Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.win32.TDSS.tdl3 Infected ndif.sys


  • This topic is locked This topic is locked
16 replies to this topic

#1 MariuszGr

MariuszGr

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens
  • Local time:06:00 AM

Posted 28 April 2011 - 09:22 AM

Good evening,
Today I wanted to turn the updates in Windows 7 But they are locked error code is 80072EFE. So I began to search the web on this subject is not opening up web pages with the name in the navigation bar "windows update".
In order not to put forward a program scanned TDSSKiller 2.4.21.0 and it turned out that it Rootkit.Win32.TDSS.tdll3 ndis.sys file in the file loads into the system and I can not remove it even from Safe Mode.

Not allowed to make a backup of the system.

Format because it is not allowed to comp at work and is on the cash register and data base product: /

Please help!


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 16:31:38,83 on Πεμ 28/04/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Professional 6.1.7600.0.1253.30.1032.18.3574.1279 [GMT 3:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\explorer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFFE.EXE
C:\Program Files\AlgoDLL\AlgoDriver.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Sunsoft Ltd\BackOffice\BOffice.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\msdtc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Administrator\Downloads\TDSSKiller.exe
C:\Windows\system32\mstsc.exe
C:\Users\Administrator\Downloads\qd4p6wm3.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\calc.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.pl/
mWinlogon: Userinit=Userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [TRUCK & CARGO Online] c:\tccargo\tccargo.exe --autostart
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [EPSON P50 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiffe.exe /fu "c:\windows\temp\E_SFFDC.tmp" /EF "HKCU"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DLSService] "c:\program files\dymo\dymo label software\DLSService.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
dRun: [EPSON P50 Series (ανακατεύθυνση από 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiffe.exe /fu "c:\windows\temp\E_SDB4D.tmp" /EF "HKCU"
dRun: [EPSON P50 Series σε PA_PAGRATI (ανακατεύθυνση από 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiffe.exe /fu "c:\windows\temp\E_SD007.tmp" /EF "HKCU"
dRun: [EPSON P50 Series σε BOFFICE-PC (ανακατεύθυνση από 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiffe.exe /fu "c:\windows\temp\E_S3964.tmp" /EF "HKCU"
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\TWORZE~1.LNK -
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\algodr~1.lnk - c:\program files\algodll\AlgoDriver.exe
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\2tglfje3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\2tglfje3.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1205000.07d\SymDS.sys [2011-4-18 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1205000.07d\SymEFA.sys [2011-4-18 652336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110419.001\BHDrvx86.sys [2011-4-20 802936]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110426.001\IDSvix86.sys [2011-4-28 353912]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1205000.07d\Ironx86.sys [2011-4-18 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1205000.07d\symnets.sys [2011-4-18 295032]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-1 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-6-17 47640]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2007-2-10 206192]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.5.0.125\ccSvcHst.exe [2011-4-18 130000]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-24 370688]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-4-18 102448]
R3 SNXPCARD;Golden Series Multiport Adapter Driver;c:\windows\system32\drivers\snxpcard.sys [2008-1-11 17536]
R3 SNXPSERX;Golden Series Port Driver;c:\windows\system32\drivers\snxpserx.sys [2008-1-11 54912]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-4-16 1077760]
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Usluga licencjonowania programu ABBYY PDF Transformer 3.0;c:\program files\abbyy pdf transformer 3.0\NetworkLicenseServer.exe [2009-5-14 759048]
S2 gupdate;Usluga Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-5 136176]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-3-22 8192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Υπηρεσία Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-5 136176]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-14 20992]
S3 StorSvc;Υπηρεσία αποθήκευσης;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;"c:\program files\common files\adobe\switchboard\switchboard.exe" --> c:\program files\common files\adobe\switchboard\SwitchBoard.exe [?]
S3 WatAdminSvc;Υπηρεσία Τεχνολογιών ενεργοποίησης των Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-4 1343400]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== Created Last 30 ================
.
2011-04-28 11:46:05 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-28 11:46:04 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-04-28 11:45:49 -------- d-----w- c:\progra~2\Hitman Pro
2011-04-28 09:57:17 55848 ----a-w- c:\windows\system32\drivers\L1E62x86.sys
2011-04-27 18:52:56 -------- d-----w- c:\users\admini~1\appdata\local\CrashDumps
2011-04-07 08:04:13 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
2011-04-06 15:32:49 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-04-05 18:31:34 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-05 18:31:34 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-04-05 18:31:34 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-04-05 18:31:34 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-05 18:31:34 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-04-05 18:31:33 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-05 18:31:33 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-05 18:31:32 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-05 16:23:16 -------- d-----w- c:\users\admini~1\appdata\roaming\homebank
2011-04-05 16:23:07 -------- d-----w- c:\program files\HomeBank
.
==================== Find3M ====================
.
2011-03-22 12:45:59 8192 ----a-w- c:\windows\system32\srvany.exe
2011-02-02 18:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600
.
CreateFile("\\.\PHYSICALDRIVE0"): Δεν ήταν δυνατή η προσπέλαση του αρχείου από τη διεργασία, επειδή χρησιμοποιείται ήδη από κάποια άλλη διεργασία. <!-- windows is in greek i translate "Unable to access the file from the process because it is already used by another process." -->
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x877A7898]<<
_asm { PUSH EBP; CALL 0x6; }
1 ntkrnlpa!IofCallDriver[0x8345A458] -> \Device\Harddisk0\DR0[0x8717F460]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user != kernel MBR !!!
.
============= FINISH: 16:32:19,90 ===============

Ups.. I forgot press <Attach This File>

EDIT: Posts merged ~Budapest

Attached Files


Edited by MariuszGr, 29 April 2011 - 02:49 AM.


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:00 AM

Posted 04 May 2011 - 07:44 AM

Witaj ponownie Mariusz!!.. :)

Wygląda na to, że infekcja już od dłuższego czasu na komputerze??.. Wspominasz, że to komputer w pracy - uściślij proszę czy przełożeni wiedzą o problemie i czy masz pełny dostęp do tego komputera... Chciałbym także wiedzieć czy ew. macie tam jakiś dział informatyczny, który próbował się zajmować tym problemem (bo w sumie to ich zadanie)...

Pierwsza czynność do wykonania: punkt nr 6 z tego tematu: Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - czyli deaktywacja programów emulujących CD/DVD...

Następnie,
Parę dni temu zaktualizowano program TDSSKiller, zobaczmy czy poradzi sobie z usunięciem - jeśli nie, będziemy próbować innych metod...

Czyli usuń z dysku stare wersje programu TDSSKiller, a potem:
  • Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
Posted Image

  • If Malicious objects are found, ensure Cure is selected (it should be by default).
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Please post that log here.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 MariuszGr

MariuszGr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens
  • Local time:06:00 AM

Posted 04 May 2011 - 08:11 AM

Witaj Snemelk.
Tak jest to komputer służbowy. Działu informatycznego niestety niema. Na szczęście posiadam jakąś niewielką wiedzę w dziedzinie ;] jakoś sobie poradzimy.
Dostęp do kompa mam pełny można powiedzieć że jestem administratorem.
Jeśli mówisz że infekcja jest już od dłuższego czasu to Cie powiem co było jakieś pół roku temu.
Komputer ma jakieś 6 mies. przez pierwszy tydzień nie było antywirusa. Windows update ściągną coś jak "windows defender 2010 essencial" coś takiego.
Jak zainstalowałem Kasperski Antywirus okazało się że to niejaki Win32.Olmarik znalazłem instrukcje, usunąłem pliki i oczyściłem rejest. Antywirus dalej go wykrywał, do dnia kiedy skończyła się licencja. Zmieniłem na Norton Internet Security 2011. Nic nie znajduje ale często blokuje Ataki z zewnątrz.

TDSSKiller nie pomógł. "C:\Windows\system32\drivers\ndis.sys - processing error"

Wszystkie emulatory wyłączone.

2011/05/04 16:31:38.0810 5988 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/04 16:31:39.0075 5988 ================================================================================
2011/05/04 16:31:39.0075 5988 SystemInfo:
2011/05/04 16:31:39.0075 5988
2011/05/04 16:31:39.0075 5988 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/04 16:31:39.0075 5988 Product type: Workstation
2011/05/04 16:31:39.0075 5988 ComputerName: PA_PAGRATI
2011/05/04 16:31:39.0075 5988 UserName: Administrator
2011/05/04 16:31:39.0075 5988 Windows directory: C:\Windows
2011/05/04 16:31:39.0075 5988 System windows directory: C:\Windows
2011/05/04 16:31:39.0075 5988 Processor architecture: Intel x86
2011/05/04 16:31:39.0075 5988 Number of processors: 2
2011/05/04 16:31:39.0075 5988 Page size: 0x1000
2011/05/04 16:31:39.0075 5988 Boot type: Normal boot
2011/05/04 16:31:39.0075 5988 ================================================================================
2011/05/04 16:31:39.0512 5988 Initialize success
2011/05/04 16:31:40.0963 4820 ================================================================================
2011/05/04 16:31:40.0963 4820 Scan started
2011/05/04 16:31:40.0963 4820 Mode: Manual;
2011/05/04 16:31:40.0963 4820 ================================================================================
2011/05/04 16:31:41.0914 4820 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/04 16:31:41.0977 4820 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/04 16:31:41.0992 4820 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/04 16:31:42.0024 4820 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/04 16:31:42.0039 4820 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/04 16:31:42.0055 4820 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/04 16:31:42.0117 4820 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/05/04 16:31:42.0148 4820 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/04 16:31:42.0164 4820 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/04 16:31:42.0180 4820 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/04 16:31:42.0211 4820 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/05/04 16:31:42.0226 4820 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/04 16:31:42.0242 4820 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/04 16:31:42.0273 4820 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/04 16:31:42.0289 4820 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/05/04 16:31:42.0304 4820 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/04 16:31:42.0336 4820 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/05/04 16:31:42.0351 4820 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/05/04 16:31:42.0382 4820 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/04 16:31:42.0414 4820 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/04 16:31:42.0460 4820 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/04 16:31:42.0476 4820 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/04 16:31:42.0523 4820 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/04 16:31:42.0538 4820 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/04 16:31:42.0601 4820 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/04 16:31:42.0757 4820 BHDrvx86 (925a191c8c06124426c63ceb2ea93085) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx86.sys
2011/05/04 16:31:42.0804 4820 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/04 16:31:42.0835 4820 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/04 16:31:42.0850 4820 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/04 16:31:42.0882 4820 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/04 16:31:42.0913 4820 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/04 16:31:42.0944 4820 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/04 16:31:42.0960 4820 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/04 16:31:42.0975 4820 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/04 16:31:42.0991 4820 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/04 16:31:43.0038 4820 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/04 16:31:43.0084 4820 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/04 16:31:43.0100 4820 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/04 16:31:43.0162 4820 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/04 16:31:43.0178 4820 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/04 16:31:43.0194 4820 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/04 16:31:43.0225 4820 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/04 16:31:43.0256 4820 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/04 16:31:43.0272 4820 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/04 16:31:43.0287 4820 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/04 16:31:43.0350 4820 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/05/04 16:31:43.0396 4820 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/05/04 16:31:43.0443 4820 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/04 16:31:43.0459 4820 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/04 16:31:43.0521 4820 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/04 16:31:43.0568 4820 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/04 16:31:43.0677 4820 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/04 16:31:43.0818 4820 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/04 16:31:43.0864 4820 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/04 16:31:43.0927 4820 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/04 16:31:43.0942 4820 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/04 16:31:43.0989 4820 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/04 16:31:44.0020 4820 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/04 16:31:44.0052 4820 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/04 16:31:44.0098 4820 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/04 16:31:44.0098 4820 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/04 16:31:44.0161 4820 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/04 16:31:44.0176 4820 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/04 16:31:44.0208 4820 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/04 16:31:44.0223 4820 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/04 16:31:44.0254 4820 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/04 16:31:44.0286 4820 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/04 16:31:44.0332 4820 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/04 16:31:44.0364 4820 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/05/04 16:31:44.0379 4820 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/04 16:31:44.0395 4820 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/04 16:31:44.0426 4820 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/04 16:31:44.0442 4820 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/04 16:31:44.0457 4820 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/04 16:31:44.0504 4820 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/04 16:31:44.0535 4820 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/05/04 16:31:44.0551 4820 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/04 16:31:44.0598 4820 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/04 16:31:44.0629 4820 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/05/04 16:31:44.0785 4820 IDSVix86 (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110502.001\IDSvix86.sys
2011/05/04 16:31:44.0925 4820 igfx (5abb378e3ee132d95913e5855493db62) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/04 16:31:45.0050 4820 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/04 16:31:45.0081 4820 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/04 16:31:45.0112 4820 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/04 16:31:45.0144 4820 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/04 16:31:45.0159 4820 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/04 16:31:45.0175 4820 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/04 16:31:45.0190 4820 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/04 16:31:45.0206 4820 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/04 16:31:45.0237 4820 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/04 16:31:45.0268 4820 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/04 16:31:45.0284 4820 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/04 16:31:45.0315 4820 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/04 16:31:45.0362 4820 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/04 16:31:45.0393 4820 L1E (14f63a275c1bff4d35e02de1127e8a85) C:\Windows\system32\DRIVERS\L1E62x86.sys
2011/05/04 16:31:45.0440 4820 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/04 16:31:45.0549 4820 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/05/04 16:31:45.0580 4820 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
2011/05/04 16:31:45.0627 4820 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
2011/05/04 16:31:45.0658 4820 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/04 16:31:45.0674 4820 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/04 16:31:45.0768 4820 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/04 16:31:45.0799 4820 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/04 16:31:45.0830 4820 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/04 16:31:45.0846 4820 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/04 16:31:45.0877 4820 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/04 16:31:45.0892 4820 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/04 16:31:45.0924 4820 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/04 16:31:45.0955 4820 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/04 16:31:45.0970 4820 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/04 16:31:46.0002 4820 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/05/04 16:31:46.0017 4820 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/04 16:31:46.0064 4820 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/04 16:31:46.0095 4820 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/04 16:31:46.0126 4820 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/04 16:31:46.0142 4820 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/04 16:31:46.0173 4820 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/04 16:31:46.0189 4820 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/04 16:31:46.0220 4820 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/04 16:31:46.0251 4820 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/04 16:31:46.0282 4820 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/04 16:31:46.0298 4820 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/04 16:31:46.0329 4820 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/04 16:31:46.0345 4820 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/04 16:31:46.0360 4820 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/04 16:31:46.0376 4820 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/04 16:31:46.0423 4820 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/04 16:31:46.0438 4820 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/04 16:31:46.0470 4820 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/04 16:31:46.0501 4820 MTsensor (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/05/04 16:31:46.0516 4820 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/04 16:31:46.0548 4820 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/04 16:31:46.0688 4820 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110503.035\NAVENG.SYS
2011/05/04 16:31:46.0750 4820 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110503.035\NAVEX15.SYS
2011/05/04 16:31:46.0797 4820 NDIS (bccfb951495058076c58a3c3ed00129e) C:\Windows\system32\drivers\ndis.sys
2011/05/04 16:31:46.0797 4820 Suspicious file (Forged): C:\Windows\system32\drivers\ndis.sys. Real md5: bccfb951495058076c58a3c3ed00129e, Fake md5: 23759d175a0a9baaf04d05047bc135a8
2011/05/04 16:31:46.0797 4820 NDIS - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/05/04 16:31:46.0813 4820 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/04 16:31:46.0844 4820 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/04 16:31:46.0875 4820 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/04 16:31:46.0891 4820 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/04 16:31:46.0922 4820 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/05/04 16:31:46.0938 4820 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/04 16:31:46.0969 4820 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/04 16:31:47.0000 4820 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/04 16:31:47.0047 4820 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/04 16:31:47.0078 4820 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/04 16:31:47.0125 4820 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/05/04 16:31:47.0187 4820 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/04 16:31:47.0203 4820 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/05/04 16:31:47.0218 4820 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/05/04 16:31:47.0250 4820 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/04 16:31:47.0281 4820 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/04 16:31:47.0328 4820 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/04 16:31:47.0343 4820 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/05/04 16:31:47.0374 4820 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/04 16:31:47.0406 4820 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/05/04 16:31:47.0437 4820 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/04 16:31:47.0452 4820 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/04 16:31:47.0468 4820 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/04 16:31:47.0499 4820 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/04 16:31:47.0577 4820 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/04 16:31:47.0593 4820 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/04 16:31:47.0624 4820 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/04 16:31:47.0671 4820 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/04 16:31:47.0718 4820 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/04 16:31:47.0749 4820 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/04 16:31:47.0764 4820 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/04 16:31:47.0796 4820 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/04 16:31:47.0811 4820 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/04 16:31:47.0827 4820 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/04 16:31:47.0858 4820 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/04 16:31:47.0889 4820 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/04 16:31:47.0920 4820 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/04 16:31:47.0936 4820 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/04 16:31:47.0967 4820 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/05/04 16:31:47.0998 4820 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/04 16:31:48.0014 4820 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/04 16:31:48.0030 4820 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/05/04 16:31:48.0061 4820 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/05/04 16:31:48.0108 4820 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/04 16:31:48.0139 4820 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/05/04 16:31:48.0170 4820 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/04 16:31:48.0186 4820 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/04 16:31:48.0217 4820 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/04 16:31:48.0248 4820 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/04 16:31:48.0279 4820 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/04 16:31:48.0295 4820 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/04 16:31:48.0326 4820 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/04 16:31:48.0342 4820 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/04 16:31:48.0373 4820 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/04 16:31:48.0388 4820 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/04 16:31:48.0420 4820 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/05/04 16:31:48.0451 4820 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/04 16:31:48.0482 4820 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/04 16:31:48.0498 4820 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/04 16:31:48.0529 4820 SNXPCARD (424093db99b9ae5982c050b3c5111cec) C:\Windows\system32\DRIVERS\snxpcard.sys
2011/05/04 16:31:48.0560 4820 SNXPSERX (0954625281c6e89016ae0145527391b6) C:\Windows\system32\DRIVERS\snxpserx.sys
2011/05/04 16:31:48.0576 4820 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/04 16:31:48.0638 4820 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\System32\Drivers\sptd.sys
2011/05/04 16:31:48.0732 4820 SRTSP (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\system32\drivers\NIS\1205000.07D\SRTSP.SYS
2011/05/04 16:31:48.0778 4820 SRTSPX (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS
2011/05/04 16:31:48.0810 4820 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2011/05/04 16:31:48.0856 4820 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/04 16:31:48.0888 4820 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/04 16:31:48.0950 4820 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/04 16:31:48.0981 4820 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/05/04 16:31:48.0997 4820 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/05/04 16:31:49.0028 4820 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/04 16:31:49.0106 4820 SymDS (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS
2011/05/04 16:31:49.0153 4820 SymEFA (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS
2011/05/04 16:31:49.0200 4820 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/05/04 16:31:49.0246 4820 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS
2011/05/04 16:31:49.0262 4820 SymNetS (d4636a051890a92d1c8c2d9e7a5c8381) C:\Windows\system32\drivers\NIS\1205000.07D\SYMNETS.SYS
2011/05/04 16:31:49.0340 4820 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2011/05/04 16:31:49.0387 4820 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/04 16:31:49.0418 4820 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/04 16:31:49.0449 4820 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/05/04 16:31:49.0465 4820 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/04 16:31:49.0496 4820 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/04 16:31:49.0512 4820 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/04 16:31:49.0558 4820 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/04 16:31:49.0590 4820 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/04 16:31:49.0605 4820 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/04 16:31:49.0636 4820 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/04 16:31:49.0668 4820 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/04 16:31:49.0683 4820 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/04 16:31:49.0699 4820 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/04 16:31:49.0746 4820 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/04 16:31:49.0761 4820 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/04 16:31:49.0792 4820 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/04 16:31:49.0808 4820 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/04 16:31:49.0839 4820 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/04 16:31:49.0855 4820 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/04 16:31:49.0902 4820 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/04 16:31:49.0917 4820 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/04 16:31:49.0948 4820 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/04 16:31:49.0995 4820 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/05/04 16:31:50.0026 4820 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/04 16:31:50.0058 4820 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/04 16:31:50.0089 4820 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/04 16:31:50.0120 4820 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/04 16:31:50.0167 4820 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/05/04 16:31:50.0182 4820 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/04 16:31:50.0229 4820 VIAHdAudAddService (4906e025dd6b322c4bbd6b9e35c9993a) C:\Windows\system32\drivers\viahduaa.sys
2011/05/04 16:31:50.0260 4820 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/04 16:31:50.0307 4820 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/05/04 16:31:50.0323 4820 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/05/04 16:31:50.0354 4820 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/04 16:31:50.0385 4820 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/04 16:31:50.0401 4820 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/04 16:31:50.0432 4820 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/04 16:31:50.0463 4820 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/05/04 16:31:50.0479 4820 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/04 16:31:50.0510 4820 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/04 16:31:50.0510 4820 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/04 16:31:50.0557 4820 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/04 16:31:50.0604 4820 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/04 16:31:50.0666 4820 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/04 16:31:50.0682 4820 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/04 16:31:50.0760 4820 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/04 16:31:50.0884 4820 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/04 16:31:50.0931 4820 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/04 16:31:50.0962 4820 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/05/04 16:31:50.0994 4820 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/04 16:31:51.0087 4820 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
2011/05/04 16:31:51.0118 4820 ================================================================================
2011/05/04 16:31:51.0118 4820 Scan finished
2011/05/04 16:31:51.0118 4820 ================================================================================
2011/05/04 16:31:51.0118 2800 Detected object count: 1
2011/05/04 16:31:56.0922 2800 C:\Windows\system32\drivers\ndis.sys - processing error
2011/05/04 16:31:56.0922 2800 Rootkit.Win32.TDSS.tdl3(NDIS) - User select action: Cure

Edited by MariuszGr, 04 May 2011 - 08:31 AM.


#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:00 AM

Posted 04 May 2011 - 09:58 AM

Witaj ponownie!.. :)

Jeśli mówisz że infekcja jest już od dłuższego czasu to Cie powiem co było jakieś pół roku temu.

Nie wiem niestety od jak dawna infekcja jest - widziałem tylko, że załączony log z programu TDSSKiller jest sprzed prawie 2 miesięcy...

TDSSKiller nie pomógł. "C:\Windows\system32\drivers\ndis.sys - processing error"

Rozumiem, spróbujmy w Trybie Awaryjnym:

Czyli:
- uruchom komputer w Trybie Awaryjnym (Safe Mode): How to start Windows in Safe Mode
- uruchom program TDSSKiller zgodnie z wcześniejszymi instrukcjami...
- jeśli się leczenie powiodło - daj znać i wklej log; jeśli nadal leczenie nieskuteczne, przejdź do instrukcji poniżej:

Najpierw,
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    ndis.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

A później:
Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click Save Log, save it to your Desktop and post in your next reply.
Note: If anything is found, do not perform a fix yet.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 MariuszGr

MariuszGr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens
  • Local time:06:00 AM

Posted 04 May 2011 - 11:13 AM

załączam logi wyżej podanych programów.

TDSSKiller pokazał dokładnie tak samo jak wczesniej.

że są małe logi to wklejam na forum.

SystemLook 04.09.10 by jpshortstuff
Log created at 19:03 on 04/05/2011 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "ndis.sys"
C:\Windows\System32\drivers\ndis.sys --a---- 710720 bytes [23:12 13/07/2009] [01:20 14/07/2009] 23759D175A0A9BAAF04D05047BC135A8
C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys --a---- 710720 bytes [23:12 13/07/2009] [01:20 14/07/2009] 23759D175A0A9BAAF04D05047BC135A8

-= EOF =-

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-04 19:07:42
-----------------------------
19:07:42.116 OS Version: Windows 6.1.7600
19:07:42.116 Number of processors: 2 586 0x170A
19:07:42.116 ComputerName: PA_PAGRATI UserName:
19:07:51.242 Initialize success
19:07:55.438 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort2
19:07:55.438 Disk 0 Vendor: WDC_WD3200AAJS-00YZCA0 01.03B01 Size: 305245MB BusType: 3
19:07:55.438 Device \Device\Ide\IdeDeviceP2T0L0-2 -> \??\IDE#DiskWDC_WD3200AAJS-00YZCA0__________________01.03B01#5&2932390f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
19:07:55.438 Device \Driver\atapi -> DriverStartIo 8726ece2
19:07:57.466 Disk 0 MBR read successfully
19:07:57.482 Disk 0 MBR scan
19:07:57.482 Disk 0 Windows 7 default MBR code
19:07:59.494 Disk 0 scanning sectors +625140400
19:07:59.557 Disk 0 scanning C:\Windows\system32\drivers
19:08:04.065 File C:\Windows\system32\drivers\ndis.sys TDL3 **ROOTKIT**
19:08:04.065 Disk 0 trace - called modules:
19:08:04.081 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8726eee4]<<
19:08:04.096 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87369030]
19:08:04.096 3 CLASSPNP.SYS[8d50259e] -> nt!IofCallDriver -> [0x86e55938]
19:08:04.112 5 ACPI.sys[8449d3b2] -> nt!IofCallDriver -> \IdeDeviceP2T0L0-2[0x86e41030]
19:08:04.112 [0x8744af38] -> IRP_MJ_CREATE -> 0x8726eee4
19:08:04.127 Scan finished successfully
19:10:12.518 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
19:10:12.518 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

Attached Files



#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:00 AM

Posted 04 May 2011 - 12:18 PM

Witaj ponownie!.. :)

Ok, wychodzi na to, że musimy podmienić plik... No to do roboty (instrukcje mogą częściowo odnosić się do systemu Windows Vista, ale będzie u Ciebie tak samo na Windows 7; jeśli mowa o System Recovery Options u Ciebie powinno dać się użyć "method 1", nie będzie potrzeba więc płyty z systemem):

Please print out this set of instructions or save them in a Notepad. Read the entire post before proceeding, because it will make following the instructions easier.

Firstly,
Open an Elevated Command Prompt...

In the command prompt write (or copy and right-click paste):
copy C:\Windows\System32\drivers\ndis.sys C:\ndis.sys

Then click Enter

Close the command prompt and ensure the file C:\ndis.sys has been created...

If yes, please Boot to the System Recovery Options - if you have Vista installation disc, just insert a DVD to the drive, restart and it should load automatically... It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one...

Additional help: How to use the Command Prompt in the Vista Windows Recovery Environment

Once you're presented with System Recovery Options:
- check what disk your OS is installed on (it's important) - it'll be displayed under a "Choose a recovery tool" line (refer to this image: link - in this case it's C:\, in your case it might be different - probably D:\)...
- if it displays a different disk letter than C:\, please note that you'll have to amend the commands below - you'll put D:\ instead of C:\ ...
- then, choose Command Prompt - you should see X:\SOURCES>...

Execute the following commands (watch the spaces) in bold - click Enter after every one of them:

c:
ren C:\Windows\System32\drivers\ndis.sys ndis.vir
copy C:\ndis.sys C:\Windows\system32\DRIVERS\ndis.sys
exit


A jeśli dysk systemowy będzie wyświetlony pod D:\, użyjesz:
d:
ren D:\Windows\System32\drivers\ndis.sys ndis.vir
copy D:\ndis.sys D:\Windows\system32\DRIVERS\ndis.sys
exit

It should reboot automatically - boot into Normal Mode... If these commands were executed properly, infection should be removed now...


Finally, to confirm a successfull removal, please re-run TDSSKiller as instructed earlier - and post the logfile... :)..
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 MariuszGr

MariuszGr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens
  • Local time:06:00 AM

Posted 05 May 2011 - 11:59 AM

Cześć :)
Właśnie siadłem do mojego zadania...

Zrobiłem to co napisałeś ale raczej kiepsko zrozumiałem bo infekcja dalej jest :/ Napotkałem mały problem brak opcji System Recovery Options

Jeśli możesz to proszę wytłumacz mi zkąd mam wziąć plik ndissys do zamiany?

#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:00 AM

Posted 05 May 2011 - 12:13 PM

No witam! :)

Napotkałem mały problem brak opcji System Recovery Options

Dziwne - z tego co mnie pamięć nie myli, środowisko odzyskiwania systemu jest domyślnie zainstalowane na wszystkich standardowych instalacjach systemu Windows 7...
Jeśli będziesz wciskał F8 przed uruchamianiem się systemu (tak jakbyś chciał wejść w Tryb Awaryjny), powinieneś zobaczy grecką wersję obrazka takiego jak pod krokiem nr 3 w tym artykule: How to Boot to the Advanced Boot Options in Windows 7 - wybierasz pierwszą opcję - czyli odpowiednik Repair Your Computer... Jest tak na tym komputerze??.. Jeśli nie, to czy posiadasz płytę z systemem Windows 7??..

Jeśli możesz to proszę wytłumacz mi zkąd mam wziąć plik ndissys do zamiany?

Jeśli wykonałeś poprawnie pierwszy krok, to już masz plik czysty do zamiany w lokalizacji: C:\ndis.sys (to taka mała "sztuczka" ;) )...

Firstly,
Open an Elevated Command Prompt...

In the command prompt write (or copy and right-click paste):
copy C:\Windows\System32\drivers\ndis.sys C:\ndis.sys

Then click Enter

Close the command prompt and ensure the file C:\ndis.sys has been created...


c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#9 MariuszGr

MariuszGr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens
  • Local time:06:00 AM

Posted 05 May 2011 - 12:33 PM

Użyłem płyty Windows 7 wszedłem w Command Prompt i skopiowałem plik do c:\ndis.sys

Następnie zmieniłem nazwę C:\windows\...\drivers\ndis.sys na ndis.vir

Skopiowałem plik z C:\ndis.sys do prawidlowej lokalizacji i odpaliłem system normalnie.

TDSSKiller pokazał dokładnie to samo co powyżej, a norton internet seciurity 2011 wykrył zagrożenie w pliku c:\nids.sys "Backdorr.Tidserv!inf."

#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:00 AM

Posted 05 May 2011 - 01:10 PM

Witaj ponownie!!.. :)

Powiem tak - wszystko wykonane poprawnie, z jedną różnicą - skopiowanie pliku C:\Windows\System32\drivers\ndis.sys do C:\ndis.sys, w sposób jaki to przedstawiłem, powinno nastąpić w Trybie Normalnym - cała reszta dopiero w środowisku odzyskiwania systemu... :)
Klucz polega na tym żeby infekcja "dała" nam czysty, oryginalny plik - a w środowisku odzyskiwania systemu skopiowałeś plik podmieniony przez infekcję, stąd niepowodzenie całej operacji... Rozumiemy się teraz?.. ;)
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#11 MariuszGr

MariuszGr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens
  • Local time:06:00 AM

Posted 05 May 2011 - 01:24 PM

Jasna sprawa :) Już biorę się do roboty

#12 MariuszGr

MariuszGr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens
  • Local time:06:00 AM

Posted 05 May 2011 - 02:38 PM

Wszystko porząsiu, zajebiście system czysty

TDSSKiller nic nie znalazł, już GMER kończy skanować.

Attached Files



#13 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:00 AM

Posted 05 May 2011 - 03:34 PM

Witaj ponownie!.. :)

Wszystko porząsiu, zajebiście system czysty

:thumbup2:

Jak program Gmer skończy skan, wklej log... Następnie, w celu sprawdzenia czy nie ma jakichś pozostałości infekcji, wykonaj proszę poniższy skan:

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#14 MariuszGr

MariuszGr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens
  • Local time:06:00 AM

Posted 06 May 2011 - 03:58 AM

Dołączam Logi z OTL i GMER wydaje mi się że wszystko jest ok :D
Zresztą sprawdź sam.

OTL logfile created on: 6/5/2011 10:00:37 πμ - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Administrator\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 125,14 Gb Free Space | 41,99% Space Free | Partition Type: NTFS
Drive D: | 2,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PA_PAGRATI | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 09:57:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2011/02/26 08:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/24 05:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/05/11 06:53:16 | 000,055,808 | ---- | M] (Sanford, L.P.) -- C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
PRC - [2010/01/27 12:22:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2009/12/24 00:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/08/28 12:43:14 | 001,486,848 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009/07/14 04:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 04:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/14 04:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/05/14 19:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
PRC - [2007/12/17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/09/20 16:35:40 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/09/20 16:35:10 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007/09/20 10:51:46 | 001,836,328 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE


========== Modules (SafeList) ==========

MOD - [2011/05/06 09:57:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2010/08/21 08:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (SwitchBoard)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - [2011/04/06 18:32:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/22 15:45:59 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/24 05:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/05/04 10:52:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/24 00:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/07/14 04:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/05/14 19:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Classic.3.0)
SRV - [2007/12/17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 17:30:22 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110505.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 17:30:22 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/04/18 17:30:22 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/18 17:30:22 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110505.022\NAVENG.SYS -- (NAVENG)
DRV - [2011/04/18 17:26:54 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/15 23:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/14 21:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110505.002\IDSvix86.sys -- (IDSVix86)
DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/12/01 08:24:00 | 000,295,032 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMNETS.SYS -- (SymNetS)
DRV - [2010/11/23 07:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/23 07:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/18 05:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/16 04:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/10/21 05:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2010/09/22 15:47:52 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/03/29 11:15:36 | 000,055,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/01/27 12:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - [2009/08/17 14:17:44 | 001,077,760 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/16 06:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 04:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 04:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 04:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 02:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 02:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2008/01/11 18:34:48 | 000,054,912 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snxpserx.sys -- (SNXPSERX)
DRV - [2008/01/11 18:34:48 | 000,017,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snxpcard.sys -- (SNXPCARD)
DRV - [2006/11/02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://gr.msn.com/?mkt=el-gr&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 F6 29 F1 38 E8 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.652
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: el-GR@dictionaries.addons.mozilla.org:0.8.5
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/04/18 17:27:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/04/18 17:26:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 22:58:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/05 21:31:40 | 000,000,000 | ---D | M]

[2010/08/04 10:00:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2011/04/02 11:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\2tglfje3.default\extensions
[2011/02/04 14:17:18 | 000,000,000 | ---D | M] (Greek Spelling dictionary) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\2tglfje3.default\extensions\el-GR@dictionaries.addons.mozilla.org
[2010/10/07 10:47:02 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\2tglfje3.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011/03/24 16:45:41 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\2tglfje3.default\extensions\LogMeInClient@logmein.com
[2011/04/06 16:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/08/25 11:46:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/06 16:45:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/18 17:27:06 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
[2011/04/29 22:58:16 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/04/05 21:31:35 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011/04/05 21:31:35 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011/04/05 21:31:35 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011/04/05 21:31:35 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011/04/05 21:31:35 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011/04/05 21:31:35 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2011/04/06 19:04:25 | 000,003,004 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 192.150.8.60
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 adobe.com
O1 - Hosts: 47 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] File not found
O4 - HKLM..\Run: [DLSService] C:\Program Files\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Εκκίνηση AlgoDriver.LNK = C:\Program Files\AlgoDLL\AlgoDriver.exe (Retail Development Solutions. Πνευματικά δικαιώματα : Γιάννης Κούλης)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/14 12:26:40 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{795d69be-497e-11df-ad00-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{795d69be-497e-11df-ad00-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2009/07/14 12:26:40 | 000,111,880 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{a805e74a-59c0-11df-8ef6-00261849d49d}\Shell - "" = AutoRun
O33 - MountPoints2\{a805e74a-59c0-11df-8ef6-00261849d49d}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{a805e74a-59c0-11df-8ef6-00261849d49d}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{a805e74a-59c0-11df-8ef6-00261849d49d}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 09:57:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/05/06 03:23:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2011/05/05 22:44:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2011/05/05 22:40:23 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/05 22:40:23 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/05 22:40:23 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/05 22:40:23 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/05 22:40:23 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/05 22:40:23 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/05 22:40:23 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/05 22:40:23 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/05 22:40:23 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/05 22:40:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/05 22:40:23 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/05 22:40:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/05 22:40:23 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/05 22:40:23 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/05 22:40:23 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/05 22:40:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/05 22:40:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/05 22:40:23 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/05 22:40:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/05 22:40:23 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/05 22:40:23 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/05 22:40:23 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/05 22:40:23 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/05 22:40:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/05 22:40:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/05 22:40:23 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/05 22:40:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/05 22:40:23 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/05 22:40:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/05 22:40:23 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/05 22:40:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/05 22:40:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/05 22:40:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/05 22:40:22 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/05 22:40:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/05 22:40:22 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/05 22:40:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/05 22:40:22 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/05 22:40:22 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/05 22:18:37 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/05/05 22:18:37 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/05/05 22:18:37 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/05/05 22:09:36 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/05/05 22:07:46 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/05/05 22:06:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/05/05 22:06:21 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/05/05 22:05:44 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/05/05 22:05:43 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/05/05 22:05:37 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011/05/05 22:05:37 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/05/05 22:05:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/05/05 22:05:32 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/05/05 22:05:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/05/05 22:05:15 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/05/05 22:05:14 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/05/05 22:05:14 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/05/05 22:05:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/05/05 22:04:52 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/05/05 22:04:52 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/05/05 22:04:52 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/05/05 22:04:52 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/05/05 22:04:51 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/05/05 22:04:51 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/05/05 22:04:51 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/05/05 22:04:51 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/05/05 22:04:51 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/05/05 22:04:48 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/05/05 22:04:09 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/05/05 22:04:09 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/05/05 22:04:09 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/05/05 22:04:09 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/05/05 22:04:03 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/05/05 22:04:03 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/05/05 22:04:03 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/05/05 22:04:03 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/05/05 22:04:01 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/05/05 22:03:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011/05/05 22:03:53 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/05/05 22:03:48 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/05/05 22:03:35 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/05/05 22:03:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/05/05 22:01:45 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll
[2011/05/05 22:01:45 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/05/05 22:01:38 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011/05/05 22:01:38 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/05/05 22:01:28 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/05/05 22:01:19 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/05/05 22:01:19 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/05/05 22:01:03 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/05/05 21:57:06 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011/05/05 21:56:53 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/05/05 21:56:53 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/05/05 21:56:42 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/05/05 21:56:41 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/05/05 21:49:28 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/05/05 21:49:28 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/05/05 21:31:04 | 000,710,720 | ---- | C] (Microsoft Corporation) -- C:\ndis.sys
[2011/05/04 20:27:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Το Garmin μου
[2011/05/04 20:27:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GARMIN
[2011/05/04 20:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2011/05/04 20:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2011/05/04 20:26:57 | 000,000,000 | ---D | C] -- C:\Garmin
[2011/05/04 20:26:54 | 000,000,000 | ---D | C] -- C:\MapSource
[2011/05/04 20:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\GARMIN
[2011/05/04 19:03:56 | 000,577,536 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011/05/04 18:53:49 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/05/04 15:49:07 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
[2011/04/29 12:15:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Fix WU
[2011/04/28 23:27:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/28 23:27:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/28 23:27:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/28 23:27:10 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/04/28 23:26:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/28 23:26:23 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/04/28 23:12:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/28 23:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller
[2011/04/28 23:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2011/04/28 20:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/28 20:15:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Symantec
[2011/04/28 14:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/04/28 14:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/28 12:57:17 | 000,055,848 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\L1E62x86.sys
[2011/04/28 11:58:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/28 09:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/28 09:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/04/28 09:49:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2011/04/27 21:52:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CrashDumps
[2011/04/18 17:26:54 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/18 17:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/04/18 17:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/04/18 17:26:44 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\SymEFA.sys
[2011/04/18 17:26:44 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\srtsp.sys
[2011/04/18 17:26:44 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\SymDS.sys
[2011/04/18 17:26:44 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\symnets.sys
[2011/04/18 17:26:44 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\Ironx86.sys
[2011/04/18 17:26:44 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\srtspx.sys
[2011/04/18 17:26:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2011/04/18 17:26:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1205000.07D
[2011/04/18 17:26:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/04/18 17:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/04/18 17:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/04/18 17:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/04/18 17:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/04/18 17:03:22 | 103,001,200 | ---- | C] (Symantec Corporation) -- C:\Users\Administrator\Documents\NIS-TW-30-18-5-0-125-PL.exe
[2011/04/13 22:52:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\reklama
[2011/04/07 11:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/04/06 19:12:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\marian_banner
[2011/04/06 19:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/04/06 18:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/04/06 16:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/06 16:45:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/06 16:45:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/06 16:45:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

========== Files - Modified Within 30 Days ==========

[2011/05/06 09:57:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/05/06 09:55:19 | 000,725,118 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/06 09:55:19 | 000,669,030 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2011/05/06 09:55:19 | 000,144,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/06 09:55:19 | 000,127,956 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2011/05/06 09:52:21 | 000,001,186 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/06 09:51:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/06 04:19:41 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 04:19:41 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 03:23:26 | 000,001,182 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/06 03:22:34 | 2810,847,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/06 00:32:58 | 001,081,252 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1205000.07D\Cat.DB
[2011/05/06 00:29:38 | 000,001,415 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/06 00:27:42 | 000,381,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/05 22:40:23 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/05 22:40:23 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/05 22:40:23 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/05 22:40:23 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/05 22:40:23 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/05 22:40:23 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/05 22:40:23 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/05 22:40:23 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/05 22:40:23 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/05 22:40:23 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/05 22:40:23 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/05 22:40:23 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/05 22:40:23 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/05 22:40:23 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/05 22:40:23 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/05 22:40:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/05 22:40:23 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/05 22:40:23 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/05 22:40:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/05 22:40:23 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/05 22:40:23 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/05 22:40:23 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/05 22:40:23 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/05 22:40:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/05 22:40:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/05 22:40:23 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/05 22:40:23 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/05 22:40:23 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/05 22:40:23 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/05 22:40:23 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/05 22:40:23 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/05 22:40:23 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/05 22:40:23 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/05 22:40:23 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/05 22:40:22 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/05 22:40:22 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/05 22:40:22 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/05 22:40:22 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/05 22:40:22 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/05 22:40:22 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/05 22:14:47 | 000,000,192 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/05/05 22:11:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2011/05/05 22:11:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2011/05/05 21:53:26 | 486,981,330 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/05 19:49:51 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/05/05 19:49:51 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/05/05 19:07:32 | 000,002,048 | -H-- | M] () -- C:\Users\Administrator\Documents\Default.rdp
[2011/05/04 21:43:32 | 000,002,552 | ---- | M] () -- C:\{65E6D292-D71F-438E-8C7D-3FF1C8AA8C41}
[2011/05/04 21:39:39 | 000,002,632 | ---- | M] () -- C:\{8F92B5A4-979F-4CCE-9374-9D47C5C50897}
[2011/05/04 19:10:12 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2011/05/04 19:03:59 | 000,577,536 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011/05/04 18:12:10 | 000,075,264 | ---- | M] () -- C:\Users\Administrator\Desktop\SystemLook(1).exe
[2011/05/04 16:10:42 | 000,000,204 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
[2011/04/29 22:58:36 | 000,001,994 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/28 23:03:27 | 000,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie
[2011/04/28 23:03:25 | 000,000,952 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2011/04/28 23:03:25 | 000,000,928 | ---- | M] () -- C:\Users\Administrator\Desktop\Perfect Uninstaller.lnk
[2011/04/28 20:35:55 | 000,939,582 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/28 20:29:57 | 000,512,992 | ---- | M] () -- C:\Users\Administrator\Desktop\sdasetup_revwire207.exe
[2011/04/28 16:30:21 | 000,625,664 | ---- | M] () -- C:\Users\Administrator\Desktop\dds.scr
[2011/04/28 14:46:05 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/28 11:14:35 | 000,746,948 | ---- | M] () -- C:\Users\Administrator\Desktop\Untitled-1.psd
[2011/04/28 10:51:47 | 000,301,568 | ---- | M] () -- C:\Users\Administrator\Desktop\gamer.exe
[2011/04/18 17:26:54 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/18 17:26:54 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/18 17:26:54 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/18 17:26:47 | 000,002,502 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/04/18 17:04:28 | 103,001,200 | ---- | M] (Symantec Corporation) -- C:\Users\Administrator\Documents\NIS-TW-30-18-5-0-125-PL.exe
[2011/04/13 21:56:16 | 000,002,166 | ---- | M] () -- C:\Users\Administrator\Desktop\PhotoshopPortable - Συντόμευση.lnk
[2011/04/06 19:12:32 | 000,284,027 | ---- | M] () -- C:\Users\Administrator\Desktop\marian_banner.rar
[2011/04/06 18:09:39 | 000,000,466 | RHS- | M] () -- C:\Users\Administrator\ntuser.pol

========== Files Created - No Company Name ==========

[2011/05/06 06:46:02 | 000,710,720 | ---- | C] () -- C:\Windows\System32\drivers\ndis.vir
[2011/05/05 22:40:23 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/05 22:11:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2011/05/05 22:11:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2011/05/05 19:01:10 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/05/05 19:01:10 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/05/04 21:43:31 | 000,002,552 | ---- | C] () -- C:\{65E6D292-D71F-438E-8C7D-3FF1C8AA8C41}
[2011/05/04 21:39:38 | 000,002,632 | ---- | C] () -- C:\{8F92B5A4-979F-4CCE-9374-9D47C5C50897}
[2011/05/04 19:10:12 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2011/05/04 18:12:10 | 000,075,264 | ---- | C] () -- C:\Users\Administrator\Desktop\SystemLook(1).exe
[2011/05/04 16:10:33 | 000,000,204 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2011/04/28 23:27:19 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/28 23:27:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/28 23:27:19 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/28 23:27:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/28 23:27:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/28 23:03:27 | 000,000,042 | ---- | C] () -- C:\Windows\System32\AK083E209605E394C.lie
[2011/04/28 23:03:25 | 000,000,952 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2011/04/28 23:03:25 | 000,000,928 | ---- | C] () -- C:\Users\Administrator\Desktop\Perfect Uninstaller.lnk
[2011/04/28 20:35:41 | 000,939,582 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/28 20:30:30 | 000,512,992 | ---- | C] () -- C:\Users\Administrator\Desktop\sdasetup_revwire207.exe
[2011/04/28 16:30:16 | 000,625,664 | ---- | C] () -- C:\Users\Administrator\Desktop\dds.scr
[2011/04/28 14:46:05 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/28 11:14:33 | 000,746,948 | ---- | C] () -- C:\Users\Administrator\Desktop\Untitled-1.psd
[2011/04/28 10:51:47 | 000,301,568 | ---- | C] () -- C:\Users\Administrator\Desktop\gamer.exe
[2011/04/18 17:26:58 | 001,081,252 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\Cat.DB
[2011/04/18 17:26:54 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/18 17:26:54 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/18 17:26:47 | 000,002,502 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/04/18 17:26:40 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\SymEFA.inf
[2011/04/18 17:26:40 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\SymDS.inf
[2011/04/18 17:26:40 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\SymNet.inf
[2011/04/18 17:26:40 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\srtspx.inf
[2011/04/18 17:26:40 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\srtsp.inf
[2011/04/18 17:26:40 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\Iron.inf
[2011/04/18 17:26:34 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\iron.cat
[2011/04/18 17:26:34 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\SymNet.cat
[2011/04/18 17:26:34 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\SymEFA.cat
[2011/04/18 17:26:34 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\srtspx.cat
[2011/04/18 17:26:34 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\SymDS.cat
[2011/04/18 17:26:34 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\srtsp.cat
[2011/04/18 17:26:34 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\isolate.ini
[2011/04/13 21:56:16 | 000,002,166 | ---- | C] () -- C:\Users\Administrator\Desktop\PhotoshopPortable - Συντόμευση.lnk
[2011/04/07 10:59:04 | 000,001,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CS5.lnk
[2011/04/07 10:58:30 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011/04/07 10:58:14 | 000,001,239 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS5.lnk
[2011/04/07 10:56:48 | 000,001,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit 2.lnk
[2011/04/07 10:56:35 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011/04/07 10:56:26 | 000,001,473 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/04/07 10:55:43 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/04/06 19:12:30 | 000,284,027 | ---- | C] () -- C:\Users\Administrator\Desktop\marian_banner.rar
[2011/04/06 18:37:24 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash CS4 Professional.lnk
[2011/04/06 18:36:39 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
[2011/04/06 18:36:15 | 000,002,285 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit.lnk
[2011/04/06 18:34:12 | 000,001,365 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2011/04/06 18:26:13 | 1163,530,394 | ---- | C] () -- C:\Users\Administrator\Desktop\Kamikazi agapi mou-Psaltis Stathis 1983 (dvd rip).avi
[2011/03/22 15:47:29 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010/11/19 18:11:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ubztfnxomg.exe
[2010/08/13 19:17:01 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/08/04 10:00:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/28 10:14:31 | 000,002,432 | ---- | C] () -- C:\Users\Administrator\AppData\Local\TempRh1748.html
[2010/07/27 10:25:32 | 000,002,432 | ---- | C] () -- C:\Users\Administrator\AppData\Local\TempHyb264.html
[2010/07/26 09:50:41 | 000,002,432 | ---- | C] () -- C:\Users\Administrator\AppData\Local\TempPN1148.html
[2010/07/24 10:29:27 | 000,002,432 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Tempcv1496.html
[2010/07/23 10:23:23 | 000,002,432 | ---- | C] () -- C:\Users\Administrator\AppData\Local\TemphfJ560.html
[2010/07/22 10:39:30 | 000,002,432 | ---- | C] () -- C:\Users\Administrator\AppData\Local\TempIO4408.html
[2010/07/21 17:12:48 | 000,002,432 | ---- | C] () -- C:\Users\Administrator\AppData\Local\TempOI5360.html
[2010/07/21 10:12:11 | 000,002,432 | ---- | C] () -- C:\Users\Administrator\AppData\Local\TempyS1856.html
[2010/07/20 10:33:03 | 000,002,432 | ---- | C] () -- C:\Users\Administrator\AppData\Local\TempuZ1144.html
[2010/07/19 17:14:10 | 000,002,432 | ---- | C] () -- C:\Users\Administrator\AppData\Local\TempTK4412.html
[2010/07/19 17:14:10 | 000,002,089 | ---- | C] () -- C:\Users\Administrator\AppData\Local\TempOG4412.html
[2010/07/19 11:42:19 | 000,002,432 | ---- | C] () -- C:\Users\Administrator\AppData\Local\TempMx5608.html
[2010/05/12 22:05:53 | 000,000,192 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/05/06 10:50:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/05/03 15:54:41 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/05/03 13:30:35 | 000,012,974 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\sWj5YKqA
[2010/05/03 13:30:35 | 000,012,974 | -HS- | C] () -- C:\ProgramData\sWj5YKqA
[2010/04/30 12:30:15 | 000,000,016 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\wzmjhy.dat
[2010/04/16 20:52:23 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/04/16 20:38:52 | 000,025,339 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/04/16 20:38:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/04/16 20:38:24 | 000,018,893 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/10/05 10:44:07 | 000,669,030 | ---- | C] () -- C:\Windows\System32\perfh008.dat
[2009/10/05 10:44:07 | 000,369,984 | ---- | C] () -- C:\Windows\System32\perfi008.dat
[2009/10/05 10:44:07 | 000,127,956 | ---- | C] () -- C:\Windows\System32\perfc008.dat
[2009/10/05 10:44:07 | 000,045,182 | ---- | C] () -- C:\Windows\System32\perfd008.dat
[2009/07/16 06:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/07/14 07:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 07:33:53 | 000,381,648 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 05:05:48 | 000,725,118 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 05:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 05:05:48 | 000,144,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 05:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 05:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 05:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 03:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 02:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 02:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/01/11 18:34:48 | 000,078,848 | ---- | C] () -- C:\Windows\System32\drivers\snxppalx.sys
[2008/01/11 18:34:48 | 000,054,912 | ---- | C] () -- C:\Windows\System32\drivers\snxpserx.sys
[2008/01/11 18:34:48 | 000,027,136 | ---- | C] () -- C:\Windows\System32\snxprops.dll
[2008/01/11 18:34:48 | 000,017,536 | ---- | C] () -- C:\Windows\System32\drivers\snxpcard.sys
[2007/12/30 02:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2005/06/06 14:49:38 | 000,348,215 | ---- | C] () -- C:\Windows\System32\SignDLL.dll
[2003/09/18 13:33:28 | 000,000,029 | ---- | C] () -- C:\Windows\System32\AlgoDll.ini
[2003/01/17 20:33:26 | 000,028,672 | ---- | C] () -- C:\Windows\System32\sign.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/17 13:46:16 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/08/11 16:55:20 | 000,000,444 | ---- | M] () -- C:\aaw7boot.log
[2009/06/11 00:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/07/03 19:13:08 | 000,011,109 | ---- | M] () -- C:\BIG-FISH.xlsx
[2009/06/11 00:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/12/27 17:28:52 | 000,013,970 | ---- | M] () -- C:\form_path.rar
[2010/05/19 12:47:17 | 000,009,252 | ---- | M] () -- C:\FURAZ.xlsx
[2011/05/06 03:22:34 | 2810,847,232 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/03 17:39:16 | 000,011,173 | ---- | M] () -- C:\JANETA.xlsx
[2009/07/14 04:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) -- C:\ndis.sys
[2010/06/02 10:42:48 | 000,011,467 | ---- | M] () -- C:\NIK-POL.xlsx
[2011/05/06 03:22:36 | 3747,799,040 | -HS- | M] () -- C:\pagefile.sys
[2010/06/02 11:59:51 | 000,014,887 | ---- | M] () -- C:\SANEX.xlsx
[2010/07/03 17:32:36 | 000,011,365 | ---- | M] () -- C:\SZATAN.xlsx
[2011/05/05 21:41:10 | 000,068,472 | ---- | M] () -- C:\TDSSKiller.2.5.0.0_05.05.2011_21.40.22_log.txt
[2011/05/05 21:54:57 | 000,068,472 | ---- | M] () -- C:\TDSSKiller.2.5.0.0_05.05.2011_21.54.24_log.txt
[2011/05/06 09:57:08 | 000,068,472 | ---- | M] () -- C:\TDSSKiller.2.5.0.0_06.05.2011_09.56.10_log.txt
[2011/05/04 21:43:32 | 000,002,552 | ---- | M] () -- C:\{65E6D292-D71F-438E-8C7D-3FF1C8AA8C41}
[2011/05/04 21:39:39 | 000,002,632 | ---- | M] () -- C:\{8F92B5A4-979F-4CCE-9374-9D47C5C50897}

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-06 06:57:06

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >


OTL Extras logfile created on: 6/5/2011 10:00:37 πμ - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Administrator\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 125,14 Gb Free Space | 41,99% Space Free | Partition Type: NTFS
Drive D: | 2,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PA_PAGRATI | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}" = Microsoft SQL Server 2005
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}" = Microsoft SQL Server 2005 Tools
"{1F0B7A92-C643-4F8F-B35F-2CBAE4FEA4F3}" = PowerDVD
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36DD7006-7BFE-4E3D-AF6E-FA734BC879B7}" = SQLXML4
"{37E9AD9F-3217-4229-B5A5-7A0C82364C6C}" = Microsoft SQL Server 2005 Notification Services
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3ABC7CFA-A6F5-3870-A59C-B856DA1DA4F4}" = Microsoft .NET Framework 4 Client Profile ELL Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D122AF9-1E02-4035-8003-334D378C1B62}_is1" = PDF OCR 4.2
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = FxPro - MetaTrader 4.00
"{41A00174-B4EA-4E79-9CAF-DC118A878B92}" = Garmin City Navigator Europe NT 2012.10 Update
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{69880C00-08DD-4385-B752-9C62656F6D1E}" = Microsoft SQL Server 2005 Backward compatibility
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7F8B6D39-197E-4FD1-A240-3E0A4D62A0C4}" = DesignPro 5
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ABF8FEB-ABB0-40DC-9945-85AF36EF30A9}" = Microsoft SQL Server 2005 Analysis Services
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7974CF7-4574-4485-92D9-C92356FEC0DE}" = BackOfficeFull
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCDA90A-F5A5-1829-B7A1-3BA406CF0AAE}" = Fotolia Desktop
"{DFA4CA5A-D073-4964-B8F5-778612851032}" = Nero 8
"{E3B67F67-F1BA-4709-96CE-72E92A8BF5E3}" = hpg2410
"{E5B04674-1885-4B08-BAE7-ECDEC1F84677}" = HP Scanjet G2410 and 2400
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}" = Microsoft SQL Server 2005 Integration Services
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FA300000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 3.0
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Adobe AIR" = Adobe AIR
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DYMO Label v.8" = DYMO Label v.8
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON P50 Series" = Odinstaluj drukarkę EPSON P50 Series
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{1F0B7A92-C643-4F8F-B35F-2CBAE4FEA4F3}" = PowerDVD Ultra
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Διαχειριστής Συσκευών Πλατφόρμας
"InstallShield_{7F8B6D39-197E-4FD1-A240-3E0A4D62A0C4}" = DesignPro 5
"InstallShield_{C7974CF7-4574-4485-92D9-C92356FEC0DE}" = BackOfficeFull
"JDownloader" = JDownloader
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ELL Language Pack" = Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 4.0.1 (x86 pl)" = Mozilla Firefox 4.0.1 (x86 pl)
"net.tw.fotolia-desktop" = Fotolia Desktop
"NIS" = Norton Internet Security
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"ST6UNST #1" = AlgoDriver Ver 2.6.5 PR
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TRANS_is1" = TRANS 3.3.2.713
"TVWiz" = Intel® TV Wizard
"VLC media player" = VLC media player 1.1.2
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/3/2011 8:48:06 πμ | Computer Name = PA_PAGRATI | Source = Office Software Protection Platform Service | ID = 1010
Description =

Error - 22/3/2011 8:49:37 πμ | Computer Name = PA_PAGRATI | Source = Office Software Protection Platform Service | ID = 8200
Description =

Error - 22/3/2011 8:49:37 πμ | Computer Name = PA_PAGRATI | Source = Office Software Protection Platform Service | ID = 1012
Description =

Error - 22/3/2011 8:49:42 πμ | Computer Name = PA_PAGRATI | Source = Office Software Protection Platform Service | ID = 8200
Description =

Error - 22/3/2011 8:49:42 πμ | Computer Name = PA_PAGRATI | Source = Office Software Protection Platform Service | ID = 1012
Description =

Error - 22/3/2011 9:15:40 πμ | Computer Name = PA_PAGRATI | Source = SideBySide | ID = 16842785
Description = Η δημιουργία περιβάλλοντος ενεργοποίησης για το "c:\program files\DYMO\dymo
label software\DymoExcelAddin.dll.Manifest" απέτυχε. Δεν ήταν δυνατή η εύρεση της
εξαρτημένης συγκρότησης DYMO.SmartPaste,processorArchitecture="MSIL",version="2.0.0.0".
Για
την αναλυτική διάγνωση χρησιμοποιήστε το sxstrace.exe.

Error - 23/3/2011 3:59:52 μμ | Computer Name = PA_PAGRATI | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής plugin-container.exe, έκδοση 1.9.2.4079,
χρονική σήμανση 0x4d6fb663 Όνομα ελαττωματικής λειτουργικής μονάδας ntdll.dll, έκδοση
6.1.7600.16385, χρονική σήμανση 0x4a5bdadb Κωδικός εξαίρεσης: 0xc0000005 Μετατόπιση
σφάλματος: 0x00046b90 Αναγνωριστικό ελαττωματικής διεργασίας: 0x1db0 Χρόνος έναρξης
ελαττωματικής εφαρμογής: 0x01cbe95278939057 Διαδρομή ελαττωματικής εφαρμογής: C:\Program
Files\Mozilla Firefox\plugin-container.exe Διαδρομή ελλατωματικής λειτουργικής μονάδας:C:\Windows\SYSTEM32\ntdll.dll
Αναγνωριστικό
αναφοράς:1d4fa34b-5588-11e0-8b54-00261849d49d

Error - 24/3/2011 5:59:02 πμ | Computer Name = PA_PAGRATI | Source = CVHSVC | ID = 100
Description =

Error - 25/3/2011 6:52:52 μμ | Computer Name = PA_PAGRATI | Source = SideBySide | ID = 16842785
Description = Η δημιουργία περιβάλλοντος ενεργοποίησης για το "c:\program files\DYMO\dymo
label software\DymoExcelAddin.dll.Manifest" απέτυχε. Δεν ήταν δυνατή η εύρεση της
εξαρτημένης συγκρότησης DYMO.SmartPaste,processorArchitecture="MSIL",version="2.0.0.0".
Για
την αναλυτική διάγνωση χρησιμοποιήστε το sxstrace.exe.

Error - 26/3/2011 7:10:41 πμ | Computer Name = PA_PAGRATI | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής svchost.exe_LanmanServer, έκδοση 6.1.7600.16385,
χρονική σήμανση 0x4a5bc100 Όνομα ελαττωματικής λειτουργικής μονάδας msvcrt.dll,
έκδοση 7.0.7600.16385, χρονική σήμανση 0x4a5bda6f Κωδικός εξαίρεσης: 0xc0000005 Μετατόπιση
σφάλματος: 0x00009c56 Αναγνωριστικό ελαττωματικής διεργασίας: 0x3ac Χρόνος έναρξης
ελαττωματικής εφαρμογής: 0x01cbeba64eb70b39 Διαδρομή ελαττωματικής εφαρμογής: C:\Windows\system32\svchost.exe
Διαδρομή
ελλατωματικής λειτουργικής μονάδας:C:\Windows\system32\msvcrt.dll Αναγνωριστικό
αναφοράς:af6d50e0-5799-11e0-9e60-00261849d49d

[ System Events ]
Error - 6/1/2011 4:36:31 πμ | Computer Name = PA_PAGRATI | Source = Service Control Manager | ID = 7000
Description = Δεν ήταν δυνατή η εκκίνηση της υπηρεσίας Διακομιστής εξαιτίας του
ακόλουθου σφάλματος: %%1053

Error - 6/1/2011 4:36:31 πμ | Computer Name = PA_PAGRATI | Source = Service Control Manager | ID = 7001
Description = Η υπηρεσία Αναζήτηση υπολογιστών εξαρτάται από την υπηρεσία Διακομιστής
της οποίας η εκκίνηση απέτυχε εξαιτίας του ακόλουθου σφάλματος: %%1053

Error - 6/1/2011 4:37:02 πμ | Computer Name = PA_PAGRATI | Source = Service Control Manager | ID = 7011
Description = Το χρονικό όριο αναμονής (30000 χιλιοστά του δευτερολέπτου) ξεπεράστηκε
κατά την αναμονή για απόκριση συναλλαγής από την υπηρεσία Winmgmt.

Error - 6/1/2011 4:37:32 πμ | Computer Name = PA_PAGRATI | Source = Service Control Manager | ID = 7011
Description = Το χρονικό όριο αναμονής (30000 χιλιοστά του δευτερολέπτου) ξεπεράστηκε
κατά την αναμονή για απόκριση συναλλαγής από την υπηρεσία LanmanServer.

Error - 6/1/2011 4:37:32 πμ | Computer Name = PA_PAGRATI | Source = Service Control Manager | ID = 7000
Description = Δεν ήταν δυνατή η εκκίνηση της υπηρεσίας Διακομιστής εξαιτίας του
ακόλουθου σφάλματος: %%1053

Error - 6/1/2011 4:37:32 πμ | Computer Name = PA_PAGRATI | Source = Service Control Manager | ID = 7001
Description = Η υπηρεσία Αναζήτηση υπολογιστών εξαρτάται από την υπηρεσία Διακομιστής
της οποίας η εκκίνηση απέτυχε εξαιτίας του ακόλουθου σφάλματος: %%1053

Error - 7/1/2011 4:36:06 πμ | Computer Name = PA_PAGRATI | Source = Service Control Manager | ID = 7022
Description = Η υπηρεσία SQL Server Browser έκλεισε απροειδοποίητα κατά την εκκίνηση.

Error - 11/1/2011 3:45:57 μμ | Computer Name = PA_PAGRATI | Source = srv | ID = 2019
Description = Ο διακομιστής δεν ήταν δυνατό να κάνει εκχώρηση από τη μη σελιδοποιημένη
περιοχή του συστήματος γιατί η περιοχή ήταν κενή.

Error - 13/1/2011 3:53:18 μμ | Computer Name = PA_PAGRATI | Source = UmrdpService | ID = 1111
Description = Το πρόγραμμα οδήγησης EPSON P50 Series που απαιτείται για τον εκτυπωτή
EPSON P50 Series είναι άγνωστο. Επικοινωνήστε με το διαχειριστή για την εγκατάσταση
του προγράμματος οδήγησης, πριν να συνδεθείτε ξανά.

Error - 13/1/2011 3:53:24 μμ | Computer Name = PA_PAGRATI | Source = UmrdpService | ID = 1111
Description = Το πρόγραμμα οδήγησης Send To Microsoft OneNote 2010 Driver που απαιτείται
για τον εκτυπωτή Send To OneNote 2010 είναι άγνωστο. Επικοινωνήστε με το διαχειριστή
για την εγκατάσταση του προγράμματος οδήγησης, πριν να συνδεθείτε ξανά.


< End of report >

Attached Files



#15 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:00 AM

Posted 06 May 2011 - 10:18 AM

Witaj ponownie!.. :)

No jest parę pozostałości do usunięcia:

Ale tego np. nie usuwam:
SRV - [2011/03/22 15:45:59 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
[2011/03/22 15:47:29 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
Aktywator MSOffice - świadczy o pirackim Office, niestety... I to jeszcze na firmowym komputerze... :| Mogę tylko polecić deinstalację pirackiego oprogramowania i zastąpienie go czymś darmowym, np. OpenOffice lub LibreOffice... Jak się zdecydujesz, powiem jak crack usunąć...
W każdym razie pirackie oprogramowanie to jedna z najprostszych dróg do władowania infekcji na swój system - i pewnie tak było też w Twoim wypadku...

Widzę także pozostałości po prawdopodobnie pirackim oprogramowaniu Adobe, o czym mogą świadczyć wpisy tego typu w pliku Hosts:
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.com
Plik Hosts będzie resetowany do postaci domyślnej...

Żadnych informacji nie umiałem znaleźć na temat tego programu zainstalowanego, rozumiem, że rozpoznajesz?
AlgoDriver Ver 2.6.5 PR

Uruchamiałeś program ComboFix samemu (o czym nie wspominałeś zupełnie - a szkoda!), choć chyba nie wszystko poszło prawidłowo, część z tego usuwane będzie... Do tego oryginalną kopię pliku ndis.sys też będę usuwał...

[2011/05/05 21:31:04 | 000,710,720 | ---- | C] (Microsoft Corporation) -- C:\ndis.sys
[2011/04/28 23:27:10 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/04/28 23:26:23 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

Do wykonania - wklej wynikowe logi w temacie:

Najpierw,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (SwitchBoard)
    SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..\Run: [Adobe ARM] File not found
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] File not found
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] File not found
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] File not found
    O4 - HKLM..\Run: [SwitchBoard] File not found
    O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2011/05/05 21:31:04 | 000,710,720 | ---- | C] (Microsoft Corporation) -- C:\ndis.sys
    [2011/04/28 23:27:10 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2011/04/28 23:26:23 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2010/11/19 18:11:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ubztfnxomg.exe
    [2010/05/03 13:30:35 | 000,012,974 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\sWj5YKqA
    [2010/05/03 13:30:35 | 000,012,974 | -HS- | C] () -- C:\ProgramData\sWj5YKqA
    [2010/04/30 12:30:15 | 000,000,016 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\wzmjhy.dat
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]
    [RESETHOSTS]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Potem,
Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users