Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6868642562
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
Službu budeme muset odstranit až pomocí Combofixu.
Conficker?
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Conficker?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Conficker?
Ahoj, tak jsem to fixnul a pak spustil ten program (log je níže). K tomu jsem bohužel nemohl stáhnout aktualizace, protože server není připojený k internetu. Ještě předtím jsem ale smazal tu službu, která hlásila problémy (sc delete "název služby") a už se nic neobjevuje. Není to asi ideální řešení a rád by jsem se zbavil jakéhokoliv náznaku viru. Podle logu to vypadá ok, ale počkám na vyjádření někoho z vás.
Díky moc
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.2.3790 Service Pack 2
Internet Explorer 7.0.5730.13
7/20/2010 11:54:13 AM
mbam-log-2010-07-20 (11-54-13).txt
Scan type: Quick scan
Objects scanned: 124733
Time elapsed: 1 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Díky moc
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.2.3790 Service Pack 2
Internet Explorer 7.0.5730.13
7/20/2010 11:54:13 AM
mbam-log-2010-07-20 (11-54-13).txt
Scan type: Quick scan
Objects scanned: 124733
Time elapsed: 1 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Conficker?
pokud můžeš:
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Conficker?
Ahoj,
s tím je problém. Při spuštění ComboFixu mi vyběhne chybová hláška nekompatibilní operační systém a tím skončím. Do nouzového režimu se nedostanu, protože mám VPN jen do Windows. Používaný OS je Windows 2003 Server.
Dík za jakoukoliv radu.
s tím je problém. Při spuštění ComboFixu mi vyběhne chybová hláška nekompatibilní operační systém a tím skončím. Do nouzového režimu se nedostanu, protože mám VPN jen do Windows. Používaný OS je Windows 2003 Server.
Dík za jakoukoliv radu.
- Přílohy
-
Re: Conficker?
Ahoj, než se tu objeví Jaro3 
Zkus jestli bude fungovat OTL
Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:
-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož
Zkus jestli bude fungovat OTL
Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož
Re: Conficker?
Bohužel takovýto odkaz nestáhnu, hodí mi to přístup zamítnut, asi je to bloklý někde na našem serveru. Můžeš mi to uložit třeba na leteckou poštu? Koukal jsem jinde, ale odkaz je všude přímo na ten exe soubor.
Re: Conficker?
Chceš to zabalit do raru?
Re: Conficker?
OTL logfile created on: 7/21/2010 7:31:34 AM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Upload
Windows Server 2003 Server 2003 R2 Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): d:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.16 Gb Total Space | 11.20 Gb Free Space | 73.83% Space Free | Partition Type: NTFS
Drive D: | 121.54 Gb Total Space | 14.13 Gb Free Space | 11.63% Space Free | Partition Type: NTFS
Drive E: | 136.69 Gb Total Space | 132.35 Gb Free Space | 96.82% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LVNL-TP2
Current User Name: admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/07/21 07:12:30 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Upload\OTL.exe
PRC - [2010/06/10 10:51:52 | 00,943,104 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\dcomp.exe
PRC - [2010/06/07 15:06:34 | 02,045,952 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\unidap.exe
PRC - [2010/06/07 15:06:34 | 00,612,352 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\ipcom.exe
PRC - [2010/05/19 07:46:15 | 00,419,840 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\unitgnum.exe
PRC - [2010/05/18 14:07:43 | 00,615,424 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\outmgr.exe
PRC - [2010/05/18 13:12:04 | 00,844,288 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\mssenc.exe
PRC - [2010/04/21 07:36:41 | 00,483,328 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\vafit.exe
PRC - [2010/04/07 13:46:04 | 00,483,328 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\mbserver.exe
PRC - [2010/04/07 13:46:03 | 00,860,160 | ---- | M] (ERA Corporation, Pardubice, CZ) -- C:\Program Files\ERA\TP\diag_coder.exe
PRC - [2010/04/07 13:46:03 | 00,483,328 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\irrma.exe
PRC - [2009/12/04 09:33:06 | 00,196,608 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\VersionManager\VersionManager.exe
PRC - [2009/08/21 14:47:36 | 00,634,880 | ---- | M] (ERA Corporation) -- C:\Program Files\ERA\TP\diag_pre.exe
PRC - [2009/08/17 13:01:10 | 00,344,064 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\pdrec.exe
PRC - [2009/08/14 06:03:31 | 00,588,800 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\cmdmgr.exe
PRC - [2009/05/27 10:44:52 | 00,546,304 | ---- | M] (ERA a.s. Pardubice, CZ) -- C:\Program Files\ERA\TP\ntpinfo.exe
PRC - [2009/05/25 10:22:30 | 00,711,680 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\cfgmgr.exe
PRC - [2009/04/01 07:29:24 | 00,081,920 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\fdsmgr2.exe
PRC - [2009/03/25 11:30:50 | 00,570,880 | ---- | M] (ERA a.s. Pardubice, CZ) -- C:\Program Files\ERA\TP\HwMgr.exe
PRC - [2009/02/27 09:13:54 | 00,528,384 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\enrec.exe
PRC - [2008/04/25 07:58:32 | 00,544,768 | ---- | M] ( Era Corporation) -- C:\Program Files\ERA\TP\pcpx.exe
PRC - [2008/04/22 07:03:00 | 01,083,848 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE
PRC - [2008/02/04 13:48:00 | 00,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\NCU\cpqteam.exe
PRC - [2008/02/02 10:07:41 | 07,655,024 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/01/31 13:35:02 | 00,007,680 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
PRC - [2008/01/22 11:55:34 | 00,005,120 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe
PRC - [2008/01/17 15:27:10 | 00,638,976 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
PRC - [2008/01/11 12:13:00 | 00,006,656 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\sysdown.exe
PRC - [2008/01/11 12:12:14 | 00,004,608 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe
PRC - [2008/01/11 12:11:28 | 00,010,240 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\cpqrcmc.exe
PRC - [2007/12/05 08:56:42 | 00,241,136 | ---- | M] () -- C:\Program Files\NTP\bin\ntpd.exe
PRC - [2007/11/28 15:17:08 | 01,417,282 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\bin\smhstart.exe
PRC - [2007/11/28 15:16:30 | 00,041,027 | ---- | M] (Apache Software Foundation) -- C:\hp\hpsmh\bin\rotatelogs.exe
PRC - [2007/11/28 15:16:00 | 00,024,631 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\bin\hpsmhd.exe
PRC - [2007/11/09 00:47:44 | 00,884,696 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageEchoServer\TimounterMonitor.exe
PRC - [2007/11/09 00:32:48 | 00,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/11/09 00:32:42 | 00,423,192 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/11/09 00:30:14 | 01,274,584 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageEchoServer\TrueImageMonitor.exe
PRC - [2007/11/08 08:00:00 | 00,019,456 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe
PRC - [2007/11/06 14:01:46 | 00,125,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Cissesrv\cissesrv.exe
PRC - [2007/02/18 12:00:00 | 01,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/18 12:00:00 | 00,509,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2007/02/18 12:00:00 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2007/02/18 12:00:00 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007/02/18 12:00:00 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2007/02/18 12:00:00 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
PRC - [2007/02/18 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
========== Modules (SafeList) ==========
MOD - [2010/07/21 07:12:30 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Upload\OTL.exe
MOD - [2007/02/18 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2007/02/17 06:04:16 | 01,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/12/04 09:33:06 | 00,196,608 | ---- | M] (ERA a.s.) [Auto | Running] -- C:\Program Files\ERA\VersionManager\VersionManager.exe -- (VersionManager)
SRV - [2009/10/20 18:19:48 | 00,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/16 06:25:46 | 00,573,515 | ---- | M] (Ixia) [On_Demand | Stopped] -- C:\Program Files\Ixia\Endpoint\endpoint.exe -- (IxiaEndpoint)
SRV - [2008/04/25 07:58:32 | 00,544,768 | ---- | M] ( Era Corporation) [Auto | Running] -- C:\Program Files\ERA\TP\pcpx.exe -- (ERA PCP TP)
SRV - [2008/01/31 13:35:02 | 00,007,680 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe -- (CpqNicMgmt)
SRV - [2008/01/22 11:55:34 | 00,200,192 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\WINDOWS\system32\CIMntfy\cimntfy.exe -- (CIMnotify)
SRV - [2008/01/22 11:55:34 | 00,005,120 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe -- (CqMgHost)
SRV - [2008/01/17 15:27:10 | 00,638,976 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe -- (cpqvcagent)
SRV - [2008/01/11 12:13:00 | 00,006,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\sysdown.exe -- (sysdown)
SRV - [2008/01/11 12:12:14 | 00,004,608 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe -- (CqMgServ)
SRV - [2008/01/11 12:11:28 | 00,010,240 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\cpqrcmc.exe -- (CpqRcmc)
SRV - [2007/12/05 08:56:42 | 00,241,136 | ---- | M] () [Auto | Running] -- C:\Program Files\NTP\bin\ntpd.exe -- (NTP)
SRV - [2007/11/28 15:17:08 | 01,417,282 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\hp\hpsmh\bin\smhstart.exe -- (SysMgmtHp)
SRV - [2007/11/09 00:32:42 | 00,423,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/11/08 08:00:00 | 00,019,456 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe -- (CqMgStor)
SRV - [2007/11/06 14:01:46 | 00,125,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\HP\Cissesrv\cissesrv.exe -- (Cissesrv)
SRV - [2007/02/18 12:00:00 | 00,792,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/18 12:00:00 | 00,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007/02/18 12:00:00 | 00,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/18 12:00:00 | 00,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/18 12:00:00 | 00,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/18 12:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2007/02/18 12:00:00 | 00,040,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2007/02/18 12:00:00 | 00,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/18 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2007/02/18 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/18 12:00:00 | 00,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
========== Driver Services (SafeList) ==========
DRV - [2009/10/20 18:19:44 | 00,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/02/23 20:25:06 | 00,425,000 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2008/02/23 20:24:56 | 00,052,736 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bxnd52x.sys -- (l2nd)
DRV - [2008/01/30 03:01:46 | 00,217,600 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cpqteam.sys -- (CPQTeamMP)
DRV - [2008/01/30 03:01:46 | 00,217,600 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cpqteam.sys -- (CPQTeam)
DRV - [2008/01/28 15:54:02 | 00,454,688 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/01/28 15:54:02 | 00,043,008 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/01/28 15:53:52 | 00,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/01/16 14:07:22 | 00,067,624 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\HpCISSs2.sys -- (HpCISSs2)
DRV - [2008/01/11 12:13:00 | 00,117,248 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpqilo2.sys -- (hpqilo2)
DRV - [2007/11/13 09:32:23 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/25 20:32:10 | 01,431,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/08/02 15:41:08 | 00,042,536 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cpqcidrv.sys -- (CpqCiDrv)
DRV - [2007/02/18 12:00:00 | 00,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/18 12:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2007/02/18 12:00:00 | 00,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/02/18 12:00:00 | 00,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2007/02/18 12:00:00 | 00,020,480 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1879848159-3925274382-669352753-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKU\S-1-5-21-1879848159-3925274382-669352753-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/softAdmin.htm
IE - HKU\S-1-5-21-1879848159-3925274382-669352753-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
IE - HKU\S-1-5-21-1879848159-3925274382-669352753-1003\S-1-5-21-1879848159-3925274382-669352753-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/01/26 03:25:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/01/26 03:25:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2008/01/26 03:24:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\krlubc24.default\extensions
[2008/01/26 03:24:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/26 03:24:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/02/02 10:07:52 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/02/02 10:07:52 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/02/02 10:07:53 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/02/02 10:07:54 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/02/02 10:07:55 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
O1 HOSTS File: ([2010/01/19 14:35:08 | 00,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEchoServer\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [CPQTEAM] C:\Program Files\HP\NCU\cpqteam.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEchoServer\TrueImageMonitor.exe (Acronis)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1879848159-3925274382-669352753-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1879848159-3925274382-669352753-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/05 14:33:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/12/05 15:22:54 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sacsvr - C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
NetSvcs: TrkSvr - C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: eathnoxj - File not found
NetSvcs: ggkywjh - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
SystemRestore not available.
========== Files/Folders - Created Within 30 Days ==========
[2010/07/21 05:49:53 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/20 11:45:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Malwarebytes
[2010/07/20 11:44:56 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/20 11:44:55 | 00,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/20 11:44:55 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/20 11:44:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/20 09:28:09 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/20 09:01:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/19 14:00:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/14 16:06:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/06/22 12:03:03 | 00,000,000 | ---D | C] -- C:\perflogs
[2010/06/22 10:59:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Wireshark
[2010/06/22 10:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2007/12/05 14:33:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/12/05 14:33:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/05 14:33:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/12/05 14:33:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/07/21 07:28:49 | 00,005,292 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010/07/21 05:50:46 | 05,292,054 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\ComboFix.bmp
[2010/07/21 05:35:31 | 03,739,613 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2010/07/20 16:23:40 | 02,097,152 | -H-- | M] () -- C:\Documents and Settings\admin\NTUSER.DAT
[2010/07/20 16:23:40 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\admin\ntuser.ini
[2010/07/20 11:57:36 | 01,695,800 | -H-- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\IconCache.db
[2010/07/20 11:51:02 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\HiJackThis.lnk
[2010/07/20 11:44:58 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 10:49:39 | 00,523,874 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/20 10:49:39 | 00,444,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/20 10:49:39 | 00,069,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/20 10:45:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/20 10:45:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/20 09:28:09 | 00,000,688 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\CCleaner.lnk
[2010/07/19 13:48:11 | 00,000,115 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2010/07/14 15:07:19 | 00,000,438 | RHS- | M] () -- C:\Documents and Settings\admin\ntuser.pol
[2010/07/14 11:45:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/07/21 05:50:28 | 05,292,054 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\ComboFix.bmp
[2010/07/21 05:46:56 | 03,739,613 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2010/07/20 11:44:58 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 09:28:09 | 00,000,688 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\CCleaner.lnk
[2010/07/19 14:00:53 | 00,002,447 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\HiJackThis.lnk
[2009/10/20 18:19:30 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/09/17 14:14:54 | 00,000,115 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008/02/04 09:34:36 | 00,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2008/02/04 09:34:35 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/01/28 15:34:29 | 00,005,292 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007/12/05 15:49:49 | 00,061,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/12/05 15:19:50 | 00,179,440 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2007/12/05 15:19:26 | 00,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2007/12/05 15:19:26 | 00,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2007/12/05 15:19:26 | 00,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2007/12/05 15:18:20 | 00,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2007/12/05 15:18:14 | 00,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2007/11/08 08:00:00 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\cqstrutl.dll
[2007/04/18 16:25:36 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\lpcio.dll
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2007/02/18 12:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
[8 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< MD5 for: AGP440.SYS >
[2007/02/18 12:00:00 | 16,191,101 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2007/02/18 12:00:00 | 16,191,101 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2007/02/18 12:00:00 | 00,096,768 | ---- | M] (Microsoft Corporation) MD5=FF953A8F08CA3F822127654375786BBE -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2007/02/18 12:00:00 | 00,068,608 | ---- | M] (Microsoft Corporation) MD5=3AAB2418271343FE97F98AEF93F50E5F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2007/02/18 12:00:00 | 00,068,608 | ---- | M] (Microsoft Corporation) MD5=3AAB2418271343FE97F98AEF93F50E5F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2007/02/18 12:00:00 | 01,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\explorer.exe
[2007/02/18 12:00:00 | 01,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2007/02/18 12:00:00 | 16,191,101 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2007/02/18 12:00:00 | 00,119,808 | ---- | M] (Microsoft Corporation) MD5=E209A057AB4D30EABF19CA71FE36A6B6 -- C:\WINDOWS\system32\hal.dll
< MD5 for: LSASS.EXE >
[2007/02/18 12:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) MD5=D4B61A935670C57A0DEA81B4F4A12169 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2007/02/18 12:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) MD5=D4B61A935670C57A0DEA81B4F4A12169 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2007/02/18 12:00:00 | 00,210,432 | ---- | M] (Microsoft Corporation) MD5=33739AB31D36184772AF1EE132D5C2E2 -- C:\WINDOWS\system32\dllcache\ndis.sys
[2007/02/18 12:00:00 | 00,210,432 | ---- | M] (Microsoft Corporation) MD5=33739AB31D36184772AF1EE132D5C2E2 -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2007/02/18 12:00:00 | 00,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2007/02/18 12:00:00 | 00,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2007/02/18 12:00:00 | 00,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\system32\dllcache\scecli.dll
[2007/02/18 12:00:00 | 00,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2007/02/18 12:00:00 | 00,053,760 | ---- | M] (Microsoft Corporation) MD5=97E9B4A202E645E7826BE7597B335C47 -- C:\WINDOWS\system32\dllcache\smss.exe
[2007/02/18 12:00:00 | 00,053,760 | ---- | M] (Microsoft Corporation) MD5=97E9B4A202E645E7826BE7597B335C47 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2007/02/18 12:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=C09CCFE81DEC9B162533D7184D705682 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2007/02/18 12:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=C09CCFE81DEC9B162533D7184D705682 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: SYMMPI.SYS >
[2007/02/18 12:00:00 | 16,191,101 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:symmpi.sys
[2007/11/08 22:25:52 | 00,086,528 | ---- | M] (LSI Logic) MD5=24A0901CAFCEE7343EE62565BCFB7C9A -- C:\Program Files\Common Files\Acronis\UniversalRestore\DriversPack\LSILogic\symmpi.sys
< MD5 for: USERINIT.EXE >
[2007/02/18 12:00:00 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2007/02/18 12:00:00 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2007/02/18 12:00:00 | 00,528,384 | ---- | M] (Microsoft Corporation) MD5=B4AA8AE0F18E5DFCF99A671A181D3EDC -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2007/02/18 12:00:00 | 00,528,384 | ---- | M] (Microsoft Corporation) MD5=B4AA8AE0F18E5DFCF99A671A181D3EDC -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2007/02/18 12:00:00 | 00,083,456 | ---- | M] (Microsoft Corporation) MD5=5C34F97D87B2A8C9CB4422E67F2DAB61 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2007/02/18 12:00:00 | 00,083,456 | ---- | M] (Microsoft Corporation) MD5=5C34F97D87B2A8C9CB4422E67F2DAB61 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2007/02/18 12:00:00 | 01,295,872 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< End of report >
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Upload
Windows Server 2003 Server 2003 R2 Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): d:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.16 Gb Total Space | 11.20 Gb Free Space | 73.83% Space Free | Partition Type: NTFS
Drive D: | 121.54 Gb Total Space | 14.13 Gb Free Space | 11.63% Space Free | Partition Type: NTFS
Drive E: | 136.69 Gb Total Space | 132.35 Gb Free Space | 96.82% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LVNL-TP2
Current User Name: admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/07/21 07:12:30 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Upload\OTL.exe
PRC - [2010/06/10 10:51:52 | 00,943,104 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\dcomp.exe
PRC - [2010/06/07 15:06:34 | 02,045,952 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\unidap.exe
PRC - [2010/06/07 15:06:34 | 00,612,352 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\ipcom.exe
PRC - [2010/05/19 07:46:15 | 00,419,840 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\unitgnum.exe
PRC - [2010/05/18 14:07:43 | 00,615,424 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\outmgr.exe
PRC - [2010/05/18 13:12:04 | 00,844,288 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\mssenc.exe
PRC - [2010/04/21 07:36:41 | 00,483,328 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\vafit.exe
PRC - [2010/04/07 13:46:04 | 00,483,328 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\mbserver.exe
PRC - [2010/04/07 13:46:03 | 00,860,160 | ---- | M] (ERA Corporation, Pardubice, CZ) -- C:\Program Files\ERA\TP\diag_coder.exe
PRC - [2010/04/07 13:46:03 | 00,483,328 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\irrma.exe
PRC - [2009/12/04 09:33:06 | 00,196,608 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\VersionManager\VersionManager.exe
PRC - [2009/08/21 14:47:36 | 00,634,880 | ---- | M] (ERA Corporation) -- C:\Program Files\ERA\TP\diag_pre.exe
PRC - [2009/08/17 13:01:10 | 00,344,064 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\pdrec.exe
PRC - [2009/08/14 06:03:31 | 00,588,800 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\cmdmgr.exe
PRC - [2009/05/27 10:44:52 | 00,546,304 | ---- | M] (ERA a.s. Pardubice, CZ) -- C:\Program Files\ERA\TP\ntpinfo.exe
PRC - [2009/05/25 10:22:30 | 00,711,680 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\cfgmgr.exe
PRC - [2009/04/01 07:29:24 | 00,081,920 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\fdsmgr2.exe
PRC - [2009/03/25 11:30:50 | 00,570,880 | ---- | M] (ERA a.s. Pardubice, CZ) -- C:\Program Files\ERA\TP\HwMgr.exe
PRC - [2009/02/27 09:13:54 | 00,528,384 | ---- | M] (ERA a.s.) -- C:\Program Files\ERA\TP\enrec.exe
PRC - [2008/04/25 07:58:32 | 00,544,768 | ---- | M] ( Era Corporation) -- C:\Program Files\ERA\TP\pcpx.exe
PRC - [2008/04/22 07:03:00 | 01,083,848 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE
PRC - [2008/02/04 13:48:00 | 00,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\NCU\cpqteam.exe
PRC - [2008/02/02 10:07:41 | 07,655,024 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/01/31 13:35:02 | 00,007,680 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
PRC - [2008/01/22 11:55:34 | 00,005,120 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe
PRC - [2008/01/17 15:27:10 | 00,638,976 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
PRC - [2008/01/11 12:13:00 | 00,006,656 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\sysdown.exe
PRC - [2008/01/11 12:12:14 | 00,004,608 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe
PRC - [2008/01/11 12:11:28 | 00,010,240 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\cpqrcmc.exe
PRC - [2007/12/05 08:56:42 | 00,241,136 | ---- | M] () -- C:\Program Files\NTP\bin\ntpd.exe
PRC - [2007/11/28 15:17:08 | 01,417,282 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\bin\smhstart.exe
PRC - [2007/11/28 15:16:30 | 00,041,027 | ---- | M] (Apache Software Foundation) -- C:\hp\hpsmh\bin\rotatelogs.exe
PRC - [2007/11/28 15:16:00 | 00,024,631 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\bin\hpsmhd.exe
PRC - [2007/11/09 00:47:44 | 00,884,696 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageEchoServer\TimounterMonitor.exe
PRC - [2007/11/09 00:32:48 | 00,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/11/09 00:32:42 | 00,423,192 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/11/09 00:30:14 | 01,274,584 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageEchoServer\TrueImageMonitor.exe
PRC - [2007/11/08 08:00:00 | 00,019,456 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe
PRC - [2007/11/06 14:01:46 | 00,125,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Cissesrv\cissesrv.exe
PRC - [2007/02/18 12:00:00 | 01,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/18 12:00:00 | 00,509,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2007/02/18 12:00:00 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2007/02/18 12:00:00 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007/02/18 12:00:00 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2007/02/18 12:00:00 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
PRC - [2007/02/18 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
========== Modules (SafeList) ==========
MOD - [2010/07/21 07:12:30 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Upload\OTL.exe
MOD - [2007/02/18 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2007/02/17 06:04:16 | 01,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/12/04 09:33:06 | 00,196,608 | ---- | M] (ERA a.s.) [Auto | Running] -- C:\Program Files\ERA\VersionManager\VersionManager.exe -- (VersionManager)
SRV - [2009/10/20 18:19:48 | 00,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/16 06:25:46 | 00,573,515 | ---- | M] (Ixia) [On_Demand | Stopped] -- C:\Program Files\Ixia\Endpoint\endpoint.exe -- (IxiaEndpoint)
SRV - [2008/04/25 07:58:32 | 00,544,768 | ---- | M] ( Era Corporation) [Auto | Running] -- C:\Program Files\ERA\TP\pcpx.exe -- (ERA PCP TP)
SRV - [2008/01/31 13:35:02 | 00,007,680 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe -- (CpqNicMgmt)
SRV - [2008/01/22 11:55:34 | 00,200,192 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\WINDOWS\system32\CIMntfy\cimntfy.exe -- (CIMnotify)
SRV - [2008/01/22 11:55:34 | 00,005,120 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe -- (CqMgHost)
SRV - [2008/01/17 15:27:10 | 00,638,976 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe -- (cpqvcagent)
SRV - [2008/01/11 12:13:00 | 00,006,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\sysdown.exe -- (sysdown)
SRV - [2008/01/11 12:12:14 | 00,004,608 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe -- (CqMgServ)
SRV - [2008/01/11 12:11:28 | 00,010,240 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\cpqrcmc.exe -- (CpqRcmc)
SRV - [2007/12/05 08:56:42 | 00,241,136 | ---- | M] () [Auto | Running] -- C:\Program Files\NTP\bin\ntpd.exe -- (NTP)
SRV - [2007/11/28 15:17:08 | 01,417,282 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\hp\hpsmh\bin\smhstart.exe -- (SysMgmtHp)
SRV - [2007/11/09 00:32:42 | 00,423,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/11/08 08:00:00 | 00,019,456 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe -- (CqMgStor)
SRV - [2007/11/06 14:01:46 | 00,125,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\HP\Cissesrv\cissesrv.exe -- (Cissesrv)
SRV - [2007/02/18 12:00:00 | 00,792,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/18 12:00:00 | 00,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007/02/18 12:00:00 | 00,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/18 12:00:00 | 00,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/18 12:00:00 | 00,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/18 12:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2007/02/18 12:00:00 | 00,040,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2007/02/18 12:00:00 | 00,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/18 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2007/02/18 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/18 12:00:00 | 00,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
========== Driver Services (SafeList) ==========
DRV - [2009/10/20 18:19:44 | 00,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/02/23 20:25:06 | 00,425,000 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2008/02/23 20:24:56 | 00,052,736 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bxnd52x.sys -- (l2nd)
DRV - [2008/01/30 03:01:46 | 00,217,600 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cpqteam.sys -- (CPQTeamMP)
DRV - [2008/01/30 03:01:46 | 00,217,600 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cpqteam.sys -- (CPQTeam)
DRV - [2008/01/28 15:54:02 | 00,454,688 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/01/28 15:54:02 | 00,043,008 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/01/28 15:53:52 | 00,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/01/16 14:07:22 | 00,067,624 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\HpCISSs2.sys -- (HpCISSs2)
DRV - [2008/01/11 12:13:00 | 00,117,248 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpqilo2.sys -- (hpqilo2)
DRV - [2007/11/13 09:32:23 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/25 20:32:10 | 01,431,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/08/02 15:41:08 | 00,042,536 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cpqcidrv.sys -- (CpqCiDrv)
DRV - [2007/02/18 12:00:00 | 00,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/18 12:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2007/02/18 12:00:00 | 00,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/02/18 12:00:00 | 00,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2007/02/18 12:00:00 | 00,020,480 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1879848159-3925274382-669352753-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKU\S-1-5-21-1879848159-3925274382-669352753-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/softAdmin.htm
IE - HKU\S-1-5-21-1879848159-3925274382-669352753-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
IE - HKU\S-1-5-21-1879848159-3925274382-669352753-1003\S-1-5-21-1879848159-3925274382-669352753-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/01/26 03:25:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/01/26 03:25:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2008/01/26 03:24:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\krlubc24.default\extensions
[2008/01/26 03:24:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/26 03:24:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/02/02 10:07:52 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/02/02 10:07:52 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/02/02 10:07:53 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/02/02 10:07:54 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/02/02 10:07:55 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
O1 HOSTS File: ([2010/01/19 14:35:08 | 00,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEchoServer\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [CPQTEAM] C:\Program Files\HP\NCU\cpqteam.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEchoServer\TrueImageMonitor.exe (Acronis)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1879848159-3925274382-669352753-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1879848159-3925274382-669352753-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/05 14:33:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/12/05 15:22:54 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sacsvr - C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
NetSvcs: TrkSvr - C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: eathnoxj - File not found
NetSvcs: ggkywjh - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
SystemRestore not available.
========== Files/Folders - Created Within 30 Days ==========
[2010/07/21 05:49:53 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/20 11:45:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Malwarebytes
[2010/07/20 11:44:56 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/20 11:44:55 | 00,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/20 11:44:55 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/20 11:44:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/20 09:28:09 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/20 09:01:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/19 14:00:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/14 16:06:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/06/22 12:03:03 | 00,000,000 | ---D | C] -- C:\perflogs
[2010/06/22 10:59:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Wireshark
[2010/06/22 10:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2007/12/05 14:33:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/12/05 14:33:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/05 14:33:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/12/05 14:33:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/07/21 07:28:49 | 00,005,292 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010/07/21 05:50:46 | 05,292,054 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\ComboFix.bmp
[2010/07/21 05:35:31 | 03,739,613 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2010/07/20 16:23:40 | 02,097,152 | -H-- | M] () -- C:\Documents and Settings\admin\NTUSER.DAT
[2010/07/20 16:23:40 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\admin\ntuser.ini
[2010/07/20 11:57:36 | 01,695,800 | -H-- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\IconCache.db
[2010/07/20 11:51:02 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\HiJackThis.lnk
[2010/07/20 11:44:58 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 10:49:39 | 00,523,874 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/20 10:49:39 | 00,444,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/20 10:49:39 | 00,069,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/20 10:45:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/20 10:45:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/20 09:28:09 | 00,000,688 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\CCleaner.lnk
[2010/07/19 13:48:11 | 00,000,115 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2010/07/14 15:07:19 | 00,000,438 | RHS- | M] () -- C:\Documents and Settings\admin\ntuser.pol
[2010/07/14 11:45:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/07/21 05:50:28 | 05,292,054 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\ComboFix.bmp
[2010/07/21 05:46:56 | 03,739,613 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2010/07/20 11:44:58 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 09:28:09 | 00,000,688 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\CCleaner.lnk
[2010/07/19 14:00:53 | 00,002,447 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\HiJackThis.lnk
[2009/10/20 18:19:30 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/09/17 14:14:54 | 00,000,115 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008/02/04 09:34:36 | 00,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2008/02/04 09:34:35 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/01/28 15:34:29 | 00,005,292 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007/12/05 15:49:49 | 00,061,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/12/05 15:19:50 | 00,179,440 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2007/12/05 15:19:26 | 00,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2007/12/05 15:19:26 | 00,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2007/12/05 15:19:26 | 00,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2007/12/05 15:18:20 | 00,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2007/12/05 15:18:14 | 00,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2007/11/08 08:00:00 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\cqstrutl.dll
[2007/04/18 16:25:36 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\lpcio.dll
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2007/02/18 12:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
[8 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< MD5 for: AGP440.SYS >
[2007/02/18 12:00:00 | 16,191,101 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2007/02/18 12:00:00 | 16,191,101 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2007/02/18 12:00:00 | 00,096,768 | ---- | M] (Microsoft Corporation) MD5=FF953A8F08CA3F822127654375786BBE -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2007/02/18 12:00:00 | 00,068,608 | ---- | M] (Microsoft Corporation) MD5=3AAB2418271343FE97F98AEF93F50E5F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2007/02/18 12:00:00 | 00,068,608 | ---- | M] (Microsoft Corporation) MD5=3AAB2418271343FE97F98AEF93F50E5F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2007/02/18 12:00:00 | 01,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\explorer.exe
[2007/02/18 12:00:00 | 01,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2007/02/18 12:00:00 | 16,191,101 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2007/02/18 12:00:00 | 00,119,808 | ---- | M] (Microsoft Corporation) MD5=E209A057AB4D30EABF19CA71FE36A6B6 -- C:\WINDOWS\system32\hal.dll
< MD5 for: LSASS.EXE >
[2007/02/18 12:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) MD5=D4B61A935670C57A0DEA81B4F4A12169 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2007/02/18 12:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) MD5=D4B61A935670C57A0DEA81B4F4A12169 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2007/02/18 12:00:00 | 00,210,432 | ---- | M] (Microsoft Corporation) MD5=33739AB31D36184772AF1EE132D5C2E2 -- C:\WINDOWS\system32\dllcache\ndis.sys
[2007/02/18 12:00:00 | 00,210,432 | ---- | M] (Microsoft Corporation) MD5=33739AB31D36184772AF1EE132D5C2E2 -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2007/02/18 12:00:00 | 00,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2007/02/18 12:00:00 | 00,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2007/02/18 12:00:00 | 00,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\system32\dllcache\scecli.dll
[2007/02/18 12:00:00 | 00,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2007/02/18 12:00:00 | 00,053,760 | ---- | M] (Microsoft Corporation) MD5=97E9B4A202E645E7826BE7597B335C47 -- C:\WINDOWS\system32\dllcache\smss.exe
[2007/02/18 12:00:00 | 00,053,760 | ---- | M] (Microsoft Corporation) MD5=97E9B4A202E645E7826BE7597B335C47 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2007/02/18 12:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=C09CCFE81DEC9B162533D7184D705682 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2007/02/18 12:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=C09CCFE81DEC9B162533D7184D705682 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: SYMMPI.SYS >
[2007/02/18 12:00:00 | 16,191,101 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:symmpi.sys
[2007/11/08 22:25:52 | 00,086,528 | ---- | M] (LSI Logic) MD5=24A0901CAFCEE7343EE62565BCFB7C9A -- C:\Program Files\Common Files\Acronis\UniversalRestore\DriversPack\LSILogic\symmpi.sys
< MD5 for: USERINIT.EXE >
[2007/02/18 12:00:00 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2007/02/18 12:00:00 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2007/02/18 12:00:00 | 00,528,384 | ---- | M] (Microsoft Corporation) MD5=B4AA8AE0F18E5DFCF99A671A181D3EDC -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2007/02/18 12:00:00 | 00,528,384 | ---- | M] (Microsoft Corporation) MD5=B4AA8AE0F18E5DFCF99A671A181D3EDC -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2007/02/18 12:00:00 | 00,083,456 | ---- | M] (Microsoft Corporation) MD5=5C34F97D87B2A8C9CB4422E67F2DAB61 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2007/02/18 12:00:00 | 00,083,456 | ---- | M] (Microsoft Corporation) MD5=5C34F97D87B2A8C9CB4422E67F2DAB61 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2007/02/18 12:00:00 | 01,295,872 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< End of report >
Re: Conficker?
Otestuj na http://www.virustotal.com
C:\WINDOWS\system32\sysdown.exe
C:\WINDOWS\system32\comsvcs.dll
-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.
C:\WINDOWS\system32\sysdown.exe
C:\WINDOWS\system32\comsvcs.dll
-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.
Re: Conficker?
Tady jsou výsledky, vypadá to dobře
http://www.virustotal.com/cs/analisis/5 ... 1279702034
http://www.virustotal.com/cs/analisis/5 ... 1279702094
http://www.virustotal.com/cs/analisis/5 ... 1279702034
http://www.virustotal.com/cs/analisis/5 ... 1279702094
Re: Conficker?
Služba je odstraněna už od začátku nevypisuje to žádne chyby jen jsem teď zjistil, že nefunguje vzdálený restart přes cmd na ostatních serverech. Tedy na tom, na kterém se dělali všechny ty opravy jak jsem sem posílal ty logy apod, tak na tom to funguje bez problémů. Můžu přes CMD restartovat jakýkoliv počítač v síti. Tak jsem pak zkusil provést to samé na úplně stejném serveru (stejný image, jen jiná IP a jméno v podstatě záložní) a ejhle tady už to nefunguje tak jsem zmatený. Věděl by si někdo rady? Už teď jsem moc vděčný a dík za šechno, ale rád by jsem vyřešil ještě tohle
Dík
Dík
Re: Conficker?
Tak s tím cmd Ti bohužel neporadím 
, zkus se zeptat někde v sekci sítí.
Spusť OTL
-do bílého okna dole zkopíruj:
-klikni na tlačítko opravit.
-log vlož zde
, zkus se zeptat někde v sekci sítí.Spusť OTL
-do bílého okna dole zkopíruj:
Kód: Vybrat vše
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
:files
C:\Documents and Settings\admin\Desktop\ComboFix.bmp
C:\32788R22FWJFW
C:\Documents and Settings\admin\Desktop\ComboFix.exe
:NetSvcs
eathnoxj
ggkywjh
:COMMANDS
[emptytemp]
[EMPTYFLASH]
[reboot]
-klikni na tlačítko opravit.
-log vlož zde
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host