Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

VIRUS RECYCLER NA PAMETOVCE

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Maaca
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 16 čer 2012 12:17
Bydliště: Břeclav
Kontaktovat uživatele:

Re: VIRUS RECYCLER NA PAMETOVCE

#16 Příspěvek od Maaca »

Tak tady to je, ještě se po restartu PC nahrával nějaký soubor malware k analýze:

ComboFix 12-07-08.01 - Monika 25.07.2012 15:15:44.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.570 [GMT 2:00]
Spuštěný z: c:\documents and settings\Monika\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Monika\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
file zipped: c:\\Documents and Settings\\Monika\\Data aplikací\\Bwtstt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.1267214146
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-25 do 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-17 07:36 . 2012-07-18 12:48 -------- d-----w- c:\program files\Red Alert 2 Yuri's Revenge
2012-07-01 10:36 . 2012-07-01 10:36 207977 ---ha-w- c:\documents and settings\Monika\Data aplikací\Bwtstt.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 15:10 . 2012-04-05 15:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 15:10 . 2011-05-14 12:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 13:19 . 2012-06-16 12:09 2004 ----a-w- C:\UsbFix_Upload_Me_MONIKA-PC.zip
2012-06-16 10:57 . 2012-06-16 10:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-16 10:57 . 2012-06-16 10:58 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-16 10:57 . 2010-05-12 16:26 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:55 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-04-14 03:21 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:35 . 2010-08-24 07:18 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2010-02-26 20:36 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-02-26 20:36 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-02-26 19:50 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-02-26 19:50 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-02-26 19:50 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-02-26 20:36 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2010-02-26 20:36 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2010-02-26 20:36 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2010-02-26 19:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-02-26 19:50 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-02-26 19:50 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-02-26 19:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-08-24 07:18 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-08-24 07:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2006-03-02 12:00 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-17 15:45 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-02-26 19:48 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-18 06:50 . 2011-03-22 18:50 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-08_15.06.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-25 13:27 . 2012-07-25 13:27 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat
+ 2012-07-12 15:10 . 2012-07-12 15:10 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
+ 2012-07-12 14:11 . 2012-07-12 14:11 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
+ 2012-07-12 14:11 . 2012-07-12 14:11 465096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll
+ 2012-04-05 15:51 . 2012-07-12 15:10 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-05 15:51 . 2012-06-25 13:10 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2010-02-26 20:38 . 2012-07-11 14:42 210488 c:\windows\system32\FNTCACHE.DAT
- 2010-02-26 20:38 . 2012-06-14 19:10 210488 c:\windows\system32\FNTCACHE.DAT
+ 2009-06-25 08:27 . 2012-06-04 04:32 152576 c:\windows\system32\dllcache\schannel.dll
- 2010-02-26 19:50 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-02-26 19:50 . 2012-05-28 18:16 536576 c:\windows\system32\dllcache\msado15.dll
+ 2012-07-16 09:13 . 2012-07-16 09:13 371272 c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe
- 2011-06-17 12:43 . 2011-06-17 12:43 371272 c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe
+ 2006-03-02 12:00 . 2012-06-08 14:25 8466944 c:\windows\system32\shell32.dll
+ 2012-07-12 15:10 . 2012-07-12 15:10 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
+ 2009-08-14 15:15 . 2012-06-13 13:55 1866112 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-17 19:02 . 2012-06-08 14:25 8466944 c:\windows\system32\dllcache\shell32.dll
+ 2008-04-14 03:21 . 2012-06-05 15:49 1372672 c:\windows\system32\dllcache\msxml6.dll
- 2008-04-14 03:21 . 2009-07-31 09:05 1372672 c:\windows\system32\dllcache\msxml6.dll
- 2010-02-26 20:44 . 2010-06-14 07:43 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2010-02-26 20:44 . 2012-06-05 15:49 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2010-02-26 22:32 . 2012-07-11 14:38 57442464 c:\windows\system32\MRT.exe
+ 2012-06-15 15:44 . 2012-07-25 13:26 492591136 c:\windows\system32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2010-02-26 98304]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Hlavní panel ATI CATALYST.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Hlavní panel ATI CATALYST.lnk
backup=c:\windows\pss\Hlavní panel ATI CATALYST.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 07:12 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-06-28 20:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
2004-06-11 03:15 83968 ----a-r- c:\windows\system32\nvraidservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-26 23:11 98304 ----a-w- c:\windows\system32\qttask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Red Alert 2 Yuri's Revenge\\gamemd.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13309:TCP"= 13309:TCP:BitComet 13309 TCP
"13309:UDP"= 13309:UDP:BitComet 13309 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 is-D72FGdrv;is-D72FGdrv;c:\windows\system32\drivers\24392970.sys [16.6.2012 14:40 148496]
R1 is-SGD7Ddrv;is-SGD7Ddrv;c:\windows\system32\drivers\87520850.sys [15.6.2012 17:44 148496]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 8:23 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18.1.2012 18:49 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18.1.2012 18:49 22216]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5.4.2012 17:51 250056]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.1.2011 19:18 13224]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [30.4.2012 9:55 113120]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 15:10]
.
2012-07-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1993962763-2147133589-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2012-03-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1993962763-2147133589-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:reklama@europrinty.eu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.0&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-25 15:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3424)
c:\documents and settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-07-25 15:32:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-25 13:32
ComboFix2.txt 2012-07-25 06:23
ComboFix3.txt 2012-07-08 15:10
.
Před spuštěním: 232 693 760
Po spuštění: 215 285 760
.
- - End Of File - - 17D03857F7FB810F596619D3AB5EF026
Nahr nˇ probŘhlo ŁspŘçnŘ

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: VIRUS RECYCLER NA PAMETOVCE

#17 Příspěvek od motji »

:arrow: Stáhněte TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
- a uložte ho na plochu.
- 2x klikněte na ikonu programu a spusťte
- dejte volbu Spustit kontrolu - pak potvrdte start sken
- pokud program najde infikovaný soubor, ukáže se Vám předvolená akce Cure, v tom případě potvrdte tlačítko Continue
- pokud bude chtít program restartovat počítač, klikněte na tlačítko Reboot Now
- pokud si restart nevyžádá, klikněte na tlačítko Report. Měl vy na Vás vyskočit log, obsah logu zkopírujte do svého topicu.
- pokud se log nezobrazí, je uložený ve Vašem kořenovém adresáři.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

Maaca
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 16 čer 2012 12:17
Bydliště: Břeclav
Kontaktovat uživatele:

Re: VIRUS RECYCLER NA PAMETOVCE

#18 Příspěvek od Maaca »

Nic to nenašlo:

20:46:09.0218 2516 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:46:09.0375 2516 ============================================================
20:46:09.0375 2516 Current date / time: 2012/07/25 20:46:09.0375
20:46:09.0375 2516 SystemInfo:
20:46:09.0375 2516
20:46:09.0375 2516 OS Version: 5.1.2600 ServicePack: 3.0
20:46:09.0375 2516 Product type: Workstation
20:46:09.0375 2516 ComputerName: MONIKA-PC
20:46:09.0375 2516 UserName: Monika
20:46:09.0375 2516 Windows directory: C:\WINDOWS
20:46:09.0375 2516 System windows directory: C:\WINDOWS
20:46:09.0375 2516 Processor architecture: Intel x86
20:46:09.0375 2516 Number of processors: 1
20:46:09.0375 2516 Page size: 0x1000
20:46:09.0375 2516 Boot type: Normal boot
20:46:09.0375 2516 ============================================================
20:46:10.0156 2516 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:46:10.0156 2516 Drive \Device\Harddisk1\DR3 - Size: 0x1E100000 (0.47 Gb), SectorSize: 0x200, Cylinders: 0x3D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:46:10.0171 2516 ============================================================
20:46:10.0171 2516 \Device\Harddisk0\DR0:
20:46:10.0171 2516 MBR partitions:
20:46:10.0171 2516 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
20:46:10.0187 2516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x724AFE5
20:46:10.0187 2516 \Device\Harddisk1\DR3:
20:46:10.0203 2516 MBR partitions:
20:46:10.0203 2516 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xB, StartLBA 0xED, BlocksNum 0xF0713
20:46:10.0203 2516 ============================================================
20:46:10.0359 2516 C: <-> \Device\Harddisk0\DR0\Partition0
20:46:10.0406 2516 D: <-> \Device\Harddisk0\DR0\Partition1
20:46:10.0406 2516 ============================================================
20:46:10.0406 2516 Initialize success
20:46:10.0406 2516 ============================================================
20:46:19.0968 2600 ============================================================
20:46:19.0968 2600 Scan started
20:46:19.0968 2600 Mode: Manual;
20:46:19.0968 2600 ============================================================
20:46:20.0468 2600 Abiosdsk - ok
20:46:20.0484 2600 abp480n5 - ok
20:46:20.0515 2600 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:46:20.0531 2600 ACPI - ok
20:46:20.0546 2600 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:46:20.0562 2600 ACPIEC - ok
20:46:20.0609 2600 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:46:20.0609 2600 AdobeFlashPlayerUpdateSvc - ok
20:46:20.0625 2600 adpu160m - ok
20:46:20.0640 2600 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:46:20.0656 2600 aec - ok
20:46:20.0687 2600 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:46:20.0687 2600 AFD - ok
20:46:20.0703 2600 Aha154x - ok
20:46:20.0718 2600 aic78u2 - ok
20:46:20.0718 2600 aic78xx - ok
20:46:20.0890 2600 ALCXWDM (f3e15607ba53249c765e36388b332c2f) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:46:21.0000 2600 ALCXWDM - ok
20:46:21.0078 2600 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
20:46:21.0078 2600 Alerter - ok
20:46:21.0093 2600 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
20:46:21.0093 2600 ALG - ok
20:46:21.0109 2600 AliIde - ok
20:46:21.0140 2600 AmdK8 (99bd5596b5d06c2ead3cecc6f11999f5) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
20:46:21.0140 2600 AmdK8 - ok
20:46:21.0156 2600 amsint - ok
20:46:21.0171 2600 AppMgmt - ok
20:46:21.0187 2600 asc - ok
20:46:21.0187 2600 asc3350p - ok
20:46:21.0203 2600 asc3550 - ok
20:46:21.0296 2600 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:46:21.0296 2600 aspnet_state - ok
20:46:21.0328 2600 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:46:21.0328 2600 AsyncMac - ok
20:46:21.0343 2600 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:46:21.0359 2600 atapi - ok
20:46:21.0359 2600 Atdisk - ok
20:46:21.0406 2600 Ati HotKey Poller (f57801f641e6df9f4fd4b29d6deb422c) C:\WINDOWS\system32\Ati2evxx.exe
20:46:21.0406 2600 Ati HotKey Poller - ok
20:46:21.0468 2600 ATI Smart (9459f0247d8911cfdf1dc509517af5b6) C:\WINDOWS\system32\ati2sgag.exe
20:46:21.0468 2600 ATI Smart - ok
20:46:21.0609 2600 ati2mtag (bf94a12f9d86b28fecf00b24b7129013) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:46:21.0687 2600 ati2mtag - ok
20:46:21.0765 2600 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:46:21.0765 2600 Atmarpc - ok
20:46:21.0796 2600 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
20:46:21.0796 2600 AudioSrv - ok
20:46:21.0828 2600 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:46:21.0828 2600 audstub - ok
20:46:21.0859 2600 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:46:21.0859 2600 Beep - ok
20:46:21.0906 2600 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
20:46:21.0921 2600 BITS - ok
20:46:21.0937 2600 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
20:46:21.0937 2600 Browser - ok
20:46:21.0953 2600 catchme - ok
20:46:21.0984 2600 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:46:21.0984 2600 cbidf2k - ok
20:46:21.0984 2600 cd20xrnt - ok
20:46:22.0015 2600 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:46:22.0015 2600 Cdaudio - ok
20:46:22.0046 2600 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:46:22.0046 2600 Cdfs - ok
20:46:22.0078 2600 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:46:22.0078 2600 Cdrom - ok
20:46:22.0093 2600 Changer - ok
20:46:22.0125 2600 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
20:46:22.0125 2600 CiSvc - ok
20:46:22.0140 2600 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
20:46:22.0140 2600 ClipSrv - ok
20:46:22.0203 2600 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:46:22.0203 2600 clr_optimization_v2.0.50727_32 - ok
20:46:22.0218 2600 CmdIde - ok
20:46:22.0234 2600 COMSysApp - ok
20:46:22.0265 2600 Cpqarray - ok
20:46:22.0296 2600 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
20:46:22.0296 2600 CryptSvc - ok
20:46:22.0296 2600 dac2w2k - ok
20:46:22.0312 2600 dac960nt - ok
20:46:22.0359 2600 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
20:46:22.0359 2600 DcomLaunch - ok
20:46:22.0390 2600 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
20:46:22.0406 2600 Dhcp - ok
20:46:22.0421 2600 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:46:22.0421 2600 Disk - ok
20:46:22.0437 2600 dmadmin - ok
20:46:22.0484 2600 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
20:46:22.0500 2600 dmboot - ok
20:46:22.0515 2600 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
20:46:22.0515 2600 dmio - ok
20:46:22.0546 2600 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:46:22.0546 2600 dmload - ok
20:46:22.0578 2600 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
20:46:22.0578 2600 dmserver - ok
20:46:22.0609 2600 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:46:22.0609 2600 DMusic - ok
20:46:22.0640 2600 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
20:46:22.0656 2600 Dnscache - ok
20:46:22.0687 2600 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
20:46:22.0687 2600 Dot3svc - ok
20:46:22.0703 2600 dpti2o - ok
20:46:22.0734 2600 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:46:22.0734 2600 drmkaud - ok
20:46:22.0765 2600 eamon (797798ed835628109811b4c8a6e1b668) C:\WINDOWS\system32\DRIVERS\eamon.sys
20:46:22.0765 2600 eamon - ok
20:46:22.0796 2600 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
20:46:22.0812 2600 EapHost - ok
20:46:22.0828 2600 ehdrv (d56f9592ea30e6f049af0c7f1062cd48) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
20:46:22.0828 2600 ehdrv - ok
20:46:22.0890 2600 EhttpSrv (94246ab56b93329ded1541ab386f6b84) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
20:46:22.0890 2600 EhttpSrv - ok
20:46:22.0937 2600 ekrn (f75b08c85b7c9e1bb52fb2dc351122ab) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
20:46:22.0953 2600 ekrn - ok
20:46:22.0984 2600 epfwtdir (2f70747c739550e7f0de9430f17e093b) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
20:46:22.0984 2600 epfwtdir - ok
20:46:23.0015 2600 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
20:46:23.0015 2600 ERSvc - ok
20:46:23.0046 2600 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
20:46:23.0046 2600 Eventlog - ok
20:46:23.0093 2600 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
20:46:23.0093 2600 EventSystem - ok
20:46:23.0125 2600 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:46:23.0125 2600 Fastfat - ok
20:46:23.0156 2600 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
20:46:23.0156 2600 FastUserSwitchingCompatibility - ok
20:46:23.0171 2600 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:46:23.0187 2600 Fdc - ok
20:46:23.0203 2600 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
20:46:23.0203 2600 Fips - ok
20:46:23.0218 2600 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:46:23.0218 2600 Flpydisk - ok
20:46:23.0250 2600 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:46:23.0265 2600 FltMgr - ok
20:46:23.0312 2600 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:46:23.0312 2600 FontCache3.0.0.0 - ok
20:46:23.0343 2600 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:46:23.0343 2600 Fs_Rec - ok
20:46:23.0359 2600 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:46:23.0375 2600 Ftdisk - ok
20:46:23.0390 2600 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:46:23.0390 2600 gameenum - ok
20:46:23.0421 2600 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
20:46:23.0421 2600 ggflt - ok
20:46:23.0453 2600 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
20:46:23.0468 2600 ggsemc - ok
20:46:23.0500 2600 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:46:23.0500 2600 Gpc - ok
20:46:23.0546 2600 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:46:23.0546 2600 helpsvc - ok
20:46:23.0562 2600 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
20:46:23.0578 2600 HidServ - ok
20:46:23.0593 2600 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:46:23.0593 2600 HidUsb - ok
20:46:23.0625 2600 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
20:46:23.0625 2600 hkmsvc - ok
20:46:23.0640 2600 hpn - ok
20:46:23.0687 2600 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:46:23.0687 2600 HTTP - ok
20:46:23.0890 2600 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
20:46:23.0890 2600 HTTPFilter - ok
20:46:23.0906 2600 i2omgmt - ok
20:46:23.0921 2600 i2omp - ok
20:46:23.0953 2600 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:46:23.0953 2600 i8042prt - ok
20:46:24.0015 2600 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:46:24.0031 2600 idsvc - ok
20:46:24.0062 2600 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:46:24.0062 2600 Imapi - ok
20:46:24.0093 2600 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
20:46:24.0093 2600 ImapiService - ok
20:46:24.0125 2600 ini910u - ok
20:46:24.0140 2600 IntelIde - ok
20:46:24.0156 2600 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:46:24.0171 2600 Ip6Fw - ok
20:46:24.0187 2600 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:46:24.0203 2600 IpFilterDriver - ok
20:46:24.0218 2600 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:46:24.0218 2600 IpInIp - ok
20:46:24.0234 2600 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:46:24.0250 2600 IpNat - ok
20:46:24.0265 2600 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:46:24.0265 2600 IPSec - ok
20:46:24.0281 2600 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
20:46:24.0281 2600 irda - ok
20:46:24.0312 2600 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:46:24.0312 2600 IRENUM - ok
20:46:24.0359 2600 Irmon (8024ea8c5b2d2a4d201f418b0aadb804) C:\WINDOWS\System32\irmon.dll
20:46:24.0359 2600 Irmon - ok
20:46:24.0390 2600 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
20:46:24.0390 2600 irsir - ok
20:46:24.0421 2600 is-D72FGdrv (0aa3ad071827118fcc8f37f7a6ab7aa1) C:\WINDOWS\system32\DRIVERS\24392970.sys
20:46:24.0421 2600 is-D72FGdrv - ok
20:46:24.0500 2600 is-SGD7Ddrv (0aa3ad071827118fcc8f37f7a6ab7aa1) C:\WINDOWS\system32\DRIVERS\87520850.sys
20:46:24.0500 2600 is-SGD7Ddrv - ok
20:46:24.0531 2600 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:46:24.0531 2600 isapnp - ok
20:46:24.0593 2600 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe
20:46:24.0593 2600 JavaQuickStarterService - ok
20:46:24.0625 2600 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:46:24.0625 2600 Kbdclass - ok
20:46:24.0640 2600 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:46:24.0640 2600 kbdhid - ok
20:46:24.0671 2600 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:46:24.0671 2600 kmixer - ok
20:46:24.0703 2600 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
20:46:24.0703 2600 KMWDFILTER - ok
20:46:24.0750 2600 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:46:24.0750 2600 KSecDD - ok
20:46:24.0765 2600 lanmanserver (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
20:46:24.0765 2600 lanmanserver - ok
20:46:24.0796 2600 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
20:46:24.0812 2600 lanmanworkstation - ok
20:46:24.0828 2600 lbrtfdc - ok
20:46:24.0859 2600 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
20:46:24.0859 2600 LmHosts - ok
20:46:24.0875 2600 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
20:46:24.0890 2600 MBAMProtector - ok
20:46:24.0937 2600 MBAMService (94e920be59b9ab65d95e582dbaa136ac) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:46:24.0953 2600 MBAMService - ok
20:46:24.0984 2600 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
20:46:24.0984 2600 Messenger - ok
20:46:25.0015 2600 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:46:25.0015 2600 mnmdd - ok
20:46:25.0046 2600 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
20:46:25.0046 2600 mnmsrvc - ok
20:46:25.0078 2600 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
20:46:25.0078 2600 Modem - ok
20:46:25.0093 2600 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:46:25.0093 2600 Mouclass - ok
20:46:25.0125 2600 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:46:25.0125 2600 mouhid - ok
20:46:25.0156 2600 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:46:25.0156 2600 MountMgr - ok
20:46:25.0187 2600 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:46:25.0203 2600 MozillaMaintenance - ok
20:46:25.0203 2600 mraid35x - ok
20:46:25.0234 2600 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:46:25.0234 2600 MRxDAV - ok
20:46:25.0281 2600 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:46:25.0281 2600 MRxSmb - ok
20:46:25.0312 2600 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
20:46:25.0312 2600 MSDTC - ok
20:46:25.0343 2600 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:46:25.0359 2600 Msfs - ok
20:46:25.0359 2600 MSIServer - ok
20:46:25.0390 2600 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:46:25.0390 2600 MSKSSRV - ok
20:46:25.0406 2600 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:46:25.0406 2600 MSPCLOCK - ok
20:46:25.0437 2600 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:46:25.0437 2600 MSPQM - ok
20:46:25.0468 2600 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:46:25.0468 2600 mssmbios - ok
20:46:25.0500 2600 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
20:46:25.0500 2600 ms_mpu401 - ok
20:46:25.0531 2600 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:46:25.0531 2600 Mup - ok
20:46:25.0562 2600 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
20:46:25.0578 2600 napagent - ok
20:46:25.0593 2600 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:46:25.0609 2600 NDIS - ok
20:46:25.0625 2600 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:46:25.0625 2600 NdisTapi - ok
20:46:25.0656 2600 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:46:25.0656 2600 Ndisuio - ok
20:46:25.0671 2600 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:46:25.0671 2600 NdisWan - ok
20:46:25.0703 2600 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:46:25.0703 2600 NDProxy - ok
20:46:25.0734 2600 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:46:25.0734 2600 NetBIOS - ok
20:46:25.0765 2600 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:46:25.0765 2600 NetBT - ok
20:46:25.0796 2600 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
20:46:25.0812 2600 NetDDE - ok
20:46:25.0812 2600 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
20:46:25.0828 2600 NetDDEdsdm - ok
20:46:25.0843 2600 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
20:46:25.0843 2600 Netlogon - ok
20:46:25.0875 2600 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
20:46:25.0875 2600 Netman - ok
20:46:25.0937 2600 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:46:25.0953 2600 NetTcpPortSharing - ok
20:46:25.0984 2600 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
20:46:26.0000 2600 Nla - ok
20:46:26.0015 2600 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:46:26.0015 2600 Npfs - ok
20:46:26.0062 2600 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:46:26.0078 2600 Ntfs - ok
20:46:26.0078 2600 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
20:46:26.0078 2600 NtLmSsp - ok
20:46:26.0125 2600 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
20:46:26.0140 2600 NtmsSvc - ok
20:46:26.0171 2600 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:46:26.0171 2600 Null - ok
20:46:26.0203 2600 nvatabus (46deed4c6c5fa765f9a2c723be60348d) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
20:46:26.0203 2600 nvatabus - ok
20:46:26.0234 2600 NVENETFD (23297b3c2ff3510e2e760714fc6f094e) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
20:46:26.0234 2600 NVENETFD - ok
20:46:26.0250 2600 nvnetbus (bcc3722a2db99ad6f367344997c26654) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
20:46:26.0250 2600 nvnetbus - ok
20:46:26.0265 2600 nvraid (a5c77d944410fadee380fb20b432760d) C:\WINDOWS\system32\DRIVERS\nvraid.sys
20:46:26.0265 2600 nvraid - ok
20:46:26.0296 2600 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
20:46:26.0296 2600 nv_agp - ok
20:46:26.0328 2600 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:46:26.0328 2600 NwlnkFlt - ok
20:46:26.0343 2600 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:46:26.0343 2600 NwlnkFwd - ok
20:46:26.0375 2600 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
20:46:26.0375 2600 Parport - ok
20:46:26.0406 2600 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:46:26.0406 2600 PartMgr - ok
20:46:26.0468 2600 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
20:46:26.0484 2600 ParVdm - ok
20:46:26.0500 2600 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
20:46:26.0515 2600 PCI - ok
20:46:26.0531 2600 PCIDump - ok
20:46:26.0625 2600 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:46:26.0625 2600 PCIIde - ok
20:46:26.0656 2600 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:46:26.0656 2600 Pcmcia - ok
20:46:26.0656 2600 PDCOMP - ok
20:46:26.0671 2600 PDFRAME - ok
20:46:26.0687 2600 PDRELI - ok
20:46:26.0703 2600 PDRFRAME - ok
20:46:26.0703 2600 perc2 - ok
20:46:26.0718 2600 perc2hib - ok
20:46:26.0765 2600 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
20:46:26.0765 2600 PlugPlay - ok
20:46:26.0781 2600 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
20:46:26.0781 2600 PolicyAgent - ok
20:46:26.0812 2600 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:46:26.0812 2600 PptpMiniport - ok
20:46:26.0828 2600 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
20:46:26.0828 2600 Processor - ok
20:46:26.0843 2600 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
20:46:26.0843 2600 ProtectedStorage - ok
20:46:26.0859 2600 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:46:26.0875 2600 PSched - ok
20:46:26.0890 2600 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:46:26.0890 2600 Ptilink - ok
20:46:26.0921 2600 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:46:26.0921 2600 PxHelp20 - ok
20:46:26.0937 2600 ql1080 - ok
20:46:26.0953 2600 Ql10wnt - ok
20:46:26.0968 2600 ql12160 - ok
20:46:26.0984 2600 ql1240 - ok
20:46:26.0984 2600 ql1280 - ok
20:46:27.0000 2600 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:46:27.0000 2600 RasAcd - ok
20:46:27.0046 2600 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
20:46:27.0046 2600 RasAuto - ok
20:46:27.0078 2600 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
20:46:27.0078 2600 Rasirda - ok
20:46:27.0093 2600 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:46:27.0093 2600 Rasl2tp - ok
20:46:27.0125 2600 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
20:46:27.0140 2600 RasMan - ok
20:46:27.0156 2600 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:46:27.0156 2600 RasPppoe - ok
20:46:27.0187 2600 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:46:27.0187 2600 Raspti - ok
20:46:27.0203 2600 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:46:27.0218 2600 Rdbss - ok
20:46:27.0234 2600 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:46:27.0234 2600 RDPCDD - ok
20:46:27.0265 2600 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
20:46:27.0265 2600 RDPWD - ok
20:46:27.0312 2600 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
20:46:27.0312 2600 RDSessMgr - ok
20:46:27.0328 2600 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:46:27.0328 2600 redbook - ok
20:46:27.0359 2600 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
20:46:27.0375 2600 RemoteAccess - ok
20:46:27.0406 2600 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
20:46:27.0406 2600 RpcLocator - ok
20:46:27.0453 2600 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
20:46:27.0468 2600 RpcSs - ok
20:46:27.0500 2600 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
20:46:27.0500 2600 RSVP - ok
20:46:27.0531 2600 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
20:46:27.0546 2600 SamSs - ok
20:46:27.0562 2600 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
20:46:27.0578 2600 SCardSvr - ok
20:46:27.0609 2600 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
20:46:27.0609 2600 Schedule - ok
20:46:27.0640 2600 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:46:27.0640 2600 Secdrv - ok
20:46:27.0671 2600 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
20:46:27.0671 2600 seclogon - ok
20:46:27.0687 2600 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
20:46:27.0687 2600 SENS - ok
20:46:27.0718 2600 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:46:27.0718 2600 serenum - ok
20:46:27.0734 2600 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
20:46:27.0734 2600 Serial - ok
20:46:27.0765 2600 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:46:27.0765 2600 Sfloppy - ok
20:46:27.0796 2600 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
20:46:27.0812 2600 SharedAccess - ok
20:46:27.0843 2600 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
20:46:27.0843 2600 ShellHWDetection - ok
20:46:27.0859 2600 Simbad - ok
20:46:27.0890 2600 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:46:27.0890 2600 SONYPVU1 - ok
20:46:27.0906 2600 Sparrow - ok
20:46:27.0921 2600 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:46:27.0921 2600 splitter - ok
20:46:27.0953 2600 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:46:27.0968 2600 Spooler - ok
20:46:27.0968 2600 sptd - ok
20:46:28.0000 2600 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
20:46:28.0000 2600 sr - ok
20:46:28.0031 2600 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
20:46:28.0031 2600 srservice - ok
20:46:28.0078 2600 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:46:28.0078 2600 Srv - ok
20:46:28.0125 2600 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
20:46:28.0125 2600 SSDPSRV - ok
20:46:28.0156 2600 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
20:46:28.0156 2600 stisvc - ok
20:46:28.0187 2600 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:46:28.0187 2600 swenum - ok
20:46:28.0218 2600 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:46:28.0218 2600 swmidi - ok
20:46:28.0234 2600 SwPrv - ok
20:46:28.0250 2600 symc810 - ok
20:46:28.0250 2600 symc8xx - ok
20:46:28.0281 2600 sym_hi - ok
20:46:28.0281 2600 sym_u3 - ok
20:46:28.0312 2600 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:46:28.0312 2600 sysaudio - ok
20:46:28.0343 2600 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
20:46:28.0343 2600 SysmonLog - ok
20:46:28.0375 2600 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
20:46:28.0375 2600 TapiSrv - ok
20:46:28.0421 2600 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:46:28.0421 2600 Tcpip - ok
20:46:28.0453 2600 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:46:28.0453 2600 TDPIPE - ok
20:46:28.0484 2600 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:46:28.0484 2600 TDTCP - ok
20:46:28.0500 2600 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:46:28.0515 2600 TermDD - ok
20:46:28.0546 2600 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
20:46:28.0562 2600 TermService - ok
20:46:28.0593 2600 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
20:46:28.0593 2600 Themes - ok
20:46:28.0625 2600 TosIde - ok
20:46:28.0640 2600 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
20:46:28.0656 2600 TrkWks - ok
20:46:28.0671 2600 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
20:46:28.0687 2600 TrueSight - ok
20:46:28.0718 2600 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:46:28.0718 2600 Udfs - ok
20:46:28.0750 2600 ultra - ok
20:46:28.0781 2600 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:46:28.0796 2600 Update - ok
20:46:28.0828 2600 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
20:46:28.0828 2600 upnphost - ok
20:46:28.0859 2600 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
20:46:28.0859 2600 UPS - ok
20:46:28.0890 2600 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:46:28.0890 2600 usbccgp - ok
20:46:28.0921 2600 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:46:28.0921 2600 usbehci - ok
20:46:28.0937 2600 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:46:28.0953 2600 usbhub - ok
20:46:28.0968 2600 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:46:28.0968 2600 usbohci - ok
20:46:29.0000 2600 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:46:29.0000 2600 usbprint - ok
20:46:29.0031 2600 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:46:29.0031 2600 usbscan - ok
20:46:29.0062 2600 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:46:29.0062 2600 USBSTOR - ok
20:46:29.0078 2600 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:46:29.0078 2600 VgaSave - ok
20:46:29.0093 2600 ViaIde - ok
20:46:29.0125 2600 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
20:46:29.0125 2600 VolSnap - ok
20:46:29.0171 2600 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
20:46:29.0171 2600 VSS - ok
20:46:29.0203 2600 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
20:46:29.0203 2600 W32Time - ok
20:46:29.0234 2600 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:46:29.0234 2600 Wanarp - ok
20:46:29.0281 2600 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:46:29.0281 2600 Wdf01000 - ok
20:46:29.0296 2600 WDICA - ok
20:46:29.0328 2600 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:46:29.0328 2600 wdmaud - ok
20:46:29.0359 2600 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
20:46:29.0359 2600 WebClient - ok
20:46:29.0421 2600 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:46:29.0421 2600 winmgmt - ok
20:46:29.0500 2600 WinRM (4d34cedd74bdbf2b6a935eae3bf80543) C:\WINDOWS\system32\WsmSvc.dll
20:46:29.0562 2600 WinRM - ok
20:46:29.0609 2600 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:46:29.0609 2600 WmdmPmSN - ok
20:46:29.0656 2600 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:46:29.0656 2600 WmiApSrv - ok
20:46:29.0750 2600 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:46:29.0765 2600 WMPNetworkSvc - ok
20:46:29.0812 2600 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:46:29.0812 2600 WS2IFSL - ok
20:46:29.0843 2600 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
20:46:29.0843 2600 wscsvc - ok
20:46:29.0859 2600 WSearch - ok
20:46:29.0875 2600 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
20:46:29.0890 2600 wuauserv - ok
20:46:29.0906 2600 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:46:29.0921 2600 WudfPf - ok
20:46:29.0937 2600 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:46:29.0937 2600 WudfRd - ok
20:46:29.0953 2600 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:46:29.0953 2600 WudfSvc - ok
20:46:30.0000 2600 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
20:46:30.0015 2600 WZCSVC - ok
20:46:30.0046 2600 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
20:46:30.0062 2600 xmlprov - ok
20:46:30.0078 2600 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
20:46:30.0437 2600 \Device\Harddisk0\DR0 - ok
20:46:30.0484 2600 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
20:46:30.0531 2600 \Device\Harddisk1\DR3 - ok
20:46:30.0546 2600 Boot (0x1200) (4d03eadcf9025f0a64f4a4dd830a727d) \Device\Harddisk0\DR0\Partition0
20:46:30.0546 2600 \Device\Harddisk0\DR0\Partition0 - ok
20:46:30.0562 2600 Boot (0x1200) (77b68d890cf7b7f7ea6e225b9dc5e1fb) \Device\Harddisk0\DR0\Partition1
20:46:30.0562 2600 \Device\Harddisk0\DR0\Partition1 - ok
20:46:30.0578 2600 Boot (0x1200) (c46d6556da32781e5c8df9fbd78bbc3f) \Device\Harddisk1\DR3\Partition0
20:46:30.0593 2600 \Device\Harddisk1\DR3\Partition0 - ok
20:46:30.0593 2600 ============================================================
20:46:30.0593 2600 Scan finished
20:46:30.0593 2600 ============================================================
20:46:30.0609 2440 Detected object count: 0
20:46:30.0609 2440 Actual detected object count: 0

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: VIRUS RECYCLER NA PAMETOVCE

#19 Příspěvek od motji »

Poprosím o nový log ze rsitu. Změnilo se něco?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

Maaca
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 16 čer 2012 12:17
Bydliště: Břeclav
Kontaktovat uživatele:

Re: VIRUS RECYCLER NA PAMETOVCE

#20 Příspěvek od Maaca »

Tak snad už to bude v pohodě.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Monika at 2012-07-26 07:26:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 343 MB (2%) free of 20 GB
Total RAM: 1023 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:26:05, on 26.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Monika\Plocha\RSIT.exe
C:\Program Files\trend micro\Monika.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:reklama@europrinty.eu
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\Documents and Settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7216548875
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0366517953
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 7014 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1993962763-2147133589-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1993962763-2147133589-1004.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, illimitux@illimitux.net:4.0, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8, jqs@sun.com:1.0, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.4.7&q="

"{4C0766D3-67A7-45a3-85A2-752F77312F32}"=C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.265 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33]
"Description"=
"Path"=C:\WINDOWS\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
msservice.js
nsIBitCometAgent.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npBitCometAgent.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npwachk.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\extensions\
illimitux@illimitux.net
{7b13ec3e-999a-4b70-b9cb-2617b8323822}
{800b5000-a755-47e1-992b-48a1c1357f07}
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
{b57a9eb1-0e57-4850-a701-4d169538e6ed}

C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.gif
icqplugin.src
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11 767280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-06-16 329480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-06-16 59144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-06-16 79624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\WINDOWS\system32\qttask.exe [2010-02-27 98304]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-31 2145000]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"Anti-phishing Domain Advisor"=C:\Documents and Settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe [2012-05-03 217256]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-09-25 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-28 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\system32\nvraidservice.exe [2004-06-11 83968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\WINDOWS\system32\qttask.exe [2010-02-27 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Hlavní panel ATI CATALYST.lnk]
C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe [2006-09-25 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-11-22 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Red Alert 2 Yuri's Revenge\gamemd.exe"="C:\Program Files\Red Alert 2 Yuri's Revenge\gamemd.exe:*:Enabled:Main executable for Yuri's Revenge"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.iac2"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\iac25_32.ax
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.avrn"=C:\PROGRA~1\MEGACO~1\SystemS\AVIDAV~1.DLL
"vidc.advj"=C:\PROGRA~1\MEGACO~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"=C:\PROGRA~1\MEGACO~1\SystemS\avimszh.dll
"vidc.zlib"=C:\PROGRA~1\MEGACO~1\SystemS\avizlib.dll
"vidc.cscd"=C:\PROGRA~1\MEGACO~1\SystemS\camcodec.dll
"vidc.cvid"=C:\PROGRA~1\MEGACO~1\SystemS\iccvid.dll
"msacm.trspch"=C:\PROGRA~1\MEGACO~1\SystemS\tssoft32.acm
"vidc.em2v"=C:\PROGRA~1\MEGACO~1\SystemS\etxcodec.dll
"vidc.mkvc"=C:\PROGRA~1\MEGACO~1\SystemS\kmvidc32.dll
"vidc.hfyu"=C:\PROGRA~1\MEGACO~1\SystemS\huffyuv.dll
"msacm.lameacm"=C:\PROGRA~1\MEGACO~1\SystemS\lameacm.acm
"msacm.lhacm"=C:\PROGRA~1\MEGACO~1\SystemS\lhacm.acm
"msacm.l3acm"=C:\PROGRA~1\MEGACO~1\SystemS\l3codecp.acm
"vidc.sjpg"=C:\PROGRA~1\MEGACO~1\SystemS\pmjpeg32.dll
"vidc.dmb2"=C:\PROGRA~1\MEGACO~1\SystemS\pmjpeg32.dll
"vidc.gepj"=C:\PROGRA~1\MEGACO~1\SystemS\pmjpeg32.dll
"vidc.qpeg"=C:\PROGRA~1\MEGACO~1\SystemS\Qpeg32.dll
"vidc.q1.0"=C:\PROGRA~1\MEGACO~1\SystemS\Qpeg32.dll
"msacm.sl_anet"=C:\PROGRA~1\MEGACO~1\SystemS\sl_anet.acm
"vidc.tscc"=C:\PROGRA~1\MEGACO~1\SystemS\tsccvid.dll
"vidc.vifp"=C:\PROGRA~1\MEGACO~1\SystemS\vfcodec.dll
"vidc.wrpr"=C:\PROGRA~1\MEGACO~1\SystemS\aviwrap.dll
"vidc.wnv1"=C:\PROGRA~1\MEGACO~1\SystemS\wnvplay1.dll
"vidc.advs"=C:\PROGRA~1\MEGACO~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"=C:\PROGRA~1\MEGACO~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"=C:\PROGRA~1\MEGACO~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"=C:\PROGRA~1\MEGACO~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"=C:\PROGRA~1\MEGACO~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"=C:\PROGRA~1\MEGACO~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"=C:\PROGRA~1\MEGACO~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"=C:\PROGRA~1\MEGACO~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"=C:\PROGRA~1\MEGACO~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"=C:\PROGRA~1\MEGACO~1\SystemS\ATI\ativcr2.dll
"vidc.mwv1"=C:\PROGRA~1\MEGACO~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"=C:\PROGRA~1\MEGACO~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"=C:\PROGRA~1\MEGACO~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"=C:\PROGRA~1\MEGACO~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"=C:\PROGRA~1\MEGACO~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"=C:\PROGRA~1\MEGACO~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"=C:\PROGRA~1\MEGACO~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"=C:\PROGRA~1\MEGACO~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"=C:\PROGRA~1\MEGACO~1\SystemS\dicas\davcvfw.dll
"vidc.div3"=C:\PROGRA~1\MEGACO~1\SystemS\DivX\DivXc32.dll
"vidc.div5"=C:\PROGRA~1\MEGACO~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"=C:\PROGRA~1\MEGACO~1\SystemS\DivX\DivXc32.dll
"vidc.div4"=C:\PROGRA~1\MEGACO~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"=C:\PROGRA~1\MEGACO~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"=C:\PROGRA~1\MEGACO~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"=C:\PROGRA~1\MEGACO~1\SystemS\DivX\divx4.dll
"msacm.divxa32"=C:\PROGRA~1\MEGACO~1\SystemS\DivX\divxa32.acm
"vidc.frwd"=C:\PROGRA~1\MEGACO~1\SystemS\Forward\frwd.dll
"vidc.frwt"=C:\PROGRA~1\MEGACO~1\SystemS\Forward\frwd.dll
"vidc.frwa"=C:\PROGRA~1\MEGACO~1\SystemS\Forward\frwt.dll
"vidc.frwu"=C:\PROGRA~1\MEGACO~1\SystemS\Forward\frwu.dll
"vidc.glzw"=C:\PROGRA~1\MEGACO~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"=C:\PROGRA~1\MEGACO~1\SystemS\Gabest\GPEG.dll
"vidc.i263"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\i263_32.drv
"vidc.iv30"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir41_32.dll
"vidc.iv50"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\ir50_32.dll
"vidc.iyuv"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\Iyvu9_32.dll
"vidc.ir21"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"=C:\PROGRA~1\MEGACO~1\SystemS\Intel\IMC32.ACM
"vidc.lead"=C:\PROGRA~1\MEGACO~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"=C:\PROGRA~1\MEGACO~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"=C:\PROGRA~1\MEGACO~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"=C:\PROGRA~1\MEGACO~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"=C:\PROGRA~1\MEGACO~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"=C:\PROGRA~1\MEGACO~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"=C:\PROGRA~1\MEGACO~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.dv25"=C:\PROGRA~1\MEGACO~1\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"=C:\PROGRA~1\MEGACO~1\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"=C:\PROGRA~1\MEGACO~1\SystemS\Matrox\DigiVCap.dll

======List of files/folders created in the last 1 month======

2012-07-26 07:26:02 ----D---- C:\Program Files\trend micro
2012-07-26 07:26:01 ----D---- C:\rsit
2012-07-25 20:46:09 ----A---- C:\TDSSKiller.2.7.48.0_25.07.2012_20.46.09_log.txt
2012-07-25 15:32:25 ----A---- C:\ComboFix.txt
2012-07-17 09:36:53 ----D---- C:\Program Files\Red Alert 2 Yuri's Revenge
2012-07-11 16:41:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
2012-07-11 16:38:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-07-11 16:37:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-07-11 16:37:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-07-11 16:37:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2718523$
2012-07-08 16:53:53 ----A---- C:\WINDOWS\zip.exe
2012-07-08 16:53:53 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-07-08 16:53:53 ----A---- C:\WINDOWS\SWSC.exe
2012-07-08 16:53:53 ----A---- C:\WINDOWS\SWREG.exe
2012-07-08 16:53:53 ----A---- C:\WINDOWS\sed.exe
2012-07-08 16:53:53 ----A---- C:\WINDOWS\PEV.exe
2012-07-08 16:53:53 ----A---- C:\WINDOWS\NIRCMD.exe
2012-07-08 16:53:53 ----A---- C:\WINDOWS\MBR.exe
2012-07-08 16:53:53 ----A---- C:\WINDOWS\grep.exe
2012-07-08 16:53:19 ----D---- C:\Qoobox
2012-07-08 16:51:55 ----RAD---- C:\Autorun.inf
2012-07-01 12:36:05 ----AH---- C:\Documents and Settings\Monika\Data aplikací\Bwtstt.exe

======List of files/folders modified in the last 1 month======

2012-07-26 07:26:02 ----D---- C:\WINDOWS\Temp
2012-07-26 07:26:02 ----D---- C:\Program Files
2012-07-26 07:18:47 ----D---- C:\WINDOWS
2012-07-25 20:55:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-07-25 20:46:09 ----D---- C:\WINDOWS\system32\drivers
2012-07-25 16:14:00 ----D---- C:\Program Files\Czech Soccer Manager 2002 FE
2012-07-25 15:28:17 ----A---- C:\WINDOWS\system.ini
2012-07-25 15:27:46 ----D---- C:\WINDOWS\system32\drivers\etc
2012-07-25 15:25:43 ----D---- C:\WINDOWS\system32\config
2012-07-25 15:25:27 ----D---- C:\WINDOWS\ERDNT
2012-07-25 15:21:17 ----D---- C:\WINDOWS\system32
2012-07-25 15:21:17 ----D---- C:\WINDOWS\AppPatch
2012-07-25 15:21:13 ----D---- C:\Program Files\Common Files
2012-07-25 15:13:56 ----D---- C:\WINDOWS\system32\CatRoot2
2012-07-25 08:18:03 ----D---- C:\WINDOWS\Prefetch
2012-07-21 02:08:31 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-07-18 08:51:06 ----D---- C:\Program Files\Mozilla Firefox
2012-07-17 09:42:12 ----D---- C:\WINDOWS\system32\Restore
2012-07-17 09:36:25 ----D---- C:\Downloads
2012-07-17 09:26:50 ----D---- C:\Program Files\BitComet
2012-07-16 11:26:56 ----D---- C:\Documents and Settings\Monika\Data aplikací\Skype
2012-07-16 11:13:27 ----SHD---- C:\WINDOWS\Installer
2012-07-12 17:10:16 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-07-12 15:49:32 ----D---- C:\WINDOWS\Debug
2012-07-11 16:41:10 ----HD---- C:\WINDOWS\inf
2012-07-11 16:41:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-07-11 16:41:03 ----HD---- C:\WINDOWS\$hf_mig$
2012-07-11 16:38:18 ----A---- C:\WINDOWS\system32\MRT.exe
2012-07-08 17:36:01 ----SHD---- C:\System Volume Information
2012-07-08 16:52:00 ----A---- C:\UsbFix.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2004-04-02 21760]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2004-06-03 79360]
R0 nvraid;NVIDIA NForce(tm) ATA RAID Class Driver; C:\WINDOWS\system32\DRIVERS\nvraid.sys [2004-06-03 68224]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-08-12 45648]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-31 95872]
R1 is-D72FGdrv;is-D72FGdrv; C:\WINDOWS\system32\DRIVERS\24392970.sys [2008-07-08 148496]
R1 is-SGD7Ddrv;is-SGD7Ddrv; C:\WINDOWS\system32\DRIVERS\87520850.sys [2008-07-08 148496]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-31 140216]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-11-22 2829824]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 KMWDFILTER;HIDUASDesc; C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-05-17 33280]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-05-17 12928]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2011-01-20 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2011-01-20 25512]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 TrueSight;TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-11-22 430080]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-06-16 153352]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-11-22 520192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-31 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Maaca
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 16 čer 2012 12:17
Bydliště: Břeclav
Kontaktovat uživatele:

Re: VIRUS RECYCLER NA PAMETOVCE

#21 Příspěvek od Maaca »

Zatím to vypadá dobře, na pametovkách nic není, ještě musím vyzkoušet všechny usb flash, co pouzivam, jestli to neni i na nich...

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: VIRUS RECYCLER NA PAMETOVCE

#22 Příspěvek od motji »

Pořád tam mrcha je. Prosím použijte do combofixu tento script:

Kód: Vybrat vše

KillAll::

Rootkit::
C:\Documents and Settings\Monika\Data aplikací\Bwtstt.exe
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

Maaca
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 16 čer 2012 12:17
Bydliště: Břeclav
Kontaktovat uživatele:

Re: VIRUS RECYCLER NA PAMETOVCE

#23 Příspěvek od Maaca »

ComboFix 12-07-08.01 - Monika 26.07.2012 18:40:41.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.570 [GMT 2:00]
Spuštěný z: c:\documents and settings\Monika\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Monika\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-26 do 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-26 05:26 . 2012-07-26 05:26 -------- d-----w- c:\program files\trend micro
2012-07-26 05:26 . 2012-07-26 05:26 -------- d-----w- C:\rsit
2012-07-17 07:36 . 2012-07-18 12:48 -------- d-----w- c:\program files\Red Alert 2 Yuri's Revenge
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 15:10 . 2012-04-05 15:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 15:10 . 2011-05-14 12:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 13:19 . 2012-06-16 12:09 2004 ----a-w- C:\UsbFix_Upload_Me_MONIKA-PC.zip
2012-06-16 10:57 . 2012-06-16 10:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-16 10:57 . 2012-06-16 10:58 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-16 10:57 . 2010-05-12 16:26 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:55 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-04-14 03:21 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:35 . 2010-08-24 07:18 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2010-02-26 20:36 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-02-26 20:36 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-02-26 19:50 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-02-26 19:50 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-02-26 19:50 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-02-26 20:36 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2010-02-26 20:36 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2010-02-26 20:36 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2010-02-26 19:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-02-26 19:50 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-02-26 19:50 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-02-26 19:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-08-24 07:18 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-08-24 07:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2006-03-02 12:00 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-17 15:45 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-02-26 19:48 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-18 06:50 . 2011-03-22 18:50 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-08_15.06.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-26 16:48 . 2012-07-26 16:48 16384 c:\windows\temp\Perflib_Perfdata_f4.dat
+ 2012-07-12 15:10 . 2012-07-12 15:10 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
+ 2012-07-12 14:11 . 2012-07-12 14:11 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
+ 2012-07-12 14:11 . 2012-07-12 14:11 465096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll
+ 2012-04-05 15:51 . 2012-07-12 15:10 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-05 15:51 . 2012-06-25 13:10 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2010-02-26 20:38 . 2012-07-11 14:42 210488 c:\windows\system32\FNTCACHE.DAT
- 2010-02-26 20:38 . 2012-06-14 19:10 210488 c:\windows\system32\FNTCACHE.DAT
+ 2009-06-25 08:27 . 2012-06-04 04:32 152576 c:\windows\system32\dllcache\schannel.dll
- 2010-02-26 19:50 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-02-26 19:50 . 2012-05-28 18:16 536576 c:\windows\system32\dllcache\msado15.dll
+ 2012-07-16 09:13 . 2012-07-16 09:13 371272 c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe
- 2011-06-17 12:43 . 2011-06-17 12:43 371272 c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe
+ 2006-03-02 12:00 . 2012-06-08 14:25 8466944 c:\windows\system32\shell32.dll
+ 2012-07-12 15:10 . 2012-07-12 15:10 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
+ 2009-08-14 15:15 . 2012-06-13 13:55 1866112 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-17 19:02 . 2012-06-08 14:25 8466944 c:\windows\system32\dllcache\shell32.dll
+ 2008-04-14 03:21 . 2012-06-05 15:49 1372672 c:\windows\system32\dllcache\msxml6.dll
- 2008-04-14 03:21 . 2009-07-31 09:05 1372672 c:\windows\system32\dllcache\msxml6.dll
- 2010-02-26 20:44 . 2010-06-14 07:43 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2010-02-26 20:44 . 2012-06-05 15:49 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2010-02-26 22:32 . 2012-07-11 14:38 57442464 c:\windows\system32\MRT.exe
+ 2012-06-15 15:44 . 2012-07-26 16:51 500766752 c:\windows\system32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2010-02-26 98304]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Hlavní panel ATI CATALYST.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Hlavní panel ATI CATALYST.lnk
backup=c:\windows\pss\Hlavní panel ATI CATALYST.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 07:12 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-06-28 20:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
2004-06-11 03:15 83968 ----a-r- c:\windows\system32\nvraidservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-26 23:11 98304 ----a-w- c:\windows\system32\qttask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Red Alert 2 Yuri's Revenge\\gamemd.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13309:TCP"= 13309:TCP:BitComet 13309 TCP
"13309:UDP"= 13309:UDP:BitComet 13309 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 is-D72FGdrv;is-D72FGdrv;c:\windows\system32\drivers\24392970.sys [16.6.2012 14:40 148496]
R1 is-SGD7Ddrv;is-SGD7Ddrv;c:\windows\system32\drivers\87520850.sys [15.6.2012 17:44 148496]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 8:23 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18.1.2012 18:49 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18.1.2012 18:49 22216]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5.4.2012 17:51 250056]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.1.2011 19:18 13224]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [30.4.2012 9:55 113120]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 15:10]
.
2012-07-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1993962763-2147133589-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2012-03-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1993962763-2147133589-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:reklama@europrinty.eu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.0&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-26 18:49
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3380)
c:\documents and settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-07-26 18:54:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-26 16:54
ComboFix2.txt 2012-07-25 13:33
ComboFix3.txt 2012-07-25 06:23
ComboFix4.txt 2012-07-08 15:10
.
Před spuštěním: 204 079 104
Po spuštění: 200 564 736
.
- - End Of File - - 7E3367367ECCCC7D97F51A98EDC6BD3E

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: VIRUS RECYCLER NA PAMETOVCE

#24 Příspěvek od motji »

Ted zase v logu není vidět :?: ..nebudou Vám vadit ještě nějaké testy?

:arrow: Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 
- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

Maaca
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 16 čer 2012 12:17
Bydliště: Břeclav
Kontaktovat uživatele:

Re: VIRUS RECYCLER NA PAMETOVCE

#25 Příspěvek od Maaca »

Ne, nevadí mi to. rád se ubezpečím. A navíc mám doma ještě noťas, tak ho pak musím taky otestovat, jestli jsem do něj taky něco nepřinesl... ale vše pěkně postupně :)

Maaca
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 16 čer 2012 12:17
Bydliště: Břeclav
Kontaktovat uživatele:

Re: VIRUS RECYCLER NA PAMETOVCE

#26 Příspěvek od Maaca »

Jediné, co to vyfluslo, je toto a není to moc přehledné...

OTL logfile created on: 27.7.2012 8:28:54 - Run 1਍ഀ
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Monika\Plocha਍ഀ
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation਍ഀ
Internet Explorer (Version = 8.0.6001.18702)਍ഀ
Locale: | Country: | Language: | Date Format: ਍ഀ
਍ഀ
1023,23 Mb Total Physical Memory | 372,37 Mb Available Physical Memory | 36,39% Memory free਍ഀ
2,40 Gb Paging File | 1,88 Gb Available in Paging File | 78,09% Paging File free਍ഀ
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]਍ഀ
਍ഀ
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files਍ഀ
Drive C: | 19,53 Gb Total Space | 0,24 Gb Free Space | 1,20% Space Free | Partition Type: NTFS਍ഀ
Drive D: | 57,15 Gb Total Space | 5,87 Gb Free Space | 10,28% Space Free | Partition Type: NTFS਍ഀ
Drive G: | 480,75 Mb Total Space | 480,70 Mb Free Space | 99,99% Space Free | Partition Type: FAT਍ഀ
਍ഀ
Computer Name: MONIKA-PC | User Name: Monika | Logged in as Administrator.਍ഀ
Boot Mode: Normal | Scan Mode: All users਍ഀ
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days਍ഀ
਍ഀ
========== Processes (SafeList) ==========਍ഀ
਍ഀ
PRC - [2012.07.27 08:22:47 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monika\Plocha\OTL.exe਍ഀ
PRC - [2012.07.18 08:50:54 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe਍ഀ
PRC - [2012.05.03 20:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe਍ഀ
PRC - [2011.08.31 18:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe਍ഀ
PRC - [2010.03.31 08:23:00 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe਍ഀ
PRC - [2010.03.31 08:22:20 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe਍ഀ
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe਍ഀ
PRC - [2006.09.25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe਍ഀ
਍ഀ
਍ഀ
========== Modules (No Company Name) ==========਍ഀ
਍ഀ
MOD - [2012.07.18 08:50:53 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll਍ഀ
MOD - [2012.07.12 17:10:16 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll਍ഀ
MOD - [2012.06.22 13:03:39 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_cs_b77a5c561934e089\mscorlib.resources.dll਍ഀ
MOD - [2012.06.22 13:03:39 | 000,180,224 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_cs_b77a5c561934e089\system.windows.forms.resources.dll਍ഀ
MOD - [2012.06.13 16:06:34 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_3fcfb65e\system.drawing.dll਍ഀ
MOD - [2012.06.13 16:05:34 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_b9eeeffd\system.windows.forms.dll਍ഀ
MOD - [2012.06.13 16:04:24 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll਍ഀ
MOD - [2011.12.31 12:23:03 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5b3dacd3\mscorlib.dll਍ഀ
MOD - [2011.12.31 12:21:15 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4a30c05c\system.xml.dll਍ഀ
MOD - [2011.12.31 12:19:40 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_c71bf7c1\system.dll਍ഀ
MOD - [2011.12.31 12:19:12 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll਍ഀ
MOD - [2011.12.31 12:19:08 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll਍ഀ
MOD - [2011.12.31 12:19:01 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll਍ഀ
MOD - [2010.02.27 00:26:30 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll਍ഀ
MOD - [2010.02.27 00:26:30 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll਍ഀ
MOD - [2010.02.27 00:26:30 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll਍ഀ
਍ഀ
਍ഀ
========== Win32 Services (SafeList) ==========਍ഀ
਍ഀ
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)਍ഀ
SRV - [2012.07.18 08:50:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)਍ഀ
SRV - [2012.07.12 17:10:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)਍ഀ
SRV - [2011.08.31 18:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)਍ഀ
SRV - [2010.03.31 08:27:24 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)਍ഀ
SRV - [2010.03.31 08:23:00 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)਍ഀ
਍ഀ
਍ഀ
========== Driver Services (SafeList) ==========਍ഀ
਍ഀ
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)਍ഀ
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\sptd.sys -- (sptd)਍ഀ
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)਍ഀ
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)਍ഀ
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)਍ഀ
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)਍ഀ
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)਍ഀ
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)਍ഀ
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)਍ഀ
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)਍ഀ
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)਍ഀ
DRV - [2012.01.18 20:22:16 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)਍ഀ
DRV - [2011.08.31 18:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)਍ഀ
DRV - [2011.01.20 19:18:05 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)਍ഀ
DRV - [2011.01.20 19:18:05 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)਍ഀ
DRV - [2010.03.31 08:23:56 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)਍ഀ
DRV - [2010.03.31 08:22:32 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)਍ഀ
DRV - [2010.03.31 08:17:48 | 000,140,216 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)਍ഀ
DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)਍ഀ
DRV - [2008.07.08 13:54:02 | 000,148,496 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\87520850.sys -- (is-SGD7Ddrv)਍ഀ
DRV - [2008.07.08 13:54:02 | 000,148,496 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\24392970.sys -- (is-D72FGdrv)਍ഀ
DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)਍ഀ
DRV - [2007.03.08 14:34:46 | 004,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)਍ഀ
DRV - [2006.11.22 05:25:08 | 002,829,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)਍ഀ
DRV - [2005.03.09 14:53:00 | 000,042,496 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)਍ഀ
DRV - [2004.06.03 04:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)਍ഀ
DRV - [2004.05.17 08:00:54 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)਍ഀ
DRV - [2004.05.17 08:00:52 | 000,033,280 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)਍ഀ
DRV - [2004.04.02 09:40:00 | 000,021,760 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)਍ഀ
DRV - [2001.08.18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)਍ഀ
DRV - [2001.08.17 23:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)਍ഀ
਍ഀ
਍ഀ
========== Standard Registry (SafeList) ==========਍ഀ
਍ഀ
਍ഀ
========== Internet Explorer ==========਍ഀ
਍ഀ
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm਍ഀ
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/਍ഀ
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}਍ഀ
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... source?}਍ഀ
਍ഀ
਍ഀ
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0਍ഀ
਍ഀ
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0਍ഀ
਍ഀ
਍ഀ
਍ഀ
IE - HKU\S-1-5-21-725345543-1993962763-2147133589-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/਍ഀ
IE - HKU\S-1-5-21-725345543-1993962763-2147133589-1004\..\SearchScopes,DefaultScope = {B9F6CF91-37F8-4059-A6BA-E2BBD34C549C}਍ഀ
IE - HKU\S-1-5-21-725345543-1993962763-2147133589-1004\..\SearchScopes\${searchCLSID}: "URL" = http://www.bing.com/search?q={searchTer ... M=IE8SRC਍ഀ
IE - HKU\S-1-5-21-725345543-1993962763-2147133589-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... M=IE8SRC਍ഀ
IE - HKU\S-1-5-21-725345543-1993962763-2147133589-1004\..\SearchScopes\{B9F6CF91-37F8-4059-A6BA-E2BBD34C549C}: "URL" = http://www.google.com/search?q={searchT ... coding?}਍ഀ
IE - HKU\S-1-5-21-725345543-1993962763-2147133589-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0਍ഀ
਍ഀ
========== FireFox ==========਍ഀ
਍ഀ
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"਍ഀ
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_result ... .3.0&q="਍ഀ
FF - prefs.js..browser.search.selectedEngine: "Google"਍ഀ
FF - prefs.js..browser.search.useDBForOrder: true਍ഀ
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"਍ഀ
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20਍ഀ
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0਍ഀ
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8਍ഀ
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0਍ഀ
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9਍ഀ
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25਍ഀ
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... .5.3&q="਍ഀ
਍ഀ
਍ഀ
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()਍ഀ
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)਍ഀ
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)਍ഀ
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)਍ഀ
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)਍ഀ
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)਍ഀ
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found਍ഀ
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found਍ഀ
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)਍ഀ
਍ഀ
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\਍ഀ
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext਍ഀ
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 08:50:55 | 000,000,000 | ---D | M]਍ഀ
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.16 12:58:00 | 000,000,000 | ---D | M]਍ഀ
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.07.16 18:42:05 | 000,000,000 | ---D | M]਍ഀ
਍ഀ
[2010.02.26 22:52:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Extensions਍ഀ
[2012.07.27 08:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\extensions਍ഀ
[2012.07.17 09:12:31 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}਍ഀ
[2012.07.27 08:21:51 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}਍ഀ
[2011.10.28 18:51:23 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}਍ഀ
[2010.12.25 17:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash਍ഀ
[2012.06.15 17:44:16 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\extensions\{b57a9eb1-0e57-4850-a701-4d169538e6ed}਍ഀ
[2010.05.22 13:34:56 | 000,000,000 | ---D | M] (Illimitux) -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\extensions\illimitux@illimitux.net਍ഀ
[2012.07.25 08:27:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin-1.xml਍ഀ
[2012.06.17 09:57:46 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin-10.xml਍ഀ
[2011.10.01 00:16:02 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin-11.xml਍ഀ
[2011.11.26 11:27:38 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin-12.xml਍ഀ
[2012.01.14 19:37:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin-13.xml਍ഀ
[2012.02.12 16:16:44 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin-14.xml਍ഀ
[2012.02.17 22:28:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin-15.xml਍ഀ
[2012.03.20 19:42:40 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin-16.xml਍ഀ
[2012.07.18 08:51:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin-17.xml਍ഀ
[2011.09.01 20:38:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin-2.xml਍ഀ
[2011.03.06 17:36:45 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin-3.xml਍ഀ
[2011.03.22 20:51:46 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin-4.xml਍ഀ
[2011.03.22 23:28:26 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin-5.xml਍ഀ
[2011.06.21 22:01:54 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin-6.xml਍ഀ
[2011.08.16 22:48:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin-7.xml਍ഀ
[2011.08.17 21:09:44 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin-8.xml਍ഀ
[2011.09.07 20:27:51 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin-9.xml਍ഀ
[2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin.gif਍ഀ
[2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin.src਍ഀ
[2010.10.28 16:12:55 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\searchplugins\icqplugin.xml਍ഀ
[2012.06.16 12:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions਍ഀ
[2012.06.16 12:58:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}਍ഀ
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MONIKA\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\8VLCKOOR.DEFAULT\EXTENSIONS\{7B13EC3E-999A-4B70-B9CB-2617B8323822}਍ഀ
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MONIKA\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\8VLCKOOR.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}਍ഀ
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MONIKA\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\8VLCKOOR.DEFAULT\EXTENSIONS\{B57A9EB1-0E57-4850-A701-4D169538E6ED}਍ഀ
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MONIKA\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\8VLCKOOR.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI਍ഀ
[2012.07.18 08:50:54 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll਍ഀ
[2011.09.09 06:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll਍ഀ
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll਍ഀ
[2012.06.17 09:57:31 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml਍ഀ
[2012.06.17 09:57:31 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml਍ഀ
[2010.01.16 02:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml਍ഀ
[2012.06.17 09:57:31 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml਍ഀ
[2012.06.17 09:57:31 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml਍ഀ
[2012.06.17 09:57:31 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml਍ഀ
਍ഀ
O1 HOSTS File: ([2012.07.26 18:48:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts਍ഀ
O1 - Hosts: 127.0.0.1 localhost਍ഀ
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.਍ഀ
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)਍ഀ
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)਍ഀ
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))਍ഀ
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()਍ഀ
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)਍ഀ
O4 - HKLM..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe (Apple Computer, Inc.)਍ഀ
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)਍ഀ
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present਍ഀ
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1਍ഀ
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863਍ഀ
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323਍ഀ
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0਍ഀ
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present਍ഀ
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323਍ഀ
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863਍ഀ
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present਍ഀ
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323਍ഀ
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863਍ഀ
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present਍ഀ
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145਍ഀ
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present਍ഀ
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145਍ഀ
O7 - HKU\S-1-5-21-725345543-1993962763-2147133589-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present਍ഀ
O7 - HKU\S-1-5-21-725345543-1993962763-2147133589-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863਍ഀ
O7 - HKU\S-1-5-21-725345543-1993962763-2147133589-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323਍ഀ
O7 - HKU\S-1-5-21-725345543-1993962763-2147133589-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0਍ഀ
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)਍ഀ
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)਍ഀ
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)਍ഀ
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)਍ഀ
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)਍ഀ
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 7216548875 (WUWebControl Class)਍ഀ
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)਍ഀ
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 0366517953 (MUWebControl Class)਍ഀ
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)਍ഀ
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)਍ഀ
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)਍ഀ
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)਍ഀ
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)਍ഀ
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138਍ഀ
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87993D0F-952B-4B9D-9ADA-F2C6D5EF0B89}: DhcpNameServer = 10.0.0.138਍ഀ
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)਍ഀ
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)਍ഀ
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)਍ഀ
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home਍ഀ
O24 - Desktop WallPaper: C:\Documents and Settings\Monika\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp਍ഀ
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Monika\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp਍ഀ
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)਍ഀ
O32 - HKLM CDRom: AutoRun - 1਍ഀ
O32 - AutoRun File - [2010.02.26 21:53:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]਍ഀ
O32 - AutoRun File - [2012.07.08 16:51:55 | 000,000,000 | R--D | M] - C:\Autorun.inf -- [ NTFS ]਍ഀ
O32 - AutoRun File - [2011.12.06 21:48:20 | 000,000,000 | ---D | M] - D:\auto -- [ NTFS ]਍ഀ
O32 - AutoRun File - [2012.07.08 16:51:56 | 000,000,000 | R--D | M] - D:\Autorun.inf -- [ NTFS ]਍ഀ
O34 - HKLM BootExecute: (autocheck autochk *)਍ഀ
O35 - HKLM\..comfile [open] -- "%1" %*਍ഀ
O35 - HKLM\..exefile [open] -- "%1" %*਍ഀ
O37 - HKLM\...com [@ = ComFile] -- "%1" %*਍ഀ
O37 - HKLM\...exe [@ = exefile] -- "%1" %*਍ഀ
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)਍ഀ
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)਍ഀ
਍ഀ
NetSvcs: 6to4 - File not found਍ഀ
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found਍ഀ
NetSvcs: Ias - File not found਍ഀ
NetSvcs: Iprip - File not found਍ഀ
NetSvcs: NWCWorkstation - File not found਍ഀ
NetSvcs: Nwsapagent - File not found਍ഀ
NetSvcs: WmdmPmSp - File not found਍ഀ
਍ഀ
Drivers32: msacm.at3 - C:\Program Files\Mega CoDecS Pack\SystemS\SONY\atrac3.acm ()਍ഀ
Drivers32: msacm.CoreFLAC_ACM - C:\Program Files\Mega CoDecS Pack\SystemS\Core\CoreFLAC_ACM.acm ()਍ഀ
Drivers32: msacm.divxa32 - C:\Program Files\Mega CoDecS Pack\SystemS\DivX\divxa32.acm (Kristal StudioDFileDescription)਍ഀ
Drivers32: msacm.iac2 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\iac25_32.ax (Intel Corporation)਍ഀ
Drivers32: msacm.imaadpcm - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\imaadp32.acm (Microsoft Corporation)਍ഀ
Drivers32: msacm.imc - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\imc32.acm (Intel Corporation)਍ഀ
Drivers32: msacm.l3acm - C:\Program Files\Mega CoDecS Pack\SystemS\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)਍ഀ
Drivers32: msacm.lameacm - C:\Program Files\Mega CoDecS Pack\SystemS\lameacm.acm (http://www.mp3dev.org/)਍ഀ
Drivers32: msacm.lhacm - C:\Program Files\Mega CoDecS Pack\SystemS\lhacm.acm (Microsoft Corporation)਍ഀ
Drivers32: msacm.msadpcm - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\msadp32.acm (Microsoft Corporation)਍ഀ
Drivers32: msacm.msaudio1 - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\msaud32.acm (Microsoft Corporation)਍ഀ
Drivers32: msacm.msg711 - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\msg711.acm (Microsoft Corporation)਍ഀ
Drivers32: msacm.msg723 - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\msg723.acm (Microsoft Corporation)਍ഀ
Drivers32: msacm.msgsm610 - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\msgsm32.acm (Microsoft Corporation)਍ഀ
Drivers32: msacm.pcdv - C:\Program Files\Mega CoDecS Pack\SystemS\Canopus\pcdv.acm (Canopus Co., Ltd.)਍ഀ
Drivers32: msacm.qmpeg - C:\Program Files\Mega CoDecS Pack\SystemS\QDesign\qmpeg.acm (QDesign Corporation)਍ഀ
Drivers32: msacm.sl_anet - C:\Program Files\Mega CoDecS Pack\SystemS\sl_anet.acm (Sipro Lab Telecom Inc.)਍ഀ
Drivers32: msacm.trspch - C:\Program Files\Mega CoDecS Pack\SystemS\tssoft32.acm (DSP GROUP, INC.)਍ഀ
Drivers32: msacm.vorbis - C:\Program Files\Mega CoDecS Pack\SystemS\OGG\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)਍ഀ
Drivers32: msacm.voxacm160 - C:\Program Files\Mega CoDecS Pack\SystemS\VoxWare\vct3216.acm (Voxware, Inc.)਍ഀ
Drivers32: vidc.aas4 - C:\Program Files\Mega CoDecS Pack\SystemS\Autodesk\aasc32.dll (Autodesk, Inc.)਍ഀ
Drivers32: vidc.aasc - C:\Program Files\Mega CoDecS Pack\SystemS\Autodesk\aasc32.dll (Autodesk, Inc.)਍ഀ
Drivers32: vidc.advj - C:\Program Files\Mega CoDecS Pack\SystemS\avidavicodec.dll (Avid Technology, Inc)਍ഀ
Drivers32: vidc.advs - C:\Program Files\Mega CoDecS Pack\SystemS\Adaptec\dvc.dll (Adaptec)਍ഀ
Drivers32: vidc.aflc - C:\Program Files\Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll (Autodesk, Inc.)਍ഀ
Drivers32: vidc.afli - C:\Program Files\Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll (Autodesk, Inc.)਍ഀ
Drivers32: vidc.ap41 - C:\Program Files\Mega CoDecS Pack\SystemS\DivX\divxc32f.dll (Hacked with Joy !)਍ഀ
Drivers32: vidc.asv1 - C:\Program Files\Mega CoDecS Pack\SystemS\ASUS\asusasv1.dll ()਍ഀ
Drivers32: vidc.asv2 - C:\Program Files\Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll ()਍ഀ
Drivers32: vidc.asvx - C:\Program Files\Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll ()਍ഀ
Drivers32: vidc.avi1 - C:\Program Files\Mega CoDecS Pack\SystemS\MainConcept\mcmjpg32.dll (MainConcept)਍ഀ
Drivers32: vidc.avi2 - C:\Program Files\Mega CoDecS Pack\SystemS\MainConcept\mcmjpg32.dll (MainConcept)਍ഀ
Drivers32: vidc.avrn - C:\Program Files\Mega CoDecS Pack\SystemS\avidavicodec.dll (Avid Technology, Inc)਍ഀ
Drivers32: vidc.bt20 - C:\Program Files\Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv (Brooktree Corporation)਍ഀ
Drivers32: vidc.cdvc - C:\Program Files\Mega CoDecS Pack\SystemS\Canopus\csccdvc.dll (Canopus Co., Ltd.)਍ഀ
Drivers32: vidc.cram - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll (Microsoft Corporation)਍ഀ
Drivers32: vidc.cscd - C:\Program Files\Mega CoDecS Pack\SystemS\camcodec.dll (RenderSoft Software.)਍ഀ
Drivers32: vidc.cvid - C:\Program Files\Mega CoDecS Pack\SystemS\iccvid.dll (Compression Technologies, Inc.)਍ഀ
Drivers32: vidc.davc - C:\Program Files\Mega CoDecS Pack\SystemS\dicas\davcvfw.dll (dicas)਍ഀ
Drivers32: vidc.dcap - C:\Program Files\Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll (Pinnacle Systems)਍ഀ
Drivers32: vidc.dcmj - C:\Program Files\Mega CoDecS Pack\SystemS\MainConcept\mcmjpg32.dll (MainConcept)਍ഀ
Drivers32: vidc.ddvc - C:\Program Files\Mega CoDecS Pack\SystemS\Canopus\cscdvsd.dll (Canopus Co., Ltd.)਍ഀ
Drivers32: vidc.div3 - C:\Program Files\Mega CoDecS Pack\SystemS\DivX\divxc32.dll (Hacked with Joy !)਍ഀ
Drivers32: vidc.div4 - C:\Program Files\Mega CoDecS Pack\SystemS\DivX\divxc32f.dll (Hacked with Joy !)਍ഀ
Drivers32: vidc.div5 - C:\Program Files\Mega CoDecS Pack\SystemS\DivX\divxc32.dll (Hacked with Joy !)਍ഀ
Drivers32: vidc.div6 - C:\Program Files\Mega CoDecS Pack\SystemS\DivX\divxc32f.dll (Hacked with Joy !)਍ഀ
Drivers32: vidc.dmb2 - C:\Program Files\Mega CoDecS Pack\SystemS\pmjpeg32.dll (White Pine Software and Paradigm Matrix)਍ഀ
Drivers32: vidc.dv25 - C:\Program Files\Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)਍ഀ
Drivers32: vidc.dv50 - C:\Program Files\Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)਍ഀ
Drivers32: vidc.dvc - C:\Program Files\Mega CoDecS Pack\SystemS\MainConcept\mcdvd_32.dll (MainConcept)਍ഀ
Drivers32: vidc.dvcp - C:\Program Files\Mega CoDecS Pack\SystemS\SONY\sonydv.dll (Sony Corporation)਍ഀ
Drivers32: vidc.dvcs - C:\Program Files\Mega CoDecS Pack\SystemS\MainConcept\mcdvd_32.dll (MainConcept)਍ഀ
Drivers32: vidc.dvsd - C:\Program Files\Mega CoDecS Pack\SystemS\MainConcept\mcdvd_32.dll (MainConcept)਍ഀ
Drivers32: vidc.dvx4 - C:\Program Files\Mega CoDecS Pack\SystemS\DivX\DivX4.dll (DivXNetworks, Inc.)਍ഀ
Drivers32: vidc.em2v - C:\Program Files\Mega CoDecS Pack\SystemS\etxcodec.dll (Etymonix Inc.)਍ഀ
Drivers32: vidc.frwa - C:\Program Files\Mega CoDecS Pack\SystemS\Forward\frwt.dll (Darim Vision Co.)਍ഀ
Drivers32: vidc.frwd - C:\Program Files\Mega CoDecS Pack\SystemS\Forward\frwd.dll (Darim Vision Co.)਍ഀ
Drivers32: vidc.frwt - C:\Program Files\Mega CoDecS Pack\SystemS\Forward\frwd.dll (Darim Vision Co.)਍ഀ
Drivers32: vidc.frwu - C:\Program Files\Mega CoDecS Pack\SystemS\Forward\frwu.dll (Darim Vision Co.)਍ഀ
Drivers32: vidc.gepj - C:\Program Files\Mega CoDecS Pack\SystemS\pmjpeg32.dll (White Pine Software and Paradigm Matrix)਍ഀ
Drivers32: vidc.glzw - C:\Program Files\Mega CoDecS Pack\SystemS\Gabest\glzw.dll (Gabest)਍ഀ
Drivers32: vidc.gpeg - C:\Program Files\Mega CoDecS Pack\SystemS\Gabest\gpeg.dll (Gabest)਍ഀ
Drivers32: vidc.gpjm - C:\Program Files\Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll (Pinnacle Systems)਍ഀ
Drivers32: vidc.hfyu - C:\Program Files\Mega CoDecS Pack\SystemS\huffyuv.dll (Disappearing Inc.)਍ഀ
Drivers32: vidc.i263 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\i263_32.drv (Intel Corporation)਍ഀ
Drivers32: vidc.i420 - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\msh263.drv (Microsoft Corporation)਍ഀ
Drivers32: vidc.ipdv - C:\Program Files\Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll (Matsushita Electric Industrial Co., Ltd. I-O DATA DEVICE,INC.)਍ഀ
Drivers32: vidc.ir21 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir21_r.dll ()਍ഀ
Drivers32: vidc.iv30 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()਍ഀ
Drivers32: vidc.iv31 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()਍ഀ
Drivers32: vidc.iv32 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()਍ഀ
Drivers32: vidc.iv33 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()਍ഀ
Drivers32: vidc.iv34 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()਍ഀ
Drivers32: vidc.iv35 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()਍ഀ
Drivers32: vidc.iv36 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()਍ഀ
Drivers32: vidc.iv37 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()਍ഀ
Drivers32: vidc.iv38 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()਍ഀ
Drivers32: vidc.iv39 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()਍ഀ
Drivers32: vidc.iv40 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)਍ഀ
Drivers32: vidc.iv41 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)਍ഀ
Drivers32: vidc.iv42 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)਍ഀ
Drivers32: vidc.iv43 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)਍ഀ
Drivers32: vidc.iv44 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)਍ഀ
Drivers32: vidc.iv45 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)਍ഀ
Drivers32: vidc.iv46 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)਍ഀ
Drivers32: vidc.iv47 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)਍ഀ
Drivers32: vidc.iv48 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)਍ഀ
Drivers32: vidc.iv49 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)਍ഀ
Drivers32: vidc.iv50 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir50_32.dll (Intel Corporation)਍ഀ
Drivers32: vidc.iyuv - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\iyuv_32.dll (Microsoft Corporation)਍ഀ
Drivers32: vidc.lead - C:\Program Files\Mega CoDecS Pack\SystemS\LEAD\lcodccmp.dll (LEAD Technologies, Inc.)਍ഀ
Drivers32: vidc.m261 - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\msh261.drv (Microsoft Corporation)਍ഀ
Drivers32: vidc.m263 - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\msh263.drv (Microsoft Corporation)਍ഀ
Drivers32: vidc.miro - C:\Program Files\Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll (Pinnacle Systems)਍ഀ
Drivers32: vidc.mjpa - C:\Program Files\Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll (Pinnacle Systems)਍ഀ
Drivers32: vidc.mjpx - C:\Program Files\Mega CoDecS Pack\SystemS\Pegasus\pvmjpg21.dll (Pegasus Imaging Corporation)਍ഀ
Drivers32: vidc.mkvc - C:\Program Files\Mega CoDecS Pack\SystemS\kmvidc32.dll ()਍ഀ
Drivers32: vidc.mmes - C:\Program Files\Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)਍ഀ
Drivers32: vidc.mmjp - C:\Program Files\Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)਍ഀ
Drivers32: vidc.mp41 - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()਍ഀ
Drivers32: vidc.mp42 - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()਍ഀ
Drivers32: vidc.mp43 - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()਍ഀ
Drivers32: vidc.mp4s - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()਍ഀ
Drivers32: vidc.mp4v - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()਍ഀ
Drivers32: vidc.mpg3 - C:\Program Files\Mega CoDecS Pack\SystemS\DivX\divxc32.dll (Hacked with Joy !)਍ഀ
Drivers32: vidc.mpg4 - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()਍ഀ
Drivers32: vidc.mrle - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\msrle32.dll (Microsoft Corporation)਍ഀ
Drivers32: vidc.msmc - C:\Program Files\Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)਍ഀ
Drivers32: vidc.msvc - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll (Microsoft Corporation)਍ഀ
Drivers32: vidc.mszh - C:\Program Files\Mega CoDecS Pack\SystemS\avimszh.dll ()਍ഀ
Drivers32: vidc.mtx1 - C:\Program Files\Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)਍ഀ
Drivers32: vidc.mtx2 - C:\Program Files\Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)਍ഀ
Drivers32: vidc.mtx3 - C:\Program Files\Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)਍ഀ
Drivers32: vidc.mtx4 - C:\Program Files\Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)਍ഀ
Drivers32: vidc.mtx5 - C:\Program Files\Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)਍ഀ
Drivers32: vidc.mtx6 - C:\Program Files\Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)਍ഀ
Drivers32: vidc.mtx7 - C:\Program Files\Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)਍ഀ
Drivers32: vidc.mtx8 - C:\Program Files\Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)਍ഀ
Drivers32: vidc.mtx9 - C:\Program Files\Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)਍ഀ
Drivers32: vidc.mwv1 - C:\Program Files\Mega CoDecS Pack\SystemS\Aware\icmw_32.dll (Aware Inc.)਍ഀ
Drivers32: vidc.nt00 - C:\Program Files\Mega CoDecS Pack\SystemS\Newtek\ntcodec.dll (NewTek, Inc)਍ഀ
Drivers32: vidc.pdvc - C:\Program Files\Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll (Matsushita Electric Industrial Co., Ltd. I-O DATA DEVICE,INC.)਍ഀ
Drivers32: vidc.pim1 - C:\Program Files\Mega CoDecS Pack\SystemS\Pinnacle\pclepim1.dll (Pinnacle Systems)਍ഀ
Drivers32: vidc.pimj - C:\Program Files\Mega CoDecS Pack\SystemS\Pegasus\pvljpg20.dll (Pegasus Imaging Corporation)਍ഀ
Drivers32: vidc.png1 - C:\Program Files\Mega CoDecS Pack\SystemS\Core\CorePNG_vfw.dll ()਍ഀ
Drivers32: vidc.pvw2 - C:\Program Files\Mega CoDecS Pack\SystemS\Pegasus\pvwv220.dll (Pegasus Imaging Corporation)਍ഀ
Drivers32: vidc.q1.0 - C:\Program Files\Mega CoDecS Pack\SystemS\qpeg32.dll (Q-Team Dr. Knabe GmbH, Korschenbroich, Germany)਍ഀ
Drivers32: vidc.qpeg - C:\Program Files\Mega CoDecS Pack\SystemS\qpeg32.dll (Q-Team Dr. Knabe GmbH, Korschenbroich, Germany)਍ഀ
Drivers32: vidc.rmp4 - C:\Program Files\Mega CoDecS Pack\SystemS\REALmagic\rmp4.dll ()਍ഀ
Drivers32: vidc.rt21 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\ir21_r.dll ()਍ഀ
Drivers32: vidc.rud0 - C:\Program Files\Mega CoDecS Pack\SystemS\Rududu\rududu.dll (nico)਍ഀ
Drivers32: vidc.s422 - C:\Program Files\Mega CoDecS Pack\SystemS\Tekram\tekyuv.dll ()਍ഀ
Drivers32: vidc.sjpg - C:\Program Files\Mega CoDecS Pack\SystemS\pmjpeg32.dll (White Pine Software and Paradigm Matrix)਍ഀ
Drivers32: vidc.sony - C:\Program Files\Mega CoDecS Pack\SystemS\SONY\sonydv.dll (Sony Corporation)਍ഀ
Drivers32: vidc.t420 - C:\Program Files\Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll (Microsoft Corporation)਍ഀ
Drivers32: vidc.tscc - C:\Program Files\Mega CoDecS Pack\SystemS\tsccvid.dll (TechSmith Corporation)਍ഀ
Drivers32: vidc.uyvy - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll (Microsoft Corporation)਍ഀ
Drivers32: vidc.vcr1 - C:\Program Files\Mega CoDecS Pack\SystemS\ATI\ativcr1.dll (ATI Technologies, Inc.)਍ഀ
Drivers32: vidc.vcr2 - C:\Program Files\Mega CoDecS Pack\SystemS\ATI\ativcr2.dll (ATI Technologies, Inc.)਍ഀ
Drivers32: vidc.vifp - C:\Program Files\Mega CoDecS Pack\SystemS\vfcodec.dll ()਍ഀ
Drivers32: vidc.vixl - C:\Program Files\Mega CoDecS Pack\SystemS\MIRO\miroxl32.dll (Pinnacle Systems)਍ഀ
Drivers32: vidc.vp30 - C:\Program Files\Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll (On2.com)਍ഀ
Drivers32: vidc.vp31 - C:\Program Files\Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll (On2.com)਍ഀ
Drivers32: vidc.vp60 - C:\Program Files\Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll (On2.com)਍ഀ
Drivers32: vidc.vp61 - C:\Program Files\Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll (On2.com)਍ഀ
Drivers32: vidc.vssv - C:\Program Files\Mega CoDecS Pack\SystemS\Vanguard Software Sollutions\vsscodec.dll (Vanguard Software Solutions, Inc.)਍ഀ
Drivers32: vidc.wmv3 - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\wmv9vcm.dll (Microsoft Corporation)਍ഀ
Drivers32: vidc.wnv1 - C:\Program Files\Mega CoDecS Pack\SystemS\wnvplay1.dll (Winnov)਍ഀ
Drivers32: vidc.wrpr - C:\Program Files\Mega CoDecS Pack\SystemS\aviwrap.dll ()਍ഀ
Drivers32: vidc.xvid - C:\Program Files\Mega CoDecS Pack\SystemS\XviD\xvidvfw.dll ()਍ഀ
Drivers32: vidc.y411 - C:\Program Files\Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll (Microsoft Corporation)਍ഀ
Drivers32: vidc.y41p - C:\Program Files\Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv (Brooktree Corporation)਍ഀ
Drivers32: vidc.yuy2 - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll (Microsoft Corporation)਍ഀ
Drivers32: vidc.yvu9 - C:\Program Files\Mega CoDecS Pack\SystemS\Intel\iyvu9_32.dll ()਍ഀ
Drivers32: vidc.yvyu - C:\Program Files\Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll (Microsoft Corporation)਍ഀ
Drivers32: vidc.zlib - C:\Program Files\Mega CoDecS Pack\SystemS\avizlib.dll ()਍ഀ
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin਍ഀ
਍ഀ
========== Files/Folders - Created Within 30 Days ==========਍ഀ
਍ഀ
[2012.07.27 08:22:37 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Monika\Plocha\OTL.exe਍ഀ
[2012.07.26 19:13:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER਍ഀ
[2012.07.26 18:46:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp਍ഀ
[2012.07.26 07:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro਍ഀ
[2012.07.26 07:26:01 | 000,000,000 | ---D | C] -- C:\rsit਍ഀ
[2012.07.25 20:40:37 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Monika\Plocha\tdsskiller.exe਍ഀ
[2012.07.17 09:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Red Alert 2 Yuri's Revenge਍ഀ
[2012.07.12 15:49:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Monika\Recent਍ഀ

Maaca
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 16 čer 2012 12:17
Bydliště: Břeclav
Kontaktovat uživatele:

Re: VIRUS RECYCLER NA PAMETOVCE

#27 Příspěvek od Maaca »

a druhá část...

[2012.07.08 16:53:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe਍ഀ
[2012.07.08 16:53:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe਍ഀ
[2012.07.08 16:53:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe਍ഀ
[2012.07.08 16:53:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe਍ഀ
[2012.07.08 16:53:19 | 000,000,000 | ---D | C] -- C:\Qoobox਍ഀ
[2012.07.08 16:51:55 | 000,000,000 | R--D | C] -- C:\Autorun.inf਍ഀ
[2012.07.08 16:45:39 | 004,573,972 | R--- | C] (Swearware) -- C:\Documents and Settings\Monika\Plocha\ComboFix.exe਍ഀ
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]਍ഀ
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]਍ഀ
[3 C:\*.tmp files -> C:\*.tmp -> ]਍ഀ
਍ഀ
========== Files - Modified Within 30 Days ==========਍ഀ
਍ഀ
[2055.09.19 08:29:11 | 000,002,012 | ---- | M] () -- C:\WINDOWS\System32\NAV_75_cltDynam.dat਍ഀ
[2012.07.27 08:41:58 | 502,550,560 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat਍ഀ
[2012.07.27 08:32:25 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin਍ഀ
[2012.07.27 08:22:47 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monika\Plocha\OTL.exe਍ഀ
[2012.07.27 08:17:16 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1993962763-2147133589-1004.job਍ഀ
[2012.07.27 08:17:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat਍ഀ
[2012.07.26 19:14:56 | 005,877,392 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx਍ഀ
[2012.07.26 19:10:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job਍ഀ
[2012.07.26 18:48:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts਍ഀ
[2012.07.26 07:24:19 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Monika\Plocha\RSIT.exe਍ഀ
[2012.07.25 20:40:55 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Monika\Plocha\tdsskiller.exe਍ഀ
[2012.07.25 08:16:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl਍ഀ
[2012.07.18 14:46:54 | 000,281,456 | ---- | M] () -- C:\Documents and Settings\Monika\Plocha\lev.jpg਍ഀ
[2012.07.18 13:10:26 | 000,029,364 | ---- | M] () -- C:\Documents and Settings\Monika\Plocha\tlacitko_nabor.jpg਍ഀ
[2012.07.18 12:11:46 | 000,028,868 | ---- | M] () -- C:\Documents and Settings\Monika\Plocha\tlacitko_led.jpg਍ഀ
[2012.07.18 12:07:08 | 000,027,499 | ---- | M] () -- C:\Documents and Settings\Monika\Plocha\tlacitko_historie.jpg਍ഀ
[2012.07.18 11:59:49 | 000,033,084 | ---- | M] () -- C:\Documents and Settings\Monika\Plocha\tlacitko_fanklub.jpg਍ഀ
[2012.07.18 11:46:18 | 000,014,486 | ---- | M] () -- C:\Documents and Settings\Monika\Plocha\tlacitko.jpg਍ഀ
[2012.07.17 09:42:58 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Monika\Plocha\Yuri's Revenge.lnk਍ഀ
[2012.07.17 09:42:58 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\Monika\Plocha\Red Alert 2.lnk਍ഀ
[2012.07.16 11:13:27 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk਍ഀ
[2012.07.16 10:15:11 | 000,097,110 | ---- | M] () -- C:\Documents and Settings\Monika\Plocha\lista_final2.png਍ഀ
[2012.07.16 09:59:26 | 000,132,235 | ---- | M] () -- C:\Documents and Settings\Monika\Plocha\platba aukro.jpg਍ഀ
[2012.07.12 21:35:47 | 000,096,243 | ---- | M] () -- C:\Documents and Settings\Monika\Plocha\lista_final.png਍ഀ
[2012.07.12 21:33:37 | 000,348,723 | ---- | M] () -- C:\Documents and Settings\Monika\Plocha\curr.jpg਍ഀ
[2012.07.12 20:08:47 | 000,125,549 | ---- | M] () -- C:\Documents and Settings\Monika\Plocha\Nepojmenovaný 1.pfi਍ഀ
[2012.07.12 17:10:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe਍ഀ
[2012.07.12 17:10:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl਍ഀ
[2012.07.11 16:42:49 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT਍ഀ
[2012.07.08 16:46:00 | 004,573,972 | R--- | M] (Swearware) -- C:\Documents and Settings\Monika\Plocha\ComboFix.exe਍ഀ
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]਍ഀ
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]਍ഀ
[3 C:\*.tmp files -> C:\*.tmp -> ]਍ഀ
਍ഀ
========== Files Created - No Company Name ==========਍ഀ
਍ഀ
[2012.07.27 08:32:25 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin਍ഀ
[2012.07.26 07:24:18 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Monika\Plocha\RSIT.exe਍ഀ
[2012.07.18 13:10:25 | 000,029,364 | ---- | C] () -- C:\Documents and Settings\Monika\Plocha\tlacitko_nabor.jpg਍ഀ
[2012.07.18 12:11:44 | 000,028,868 | ---- | C] () -- C:\Documents and Settings\Monika\Plocha\tlacitko_led.jpg਍ഀ
[2012.07.18 12:07:07 | 000,027,499 | ---- | C] () -- C:\Documents and Settings\Monika\Plocha\tlacitko_historie.jpg਍ഀ
[2012.07.18 11:59:48 | 000,033,084 | ---- | C] () -- C:\Documents and Settings\Monika\Plocha\tlacitko_fanklub.jpg਍ഀ
[2012.07.18 11:46:17 | 000,014,486 | ---- | C] () -- C:\Documents and Settings\Monika\Plocha\tlacitko.jpg਍ഀ
[2012.07.17 09:42:58 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\Monika\Plocha\Yuri's Revenge.lnk਍ഀ
[2012.07.17 09:42:57 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\Monika\Plocha\Red Alert 2.lnk਍ഀ
[2012.07.16 10:14:24 | 000,097,110 | ---- | C] () -- C:\Documents and Settings\Monika\Plocha\lista_final2.png਍ഀ
[2012.07.16 09:59:25 | 000,132,235 | ---- | C] () -- C:\Documents and Settings\Monika\Plocha\platba aukro.jpg਍ഀ
[2012.07.12 21:35:46 | 000,096,243 | ---- | C] () -- C:\Documents and Settings\Monika\Plocha\lista_final.png਍ഀ
[2012.07.12 21:33:36 | 000,348,723 | ---- | C] () -- C:\Documents and Settings\Monika\Plocha\curr.jpg਍ഀ
[2012.07.12 20:08:46 | 000,125,549 | ---- | C] () -- C:\Documents and Settings\Monika\Plocha\Nepojmenovaný 1.pfi਍ഀ
[2012.07.08 16:53:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe਍ഀ
[2012.07.08 16:53:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe਍ഀ
[2012.07.08 16:53:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe਍ഀ
[2012.07.08 16:53:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe਍ഀ
[2012.07.08 16:53:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe਍ഀ
[2012.06.15 17:44:45 | 502,489,120 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat਍ഀ
[2012.04.11 19:04:15 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI਍ഀ
[2012.02.15 18:25:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll਍ഀ
[2012.01.18 18:45:49 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys਍ഀ
[2012.01.18 12:13:50 | 000,009,346 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\30c9241b਍ഀ
[2012.01.18 12:13:50 | 000,009,272 | ---- | C] () -- C:\Documents and Settings\Monika\Local Settings\Data aplikací\65509add਍ഀ
[2011.10.22 10:02:35 | 000,173,988 | ---- | C] () -- C:\Documents and Settings\Monika\wifiap_self.exe.$਍ഀ
[2011.08.16 17:27:15 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini਍ഀ
[2011.08.16 17:24:10 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe਍ഀ
[2011.08.16 17:23:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll਍ഀ
[2011.08.16 17:23:46 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini਍ഀ
[2011.07.07 23:37:28 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll਍ഀ
[2010.12.25 19:46:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll਍ഀ
[2010.11.13 01:04:24 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Monika\Favorites.axl਍ഀ
[2010.11.13 01:01:06 | 000,000,260 | ---- | C] () -- C:\Documents and Settings\Monika\aimsproxy.properties਍ഀ
[2010.11.13 01:01:05 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Monika\aimsclient.properties਍ഀ
[2010.02.27 11:48:44 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\AC66EA1C7E.sys਍ഀ
[2010.02.27 11:48:43 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\KGyGaAvL.sys਍ഀ
[2010.02.26 22:53:54 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Monika\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini਍ഀ
[2010.02.26 22:22:57 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Monika\Local Settings\Data aplikací\fusioncache.dat਍ഀ
਍ഀ
========== LOP Check ==========਍ഀ
਍ഀ
[2012.06.15 17:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Anti-phishing Domain Advisor਍ഀ
[2012.06.15 17:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\blekko toolbars਍ഀ
[2011.01.21 15:50:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ਍ഀ
[2010.12.25 19:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite਍ഀ
[2010.02.26 22:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET਍ഀ
[2010.10.11 15:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ਍ഀ
[2011.08.13 22:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\BitComet਍ഀ
[2012.06.15 22:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\blekkotb_032਍ഀ
[2012.06.15 17:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\DAEMON Tools Lite਍ഀ
[2010.02.26 22:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\ESET਍ഀ
[2010.12.25 19:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\GHISLER਍ഀ
[2011.12.24 15:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\ICQ਍ഀ
[2012.05.12 11:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\NeatImage SL 32਍ഀ
[2010.03.13 21:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\OpenOffice.org਍ഀ
[2011.08.25 13:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\PhotoFiltre Studio X਍ഀ
[2010.07.12 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Tific਍ഀ
[2012.06.22 13:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Windows Desktop Search਍ഀ
਍ഀ
========== Purity Check ==========਍ഀ
਍ഀ
਍ഀ
਍ഀ
========== Custom Scans ==========਍ഀ
਍ഀ
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >਍ഀ
਍ഀ
< >਍ഀ
਍ഀ
< MD5 for: AGP440.SYS >਍ഀ
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys਍ഀ
[2010.02.26 23:50:34 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys਍ഀ
[2010.02.26 23:50:34 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys਍ഀ
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys਍ഀ
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys਍ഀ
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys਍ഀ
਍ഀ
< MD5 for: ATAPI.SYS >਍ഀ
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys਍ഀ
[2010.02.26 23:50:34 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys਍ഀ
[2010.02.26 23:50:34 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys਍ഀ
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys਍ഀ
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys਍ഀ
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys਍ഀ
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys਍ഀ
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys਍ഀ
਍ഀ
< MD5 for: AUTOCHK.EXE >਍ഀ
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe਍ഀ
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe਍ഀ
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe਍ഀ
[2006.03.02 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe਍ഀ
਍ഀ
< MD5 for: CDROM.SYS >਍ഀ
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys਍ഀ
[2010.02.26 23:50:34 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys਍ഀ
[2010.02.26 23:50:34 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys਍ഀ
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys਍ഀ
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys਍ഀ
[2006.03.02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys਍ഀ
਍ഀ
< MD5 for: CRYPTSVC.DLL >਍ഀ
[2006.03.02 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll਍ഀ
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll਍ഀ
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll਍ഀ
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll਍ഀ
਍ഀ
< MD5 for: CSRSS.EXE >਍ഀ
[2006.03.02 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=490E6E57E54FAF5F23F658EA188405A1 -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe਍ഀ
[2008.04.14 05:22:17 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe਍ഀ
[2008.04.14 05:22:17 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\system32\csrss.exe਍ഀ
਍ഀ
< MD5 for: EVENTLOG.DLL >਍ഀ
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll਍ഀ
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll਍ഀ
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll਍ഀ
[2006.03.02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll਍ഀ
਍ഀ
< MD5 for: EXPLORER.EXE >਍ഀ
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe਍ഀ
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe਍ഀ
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe਍ഀ
[2006.03.02 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe਍ഀ
਍ഀ
< MD5 for: FASTFAT.SYS >਍ഀ
[2006.03.02 14:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=3117F595E9615E04F05A54FC15A03B20 -- C:\WINDOWS\$NtServicePackUninstall$\fastfat.sys਍ഀ
[2008.04.13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\ServicePackFiles\i386\fastfat.sys਍ഀ
[2008.04.13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys਍ഀ
਍ഀ
< MD5 for: HAL.DLL >਍ഀ
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll਍ഀ
[2010.02.26 23:50:34 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll਍ഀ
[2010.02.26 23:50:34 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll਍ഀ
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll਍ഀ
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL਍ഀ
[2006.03.02 14:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll਍ഀ
਍ഀ
< MD5 for: CHANGER.SYS >਍ഀ
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys਍ഀ
[2010.02.26 23:50:34 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys਍ഀ
[2010.02.26 23:50:34 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys਍ഀ
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys਍ഀ
਍ഀ
< MD5 for: ISAPNP.SYS >਍ഀ
[2010.02.26 23:50:34 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys਍ഀ
[2010.02.26 23:50:34 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys਍ഀ
[2006.03.02 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys਍ഀ
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys਍ഀ
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys਍ഀ
਍ഀ
< MD5 for: LSASS.EXE >਍ഀ
[2006.03.02 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe਍ഀ
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe਍ഀ
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe਍ഀ
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe਍ഀ
਍ഀ
< MD5 for: NDIS.SYS >਍ഀ
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys਍ഀ
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys਍ഀ
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys਍ഀ
[2006.03.02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys਍ഀ
਍ഀ
< MD5 for: NETLOGON.DLL >਍ഀ
[2006.03.02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll਍ഀ
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll਍ഀ
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll਍ഀ
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll਍ഀ
਍ഀ
< MD5 for: NTFS.SYS >਍ഀ
[2008.04.13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys਍ഀ
[2008.04.13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys਍ഀ
[2008.04.13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys਍ഀ
[2004.08.04 00:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS਍ഀ
[2006.03.02 14:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys਍ഀ
਍ഀ
< MD5 for: NVATABUS.SYS >਍ഀ
[2004.06.03 04:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\drivers\nvatabus.sys਍ഀ
[2004.06.03 04:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvatabus.sys਍ഀ
[2004.06.03 04:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\nvatabus.sys਍ഀ
਍ഀ
< MD5 for: NVRAID.SYS >਍ഀ
[2004.06.03 04:40:50 | 000,068,224 | R--- | M] (NVIDIA Corporation) MD5=A5C77D944410FADEE380FB20B432760D -- C:\WINDOWS\system32\drivers\nvraid.sys਍ഀ
[2004.06.03 04:40:50 | 000,068,224 | R--- | M] (NVIDIA Corporation) MD5=A5C77D944410FADEE380FB20B432760D -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvraid.sys਍ഀ
਍ഀ
< MD5 for: SCECLI.DLL >਍ഀ
[2006.03.02 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll਍ഀ
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll਍ഀ
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll਍ഀ
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll਍ഀ
਍ഀ
< MD5 for: SERVICES.EXE >਍ഀ
[2009.02.09 13:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe਍ഀ
[2006.03.02 14:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=6E401E61F952FBBF708AFBECEFAFAE81 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe਍ഀ
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\ERDNT\cache\services.exe਍ഀ
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\dllcache\services.exe਍ഀ
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\services.exe਍ഀ
[2008.04.14 05:22:45 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\ServicePackFiles\i386\services.exe਍ഀ
਍ഀ
< MD5 for: SMSS.EXE >਍ഀ
[2006.03.02 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe਍ഀ
[2004.08.17 16:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE਍ഀ
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe਍ഀ
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe਍ഀ
਍ഀ
< MD5 for: SPOOLSV.EXE >਍ഀ
[2006.03.02 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=21B6FAA88044A41640E03EBB68BE93E8 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe਍ഀ
[2010.08.17 15:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe਍ഀ
[2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe਍ഀ
[2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe਍ഀ
[2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe਍ഀ
[2008.04.14 05:22:48 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CB1090BCA0E7B40D0B5B4E4D66531809 -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe਍ഀ
[2008.04.14 05:22:48 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CB1090BCA0E7B40D0B5B4E4D66531809 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe਍ഀ
਍ഀ
< MD5 for: SVCHOST.EXE >਍ഀ
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe਍ഀ
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe਍ഀ
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe਍ഀ
[2006.03.02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe਍ഀ
਍ഀ
< MD5 for: TCPIP.SYS >਍ഀ
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys਍ഀ
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys਍ഀ
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys਍ഀ
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys਍ഀ
[2006.03.02 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys਍ഀ
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys਍ഀ
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys਍ഀ
਍ഀ
< MD5 for: USERINIT.EXE >਍ഀ
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe਍ഀ
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe਍ഀ
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe਍ഀ
[2006.03.02 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe਍ഀ
਍ഀ
< MD5 for: WINLOGON.EXE >਍ഀ
[2006.03.02 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe਍ഀ
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe਍ഀ
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe਍ഀ
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe਍ഀ
਍ഀ
< MD5 for: WS2_32.DLL >਍ഀ
[2006.03.02 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll਍ഀ
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll਍ഀ
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll਍ഀ
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll਍ഀ
਍ഀ
< >਍ഀ
਍ഀ
< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >਍ഀ
[2006.09.12 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD83.DLL਍ഀ
[2006.09.12 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP83.DLL਍ഀ
[2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll਍ഀ
[2008.07.06 14:06:10 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll਍ഀ
਍ഀ
< %systemroot%\system32\drivers\*.sys /5 >਍ഀ
਍ഀ
< %systemroot%\system32\drivers\*.sys /X >਍ഀ
[2008.04.14 05:21:36 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll਍ഀ
[2008.04.14 05:21:36 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll਍ഀ
[2008.04.14 05:21:36 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll਍ഀ
[2008.04.14 05:21:36 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll਍ഀ
[2008.04.14 05:21:36 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll਍ഀ
[2008.04.14 05:21:36 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll਍ഀ
[2008.04.14 05:21:36 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll਍ഀ
[2005.06.09 13:49:00 | 000,001,360 | R--- | M] () -- C:\WINDOWS\system32\drivers\alcxinit.dat਍ഀ
[2006.11.22 04:55:46 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll਍ഀ
[2006.08.24 00:26:59 | 000,655,842 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativcaxx.cpa਍ഀ
[2006.08.24 00:26:59 | 000,000,929 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativcaxx.vp਍ഀ
[2006.08.24 00:26:56 | 000,002,096 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativckxx.vp਍ഀ
[2006.08.24 00:26:56 | 000,002,096 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativdkxx.vp਍ഀ
[2004.07.17 12:36:24 | 000,064,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativmc20.cod਍ഀ
[2006.11.22 05:59:55 | 000,037,920 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativvpxx.vp਍ഀ
[2008.04.14 05:21:37 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll਍ഀ
[2008.04.14 05:21:37 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll਍ഀ
[2008.04.14 05:21:37 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll਍ഀ
[2008.04.14 05:21:37 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll਍ഀ
[2008.04.14 05:21:37 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll਍ഀ
[2008.04.14 05:21:38 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll਍ഀ
[2004.07.17 23:55:24 | 000,129,045 | ---- | M] () -- C:\WINDOWS\system32\drivers\cxthsfs2.cty਍ഀ
[2012.07.27 08:50:42 | 502,919,200 | -HS- | M] () -- C:\WINDOWS\system32\drivers\fidbox.dat਍ഀ
[2012.07.26 19:14:56 | 005,877,392 | -HS- | M] () -- C:\WINDOWS\system32\drivers\fidbox.idx਍ഀ
[2006.03.02 14:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls਍ഀ
[2006.03.02 14:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt਍ഀ
[2011.01.20 19:20:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf਍ഀ
[2011.01.20 19:20:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\Msft_Kernel_ggflt_01007.Wdf਍ഀ
[2011.01.20 19:20:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf਍ഀ
[2004.07.17 12:35:00 | 000,067,866 | ---- | M] () -- C:\WINDOWS\system32\drivers\netwlan5.img਍ഀ
[2008.04.14 05:21:55 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll਍ഀ
[2008.04.14 05:22:04 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll਍ഀ
਍ഀ
< %systemroot%\system32\drivers\*.sys /lockedfiles >਍ഀ
਍ഀ
< %systemroot%\system32\*.* /5 >਍ഀ
[2055.09.19 08:29:11 | 000,002,012 | ---- | M] () -- C:\WINDOWS\system32\NAV_75_cltDynam.dat਍ഀ
[2012.07.25 08:16:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl਍ഀ
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]਍ഀ
਍ഀ
< %systemroot%\system32\*.dll /lockedfiles >਍ഀ
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]਍ഀ
਍ഀ
< %systemroot%\system32\config\*.sav >਍ഀ
[2010.02.26 22:38:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav਍ഀ
[2010.02.26 22:38:16 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav਍ഀ
[2010.02.26 22:38:16 | 000,471,040 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav਍ഀ
਍ഀ
< %systemroot%\Tasks\*.job /lockedfiles >਍ഀ
਍ഀ
< %systemroot%\*.* /U /s >਍ഀ
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]਍ഀ
[25 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]਍ഀ
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]਍ഀ
਍ഀ
< %systemroot%\*. /mp /s >਍ഀ
਍ഀ
< %ALLUSERSPROFILE%\Data Aplikací\*.* >਍ഀ
[2012.01.18 18:26:29 | 000,009,346 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\30c9241b਍ഀ
[2010.02.27 11:48:44 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\AC66EA1C7E.sys਍ഀ
[2010.02.26 22:41:30 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\desktop.ini਍ഀ
[2010.11.17 14:31:02 | 000,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\KGyGaAvL.sys਍ഀ
਍ഀ
< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >਍ഀ
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Data Aplikací\Adobe\Reader\9.4\ARM\24103\AcrobatUpdater.exe਍ഀ
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Data Aplikací\Adobe\Reader\9.4\ARM\24103\AdobeARM.exe਍ഀ
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Data Aplikací\Adobe\Reader\9.4\ARM\24103\AdobeARMHelper.exe਍ഀ
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Data Aplikací\Adobe\Reader\9.4\ARM\24103\ReaderUpdater.exe਍ഀ
[2012.01.03 19:46:15 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Data Aplikací\Adobe\Setup\{AC76BA86-7AD7-1029-7B44-A95000000001}\Setup.exe਍ഀ
[2012.05.03 20:07:44 | 000,092,096 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Data Aplikací\Anti-phishing Domain Advisor\uninstall.exe਍ഀ
[2012.05.03 20:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Data Aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe਍ഀ
[2006.09.01 18:32:20 | 000,081,920 | ---- | M] (Apple Computer, Inc.) -- C:\Documents and Settings\All Users\Data Aplikací\Apple Computer\Installer Cache\QuickTime 7.1.3.100\QuickTimeInstallerAdmin.exe਍ഀ
[2010.11.17 14:35:14 | 000,144,696 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\DivX\RunAsUser\RUNASUSERPROCESS.exe਍ഀ
[2011.07.28 14:23:55 | 000,527,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Data Aplikací\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe਍ഀ
[2011.03.05 14:42:20 | 000,154,744 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Documents and Settings\All Users\Data Aplikací\Sony Ericsson\Update Engine\configuration\org.eclipse.osgi\bundles\40\1\.cp\lib\win32\DeviceRemover.exe਍ഀ
[2011.02.27 15:35:38 | 000,158,840 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Documents and Settings\All Users\Data Aplikací\Sony Ericsson\Update Engine\configuration\org.eclipse.osgi\bundles\42\1\.cp\lib\win32\DriverInstaller.exe਍ഀ
਍ഀ
< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >਍ഀ
਍ഀ
< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >਍ഀ
਍ഀ
< %APPDATA%\*. >਍ഀ
[2011.03.26 14:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Adobe਍ഀ
[2011.08.16 22:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\ATI਍ഀ
[2011.08.13 22:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\BitComet਍ഀ
[2012.06.15 22:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\blekkotb_032਍ഀ
[2011.08.15 15:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Corel਍ഀ
[2012.06.15 17:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\DAEMON Tools Lite਍ഀ
[2010.09.11 14:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\DivX਍ഀ
[2010.02.26 22:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\ESET਍ഀ
[2010.12.25 19:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\GHISLER਍ഀ
[2011.12.24 15:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\ICQ਍ഀ
[2012.06.16 12:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Identities਍ഀ
[2011.03.26 12:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Macromedia਍ഀ
[2012.01.18 18:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Malwarebytes਍ഀ
[2012.06.16 12:50:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Monika\Data aplikací\Microsoft਍ഀ
[2010.02.26 22:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Mozilla਍ഀ
[2012.05.12 11:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\NeatImage SL 32਍ഀ
[2010.04.22 13:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Nero਍ഀ
[2010.03.13 21:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\OpenOffice.org਍ഀ
[2011.08.25 13:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\PhotoFiltre Studio X਍ഀ
[2011.01.09 22:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Real਍ഀ
[2012.07.16 11:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Skype਍ഀ
[2011.06.17 14:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\skypePM਍ഀ
[2010.02.26 22:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Sun਍ഀ
[2010.07.12 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Tific਍ഀ
[2012.06.20 21:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Winamp਍ഀ
[2012.06.22 13:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Windows Desktop Search਍ഀ
਍ഀ
< %APPDATA%\*.* >਍ഀ
[2010.02.26 22:41:30 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Monika\Data aplikací\desktop.ini਍ഀ
਍ഀ
< %APPDATA%\*.exe /s >਍ഀ
[2010.12.23 23:37:55 | 000,188,152 | ---- | M] () -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\FlashGot.exe਍ഀ
[2012.05.18 21:45:50 | 000,262,616 | ---- | M] (Visicom Media Inc.) -- C:\Documents and Settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\extensions\{b57a9eb1-0e57-4850-a701-4d169538e6ed}\dtuser.exe਍ഀ
਍ഀ
< %SYSTEMDRIVE%\*.exe >਍ഀ
਍ഀ
< >਍ഀ
਍ഀ
< >਍ഀ
਍ഀ
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >਍ഀ
਍ഀ
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >਍ഀ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-07-12 06:51:41਍ഀ
਍ഀ
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >਍ഀ
"StateIndex" = 0਍ഀ
਍ഀ
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >਍ഀ
! REG.EXE VERSION 3.0਍ഀ
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON਍ഀ
਍ഀ
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >਍ഀ
! REG.EXE VERSION 3.0਍ഀ
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV਍ഀ
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs਍ഀ
਍ഀ
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >਍ഀ
! REG.EXE VERSION 3.0਍ഀ
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS਍ഀ
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs਍ഀ
਍ഀ
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >਍ഀ
! REG.EXE VERSION 3.0਍ഀ
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER਍ഀ
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0਍ഀ
਍ഀ
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >਍ഀ
! REG.EXE VERSION 3.0਍ഀ
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER਍ഀ
਍ഀ
< >਍ഀ
਍ഀ
< type c:\boot.ini >> test.txt /c >਍ഀ
[boot loader]਍ഀ
timeout=3਍ഀ
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS਍ഀ
[operating systems]਍ഀ
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons਍ഀ
UnsupportedDebug="do not select this" /debug਍ഀ
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect਍ഀ
਍ഀ
< %SystemDrive%\PhysicalMBR.bin /md5 >਍ഀ
[2012.07.27 08:32:25 | 000,000,512 | ---- | M] () MD5=E2C41EEF682F1EC83969501CDAC08064 -- C:\PhysicalMBR.bin਍ഀ
[3 C:\*.tmp files -> C:\*.tmp -> ]਍ഀ
਍ഀ
< End of report >਍ഀ

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: VIRUS RECYCLER NA PAMETOVCE

#28 Příspěvek od motji »

Tyto dvě složky znáte?
C:\Documents and Settings\All Users\Data aplikací\30c9241b਍ഀ
C:\Documents and Settings\Monika\Local Settings\Data aplikací\65509add਍ഀ
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

Maaca
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 16 čer 2012 12:17
Bydliště: Břeclav
Kontaktovat uživatele:

Re: VIRUS RECYCLER NA PAMETOVCE

#29 Příspěvek od Maaca »

Vůbec nic mi neříkají.

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: VIRUS RECYCLER NA PAMETOVCE

#30 Příspěvek od motji »

Můžete do nich mrknout? Budu tu večer.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

Zamčeno