštění: Volných bajtů: 187 039 571 968
- - End Of File - - 344C9049D89832F8454590164B318DD1
sem to pak projel antivirem+rootkit a antispamem a myslel jsem ze to je vpoho po odstaneni haveti co to naslo ale pro jistotu jsem pak ho spustil jeste jednou combofix a ten samej problem.
ComboFix-quarantined-files.txt
2010-01-27 14:42:08 . 2010-01-27 14:42:08 3,765 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-01-27 14:06:05 . 2010-01-27 14:34:09 215 ----a-w- C:\Qoobox\Quarantine\catchme.log
ComboFix2.txt
ComboFix 10-01-26.02 - Irma 27.01.2010 9:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.959.173 [GMT 1:00]
Spuštěný z: c:\users\Irma\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2210734124-3313158550-2263523583-500
c:\$recycle.bin\S-1-5-21-2975896864-1140630541-4158382633-500
c:\$recycle.bin\S-1-5-21-3756814594-934791744-2934890308-500
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.0.850\Data\config.md
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.0.850\FF\install.rdf
c:\program files\Media Access Startup\1.5.0.850\HPCommon.dll
c:\program files\Media Access Startup\1.5.0.850\hppx.exe
c:\program files\Media Access Startup\1.5.0.850\MAHelper.exe
c:\program files\Media Access Startup\1.5.0.850\unins000.dat
c:\program files\Media Access Startup\1.5.0.850\unins000.exe
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-27 do 2010-01-27 )))))))))))))))))))))))))))))))
.
2010-01-27 08:35 . 2010-01-27 08:35 -------- d-----w- c:\users\Irma\AppData\Roaming\URSoft
2010-01-27 08:35 . 2010-01-27 08:35 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-01-12 22:43 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 22:43 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-09 10:28 . 2010-01-09 10:36 -------- d-----w- c:\users\Irma\AppData\Roaming\U3
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 08:32 . 2007-01-08 21:09 598600 ----a-w- c:\windows\system32\perfh005.dat
2010-01-27 08:32 . 2007-01-08 21:09 114808 ----a-w- c:\windows\system32\perfc005.dat
2010-01-14 10:12 . 2009-10-03 11:13 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 22:53 . 2007-04-13 09:46 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 22:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-02 06:38 . 2010-01-21 20:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 20:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 20:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 20:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-20 08:16 . 2009-12-20 08:16 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-13 19:18 . 2009-12-13 19:18 -------- d-----w- c:\program files\MSXML 4.0
2009-12-09 22:58 . 2009-12-09 22:58 -------- d-----w- c:\program files\Software602
2009-12-04 13:04 . 2009-12-04 13:04 -------- d-----w- c:\program files\AVG
2009-12-04 12:51 . 2009-12-04 12:51 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-04 12:50 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-04 12:50 . 2009-12-04 12:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-03 05:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-03 05:16 . 2009-12-03 05:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-11-28 14:57 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-11-28 14:57 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-11-26 21:31 . 2007-10-23 07:00 99864 ----a-w- c:\users\Irma\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-09 12:31 . 2009-12-13 19:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-13 19:17 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-13 19:17 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:17 . 2009-11-25 22:51 2048 ----a-w- c:\windows\system32\tzres.dll
2004-12-02 05:18 . 2007-04-13 10:17 222390 --sha-r- c:\windows\ConfigSetRoot\IO.SYS
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Remote Control.lnk - c:\program files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe [2007-7-12 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):76,ac,b4,1d,d9,73,ca,01
R3 3xHybrid;3xHybrid service;c:\windows\System32\drivers\3xHybrid.sys [20.4.2007 12:34 674048]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\System32\drivers\wf2kvcap.sys [4.10.2004 10:34 75925]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [8.6.2008 9:20 21504]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2.11.2006 11:32 1083520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-01-27 c:\windows\Tasks\User_Feed_Synchronization-{0023ABC7-74C2-496E-9CE7-01F885722655}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ctivex.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{CDBFB47B-58A8-4111-BF95-06178DCE326D} - c:\program files\System Search Dispatcher\1.3.0.840\ssd.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.0.850\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehRecvr.exe
.
**************************************************************************
.
Celkový čas: 2010-01-27 10:12:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-27 09:12
Před spuštěním: Volných bajtů: 187 002 626 048
Po spuštění: Volných bajtů: 187 039 571 968
- - End Of File - - 344C9049D89832F8454590164B318DD1
Re: Combofix hlásí rootkit
rychly sken z gmer
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-27 16:16:10
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Irma\AppData\Local\Temp\awldapob.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAB418322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAB41814C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAB418280]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
druhy sken se pokusim dodat. kdyz jsem ho spustil tak mi pocitac zatuhl takze druhy pokus
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-27 16:16:10
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Irma\AppData\Local\Temp\awldapob.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAB418322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAB41814C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAB418280]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
druhy sken se pokusim dodat. kdyz jsem ho spustil tak mi pocitac zatuhl takze druhy pokus
Re: Combofix hlásí rootkit
ma podruhy uz dobehl
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-27 16:47:16
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Irma\AppData\Local\Temp\awldapob.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8C359322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8C35914C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8C359280]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \Driver\USBSTOR \Device\00000060 8BC862C0
Device \Driver\USBSTOR \Device\00000061 8BC862C0
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\USBSTOR \Device\00000062 8BC862C0
Device \Driver\USBSTOR \Device\00000063 8BC862C0
Device \Driver\nvstor \Device\00000057 84980310
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8591D790
Device \Driver\atapi \Device\Ide\IdePort0 8591D790
Device \Driver\atapi \Device\Ide\IdePort1 8591D790
Device \Driver\nvstor \Device\RaidPort0 84980310
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\USBSTOR \Device\0000005f 8BC862C0
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xEF 0xA0 0x4F 0xF6 ...
---- Files - GMER 1.0.15 ----
File C:\Users\Irma\AppData\Local\temp\~DF61A8.tmp 0 bytes
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-27 16:47:16
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Irma\AppData\Local\Temp\awldapob.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8C359322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8C35914C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8C359280]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \Driver\USBSTOR \Device\00000060 8BC862C0
Device \Driver\USBSTOR \Device\00000061 8BC862C0
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\USBSTOR \Device\00000062 8BC862C0
Device \Driver\USBSTOR \Device\00000063 8BC862C0
Device \Driver\nvstor \Device\00000057 84980310
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8591D790
Device \Driver\atapi \Device\Ide\IdePort0 8591D790
Device \Driver\atapi \Device\Ide\IdePort1 8591D790
Device \Driver\nvstor \Device\RaidPort0 84980310
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\USBSTOR \Device\0000005f 8BC862C0
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xEF 0xA0 0x4F 0xF6 ...
---- Files - GMER 1.0.15 ----
File C:\Users\Irma\AppData\Local\temp\~DF61A8.tmp 0 bytes
---- EOF - GMER 1.0.15 ----
Re: Combofix hlásí rootkit
log z mbr.txt
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
log z cmd mbr
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84A83998]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8599fa28
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
log z cmd mbr
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84A83998]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8599fa28
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
Re: Combofix hlásí rootkit
Emulator mechanik nemam.
log z OTL.txt
OTL logfile created on: 27.1.2010 17:26:30 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\Irma\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
959,00 Mb Total Physical Memory | 326,00 Mb Available Physical Memory | 34,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 173,30 Gb Free Space | 74,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PCIRMA
Current User Name: Irma
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.01.27 17:23:18 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Irma\Desktop\OTL.exe
PRC - [2010.01.19 12:57:44 | 02,743,104 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.01.19 12:57:41 | 00,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.01.02 07:40:20 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009.10.28 04:31:14 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe
PRC - [2009.04.11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.01.19 08:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008.01.19 08:33:04 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2007.06.20 15:56:16 | 04,493,312 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.03.20 20:56:52 | 00,077,824 | ---- | M] () -- C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe
========== Modules (SafeList) ==========
MOD - [2010.01.27 17:23:18 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Irma\Desktop\OTL.exe
MOD - [2009.04.11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.01.19 12:57:41 | 00,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.01.19 12:57:41 | 00,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.01.19 12:57:41 | 00,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009.09.25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.02.18 19:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009.01.26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.11.04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.01.19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.11.02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006.10.26 12:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.07.05 14:02:03 | 00,358,008 | ---- | M] (Protection Technology (StarForce)) [Auto | Stopped] -- C:\Windows\System32\sfrem01.exe -- (sfrem01) SF FrontLine Drivers Auto Removal (v1)
========== Driver Services (SafeList) ==========
DRV - [2010.01.27 12:32:11 | 00,112,144 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2010.01.19 14:13:58 | 00,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.01.19 12:46:52 | 00,046,544 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.01.19 12:43:40 | 00,023,248 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.01.19 12:43:23 | 00,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.01.19 12:42:57 | 00,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2007.06.22 16:34:12 | 01,788,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.04.20 12:34:54 | 00,674,048 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.04.12 16:07:00 | 07,476,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.01.15 16:35:18 | 01,032,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.01.05 20:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:27:22 | 01,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.11.02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006.08.11 14:47:13 | 00,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006.07.05 13:39:29 | 00,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.06.14 15:56:56 | 00,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.10.04 10:34:56 | 00,075,925 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\wf2kvcap.sys -- (BT848)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000\S-1-5-21-2758611613-3482399258-3318276795-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{2224E955-00E9-4613-A844-CE69FCCAAE91}: C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF
FF - HKLM\software\mozilla\Firefox\Extensions\\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}: C:\Program Files\Media Access Startup\1.5.0.850\FF
O1 HOSTS File: ([2010.01.27 15:44:41 | 00,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No CLSID value found.
O3 - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... ctivex.cab (Active602XMLFiller Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009.11.28 17:50:16 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 7 Days ==========
[2010.01.27 17:23:13 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\Irma\Desktop\OTL.exe
[2010.01.27 16:12:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.01.27 16:12:02 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.01.27 16:11:33 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Irma\Desktop\spybotsd162.exe
[2010.01.27 16:00:30 | 00,162,640 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.01.27 16:00:30 | 00,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.01.27 16:00:29 | 00,023,248 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.01.27 16:00:28 | 00,046,544 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.01.27 16:00:25 | 00,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.01.27 15:59:30 | 00,152,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.01.27 15:59:30 | 00,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010.01.27 15:59:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.01.27 15:59:21 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.01.27 15:51:00 | 00,000,000 | ---D | C] -- C:\Users\Irma\AppData\Local\temp
[2010.01.27 15:44:45 | 00,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010.01.27 15:43:22 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2010.01.27 15:29:43 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.01.27 15:05:47 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010.01.27 14:48:09 | 00,000,000 | ---D | C] -- C:\Users\Irma\Desktop\gmer
[2010.01.27 14:42:48 | 00,000,000 | ---D | C] -- C:\Users\Irma\Desktop\RootkitRevealer
[2010.01.27 12:15:47 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010.01.27 12:12:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.01.27 11:30:00 | 00,716,320 | ---- | C] (Secunia) -- C:\Users\Irma\Desktop\PSISetup.exe
[2010.01.27 11:01:51 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.01.27 10:31:30 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.01.27 10:30:57 | 00,000,000 | ---D | C] -- C:\Users\Irma\AppData\Roaming\WinRAR
[2010.01.27 10:30:45 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010.01.27 09:51:49 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.01.27 09:51:49 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.01.27 09:51:49 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.01.27 09:51:44 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.01.27 09:35:41 | 00,000,000 | ---D | C] -- C:\Users\Irma\AppData\Roaming\URSoft
[2010.01.27 09:35:39 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.01.27 09:35:37 | 00,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller 2010
[2010.01.21 21:43:48 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.01.21 21:43:47 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.01.21 21:43:47 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.01.21 21:43:47 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.01.21 21:43:47 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.01.21 21:43:47 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.01.21 21:43:47 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.01.21 21:43:47 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.01.21 21:43:47 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.01.21 21:43:47 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.01.21 21:43:47 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.01.21 21:43:47 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.01.21 21:43:47 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.01.21 21:43:47 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
========== Files - Modified Within 7 Days ==========
[2010.01.27 17:27:05 | 01,572,864 | -HS- | M] () -- C:\Users\Irma\NTUSER.DAT
[2010.01.27 17:23:18 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Irma\Desktop\OTL.exe
[2010.01.27 17:09:22 | 00,077,312 | ---- | M] () -- C:\mbr.exe
[2010.01.27 17:07:36 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.01.27 17:07:35 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.01.27 17:07:35 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.01.27 17:07:27 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.01.27 17:07:24 | 10,060,34944 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.27 17:06:46 | 00,524,288 | -HS- | M] () -- C:\Users\Irma\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.01.27 17:06:46 | 00,065,536 | -HS- | M] () -- C:\Users\Irma\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.01.27 17:06:42 | 01,630,217 | -H-- | M] () -- C:\Users\Irma\AppData\Local\IconCache.db
[2010.01.27 16:12:07 | 00,001,055 | ---- | M] () -- C:\Users\Irma\Desktop\Spybot - Search & Destroy.lnk
[2010.01.27 16:11:38 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Irma\Desktop\spybotsd162.exe
[2010.01.27 16:00:30 | 00,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.01.27 16:00:25 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.01.27 15:44:51 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.01.27 15:44:41 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.01.27 15:15:11 | 63,068,9225 | ---- | M] () -- C:\Windows\System32\ZPTPRY
[2010.01.27 15:06:42 | 03,838,287 | R--- | M] () -- C:\Users\Irma\Desktop\ComboFix.exe
[2010.01.27 14:55:27 | 00,781,909 | ---- | M] () -- C:\Users\Irma\Desktop\RSIT.exe
[2010.01.27 14:28:43 | 40,146,416 | ---- | M] () -- C:\Users\Irma\Desktop\setup_av_free_eng.exe
[2010.01.27 13:05:52 | 00,012,744 | ---- | M] () -- C:\Users\Irma\Desktop\cc_20100127_130539.reg
[2010.01.27 12:39:38 | 00,000,000 | ---- | M] () -- C:\Users\Irma\AppData\Roaming\chrtmp
[2010.01.27 12:32:11 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\kl1.sys
[2010.01.27 11:30:15 | 00,716,320 | ---- | M] (Secunia) -- C:\Users\Irma\Desktop\PSISetup.exe
[2010.01.27 11:01:52 | 00,001,670 | ---- | M] () -- C:\Users\Irma\Desktop\CCleaner.lnk
[2010.01.27 09:32:13 | 01,393,930 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.01.27 09:32:13 | 00,598,600 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.01.27 09:32:13 | 00,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.01.27 09:32:13 | 00,114,808 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.01.27 09:32:13 | 00,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.01.27 09:23:22 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0023ABC7-74C2-496E-9CE7-01F885722655}.job
========== Files Created - No Company Name ==========
[2010.01.27 17:09:11 | 00,077,312 | ---- | C] () -- C:\mbr.exe
[2010.01.27 16:12:07 | 00,001,055 | ---- | C] () -- C:\Users\Irma\Desktop\Spybot - Search & Destroy.lnk
[2010.01.27 16:00:30 | 00,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.01.27 14:55:19 | 00,781,909 | ---- | C] () -- C:\Users\Irma\Desktop\RSIT.exe
[2010.01.27 14:48:09 | 00,293,376 | ---- | C] () -- C:\Users\Irma\Desktop\gmer.exe
[2010.01.27 14:45:32 | 63,068,9225 | ---- | C] () -- C:\Windows\System32\ZPTPRY
[2010.01.27 14:28:25 | 40,146,416 | ---- | C] () -- C:\Users\Irma\Desktop\setup_av_free_eng.exe
[2010.01.27 13:05:48 | 00,012,744 | ---- | C] () -- C:\Users\Irma\Desktop\cc_20100127_130539.reg
[2010.01.27 12:39:38 | 00,000,000 | ---- | C] () -- C:\Users\Irma\AppData\Roaming\chrtmp
[2010.01.27 11:01:52 | 00,001,670 | ---- | C] () -- C:\Users\Irma\Desktop\CCleaner.lnk
[2010.01.27 09:51:49 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.01.27 09:51:49 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.01.27 09:51:49 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.01.27 09:51:49 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.01.27 09:51:49 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.01.27 09:51:06 | 03,838,287 | R--- | C] () -- C:\Users\Irma\Desktop\ComboFix.exe
[2009.11.29 21:14:26 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2007.10.31 09:17:45 | 00,007,168 | ---- | C] () -- C:\Users\Irma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.24 09:48:57 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007.10.24 09:45:52 | 00,000,026 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2007.07.12 10:34:34 | 00,001,324 | ---- | C] () -- C:\Windows\TVP3XDrv.ini
[2007.07.12 10:34:19 | 00,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.04.13 10:32:50 | 00,000,000 | ---- | C] () -- C:\Windows\sporic_new.ini
[2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== LOP Check ==========
[2010.01.27 09:35:41 | 00,000,000 | ---D | M] -- C:\Users\Irma\AppData\Roaming\URSoft
[2010.01.27 17:06:52 | 00,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.01.27 09:23:22 | 00,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0023ABC7-74C2-496E-9CE7-01F885722655}.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.04.11 07:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" = rundll32.exe oobefldr.dll,ShowWelcomeCenter -- [2009.04.11 07:28:23 | 02,153,472 | ---- | M] (Microsoft Corporation)
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2008.01.19 08:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- [2009.01.26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited)
< c:\windows\*.* /U >
< MD5 for: AGP440.SYS >
[2008.01.19 08:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.14 04:40:31 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 04:40:31 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 04:40:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 02,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.17 10:16:20 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.17 10:16:20 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 02,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: HAL.DLL >
[2009.04.11 07:32:46 | 00,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll
< MD5 for: IASTORV.SYS >
[2008.01.19 08:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: LSASS.EXE >
[2009.06.15 13:51:56 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009.09.10 15:44:14 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009.06.15 13:48:49 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\ERDNT\cache\lsass.exe
[2009.06.15 13:48:49 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\System32\lsass.exe
[2009.06.15 13:48:49 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009.02.13 08:26:04 | 00,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006.11.02 10:45:21 | 00,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2009.06.15 14:03:38 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009.06.15 13:57:59 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009.02.13 05:58:37 | 00,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009.06.15 13:59:08 | 00,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009.06.15 14:10:12 | 00,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009.09.09 12:09:38 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009.09.10 15:47:51 | 00,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008.01.19 08:33:14 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008.01.19 08:33:14 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008.01.19 08:33:14 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2009.02.13 09:20:29 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe
< MD5 for: NDIS.SYS >
[2009.04.11 07:32:49 | 00,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\ERDNT\cache\ndis.sys
[2009.04.11 07:32:49 | 00,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009.04.11 07:32:49 | 00,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006.11.02 10:51:42 | 00,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008.01.19 08:43:31 | 00,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
< MD5 for: NETLOGON.DLL >
[2006.11.02 10:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2007.01.05 20:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.05 20:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys
[2006.11.02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.19 08:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: SMSS.EXE >
[2008.01.19 08:33:31 | 00,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009.04.11 07:28:04 | 00,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\System32\smss.exe
[2009.04.11 07:28:04 | 00,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe
[2006.11.02 10:45:45 | 00,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe
< MD5 for: SVCHOST.EXE >
[2006.11.02 10:45:47 | 00,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008.01.19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >
[2008.01.19 08:33:33 | 00,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.19 08:33:33 | 00,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 00,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 00,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 07:28:13 | 00,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 00,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 00,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 00,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.01.19 08:37:09 | 00,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\ERDNT\cache\ws2_32.dll
[2006.11.02 10:46:14 | 00,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[2008.01.19 08:37:09 | 00,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008.01.19 08:37:09 | 00,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 07:27:47 | 00,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 07:28:23 | 00,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
========== Alternate Data Streams ==========
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:1CE11B51
< End of report >
log z OTL.txt
OTL logfile created on: 27.1.2010 17:26:30 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\Irma\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
959,00 Mb Total Physical Memory | 326,00 Mb Available Physical Memory | 34,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 173,30 Gb Free Space | 74,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PCIRMA
Current User Name: Irma
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.01.27 17:23:18 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Irma\Desktop\OTL.exe
PRC - [2010.01.19 12:57:44 | 02,743,104 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.01.19 12:57:41 | 00,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.01.02 07:40:20 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009.10.28 04:31:14 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe
PRC - [2009.04.11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.01.19 08:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008.01.19 08:33:04 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2007.06.20 15:56:16 | 04,493,312 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.03.20 20:56:52 | 00,077,824 | ---- | M] () -- C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe
========== Modules (SafeList) ==========
MOD - [2010.01.27 17:23:18 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Irma\Desktop\OTL.exe
MOD - [2009.04.11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.01.19 12:57:41 | 00,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.01.19 12:57:41 | 00,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.01.19 12:57:41 | 00,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009.09.25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.02.18 19:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009.01.26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.11.04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.01.19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.11.02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006.10.26 12:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.07.05 14:02:03 | 00,358,008 | ---- | M] (Protection Technology (StarForce)) [Auto | Stopped] -- C:\Windows\System32\sfrem01.exe -- (sfrem01) SF FrontLine Drivers Auto Removal (v1)
========== Driver Services (SafeList) ==========
DRV - [2010.01.27 12:32:11 | 00,112,144 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2010.01.19 14:13:58 | 00,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.01.19 12:46:52 | 00,046,544 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.01.19 12:43:40 | 00,023,248 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.01.19 12:43:23 | 00,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.01.19 12:42:57 | 00,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2007.06.22 16:34:12 | 01,788,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.04.20 12:34:54 | 00,674,048 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.04.12 16:07:00 | 07,476,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.01.15 16:35:18 | 01,032,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.01.05 20:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:27:22 | 01,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.11.02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006.08.11 14:47:13 | 00,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006.07.05 13:39:29 | 00,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.06.14 15:56:56 | 00,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.10.04 10:34:56 | 00,075,925 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\wf2kvcap.sys -- (BT848)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000\S-1-5-21-2758611613-3482399258-3318276795-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{2224E955-00E9-4613-A844-CE69FCCAAE91}: C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF
FF - HKLM\software\mozilla\Firefox\Extensions\\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}: C:\Program Files\Media Access Startup\1.5.0.850\FF
O1 HOSTS File: ([2010.01.27 15:44:41 | 00,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No CLSID value found.
O3 - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2758611613-3482399258-3318276795-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... ctivex.cab (Active602XMLFiller Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009.11.28 17:50:16 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 7 Days ==========
[2010.01.27 17:23:13 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\Irma\Desktop\OTL.exe
[2010.01.27 16:12:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.01.27 16:12:02 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.01.27 16:11:33 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Irma\Desktop\spybotsd162.exe
[2010.01.27 16:00:30 | 00,162,640 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.01.27 16:00:30 | 00,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.01.27 16:00:29 | 00,023,248 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.01.27 16:00:28 | 00,046,544 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.01.27 16:00:25 | 00,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.01.27 15:59:30 | 00,152,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.01.27 15:59:30 | 00,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010.01.27 15:59:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.01.27 15:59:21 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.01.27 15:51:00 | 00,000,000 | ---D | C] -- C:\Users\Irma\AppData\Local\temp
[2010.01.27 15:44:45 | 00,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010.01.27 15:43:22 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2010.01.27 15:29:43 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.01.27 15:05:47 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010.01.27 14:48:09 | 00,000,000 | ---D | C] -- C:\Users\Irma\Desktop\gmer
[2010.01.27 14:42:48 | 00,000,000 | ---D | C] -- C:\Users\Irma\Desktop\RootkitRevealer
[2010.01.27 12:15:47 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010.01.27 12:12:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.01.27 11:30:00 | 00,716,320 | ---- | C] (Secunia) -- C:\Users\Irma\Desktop\PSISetup.exe
[2010.01.27 11:01:51 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.01.27 10:31:30 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.01.27 10:30:57 | 00,000,000 | ---D | C] -- C:\Users\Irma\AppData\Roaming\WinRAR
[2010.01.27 10:30:45 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010.01.27 09:51:49 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.01.27 09:51:49 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.01.27 09:51:49 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.01.27 09:51:44 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.01.27 09:35:41 | 00,000,000 | ---D | C] -- C:\Users\Irma\AppData\Roaming\URSoft
[2010.01.27 09:35:39 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.01.27 09:35:37 | 00,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller 2010
[2010.01.21 21:43:48 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.01.21 21:43:47 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.01.21 21:43:47 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.01.21 21:43:47 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.01.21 21:43:47 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.01.21 21:43:47 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.01.21 21:43:47 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.01.21 21:43:47 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.01.21 21:43:47 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.01.21 21:43:47 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.01.21 21:43:47 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.01.21 21:43:47 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.01.21 21:43:47 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.01.21 21:43:47 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
========== Files - Modified Within 7 Days ==========
[2010.01.27 17:27:05 | 01,572,864 | -HS- | M] () -- C:\Users\Irma\NTUSER.DAT
[2010.01.27 17:23:18 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Irma\Desktop\OTL.exe
[2010.01.27 17:09:22 | 00,077,312 | ---- | M] () -- C:\mbr.exe
[2010.01.27 17:07:36 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.01.27 17:07:35 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.01.27 17:07:35 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.01.27 17:07:27 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.01.27 17:07:24 | 10,060,34944 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.27 17:06:46 | 00,524,288 | -HS- | M] () -- C:\Users\Irma\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.01.27 17:06:46 | 00,065,536 | -HS- | M] () -- C:\Users\Irma\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.01.27 17:06:42 | 01,630,217 | -H-- | M] () -- C:\Users\Irma\AppData\Local\IconCache.db
[2010.01.27 16:12:07 | 00,001,055 | ---- | M] () -- C:\Users\Irma\Desktop\Spybot - Search & Destroy.lnk
[2010.01.27 16:11:38 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Irma\Desktop\spybotsd162.exe
[2010.01.27 16:00:30 | 00,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.01.27 16:00:25 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.01.27 15:44:51 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.01.27 15:44:41 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.01.27 15:15:11 | 63,068,9225 | ---- | M] () -- C:\Windows\System32\ZPTPRY
[2010.01.27 15:06:42 | 03,838,287 | R--- | M] () -- C:\Users\Irma\Desktop\ComboFix.exe
[2010.01.27 14:55:27 | 00,781,909 | ---- | M] () -- C:\Users\Irma\Desktop\RSIT.exe
[2010.01.27 14:28:43 | 40,146,416 | ---- | M] () -- C:\Users\Irma\Desktop\setup_av_free_eng.exe
[2010.01.27 13:05:52 | 00,012,744 | ---- | M] () -- C:\Users\Irma\Desktop\cc_20100127_130539.reg
[2010.01.27 12:39:38 | 00,000,000 | ---- | M] () -- C:\Users\Irma\AppData\Roaming\chrtmp
[2010.01.27 12:32:11 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\kl1.sys
[2010.01.27 11:30:15 | 00,716,320 | ---- | M] (Secunia) -- C:\Users\Irma\Desktop\PSISetup.exe
[2010.01.27 11:01:52 | 00,001,670 | ---- | M] () -- C:\Users\Irma\Desktop\CCleaner.lnk
[2010.01.27 09:32:13 | 01,393,930 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.01.27 09:32:13 | 00,598,600 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.01.27 09:32:13 | 00,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.01.27 09:32:13 | 00,114,808 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.01.27 09:32:13 | 00,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.01.27 09:23:22 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0023ABC7-74C2-496E-9CE7-01F885722655}.job
========== Files Created - No Company Name ==========
[2010.01.27 17:09:11 | 00,077,312 | ---- | C] () -- C:\mbr.exe
[2010.01.27 16:12:07 | 00,001,055 | ---- | C] () -- C:\Users\Irma\Desktop\Spybot - Search & Destroy.lnk
[2010.01.27 16:00:30 | 00,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.01.27 14:55:19 | 00,781,909 | ---- | C] () -- C:\Users\Irma\Desktop\RSIT.exe
[2010.01.27 14:48:09 | 00,293,376 | ---- | C] () -- C:\Users\Irma\Desktop\gmer.exe
[2010.01.27 14:45:32 | 63,068,9225 | ---- | C] () -- C:\Windows\System32\ZPTPRY
[2010.01.27 14:28:25 | 40,146,416 | ---- | C] () -- C:\Users\Irma\Desktop\setup_av_free_eng.exe
[2010.01.27 13:05:48 | 00,012,744 | ---- | C] () -- C:\Users\Irma\Desktop\cc_20100127_130539.reg
[2010.01.27 12:39:38 | 00,000,000 | ---- | C] () -- C:\Users\Irma\AppData\Roaming\chrtmp
[2010.01.27 11:01:52 | 00,001,670 | ---- | C] () -- C:\Users\Irma\Desktop\CCleaner.lnk
[2010.01.27 09:51:49 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.01.27 09:51:49 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.01.27 09:51:49 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.01.27 09:51:49 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.01.27 09:51:49 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.01.27 09:51:06 | 03,838,287 | R--- | C] () -- C:\Users\Irma\Desktop\ComboFix.exe
[2009.11.29 21:14:26 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2007.10.31 09:17:45 | 00,007,168 | ---- | C] () -- C:\Users\Irma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.24 09:48:57 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007.10.24 09:45:52 | 00,000,026 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2007.07.12 10:34:34 | 00,001,324 | ---- | C] () -- C:\Windows\TVP3XDrv.ini
[2007.07.12 10:34:19 | 00,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.04.13 10:32:50 | 00,000,000 | ---- | C] () -- C:\Windows\sporic_new.ini
[2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== LOP Check ==========
[2010.01.27 09:35:41 | 00,000,000 | ---D | M] -- C:\Users\Irma\AppData\Roaming\URSoft
[2010.01.27 17:06:52 | 00,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.01.27 09:23:22 | 00,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0023ABC7-74C2-496E-9CE7-01F885722655}.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.04.11 07:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" = rundll32.exe oobefldr.dll,ShowWelcomeCenter -- [2009.04.11 07:28:23 | 02,153,472 | ---- | M] (Microsoft Corporation)
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2008.01.19 08:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- [2009.01.26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited)
< c:\windows\*.* /U >
< MD5 for: AGP440.SYS >
[2008.01.19 08:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.14 04:40:31 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 04:40:31 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 04:40:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 02,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.17 10:16:20 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.17 10:16:20 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 02,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: HAL.DLL >
[2009.04.11 07:32:46 | 00,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll
< MD5 for: IASTORV.SYS >
[2008.01.19 08:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: LSASS.EXE >
[2009.06.15 13:51:56 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009.09.10 15:44:14 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009.06.15 13:48:49 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\ERDNT\cache\lsass.exe
[2009.06.15 13:48:49 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\System32\lsass.exe
[2009.06.15 13:48:49 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009.02.13 08:26:04 | 00,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006.11.02 10:45:21 | 00,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2009.06.15 14:03:38 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009.06.15 13:57:59 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009.02.13 05:58:37 | 00,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009.06.15 13:59:08 | 00,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009.06.15 14:10:12 | 00,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009.09.09 12:09:38 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009.09.10 15:47:51 | 00,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008.01.19 08:33:14 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008.01.19 08:33:14 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008.01.19 08:33:14 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2009.02.13 09:20:29 | 00,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe
< MD5 for: NDIS.SYS >
[2009.04.11 07:32:49 | 00,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\ERDNT\cache\ndis.sys
[2009.04.11 07:32:49 | 00,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009.04.11 07:32:49 | 00,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006.11.02 10:51:42 | 00,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008.01.19 08:43:31 | 00,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
< MD5 for: NETLOGON.DLL >
[2006.11.02 10:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2007.01.05 20:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.05 20:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys
[2006.11.02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.19 08:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: SMSS.EXE >
[2008.01.19 08:33:31 | 00,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009.04.11 07:28:04 | 00,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\System32\smss.exe
[2009.04.11 07:28:04 | 00,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe
[2006.11.02 10:45:45 | 00,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe
< MD5 for: SVCHOST.EXE >
[2006.11.02 10:45:47 | 00,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008.01.19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >
[2008.01.19 08:33:33 | 00,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.19 08:33:33 | 00,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 00,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 00,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 07:28:13 | 00,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 00,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 00,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 00,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.01.19 08:37:09 | 00,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\ERDNT\cache\ws2_32.dll
[2006.11.02 10:46:14 | 00,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[2008.01.19 08:37:09 | 00,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008.01.19 08:37:09 | 00,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 07:27:47 | 00,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 07:28:23 | 00,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
========== Alternate Data Streams ==========
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:1CE11B51
< End of report >
- Přílohy
-
- Extras.zip
- (5.43 KiB) Staženo 68 x
Re: Combofix hlásí rootkit
Ten prvni log se smazal muzu zkusit ho obnovit. Takze se to asi diky me blbosti nevyresi
Re: Combofix hlásí rootkit
dik za snahu
no teoreticky vlastne jo ale pri tom druhym se mi seklo pc driv nez zacal skenovat
no teoreticky vlastne jo ale pri tom druhym se mi seklo pc driv nez zacal skenovat
- Přílohy
-
- Qoobox.zip
- (12.04 KiB) Staženo 76 x
Re: Combofix hlásí rootkit
log z CF
ComboFix 10-01-26.06 - Irma 27.01.2010 18:48:49.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.959.156 [GMT 1:00]
Spuštěný z: c:\users\Irma\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-27 do 2010-01-27 )))))))))))))))))))))))))))))))
.
2010-01-27 17:58 . 2010-01-27 18:00 -------- d-----w- c:\users\Irma\AppData\Local\temp
2010-01-27 17:58 . 2010-01-27 17:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-27 17:58 . 2010-01-27 17:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-27 17:14 . 2010-01-27 17:44 -------- d-----w- c:\program files\R-Studio
2010-01-27 16:09 . 2010-01-27 16:09 77312 ----a-w- C:\mbr.exe
2010-01-27 15:12 . 2010-01-27 15:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-27 15:12 . 2010-01-27 15:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-27 15:00 . 2010-01-19 13:13 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-27 15:00 . 2010-01-19 11:42 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-27 15:00 . 2010-01-19 11:43 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-27 15:00 . 2010-01-19 11:46 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-27 15:00 . 2010-01-19 11:43 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-01-27 14:59 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-27 14:59 . 2010-01-19 11:57 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-27 14:59 . 2010-01-27 14:59 -------- d-----w- c:\programdata\Alwil Software
2010-01-27 14:59 . 2010-01-27 14:59 -------- d-----w- c:\program files\Alwil Software
2010-01-27 11:15 . 2010-01-27 11:15 -------- d-----w- c:\program files\Kaspersky Lab
2010-01-27 11:12 . 2010-01-27 11:12 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-01-27 10:01 . 2010-01-27 10:01 -------- d-----w- c:\program files\CCleaner
2010-01-27 09:31 . 2010-01-27 11:08 -------- d-----w- c:\programdata\PC Tools
2010-01-27 08:35 . 2010-01-27 08:35 -------- d-----w- c:\users\Irma\AppData\Roaming\URSoft
2010-01-27 08:35 . 2010-01-27 08:35 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-01-12 22:43 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 22:43 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-09 10:28 . 2010-01-09 10:36 -------- d-----w- c:\users\Irma\AppData\Roaming\U3
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 11:32 . 2007-04-28 15:51 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-01-27 08:32 . 2007-01-08 21:09 598600 ----a-w- c:\windows\system32\perfh005.dat
2010-01-27 08:32 . 2007-01-08 21:09 114808 ----a-w- c:\windows\system32\perfc005.dat
2010-01-14 10:12 . 2009-10-03 11:13 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 22:53 . 2007-04-13 09:46 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 22:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-02 06:38 . 2010-01-21 20:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 20:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 20:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 20:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-20 08:16 . 2009-12-20 08:16 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-13 19:18 . 2009-12-13 19:18 -------- d-----w- c:\program files\MSXML 4.0
2009-12-09 22:58 . 2009-12-09 22:58 -------- d-----w- c:\program files\Software602
2009-12-04 13:04 . 2009-12-04 13:04 -------- d-----w- c:\program files\AVG
2009-12-04 12:51 . 2009-12-04 12:51 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-04 12:50 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-04 12:50 . 2009-12-04 12:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-03 05:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-03 05:16 . 2009-12-03 05:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-11-28 14:57 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-11-28 14:57 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-11-26 21:31 . 2007-10-23 07:00 99864 ----a-w- c:\users\Irma\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-09 12:31 . 2009-12-13 19:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-13 19:17 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-13 19:17 411648 ----a-w- c:\windows\system32\drivers\http.sys
2004-12-02 05:18 . 2007-04-13 10:17 222390 --sha-r- c:\windows\ConfigSetRoot\IO.SYS
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Remote Control.lnk - c:\program files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe [2007-7-12 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):76,ac,b4,1d,d9,73,ca,01
R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [27.1.2010 16:00 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [27.1.2010 16:00 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [27.1.2010 16:00 51792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [27.1.2010 16:12 1153368]
R3 3xHybrid;3xHybrid service;c:\windows\System32\drivers\3xHybrid.sys [20.4.2007 12:34 674048]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\System32\drivers\wf2kvcap.sys [4.10.2004 10:34 75925]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [8.6.2008 9:20 21504]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2.11.2006 11:32 1083520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-01-27 c:\windows\Tasks\User_Feed_Synchronization-{0023ABC7-74C2-496E-9CE7-01F885722655}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ctivex.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 18:59
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84F0A910]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82bbfd24
\Driver\ACPI -> acpi.sys @ 0x80613d68
\Driver\atapi -> 0x85941ae0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-01-27 19:06:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-27 18:06
ComboFix2.txt 2010-01-27 14:50
ComboFix3.txt 2010-01-27 09:12
Před spuštěním: Volných bajtů: 185 911 377 920
Po spuštění: Volných bajtů: 185 790 013 440
- - End Of File - - 6A01455A2AE4BC3047AC48C2957AAE98
po vytvoreni logu jsem musel resetovat protoze pri pokusu neco spustit nahlasilo: Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni.
ComboFix 10-01-26.06 - Irma 27.01.2010 18:48:49.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.959.156 [GMT 1:00]
Spuštěný z: c:\users\Irma\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-27 do 2010-01-27 )))))))))))))))))))))))))))))))
.
2010-01-27 17:58 . 2010-01-27 18:00 -------- d-----w- c:\users\Irma\AppData\Local\temp
2010-01-27 17:58 . 2010-01-27 17:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-27 17:58 . 2010-01-27 17:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-27 17:14 . 2010-01-27 17:44 -------- d-----w- c:\program files\R-Studio
2010-01-27 16:09 . 2010-01-27 16:09 77312 ----a-w- C:\mbr.exe
2010-01-27 15:12 . 2010-01-27 15:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-27 15:12 . 2010-01-27 15:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-27 15:00 . 2010-01-19 13:13 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-27 15:00 . 2010-01-19 11:42 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-27 15:00 . 2010-01-19 11:43 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-27 15:00 . 2010-01-19 11:46 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-27 15:00 . 2010-01-19 11:43 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-01-27 14:59 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-27 14:59 . 2010-01-19 11:57 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-27 14:59 . 2010-01-27 14:59 -------- d-----w- c:\programdata\Alwil Software
2010-01-27 14:59 . 2010-01-27 14:59 -------- d-----w- c:\program files\Alwil Software
2010-01-27 11:15 . 2010-01-27 11:15 -------- d-----w- c:\program files\Kaspersky Lab
2010-01-27 11:12 . 2010-01-27 11:12 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-01-27 10:01 . 2010-01-27 10:01 -------- d-----w- c:\program files\CCleaner
2010-01-27 09:31 . 2010-01-27 11:08 -------- d-----w- c:\programdata\PC Tools
2010-01-27 08:35 . 2010-01-27 08:35 -------- d-----w- c:\users\Irma\AppData\Roaming\URSoft
2010-01-27 08:35 . 2010-01-27 08:35 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-01-12 22:43 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 22:43 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-09 10:28 . 2010-01-09 10:36 -------- d-----w- c:\users\Irma\AppData\Roaming\U3
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 11:32 . 2007-04-28 15:51 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-01-27 08:32 . 2007-01-08 21:09 598600 ----a-w- c:\windows\system32\perfh005.dat
2010-01-27 08:32 . 2007-01-08 21:09 114808 ----a-w- c:\windows\system32\perfc005.dat
2010-01-14 10:12 . 2009-10-03 11:13 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 22:53 . 2007-04-13 09:46 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 22:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-02 06:38 . 2010-01-21 20:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 20:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 20:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 20:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-20 08:16 . 2009-12-20 08:16 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-13 19:18 . 2009-12-13 19:18 -------- d-----w- c:\program files\MSXML 4.0
2009-12-09 22:58 . 2009-12-09 22:58 -------- d-----w- c:\program files\Software602
2009-12-04 13:04 . 2009-12-04 13:04 -------- d-----w- c:\program files\AVG
2009-12-04 12:51 . 2009-12-04 12:51 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-04 12:50 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-04 12:50 . 2009-12-04 12:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-03 05:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-03 05:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-03 05:16 . 2009-12-03 05:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-11-28 14:57 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-11-28 14:57 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-11-26 21:31 . 2007-10-23 07:00 99864 ----a-w- c:\users\Irma\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-09 12:31 . 2009-12-13 19:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-13 19:17 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-13 19:17 411648 ----a-w- c:\windows\system32\drivers\http.sys
2004-12-02 05:18 . 2007-04-13 10:17 222390 --sha-r- c:\windows\ConfigSetRoot\IO.SYS
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Remote Control.lnk - c:\program files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe [2007-7-12 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):76,ac,b4,1d,d9,73,ca,01
R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [27.1.2010 16:00 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [27.1.2010 16:00 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [27.1.2010 16:00 51792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [27.1.2010 16:12 1153368]
R3 3xHybrid;3xHybrid service;c:\windows\System32\drivers\3xHybrid.sys [20.4.2007 12:34 674048]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\System32\drivers\wf2kvcap.sys [4.10.2004 10:34 75925]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [8.6.2008 9:20 21504]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2.11.2006 11:32 1083520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-01-27 c:\windows\Tasks\User_Feed_Synchronization-{0023ABC7-74C2-496E-9CE7-01F885722655}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ctivex.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 18:59
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84F0A910]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82bbfd24
\Driver\ACPI -> acpi.sys @ 0x80613d68
\Driver\atapi -> 0x85941ae0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-01-27 19:06:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-27 18:06
ComboFix2.txt 2010-01-27 14:50
ComboFix3.txt 2010-01-27 09:12
Před spuštěním: Volných bajtů: 185 911 377 920
Po spuštění: Volných bajtů: 185 790 013 440
- - End Of File - - 6A01455A2AE4BC3047AC48C2957AAE98
po vytvoreni logu jsem musel resetovat protoze pri pokusu neco spustit nahlasilo: Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni.
Re: Combofix hlásí rootkit
jj prave ho delam. pokusim se jeste obnovit ten nejstarci log z CF. Zatim dik moc
tak RR jsem zkousel 2krat a pokazdy me to spadlo s chybou v nvstor.sys - tak jsem tu sluzbu vyuzivajici ten soubor zakazal. Bohuzel jsem uz nemel cas to zkontrolovat znovu a dneska se k tomu nedostanu. Pristi tyden to sem dam. Zatim dik
tak RR jsem zkousel 2krat a pokazdy me to spadlo s chybou v nvstor.sys - tak jsem tu sluzbu vyuzivajici ten soubor zakazal. Bohuzel jsem uz nemel cas to zkontrolovat znovu a dneska se k tomu nedostanu. Pristi tyden to sem dam. Zatim dik