--------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 (c) Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 1.728000 GHz Memory total: 527806464, free: 93143040 Downloaded database version: v2014.04.06.07 Downloaded database version: v2014.03.27.01 ======================================= Initializing... ------------ Kernel report ------------ 04/06/2014 19:51:26 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS compbatt.sys \WINDOWS\system32\DRIVERS\BATTC.SYS pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS intelide.sys viaide.sys aliide.sys pcmcia.sys MountMgr.sys ftdisk.sys dmload.sys dmio.sys ACPIEC.sys \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS PartMgr.sys VolSnap.sys atapi.sys iaStor.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys DRVMCDB.SYS PxHelp20.sys KSecDD.sys WudfPf.sys Ntfs.sys NDIS.sys Mup.sys aswVmm.sys aswRvrt.sys \SystemRoot\system32\DRIVERS\nic1394.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\ialmnt5.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl5.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\bcm4sbxp.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\System32\Drivers\aswKbd.SYS \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\System32\Drivers\DLACDBHM.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\cpqbttn.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\ADIHdAud.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\AEAudio.sys \SystemRoot\system32\DRIVERS\AGRSM.sys \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\drivers\aswSP.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\Drivers\DLARTL_N.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\drivers\aswTdi.sys \SystemRoot\system32\drivers\tStLibG.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\aswRdr.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\eabfiltr.sys \SystemRoot\System32\Drivers\StarOpen.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\aswSnx.sys \SystemRoot\system32\DRIVERS\arp1394.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\ialmdnt5.dll \SystemRoot\System32\ialmrnt5.dll \SystemRoot\System32\ialmdev5.DLL \SystemRoot\System32\ialmdd5.DLL \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\aswMonFlt.sys \SystemRoot\System32\Drivers\DRVNDDM.SYS \SystemRoot\System32\DLA\DLADResN.SYS \SystemRoot\System32\DLA\DLAIFS_M.SYS \SystemRoot\System32\DLA\DLAOPIOM.SYS \SystemRoot\System32\DLA\DLAPoolM.SYS \SystemRoot\System32\DLA\DLABOIOM.SYS \SystemRoot\System32\DLA\DLAUDFAM.SYS \SystemRoot\System32\DLA\DLAUDF_M.SYS \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\system32\DRIVERS\atksgt.sys \SystemRoot\System32\Drivers\LBeepKE.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\lirsgt.sys \??\C:\WINDOWS\system32\drivers\mqac.sys \??\C:\WINDOWS\system32\drivers\RMCast.sys \SystemRoot\system32\DRIVERS\secdrv.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\Drivers\Fastfat.SYS \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR3 Upper Device Object: 0xffffffffff5c8030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000a7\ Lower Device Object: 0xffffffff81f463f8 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff82d204b0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-0\ Lower Device Object: 0xffffffff82d44030 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff82d204b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff82d6b020, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff82d204b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff82d6f300, DeviceName: \Device\00000090\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff82d44030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Read File: File "C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq nx6310 (RH328EA#AKD)_YN_0U_QCNU6422WNS_E404611244_46_I30AA_SHP_VKBC Version 58.11_B68YDU Ver. F.08_T060727_WXP2_L415_M504_J80_7Intel_8Celeron M 430_91.73_#060825_N14E4170C_(RH328EA#AKD).MRK" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\103C_HP_NTBK_HP Compaq nx6310 (RH328EA#AKD)_YN_0U_QCNU6422WNS_E404611244_46_I30AA_SHP_VKBC Version 58.11_B68YDU Ver. F.08_T060727_WXP2_L415_M504_J80_7Intel_8Celeron M 430_91.73_#060825_N14E4170C_(RH328EA#AKD).MRK" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: B452B452 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 141296337 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 141296400 Numsec = 14999040 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 80026361856 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffffff5c8030, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffffff5fa618, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffffff5c8030, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff82200270, DeviceName: Unknown, DriverName: \Driver\DRVMCDB\ DevicePointer: 0xffffffff81f463f8, DeviceName: \Device\000000a7\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: C3072E18 Partition information: Partition 0 type is Other (0xb) Partition is ACTIVE. Partition starts at LBA: 8064 Numsec = 15348096 Partition file system is FAT32 Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 7862353920 bytes Sector size: 512 bytes Done! Read File: File "C:\Documents and Settings\Administrator\Cookies\index.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Cookies\index.dat" is compressed (flags = 1) Infected: C:\Documents and Settings\Administrator\Dane aplikacji\Explorer.EXE_log.txt --> [Trojan.Agent.Gen] Infected: HKLM\SOFTWARE\FREESOFTTODAY --> [Adware.EoRezo] Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred =======================================