Conficker?
Re: Conficker?
děkuji všem za pomoc nyní musím najít tu chybu s tím restartem takže ještě jednou díky moc jste mi pomohli
Re: Conficker?
Počkej, ale my jsme ještě neskončili. Chtěla bych vidět log z OTL.
Re: Conficker?
Aha promiň, tady je log, Myslel jsem že už je konec. Je to log z nového scanu, po té opravě chtěl hned restart. OK?
OTL logfile created on: 7/22/2010 10:50:33 AM - Run 2
OTL by OldTimer - Version 3.1.27.0 Folder = c:\Upload\Scan and Antivir
Windows Server 2003 Server 2003 R2 Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): d:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.16 Gb Total Space | 11.21 Gb Free Space | 73.91% Space Free | Partition Type: NTFS
Drive D: | 121.54 Gb Total Space | 14.27 Gb Free Space | 11.74% Space Free | Partition Type: NTFS
Drive E: | 136.69 Gb Total Space | 132.35 Gb Free Space | 96.82% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LVNL-TP2
Current User Name: admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/07/21 07:12:30 | 00,548,352 | ---- | M] (OldTimer Tools) -- c:\Upload\Scan and Antivir\OTL.exe
PRC - [2010/06/10 10:51:52 | 00,943,104 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\dcomp.exe
PRC - [2010/06/07 15:06:34 | 02,045,952 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\unidap.exe
PRC - [2010/06/07 15:06:34 | 00,612,352 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\ipcom.exe
PRC - [2010/05/19 07:46:15 | 00,419,840 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\unitgnum.exe
PRC - [2010/05/18 14:07:43 | 00,615,424 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\outmgr.exe
PRC - [2010/05/18 13:12:04 | 00,844,288 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\mssenc.exe
PRC - [2010/04/21 07:36:41 | 00,483,328 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\vafit.exe
PRC - [2010/04/07 13:46:04 | 00,483,328 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\mbserver.exe
PRC - [2010/04/07 13:46:03 | 00,860,160 | ---- | M] (ERA Corporation, Pardubice, CZ) -- C:\Program Files\ERA\TP\diag_coder.exe
PRC - [2010/04/07 13:46:03 | 00,483,328 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\irrma.exe
PRC - [2009/12/04 09:33:06 | 00,196,608 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\VersionManager\VersionManager.exe
PRC - [2009/08/21 14:47:36 | 00,634,880 | ---- | M] (ERA Corporation) -- C:\Program Files\ERA\TP\diag_pre.exe
PRC - [2009/08/17 13:01:10 | 00,344,064 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\pdrec.exe
PRC - [2009/08/14 06:03:31 | 00,588,800 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\cmdmgr.exe
PRC - [2009/05/27 10:44:52 | 00,546,304 | ---- | M] (ERA a.s. Pardubice, CZ) -- C:\Program Files\ERA\TP\ntpinfo.exe
PRC - [2009/05/25 10:22:30 | 00,711,680 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\cfgmgr.exe
PRC - [2009/04/01 07:29:24 | 00,081,920 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\fdsmgr2.exe
PRC - [2009/03/25 11:30:50 | 00,570,880 | ---- | M] (ERA a.s. Pardubice, CZ) -- C:\Program Files\ERA\TP\HwMgr.exe
PRC - [2009/02/27 09:13:54 | 00,528,384 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\enrec.exe
PRC - [2008/04/25 07:58:32 | 00,544,768 | ---- | M] ( Era Corporation) -- C:\Program Files\ERA\TP\pcpx.exe
PRC - [2008/04/22 07:03:00 | 01,083,848 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE
PRC - [2008/02/04 13:48:00 | 00,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\NCU\cpqteam.exe
PRC - [2008/01/31 13:35:02 | 00,007,680 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
PRC - [2008/01/22 11:55:34 | 00,005,120 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe
PRC - [2008/01/17 15:27:10 | 00,638,976 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
PRC - [2008/01/11 12:13:00 | 00,006,656 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\sysdown.exe
PRC - [2008/01/11 12:12:14 | 00,004,608 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe
PRC - [2008/01/11 12:11:28 | 00,010,240 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\cpqrcmc.exe
PRC - [2007/12/05 08:56:42 | 00,241,136 | ---- | M] () -- C:\Program Files\NTP\bin\ntpd.exe
PRC - [2007/11/28 15:17:08 | 01,417,282 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\bin\smhstart.exe
PRC - [2007/11/28 15:16:30 | 00,041,027 | ---- | M] (Apache Software Foundation) -- C:\hp\hpsmh\bin\rotatelogs.exe
PRC - [2007/11/28 15:16:00 | 00,024,631 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\bin\hpsmhd.exe
PRC - [2007/11/09 00:47:44 | 00,884,696 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageEchoServer\TimounterMonitor.exe
PRC - [2007/11/09 00:32:48 | 00,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/11/09 00:32:42 | 00,423,192 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/11/09 00:30:14 | 01,274,584 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageEchoServer\TrueImageMonitor.exe
PRC - [2007/11/08 08:00:00 | 00,019,456 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe
PRC - [2007/11/06 14:01:46 | 00,125,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Cissesrv\cissesrv.exe
PRC - [2007/02/18 12:00:00 | 01,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/18 12:00:00 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007/02/18 12:00:00 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2007/02/18 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
========== Modules (SafeList) ==========
MOD - [2010/07/21 07:12:30 | 00,548,352 | ---- | M] (OldTimer Tools) -- c:\Upload\Scan and Antivir\OTL.exe
MOD - [2007/02/18 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2007/02/17 06:04:16 | 01,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/12/04 09:33:06 | 00,196,608 | ---- | M] (ERA a.s.) [Auto | Running] -- C:\Program Files\ERA\VersionManager\VersionManager.exe -- (VersionManager)
SRV - [2009/10/20 18:19:48 | 00,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/16 06:25:46 | 00,573,515 | ---- | M] (Ixia) [On_Demand | Stopped] -- C:\Program Files\Ixia\Endpoint\endpoint.exe -- (IxiaEndpoint)
SRV - [2008/04/25 07:58:32 | 00,544,768 | ---- | M] ( Era Corporation) [Auto | Running] -- C:\Program Files\ERA\TP\pcpx.exe -- (ERA PCP TP)
SRV - [2008/01/31 13:35:02 | 00,007,680 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe -- (CpqNicMgmt)
SRV - [2008/01/22 11:55:34 | 00,200,192 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\WINDOWS\system32\CIMntfy\cimntfy.exe -- (CIMnotify)
SRV - [2008/01/22 11:55:34 | 00,005,120 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe -- (CqMgHost)
SRV - [2008/01/17 15:27:10 | 00,638,976 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe -- (cpqvcagent)
SRV - [2008/01/11 12:13:00 | 00,006,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\sysdown.exe -- (sysdown)
SRV - [2008/01/11 12:12:14 | 00,004,608 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe -- (CqMgServ)
SRV - [2008/01/11 12:11:28 | 00,010,240 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\cpqrcmc.exe -- (CpqRcmc)
SRV - [2007/12/05 08:56:42 | 00,241,136 | ---- | M] () [Auto | Running] -- C:\Program Files\NTP\bin\ntpd.exe -- (NTP)
SRV - [2007/11/28 15:17:08 | 01,417,282 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\hp\hpsmh\bin\smhstart.exe -- (SysMgmtHp)
SRV - [2007/11/09 00:32:42 | 00,423,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/11/08 08:00:00 | 00,019,456 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe -- (CqMgStor)
SRV - [2007/11/06 14:01:46 | 00,125,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\HP\Cissesrv\cissesrv.exe -- (Cissesrv)
SRV - [2007/02/18 12:00:00 | 00,792,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/18 12:00:00 | 00,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007/02/18 12:00:00 | 00,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/18 12:00:00 | 00,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/18 12:00:00 | 00,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/18 12:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2007/02/18 12:00:00 | 00,040,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2007/02/18 12:00:00 | 00,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/18 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2007/02/18 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/18 12:00:00 | 00,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
========== Driver Services (SafeList) ==========
DRV - [2009/10/20 18:19:44 | 00,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/02/23 20:25:06 | 00,425,000 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2008/02/23 20:24:56 | 00,052,736 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bxnd52x.sys -- (l2nd)
DRV - [2008/01/30 03:01:46 | 00,217,600 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cpqteam.sys -- (CPQTeamMP)
DRV - [2008/01/30 03:01:46 | 00,217,600 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cpqteam.sys -- (CPQTeam)
DRV - [2008/01/28 15:54:02 | 00,454,688 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/01/28 15:54:02 | 00,043,008 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/01/28 15:53:52 | 00,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/01/16 14:07:22 | 00,067,624 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\HpCISSs2.sys -- (HpCISSs2)
DRV - [2008/01/11 12:13:00 | 00,117,248 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpqilo2.sys -- (hpqilo2)
DRV - [2007/11/13 09:32:23 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/25 20:32:10 | 01,431,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/08/02 15:41:08 | 00,042,536 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cpqcidrv.sys -- (CpqCiDrv)
DRV - [2007/02/18 12:00:00 | 00,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/18 12:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2007/02/18 12:00:00 | 00,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/02/18 12:00:00 | 00,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2007/02/18 12:00:00 | 00,020,480 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/01/26 03:25:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/01/26 03:25:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2008/01/26 03:24:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\krlubc24.default\extensions
[2008/01/26 03:24:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/26 03:24:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/02/02 10:07:52 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/02/02 10:07:52 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/02/02 10:07:53 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/02/02 10:07:54 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/02/02 10:07:55 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
O1 HOSTS File: ([2010/01/19 14:35:08 | 00,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEchoServer\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [CPQTEAM] C:\Program Files\HP\NCU\cpqteam.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEchoServer\TrueImageMonitor.exe (Acronis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/05 14:33:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/07/22 10:31:20 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/07/21 11:05:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/07/20 11:45:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Malwarebytes
[2010/07/20 11:44:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/20 09:01:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/19 14:00:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/14 16:06:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/06/22 12:03:03 | 00,000,000 | ---D | C] -- C:\perflogs
[2010/06/22 10:59:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Wireshark
[2010/06/22 10:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2007/12/05 14:33:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/12/05 14:33:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/05 14:33:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/12/05 14:33:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
========== Files - Modified Within 30 Days ==========
[2010/07/22 10:50:15 | 00,005,298 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010/07/22 10:50:10 | 00,000,438 | RHS- | M] () -- C:\Documents and Settings\admin\ntuser.pol
[2010/07/22 10:49:42 | 00,523,874 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/22 10:49:42 | 00,444,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/22 10:49:42 | 00,069,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/22 10:45:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/22 10:45:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/22 10:41:22 | 02,097,152 | -H-- | M] () -- C:\Documents and Settings\admin\NTUSER.DAT
[2010/07/22 10:41:22 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\admin\ntuser.ini
[2010/07/22 10:41:21 | 03,751,286 | -H-- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\IconCache.db
[2010/07/21 09:06:30 | 00,001,732 | -H-- | M] () -- C:\Documents and Settings\admin\My Documents\Default.rdp
[2010/07/21 08:52:26 | 00,001,417 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk
[2010/07/19 13:48:11 | 00,000,115 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2010/07/14 11:45:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
========== Files Created - No Company Name ==========
[2009/10/20 18:19:30 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/09/17 14:14:54 | 00,000,115 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008/02/04 09:34:36 | 00,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2008/02/04 09:34:35 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/01/28 15:34:29 | 00,005,298 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007/12/05 15:49:49 | 00,061,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/12/05 15:19:50 | 00,179,440 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2007/12/05 15:19:26 | 00,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2007/12/05 15:19:26 | 00,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2007/12/05 15:19:26 | 00,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2007/12/05 15:18:20 | 00,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2007/12/05 15:18:14 | 00,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2007/11/08 08:00:00 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\cqstrutl.dll
[2007/04/18 16:25:36 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\lpcio.dll
< End of report >
OTL logfile created on: 7/22/2010 10:50:33 AM - Run 2
OTL by OldTimer - Version 3.1.27.0 Folder = c:\Upload\Scan and Antivir
Windows Server 2003 Server 2003 R2 Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): d:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.16 Gb Total Space | 11.21 Gb Free Space | 73.91% Space Free | Partition Type: NTFS
Drive D: | 121.54 Gb Total Space | 14.27 Gb Free Space | 11.74% Space Free | Partition Type: NTFS
Drive E: | 136.69 Gb Total Space | 132.35 Gb Free Space | 96.82% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LVNL-TP2
Current User Name: admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/07/21 07:12:30 | 00,548,352 | ---- | M] (OldTimer Tools) -- c:\Upload\Scan and Antivir\OTL.exe
PRC - [2010/06/10 10:51:52 | 00,943,104 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\dcomp.exe
PRC - [2010/06/07 15:06:34 | 02,045,952 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\unidap.exe
PRC - [2010/06/07 15:06:34 | 00,612,352 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\ipcom.exe
PRC - [2010/05/19 07:46:15 | 00,419,840 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\unitgnum.exe
PRC - [2010/05/18 14:07:43 | 00,615,424 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\outmgr.exe
PRC - [2010/05/18 13:12:04 | 00,844,288 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\mssenc.exe
PRC - [2010/04/21 07:36:41 | 00,483,328 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\vafit.exe
PRC - [2010/04/07 13:46:04 | 00,483,328 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\mbserver.exe
PRC - [2010/04/07 13:46:03 | 00,860,160 | ---- | M] (ERA Corporation, Pardubice, CZ) -- C:\Program Files\ERA\TP\diag_coder.exe
PRC - [2010/04/07 13:46:03 | 00,483,328 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\irrma.exe
PRC - [2009/12/04 09:33:06 | 00,196,608 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\VersionManager\VersionManager.exe
PRC - [2009/08/21 14:47:36 | 00,634,880 | ---- | M] (ERA Corporation) -- C:\Program Files\ERA\TP\diag_pre.exe
PRC - [2009/08/17 13:01:10 | 00,344,064 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\pdrec.exe
PRC - [2009/08/14 06:03:31 | 00,588,800 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\cmdmgr.exe
PRC - [2009/05/27 10:44:52 | 00,546,304 | ---- | M] (ERA a.s. Pardubice, CZ) -- C:\Program Files\ERA\TP\ntpinfo.exe
PRC - [2009/05/25 10:22:30 | 00,711,680 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\cfgmgr.exe
PRC - [2009/04/01 07:29:24 | 00,081,920 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\fdsmgr2.exe
PRC - [2009/03/25 11:30:50 | 00,570,880 | ---- | M] (ERA a.s. Pardubice, CZ) -- C:\Program Files\ERA\TP\HwMgr.exe
PRC - [2009/02/27 09:13:54 | 00,528,384 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\enrec.exe
PRC - [2008/04/25 07:58:32 | 00,544,768 | ---- | M] ( Era Corporation) -- C:\Program Files\ERA\TP\pcpx.exe
PRC - [2008/04/22 07:03:00 | 01,083,848 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE
PRC - [2008/02/04 13:48:00 | 00,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\NCU\cpqteam.exe
PRC - [2008/01/31 13:35:02 | 00,007,680 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
PRC - [2008/01/22 11:55:34 | 00,005,120 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe
PRC - [2008/01/17 15:27:10 | 00,638,976 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
PRC - [2008/01/11 12:13:00 | 00,006,656 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\sysdown.exe
PRC - [2008/01/11 12:12:14 | 00,004,608 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe
PRC - [2008/01/11 12:11:28 | 00,010,240 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\cpqrcmc.exe
PRC - [2007/12/05 08:56:42 | 00,241,136 | ---- | M] () -- C:\Program Files\NTP\bin\ntpd.exe
PRC - [2007/11/28 15:17:08 | 01,417,282 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\bin\smhstart.exe
PRC - [2007/11/28 15:16:30 | 00,041,027 | ---- | M] (Apache Software Foundation) -- C:\hp\hpsmh\bin\rotatelogs.exe
PRC - [2007/11/28 15:16:00 | 00,024,631 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\bin\hpsmhd.exe
PRC - [2007/11/09 00:47:44 | 00,884,696 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageEchoServer\TimounterMonitor.exe
PRC - [2007/11/09 00:32:48 | 00,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/11/09 00:32:42 | 00,423,192 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/11/09 00:30:14 | 01,274,584 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageEchoServer\TrueImageMonitor.exe
PRC - [2007/11/08 08:00:00 | 00,019,456 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe
PRC - [2007/11/06 14:01:46 | 00,125,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Cissesrv\cissesrv.exe
PRC - [2007/02/18 12:00:00 | 01,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/18 12:00:00 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007/02/18 12:00:00 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2007/02/18 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
========== Modules (SafeList) ==========
MOD - [2010/07/21 07:12:30 | 00,548,352 | ---- | M] (OldTimer Tools) -- c:\Upload\Scan and Antivir\OTL.exe
MOD - [2007/02/18 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2007/02/17 06:04:16 | 01,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/12/04 09:33:06 | 00,196,608 | ---- | M] (ERA a.s.) [Auto | Running] -- C:\Program Files\ERA\VersionManager\VersionManager.exe -- (VersionManager)
SRV - [2009/10/20 18:19:48 | 00,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/16 06:25:46 | 00,573,515 | ---- | M] (Ixia) [On_Demand | Stopped] -- C:\Program Files\Ixia\Endpoint\endpoint.exe -- (IxiaEndpoint)
SRV - [2008/04/25 07:58:32 | 00,544,768 | ---- | M] ( Era Corporation) [Auto | Running] -- C:\Program Files\ERA\TP\pcpx.exe -- (ERA PCP TP)
SRV - [2008/01/31 13:35:02 | 00,007,680 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe -- (CpqNicMgmt)
SRV - [2008/01/22 11:55:34 | 00,200,192 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\WINDOWS\system32\CIMntfy\cimntfy.exe -- (CIMnotify)
SRV - [2008/01/22 11:55:34 | 00,005,120 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe -- (CqMgHost)
SRV - [2008/01/17 15:27:10 | 00,638,976 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe -- (cpqvcagent)
SRV - [2008/01/11 12:13:00 | 00,006,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\sysdown.exe -- (sysdown)
SRV - [2008/01/11 12:12:14 | 00,004,608 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe -- (CqMgServ)
SRV - [2008/01/11 12:11:28 | 00,010,240 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\cpqrcmc.exe -- (CpqRcmc)
SRV - [2007/12/05 08:56:42 | 00,241,136 | ---- | M] () [Auto | Running] -- C:\Program Files\NTP\bin\ntpd.exe -- (NTP)
SRV - [2007/11/28 15:17:08 | 01,417,282 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\hp\hpsmh\bin\smhstart.exe -- (SysMgmtHp)
SRV - [2007/11/09 00:32:42 | 00,423,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/11/08 08:00:00 | 00,019,456 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe -- (CqMgStor)
SRV - [2007/11/06 14:01:46 | 00,125,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\HP\Cissesrv\cissesrv.exe -- (Cissesrv)
SRV - [2007/02/18 12:00:00 | 00,792,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/18 12:00:00 | 00,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007/02/18 12:00:00 | 00,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/18 12:00:00 | 00,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/18 12:00:00 | 00,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/18 12:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2007/02/18 12:00:00 | 00,040,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2007/02/18 12:00:00 | 00,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/18 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2007/02/18 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/18 12:00:00 | 00,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
========== Driver Services (SafeList) ==========
DRV - [2009/10/20 18:19:44 | 00,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/02/23 20:25:06 | 00,425,000 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2008/02/23 20:24:56 | 00,052,736 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bxnd52x.sys -- (l2nd)
DRV - [2008/01/30 03:01:46 | 00,217,600 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cpqteam.sys -- (CPQTeamMP)
DRV - [2008/01/30 03:01:46 | 00,217,600 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cpqteam.sys -- (CPQTeam)
DRV - [2008/01/28 15:54:02 | 00,454,688 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/01/28 15:54:02 | 00,043,008 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/01/28 15:53:52 | 00,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/01/16 14:07:22 | 00,067,624 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\HpCISSs2.sys -- (HpCISSs2)
DRV - [2008/01/11 12:13:00 | 00,117,248 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpqilo2.sys -- (hpqilo2)
DRV - [2007/11/13 09:32:23 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/25 20:32:10 | 01,431,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/08/02 15:41:08 | 00,042,536 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cpqcidrv.sys -- (CpqCiDrv)
DRV - [2007/02/18 12:00:00 | 00,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/18 12:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2007/02/18 12:00:00 | 00,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/02/18 12:00:00 | 00,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2007/02/18 12:00:00 | 00,020,480 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/01/26 03:25:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/01/26 03:25:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2008/01/26 03:24:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\krlubc24.default\extensions
[2008/01/26 03:24:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/26 03:24:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/02/02 10:07:52 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/02/02 10:07:52 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/02/02 10:07:53 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/02/02 10:07:54 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/02/02 10:07:55 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
O1 HOSTS File: ([2010/01/19 14:35:08 | 00,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEchoServer\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [CPQTEAM] C:\Program Files\HP\NCU\cpqteam.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEchoServer\TrueImageMonitor.exe (Acronis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/05 14:33:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/07/22 10:31:20 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/07/21 11:05:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/07/20 11:45:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Malwarebytes
[2010/07/20 11:44:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/20 09:01:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/19 14:00:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/14 16:06:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/06/22 12:03:03 | 00,000,000 | ---D | C] -- C:\perflogs
[2010/06/22 10:59:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Wireshark
[2010/06/22 10:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2007/12/05 14:33:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/12/05 14:33:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/05 14:33:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/12/05 14:33:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
========== Files - Modified Within 30 Days ==========
[2010/07/22 10:50:15 | 00,005,298 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010/07/22 10:50:10 | 00,000,438 | RHS- | M] () -- C:\Documents and Settings\admin\ntuser.pol
[2010/07/22 10:49:42 | 00,523,874 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/22 10:49:42 | 00,444,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/22 10:49:42 | 00,069,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/22 10:45:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/22 10:45:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/22 10:41:22 | 02,097,152 | -H-- | M] () -- C:\Documents and Settings\admin\NTUSER.DAT
[2010/07/22 10:41:22 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\admin\ntuser.ini
[2010/07/22 10:41:21 | 03,751,286 | -H-- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\IconCache.db
[2010/07/21 09:06:30 | 00,001,732 | -H-- | M] () -- C:\Documents and Settings\admin\My Documents\Default.rdp
[2010/07/21 08:52:26 | 00,001,417 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk
[2010/07/19 13:48:11 | 00,000,115 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2010/07/14 11:45:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
========== Files Created - No Company Name ==========
[2009/10/20 18:19:30 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/09/17 14:14:54 | 00,000,115 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008/02/04 09:34:36 | 00,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2008/02/04 09:34:35 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/01/28 15:34:29 | 00,005,298 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007/12/05 15:49:49 | 00,061,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/12/05 15:19:50 | 00,179,440 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2007/12/05 15:19:26 | 00,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2007/12/05 15:19:26 | 00,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2007/12/05 15:19:26 | 00,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2007/12/05 15:18:20 | 00,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2007/12/05 15:18:14 | 00,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2007/11/08 08:00:00 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\cqstrutl.dll
[2007/04/18 16:25:36 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\lpcio.dll
< End of report >
Re: Conficker?
Prosím Tě, potřebuji vidět, jestli něco zmizelo.
Vlož do okénka v OTL tento text
A klikni na prohledat.
Stahni AVPtool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
-nainstaluj, nech provést sken všechn jednotek
-co najde nech léčit
-pak sem vlož log.
Vlož do okénka v OTL tento text
Kód: Vybrat vše
netsvcsA klikni na prohledat.
Stahni AVPtool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
-nainstaluj, nech provést sken všechn jednotek
-co najde nech léčit
-pak sem vlož log.
Re: Conficker?
Ahoj, tak vzhledem k tomu, že zatím mě odpojili a budu se na to moci podívat až za pár dní, tak budu mít chvilku prodlevu. Až udělám ty logy tak se opět ozvu.
Re: Conficker?
Dobře, pak se ozvi
Re: Conficker?
Orcus píše:Zdar,
bude potřeba se prohrabat v regedit k run klicim :)) Protoze tam bude pravdepodobne zakopanej pes:)
bude to tusim HKCU mozna HKLM - currentcontrolset - services
tam podle jmena dohledej sluzbu... zkus smazat klic.
Kdyz nepujde, tak takovej workaround je ten klic editovat a pri editovani natvrdo resetovat bednu - pak by mel jit ten klic po nabehnuti win odstranit :)
naprosto presne vyskytuje se to ve slozce do ktere se nejcasteji kopiruje s flash pameti.... nezapomente si hlawne vsichni proskenovat flashky,,postupne to napada i win sluzbu schvst.exe a ostatni tedy sp samotny firewall a instalace aktualizace to dokaze potom poradne osalit muze se stat ze taky budete aktualizovat kazdy den hlavne u systemu win xp
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti