odstavilo mi Eset.//////////////tkityLogfile of random's system information tool 1.09 (written by random/random)
Run by Terezia at 2012-02-29 06:20:05
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (67%) free of 20 GB
Total RAM: 511 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:20:18, on 29.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programy\ANTIVIRY\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Programy\ANTIVIRY\ESS\ekrn.exe
C:\Programy\ANTIVIRY\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programy\UTILITY\TuneUp\TuneUpUtilitiesService32.exe
C:\Programy\UTILITY\TuneUp\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programy\ANTIVIRY\ESS\egui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programy\ANTIVIRY\ESS\egui.exe
C:\Programy\ANTIVIRY\ESS\egui.exe
C:\Programy\Opera\opera.exe
C:\Documents and Settings\Terezia\Desktop\RSIT.exe
C:\Program Files\trend micro\Terezia.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [egui] "C:\Programy\ANTIVIRY\ESS\egui.exe" /hide /waitservice
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Programy\UTILITY\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Programy\UTILITY\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Programy\UTILITY\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Programy\UTILITY\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Programy\UTILITY\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Programy\UTILITY\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Programy\UTILITY\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\WINDOWS\system32\shdocvw.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Programy\ANTIVIRY\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programy\ANTIVIRY\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Programy\ANTIVIRY\ESS\ekrn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programy\ANTIVIRY\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programy\UTILITY\TuneUp\TuneUpUtilitiesService32.exe
--
End of file - 3767 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Programy\ANTIVIRY\ESS\egui.exe [2011-09-22 3080264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Programy\ANTIVIRY\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2012-02-26 0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programy\ANTIVIRY\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Programy\Opera\opera.exe"="C:\Programy\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"wave"=serwvdrv.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
======File associations======
.js - open - NOTEPAD.EXE %1
.reg - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1
======List of files/folders created in the last 1 month======
2012-02-29 06:20:05 ----D---- C:\rsit
2012-02-29 06:14:10 ----D---- C:\Documents and Settings\Terezia\Application Data\GRETECH
2012-02-28 18:24:34 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-02-28 13:14:19 ----D---- C:\Documents and Settings\Terezia\Application Data\ESET
2012-02-28 13:11:07 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2012-02-28 11:06:31 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2012-02-28 11:05:59 ----D---- C:\Documents and Settings\Terezia\Application Data\NeoDownloader
2012-02-28 10:50:13 ----A---- C:\WINDOWS\DownloadStudio.INI
2012-02-28 10:49:26 ----D---- C:\Documents and Settings\All Users\Application Data\Conceiva
2012-02-28 10:48:52 ----D---- C:\Documents and Settings\Terezia\Application Data\Conceiva
2012-02-28 10:48:20 ----D---- C:\Program Files\WinPcap
2012-02-28 10:48:11 ----HD---- C:\Program Files\InstallShield Installation Information
2012-02-28 10:47:25 ----D---- C:\Program Files\Common Files\InstallShield
2012-02-28 10:24:15 ----AH---- C:\WINDOWS\system32\InternetAccelerator_sysquict.dat
2012-02-28 10:24:08 ----D---- C:\Program Files\Okoker Internet Accelerator
2012-02-28 09:48:01 ----D---- C:\Documents and Settings\Terezia\Application Data\Norton Utilities
2012-02-28 09:42:49 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2012-02-28 09:42:40 ----D---- C:\Documents and Settings\All Users\Application Data\Norton Installer
2012-02-28 09:42:09 ----A---- C:\WINDOWS\system32\msxml4r.dll
2012-02-28 09:42:09 ----A---- C:\WINDOWS\system32\msxml4a.dll
2012-02-28 09:42:09 ----A---- C:\WINDOWS\system32\msxml4.dll
2012-02-28 09:41:54 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2012-02-28 08:51:35 ----A---- C:\WINDOWS\system32\mfc45.dll
2012-02-28 08:51:16 ----D---- C:\Documents and Settings\Terezia\Application Data\iolo
2012-02-28 08:51:16 ----D---- C:\Documents and Settings\All Users\Application Data\iolo
2012-02-28 07:42:21 ----SHD---- C:\Config.Msi
2012-02-28 06:30:00 ----D---- C:\Documents and Settings\Terezia\Application Data\Malwarebytes
2012-02-28 06:28:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-02-28 06:28:08 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-02-28 06:04:22 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-02-27 21:56:10 ----D---- C:\Program Files\Common Files\Adobe AIR
2012-02-27 21:53:02 ----D---- C:\Program Files\Common Files\Adobe
2012-02-27 21:53:02 ----D---- C:\Program Files\Adobe
2012-02-27 21:51:00 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2012-02-27 21:30:26 ----D---- C:\Documents and Settings\Terezia\Application Data\Ulozto File Manager
2012-02-27 21:14:19 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2012-02-27 20:27:55 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2012-02-27 19:52:05 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2012-02-27 19:46:46 ----D---- C:\WINDOWS\Prefetch
2012-02-27 19:29:29 ----D---- C:\WINDOWS\system32\scripting
2012-02-27 19:29:23 ----D---- C:\WINDOWS\l2schemas
2012-02-27 19:29:21 ----D---- C:\WINDOWS\system32\en
2012-02-27 19:29:21 ----D---- C:\WINDOWS\system32\bits
2012-02-27 19:13:00 ----D---- C:\WINDOWS\network diagnostic
2012-02-27 19:09:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-02-27 18:12:02 ----D---- C:\WINDOWS\system32\XPSViewer
2012-02-27 18:11:49 ----D---- C:\Program Files\MSBuild
2012-02-27 18:11:24 ----D---- C:\Program Files\Reference Assemblies
2012-02-27 18:10:23 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2012-02-27 18:10:23 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2012-02-27 18:10:23 ----N---- C:\WINDOWS\system32\prntvpt.dll
2012-02-27 18:10:21 ----D---- C:\5549da289e6bb16dca119f0e93c1
2012-02-27 17:58:40 ----D---- C:\Program Files\MSXML 6.0
2012-02-27 07:10:53 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2012-02-27 07:10:53 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2012-02-27 07:10:53 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2012-02-27 07:10:53 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2012-02-27 07:10:53 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2012-02-27 07:10:53 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2012-02-27 07:10:47 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2012-02-27 07:10:47 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2012-02-27 07:10:47 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2012-02-27 07:10:47 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2012-02-27 07:10:45 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2012-02-27 07:10:44 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2012-02-27 07:10:42 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2012-02-27 07:10:42 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2012-02-27 07:10:40 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2012-02-27 07:10:40 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2012-02-27 07:10:40 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2012-02-27 07:07:21 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2012-02-27 07:07:21 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2012-02-27 07:07:21 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2012-02-27 07:07:21 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2012-02-27 07:07:21 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2012-02-27 07:07:21 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2012-02-27 07:07:21 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2012-02-27 07:07:21 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2012-02-27 07:07:21 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2012-02-27 07:07:21 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2012-02-27 07:07:20 ----N---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2012-02-27 07:07:20 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2012-02-27 07:07:20 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2012-02-27 07:07:20 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2012-02-27 07:07:20 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2012-02-27 07:07:20 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2012-02-27 07:07:20 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2012-02-27 07:07:20 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2012-02-27 07:07:20 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2012-02-27 07:07:20 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2012-02-27 07:07:20 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2012-02-27 07:07:20 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2012-02-27 05:50:22 ----D---- C:\Documents and Settings\Terezia\Application Data\Macromedia
2012-02-27 05:47:12 ----D---- C:\Documents and Settings\Terezia\Application Data\Adobe
2012-02-27 05:46:11 ----HD---- C:\Program Files\Uninstall Information
2012-02-27 05:44:46 ----D---- C:\WINDOWS\Minidump
2012-02-26 23:29:04 ----D---- C:\Documents and Settings\Terezia\Application Data\SUPERAntiSpyware.com
2012-02-26 23:27:51 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2012-02-26 23:06:32 ----D---- C:\WINDOWS\ie8updates
2012-02-26 23:04:34 ----D---- C:\WINDOWS\WBEM
2012-02-26 23:00:40 ----HDC---- C:\WINDOWS\ie8
2012-02-26 23:00:40 ----D---- C:\WINDOWS\system32\en-US
2012-02-26 21:13:04 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2012-02-26 21:12:19 ----D---- C:\Documents and Settings\Terezia\Application Data\TuneUp Software
2012-02-26 21:10:16 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2012-02-26 21:09:49 ----SHD---- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-26 20:57:04 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2012-02-26 20:41:01 ----A---- C:\WINDOWS\system32\WMErrSKY.dll
2012-02-26 20:40:59 ----D---- C:\WINDOWS\system32\1051
2012-02-26 20:01:28 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-26 19:22:30 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2012-02-26 19:06:56 ----D---- C:\WINDOWS\ServicePackFiles
2012-02-26 19:06:30 ----A---- C:\WINDOWS\system32\drivers\revoflt.sys
2012-02-26 18:57:57 ----D---- C:\Program Files\Trend Micro
2012-02-26 18:32:17 ----RSD---- C:\WINDOWS\assembly
2012-02-26 18:30:46 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-26 18:08:18 ----N---- C:\WINDOWS\system32\tzchange.exe
2012-02-26 18:07:52 ----N---- C:\WINDOWS\system32\browserchoice.exe
2012-02-26 17:39:01 ----D---- C:\Documents and Settings\Terezia\Application Data\WinRAR
2012-02-26 17:23:48 ----D---- C:\Documents and Settings\Terezia\Application Data\Opera
2012-02-26 16:55:27 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2012-02-26 16:37:04 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2012-02-26 16:36:51 ----SHD---- C:\RECYCLER
2012-02-26 16:36:35 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2012-02-26 16:28:40 ----A---- C:\WINDOWS\system32\h323log.txt
2012-02-26 16:26:00 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2012-02-26 16:25:57 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2012-02-26 16:25:55 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2012-02-26 16:25:54 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2012-02-26 16:25:51 ----A---- C:\WINDOWS\system32\drivers\mspqm.sys
2012-02-26 16:25:49 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2012-02-26 16:25:46 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2012-02-26 16:25:43 ----A---- C:\WINDOWS\system32\drivers\dmusic.sys
2012-02-26 16:25:41 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2012-02-26 16:25:37 ----A---- C:\WINDOWS\system32\drivers\mspclock.sys
2012-02-26 16:25:34 ----A---- C:\WINDOWS\system32\drivers\mskssrv.sys
2012-02-26 16:25:29 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2012-02-26 16:25:08 ----A---- C:\WINDOWS\system32\drivers\MODEMCSA.sys
2012-02-26 16:24:47 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2012-02-26 16:24:26 ----A---- C:\WINDOWS\system32\s3sav4.dll
2012-02-26 16:24:26 ----A---- C:\WINDOWS\system32\drivers\s3sav4m.sys
2012-02-26 16:24:21 ----A---- C:\WINDOWS\system32\ksuser.dll
2012-02-26 16:24:21 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2012-02-26 16:24:21 ----A---- C:\WINDOWS\system32\drivers\msmpu401.sys
2012-02-26 16:24:20 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2012-02-26 16:24:17 ----A---- C:\WINDOWS\system32\drivers\gameenum.sys
2012-02-26 16:23:58 ----A---- C:\WINDOWS\system32\drivers\sisagp.sys
2012-02-26 16:23:48 ----A---- C:\WINDOWS\system32\usbui.dll
2012-02-26 16:23:42 ----A---- C:\WINDOWS\system32\drivers\RTL8139.sys
2012-02-26 16:23:35 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2012-02-26 16:23:35 ----A---- C:\WINDOWS\system32\hsfcisp2.dll
2012-02-26 16:23:35 ----A---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2012-02-26 16:23:35 ----A---- C:\WINDOWS\system32\drivers\HSFCXTS2.sys
2012-02-26 16:23:35 ----A---- C:\WINDOWS\system32\drivers\HSFBS2S2.sys
2012-02-26 16:23:33 ----A---- C:\WINDOWS\system32\drivers\HSFDPSP2.sys
2012-02-26 16:21:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-26 16:21:44 ----SHD---- C:\WINDOWS\Installer
2012-02-26 16:21:43 ----D---- C:\Program Files\Common Files\ODBC
2012-02-26 16:21:43 ----A---- C:\WINDOWS\ODBCINST.INI
2012-02-26 16:21:36 ----RD---- C:\Program Files
2012-02-26 16:21:36 ----D---- C:\Program Files\Common Files\SpeechEngines
2012-02-26 16:21:36 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-02-26 16:21:36 ----D---- C:\Program Files\Common Files
2012-02-26 16:21:31 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2012-02-26 16:21:31 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2012-02-26 16:21:31 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2012-02-26 16:21:27 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2012-02-26 16:21:27 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2012-02-26 16:21:27 ----RA---- C:\WINDOWS\system32\kbdur.dll
2012-02-26 16:21:27 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2012-02-26 16:21:27 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2012-02-26 16:21:27 ----RA---- C:\WINDOWS\system32\kbdru.dll
2012-02-26 16:21:27 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2012-02-26 16:21:27 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2012-02-26 16:21:27 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2012-02-26 16:21:27 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2012-02-26 16:21:27 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2012-02-26 16:21:27 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2012-02-26 16:21:22 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2012-02-26 16:21:22 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2012-02-26 16:21:22 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2012-02-26 16:21:22 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2012-02-26 16:21:22 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2012-02-26 16:21:22 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2012-02-26 16:21:22 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2012-02-26 16:21:21 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2012-02-26 16:21:21 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2012-02-26 16:21:21 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2012-02-26 16:21:21 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2012-02-26 16:21:21 ----RA---- C:\WINDOWS\system32\kbdest.dll
2012-02-26 16:21:16 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2012-02-26 16:21:16 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2012-02-26 16:21:16 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2012-02-26 16:21:16 ----RA---- C:\WINDOWS\system32\kbdro.dll
2012-02-26 16:21:16 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2012-02-26 16:21:16 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2012-02-26 16:21:16 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2012-02-26 16:21:16 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2012-02-26 16:21:16 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2012-02-26 16:21:16 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2012-02-26 16:21:16 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2012-02-26 16:21:16 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2012-02-26 16:21:16 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2012-02-26 16:21:12 ----A---- C:\WINDOWS\system32\spxcoins.dll
2012-02-26 16:21:12 ----A---- C:\WINDOWS\system32\irclass.dll
2012-02-26 16:21:12 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2012-02-26 16:21:12 ----A---- C:\WINDOWS\system32\dgsetup.dll
2012-02-26 16:21:12 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2012-02-26 16:21:10 ----A---- C:\WINDOWS\TASKMAN.EXE
2012-02-26 16:21:08 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2012-02-26 16:21:08 ----A---- C:\WINDOWS\system32\batt.dll
2012-02-26 16:21:07 ----A---- C:\WINDOWS\notepad.exe
2012-02-26 16:21:05 ----A---- C:\WINDOWS\system32\storprop.dll
2012-02-26 16:20:54 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2012-02-26 16:20:33 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-26 16:20:33 ----D---- C:\WINDOWS\system32\CatRoot
2012-02-26 16:20:27 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2012-02-26 16:20:07 ----D---- C:\Documents and Settings
2012-02-26 16:19:14 ----SH---- C:\boot.ini
2012-02-26 16:12:34 ----D---- C:\Program Files\SiS7012
2012-02-26 16:11:06 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2012-02-26 16:05:35 ----D---- C:\WINDOWS\system32\PreInstall
2012-02-26 16:05:34 ----N---- C:\WINDOWS\system32\spmsg.dll
2012-02-26 16:05:34 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2012-02-26 16:05:33 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-26 16:04:38 ----SHD---- C:\System Volume Information
2012-02-26 16:01:21 ----D---- C:\WINDOWS\pss
2012-02-26 16:00:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-26 16:00:47 ----RSD---- C:\WINDOWS\Fonts
2012-02-26 16:00:47 ----RD---- C:\WINDOWS\Web
2012-02-26 16:00:47 ----HD---- C:\WINDOWS\inf
2012-02-26 16:00:47 ----D---- C:\WINDOWS\WinSxS
2012-02-26 16:00:47 ----D---- C:\WINDOWS\twain_32
2012-02-26 16:00:47 ----D---- C:\WINDOWS\Temp
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\wins
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\wbem
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\usmt
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\spool
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\ShellExt
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\Setup
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\ras
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\oobe
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\npp
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\mui
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\inetsrv
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\IME
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\icsxml
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\ias
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\export
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\drivers\etc
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\drivers\disdn
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\drivers
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\dhcp
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\config
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\3com_dmi
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\3076
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\2052
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\1054
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\1042
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\1041
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\1037
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\1033
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\1031
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\1028
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32\1025
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system32
2012-02-26 16:00:47 ----D---- C:\WINDOWS\system
2012-02-26 16:00:47 ----D---- C:\WINDOWS\security
2012-02-26 16:00:47 ----D---- C:\WINDOWS\Resources
2012-02-26 16:00:47 ----D---- C:\WINDOWS\repair
2012-02-26 16:00:47 ----D---- C:\WINDOWS\Provisioning
2012-02-26 16:00:47 ----D---- C:\WINDOWS\pchealth
2012-02-26 16:00:47 ----D---- C:\WINDOWS\PeerNet
2012-02-26 16:00:47 ----D---- C:\WINDOWS\mui
2012-02-26 16:00:47 ----D---- C:\WINDOWS\msapps
2012-02-26 16:00:47 ----D---- C:\WINDOWS\msagent
2012-02-26 16:00:47 ----D---- C:\WINDOWS\Media
2012-02-26 16:00:47 ----D---- C:\WINDOWS\java
2012-02-26 16:00:47 ----D---- C:\WINDOWS\ime
2012-02-26 16:00:47 ----D---- C:\WINDOWS\Help
2012-02-26 16:00:47 ----D---- C:\WINDOWS\ehome
2012-02-26 16:00:47 ----D---- C:\WINDOWS\Driver Cache
2012-02-26 16:00:47 ----D---- C:\WINDOWS\Debug
2012-02-26 16:00:47 ----D---- C:\WINDOWS\Cursors
2012-02-26 16:00:47 ----D---- C:\WINDOWS\Connection Wizard
2012-02-26 16:00:47 ----D---- C:\WINDOWS\Config
2012-02-26 16:00:47 ----D---- C:\WINDOWS\AppPatch
2012-02-26 16:00:47 ----D---- C:\WINDOWS\addins
2012-02-26 16:00:47 ----D---- C:\WINDOWS
2012-02-26 16:00:47 ----ASH---- C:\pagefile.sys
2012-02-26 16:00:42 ----D---- C:\Programy
2012-02-26 15:53:44 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2012-02-26 15:52:57 ----D---- C:\Documents and Settings\Terezia\Application Data\Identities
2012-02-26 15:52:47 ----SD---- C:\Documents and Settings\Terezia\Application Data\Microsoft
2012-02-26 15:52:47 ----ASH---- C:\Documents and Settings\Terezia\Application Data\desktop.ini
2012-02-26 15:50:40 ----D---- C:\WINDOWS\SoftwareDistribution
2012-02-26 15:50:29 ----SD---- C:\WINDOWS\system32\Microsoft
2012-02-26 15:50:29 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-02-26 15:48:53 ----AS---- C:\WINDOWS\bootstat.dat
2012-02-26 15:43:56 ----D---- C:\WINDOWS\system32\xircom
2012-02-26 15:43:56 ----D---- C:\Program Files\xerox
2012-02-26 15:43:56 ----D---- C:\Program Files\microsoft frontpage
2012-02-26 15:43:09 ----RASH---- C:\MSDOS.SYS
2012-02-26 15:43:09 ----RASH---- C:\IO.SYS
2012-02-26 15:43:09 ----A---- C:\WINDOWS\control.ini
2012-02-26 15:43:09 ----A---- C:\CONFIG.SYS
2012-02-26 15:43:09 ----A---- C:\AUTOEXEC.BAT
2012-02-26 15:42:41 ----A---- C:\WINDOWS\system32\mapi32.dll
2012-02-26 15:40:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-02-26 15:40:44 ----RD---- C:\WINDOWS\Offline Web Pages
2012-02-26 15:37:43 ----D---- C:\WINDOWS\system32\DirectX
2012-02-26 15:37:13 ----A---- C:\WINDOWS\system32\atrace.dll
2012-02-26 15:37:05 ----A---- C:\WINDOWS\system32\desktop.ini
2012-02-26 15:37:04 ----A---- C:\WINDOWS\desktop.ini
2012-02-26 15:36:50 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2012-02-26 15:36:48 ----A---- C:\WINDOWS\system32\acctres.dll
2012-02-26 15:36:47 ----D---- C:\Program Files\Common Files\Services
2012-02-26 15:36:40 ----SD---- C:\WINDOWS\Tasks
2012-02-26 15:36:40 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2012-02-26 15:36:39 ----D---- C:\Program Files\Common Files\MSSoap
2012-02-26 15:36:33 ----D---- C:\WINDOWS\system32\Macromed
2012-02-26 15:36:33 ----D---- C:\WINDOWS\srchasst
2012-02-26 15:36:28 ----A---- C:\WINDOWS\system32\wuweb.dll
2012-02-26 15:36:28 ----A---- C:\WINDOWS\system32\wucltui.dll
2012-02-26 15:36:27 ----A---- C:\WINDOWS\system32\wuauserv.dll
2012-02-26 15:36:27 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2012-02-26 15:36:27 ----A---- C:\WINDOWS\system32\wuaueng.dll
2012-02-26 15:36:26 ----A---- C:\WINDOWS\system32\wups.dll
2012-02-26 15:36:26 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2012-02-26 15:36:26 ----A---- C:\WINDOWS\system32\wuauclt.exe
2012-02-26 15:36:25 ----A---- C:\WINDOWS\system32\wuapi.dll
2012-02-26 15:36:25 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2012-02-26 15:36:25 ----A---- C:\WINDOWS\system32\qmgr.dll
2012-02-26 15:36:25 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2012-02-26 15:36:25 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2012-02-26 15:36:20 ----D---- C:\Program Files\Movie Maker
2012-02-26 15:36:15 ----A---- C:\WINDOWS\system32\safrslv.dll
2012-02-26 15:36:15 ----A---- C:\WINDOWS\system32\safrdm.dll
2012-02-26 15:36:15 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2012-02-26 15:36:15 ----A---- C:\WINDOWS\system32\racpldlg.dll
2012-02-26 15:36:11 ----A---- C:\WINDOWS\system32\fltmc.exe
2012-02-26 15:36:11 ----A---- C:\WINDOWS\system32\fltlib.dll
2012-02-26 15:36:11 ----A---- C:\WINDOWS\system32\drivers\fltmgr.sys
2012-02-26 15:36:10 ----D---- C:\WINDOWS\system32\Restore
2012-02-26 15:36:10 ----A---- C:\WINDOWS\system32\srrstr.dll
2012-02-26 15:36:09 ----A---- C:\WINDOWS\system32\srsvc.dll
2012-02-26 15:36:07 ----A---- C:\WINDOWS\system32\srclient.dll
2012-02-26 15:36:07 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2012-02-26 15:36:05 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2012-02-26 15:36:05 ----A---- C:\WINDOWS\system32\msconf.dll
2012-02-26 15:36:05 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2012-02-26 15:36:05 ----A---- C:\WINDOWS\system32\mnmdd.dll
2012-02-26 15:36:05 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2012-02-26 15:36:05 ----A---- C:\WINDOWS\system32\ils.dll
2012-02-26 15:36:01 ----D---- C:\Program Files\NetMeeting
2012-02-26 15:36:01 ----A---- C:\WINDOWS\system32\msoert2.dll
2012-02-26 15:36:01 ----A---- C:\WINDOWS\system32\msoeacct.dll
2012-02-26 15:36:00 ----A---- C:\WINDOWS\system32\inetres.dll
2012-02-26 15:35:59 ----A---- C:\WINDOWS\system32\inetcomm.dll
2012-02-26 15:35:58 ----D---- C:\Program Files\Outlook Express
2012-02-26 15:35:58 ----A---- C:\WINDOWS\system32\schedsvc.dll
2012-02-26 15:35:57 ----A---- C:\WINDOWS\system32\mstinit.exe
2012-02-26 15:35:57 ----A---- C:\WINDOWS\system32\mstask.dll
2012-02-26 15:35:57 ----A---- C:\WINDOWS\system32\isign32.dll
2012-02-26 15:35:57 ----A---- C:\WINDOWS\system32\inetcfg.dll
2012-02-26 15:35:57 ----A---- C:\WINDOWS\system32\icwphbk.dll
2012-02-26 15:35:57 ----A---- C:\WINDOWS\system32\icwdial.dll
2012-02-26 15:35:47 ----D---- C:\Program Files\Common Files\System
2012-02-26 15:35:46 ----D---- C:\Program Files\Internet Explorer
2012-02-26 15:34:54 ----A---- C:\WINDOWS\system32\emptyregdb.dat
2012-02-26 15:34:40 ----A---- C:\WINDOWS\vbaddin.ini
2012-02-26 15:34:40 ----A---- C:\WINDOWS\vb.ini
2012-02-26 15:34:34 ----D---- C:\WINDOWS\Registration
2012-02-26 15:34:25 ----D---- C:\Program Files\Windows Media Player
2012-02-26 15:34:25 ----D---- C:\Program Files\Online Services
2012-02-26 15:34:08 ----D---- C:\Program Files\MSN Gaming Zone
2012-02-26 15:34:08 ----A---- C:\WINDOWS\system32\write.exe
2012-02-26 15:33:55 ----A---- C:\WINDOWS\system32\sndvol32.exe
2012-02-26 15:33:55 ----A---- C:\WINDOWS\system32\hticons.dll
2012-02-26 15:33:55 ----A---- C:\WINDOWS\system32\avwav.dll
2012-02-26 15:33:55 ----A---- C:\WINDOWS\system32\avtapi.dll
2012-02-26 15:33:55 ----A---- C:\WINDOWS\system32\avmeter.dll
2012-02-26 15:33:54 ----A---- C:\WINDOWS\system32\winchat.exe
2012-02-26 15:33:43 ----A---- C:\WINDOWS\system32\charmap.exe
2012-02-26 15:33:43 ----A---- C:\WINDOWS\system32\getuname.dll
2012-02-26 15:33:42 ----A---- C:\WINDOWS\system32\winmine.exe
2012-02-26 15:33:42 ----A---- C:\WINDOWS\system32\sol.exe
2012-02-26 15:33:42 ----A---- C:\WINDOWS\system32\mshearts.exe
2012-02-26 15:33:42 ----A---- C:\WINDOWS\system32\calc.exe
2012-02-26 15:33:41 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2012-02-26 15:33:41 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2012-02-26 15:33:41 ----A---- C:\WINDOWS\system32\tslabels.ini
2012-02-26 15:33:41 ----A---- C:\WINDOWS\system32\tskill.exe
2012-02-26 15:33:41 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2012-02-26 15:33:41 ----A---- C:\WINDOWS\system32\tscon.exe
2012-02-26 15:33:41 ----A---- C:\WINDOWS\system32\shadow.exe
2012-02-26 15:33:41 ----A---- C:\WINDOWS\system32\rwinsta.exe
2012-02-26 15:33:41 ----A---- C:\WINDOWS\system32\reset.exe
2012-02-26 15:33:41 ----A---- C:\WINDOWS\system32\freecell.exe
2012-02-26 15:33:40 ----A---- C:\WINDOWS\system32\regini.exe
2012-02-26 15:33:40 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2012-02-26 15:33:40 ----A---- C:\WINDOWS\system32\qwinsta.exe
2012-02-26 15:33:40 ----A---- C:\WINDOWS\system32\qappsrv.exe
2012-02-26 15:33:40 ----A---- C:\WINDOWS\system32\msg.exe
2012-02-26 15:33:40 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2012-02-26 15:33:40 ----A---- C:\WINDOWS\system32\logoff.exe
2012-02-26 15:33:40 ----A---- C:\WINDOWS\system32\cdmodem.dll
2012-02-26 15:33:39 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2012-02-26 15:33:39 ----A---- C:\WINDOWS\system32\mtxex.dll
2012-02-26 15:33:39 ----A---- C:\WINDOWS\system32\mtxdm.dll
2012-02-26 15:33:39 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2012-02-26 15:33:39 ----A---- C:\WINDOWS\system32\comrepl.dll
2012-02-26 15:33:39 ----A---- C:\WINDOWS\system32\comaddin.dll
2012-02-26 15:33:38 ----A---- C:\WINDOWS\system32\stclient.dll
2012-02-26 15:33:35 ----A---- C:\WINDOWS\system32\comsnap.dll
2012-02-26 15:33:29 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2012-02-26 15:33:17 ----D---- C:\Program Files\MSN
2012-02-26 15:33:16 ----A---- C:\WINDOWS\system32\sndrec32.exe
2012-02-26 15:33:16 ----A---- C:\WINDOWS\system32\mplay32.exe
2012-02-26 15:33:16 ----A---- C:\WINDOWS\system32\hypertrm.dll
2012-02-26 15:33:16 ----A---- C:\WINDOWS\system32\accwiz.exe
2012-02-26 15:33:15 ----D---- C:\Program Files\Windows NT
2012-02-26 15:33:15 ----A---- C:\WINDOWS\system32\mspaint.exe
2012-02-26 15:33:15 ----A---- C:\WINDOWS\system32\clipbrd.exe
2012-02-26 15:33:13 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2012-02-26 15:33:13 ----A---- C:\WINDOWS\system32\spider.exe
2012-02-26 15:33:13 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2012-02-26 15:33:13 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2012-02-26 15:33:13 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-02-26 15:33:12 ----A---- C:\WINDOWS\system32\sessmgr.exe
2012-02-26 15:33:12 ----A---- C:\WINDOWS\system32\remotepg.dll
2012-02-26 15:33:12 ----A---- C:\WINDOWS\system32\rdshost.exe
2012-02-26 15:33:12 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2012-02-26 15:33:12 ----A---- C:\WINDOWS\system32\rdchost.dll
2012-02-26 15:33:12 ----A---- C:\WINDOWS\system32\mstscax.dll
2012-02-26 15:33:12 ----A---- C:\WINDOWS\system32\mstsc.exe
2012-02-26 15:33:11 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2012-02-26 15:33:10 ----A---- C:\WINDOWS\system32\termsrv.dll
2012-02-26 15:33:08 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2012-02-26 15:33:08 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2012-02-26 15:33:07 ----D---- C:\WINDOWS\system32\MsDtc
2012-02-26 15:33:07 ----A---- C:\WINDOWS\system32\rdpclip.exe
2012-02-26 15:33:07 ----A---- C:\WINDOWS\system32\qprocess.exe
2012-02-26 15:33:07 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2012-02-26 15:33:07 ----A---- C:\WINDOWS\system32\icaapi.dll
2012-02-26 15:33:07 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2012-02-26 15:33:06 ----A---- C:\WINDOWS\system32\xolehlp.dll
2012-02-26 15:33:06 ----A---- C:\WINDOWS\system32\mtxoci.dll
2012-02-26 15:33:06 ----A---- C:\WINDOWS\system32\msdtctm.dll
2012-02-26 15:33:06 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2012-02-26 15:33:06 ----A---- C:\WINDOWS\system32\msdtclog.dll
2012-02-26 15:33:06 ----A---- C:\WINDOWS\system32\msdtc.exe
2012-02-26 15:33:05 ----D---- C:\WINDOWS\system32\Com
2012-02-26 15:33:05 ----A---- C:\WINDOWS\system32\colbact.dll
2012-02-26 15:33:05 ----A---- C:\WINDOWS\system32\clbcatex.dll
2012-02-26 15:33:05 ----A---- C:\WINDOWS\system32\catsrvut.dll
2012-02-26 15:33:05 ----A---- C:\WINDOWS\system32\catsrvps.dll
2012-02-26 15:33:05 ----A---- C:\WINDOWS\system32\catsrv.dll
2012-02-26 15:33:04 ----A---- C:\WINDOWS\system32\comuid.dll
2012-02-26 15:33:04 ----A---- C:\WINDOWS\system32\comsvcs.dll
2012-02-26 15:33:04 ----A---- C:\WINDOWS\system32\clbcatq.dll
2012-02-26 15:31:32 ----A---- C:\WINDOWS\system32\servdeps.dll
2012-02-26 15:31:32 ----A---- C:\WINDOWS\system32\mmfutil.dll
2012-02-26 15:31:31 ----A---- C:\WINDOWS\system32\licwmi.dll
2012-02-26 15:31:31 ----A---- C:\WINDOWS\system32\cmprops.dll
2012-02-26 15:31:30 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2012-02-26 15:31:29 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
======List of files/folders modified in the last 1 month======
2012-02-27 22:19:38 ----A---- C:\WINDOWS\win.ini
2012-02-27 22:19:38 ----A---- C:\WINDOWS\system.ini
2012-02-26 15:42:18 ----ASH---- C:\WINDOWS\fonts\desktop.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2011-08-04 61936]
R1 SASDIFSV;SASDIFSV; \??\C:\Programy\ANTIVIRY\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Programy\ANTIVIRY\SUPERAntiSpyware\SASKUTIL.SYS []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2011-08-09 39824]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 S3SAVAGE4M;S3SAVAGE4M; C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [2001-08-17 77824]
R3 SiS7012;Service for AC'97 Sample Driver (WDM); C:\WINDOWS\system32\drivers\sis7012.sys [2003-04-08 820133]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Programy\UTILITY\TuneUp\TuneUpUtilitiesDriver32.sys []
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 fwrdypow;fwrdypow; \??\C:\DOCUME~1\Terezia\LOCALS~1\Temp\fwrdypow.sys []
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Programy\ANTIVIRY\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 ekrn;ESET Service; C:\Programy\ANTIVIRY\ESS\ekrn.exe [2011-09-22 974944]
R2 MBAMService;MBAMService; C:\Programy\ANTIVIRY\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Programy\UTILITY\TuneUp\TuneUpUtilitiesService32.exe [2012-02-09 1529152]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-28 253600]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim o kontrolu logu,asi rootkity
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: prosim o kontrolu logu,asi rootkity
Presun ComboFix
na plochu (ak tam este nie je)
otvor si Poznamkovy blok - notepad
do neho zkopiruj skript z nasledujiceho okna:
uloz vytvoreny textovy soubor ako CFScript.txt na plochu
po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:
po aplikacii by mal vzniknut dalsi log, ten vloz sem
na plochu (ak tam este nie je)
otvor si Poznamkovy blok - notepad
do neho zkopiruj skript z nasledujiceho okna:
Kód: Vybrat vše
Driver::
fwrdypow
po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:
po aplikacii by mal vzniknut dalsi log, ten vloz sem
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: prosim o kontrolu logu,asi rootkity
ComboFix 12-02-29.01 - Terezia 29.02.2012 17:18:20.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.511.222 [GMT 1:00]
Running from: c:\documents and settings\Terezia\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Terezia\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 05:20 . 2012-02-29 05:20 -------- d-----w- C:\rsit
2012-02-27 17:10 . 2012-02-27 17:10 -------- d-----w- C:\5549da289e6bb16dca119f0e93c1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-08-03 21:17 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-03 22:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2004-08-03 22:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-03 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2004-08-03 20:59 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\programy\ANTIVIRY\ESS\egui.exe" [2011-09-22 3080264]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programy\ANTIVIRY\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\programy\ANTIVIRY\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programy\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-28 253600]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 SASDIFSV;SASDIFSV;c:\programy\ANTIVIRY\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\programy\ANTIVIRY\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\programy\ANTIVIRY\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 ekrn;ESET Service;c:\programy\ANTIVIRY\ESS\ekrn.exe [2011-09-22 974944]
S2 MBAMService;MBAMService;c:\programy\ANTIVIRY\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programy\UTILITY\TuneUp\TuneUpUtilitiesService32.exe [2012-02-09 1529152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 S3SAVAGE4M;S3SAVAGE4M;c:\windows\system32\DRIVERS\s3sav4m.sys [2001-08-17 77824]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2003-04-08 820133]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programy\UTILITY\TuneUp\TuneUpUtilitiesDriver32.sys [2011-11-08 10064]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-28 17:59]
.
.
------- Supplementary Scan -------
.
IE: Add Page To DownloadStudio Scrapbook... - c:\programy\UTILITY\DownloadStudio\ds_snap.htm
IE: Download Image Using DownloadStudio... - c:\programy\UTILITY\DownloadStudio\ds_img.htm
IE: Download Page Using DownloadStudio... - c:\programy\UTILITY\DownloadStudio\ds_all.htm
IE: Download Selection Using DownloadStudio... - c:\programy\UTILITY\DownloadStudio\ds_sel.htm
IE: Download Target Using DownloadStudio... - c:\programy\UTILITY\DownloadStudio\ds_file.htm
IE: Show Page Links Using DownloadStudio... - c:\programy\UTILITY\DownloadStudio\ds_link.htm
IE: Subscribe To RSS Feed... - c:\programy\UTILITY\DownloadStudio\ds_rss.htm
TCP: DhcpNameServer = 192.168.100.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SiS7012 - c:\program files\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-29 17:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1024)
c:\programy\ANTIVIRY\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(4092)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\programy\UTILITY\TuneUp\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-02-29 17:33:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-29 16:33
.
Pre-Run: 13 560 197 120 bytes free
Post-Run: 9 adresárov, 13 470 048 256 voľných bajtov
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - BAB086FDA178616203622B26CDCA80AE
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.511.222 [GMT 1:00]
Running from: c:\documents and settings\Terezia\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Terezia\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 05:20 . 2012-02-29 05:20 -------- d-----w- C:\rsit
2012-02-27 17:10 . 2012-02-27 17:10 -------- d-----w- C:\5549da289e6bb16dca119f0e93c1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-08-03 21:17 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-03 22:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2004-08-03 22:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-03 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2004-08-03 20:59 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\programy\ANTIVIRY\ESS\egui.exe" [2011-09-22 3080264]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programy\ANTIVIRY\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\programy\ANTIVIRY\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programy\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-28 253600]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 SASDIFSV;SASDIFSV;c:\programy\ANTIVIRY\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\programy\ANTIVIRY\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\programy\ANTIVIRY\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 ekrn;ESET Service;c:\programy\ANTIVIRY\ESS\ekrn.exe [2011-09-22 974944]
S2 MBAMService;MBAMService;c:\programy\ANTIVIRY\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programy\UTILITY\TuneUp\TuneUpUtilitiesService32.exe [2012-02-09 1529152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 S3SAVAGE4M;S3SAVAGE4M;c:\windows\system32\DRIVERS\s3sav4m.sys [2001-08-17 77824]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2003-04-08 820133]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programy\UTILITY\TuneUp\TuneUpUtilitiesDriver32.sys [2011-11-08 10064]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-28 17:59]
.
.
------- Supplementary Scan -------
.
IE: Add Page To DownloadStudio Scrapbook... - c:\programy\UTILITY\DownloadStudio\ds_snap.htm
IE: Download Image Using DownloadStudio... - c:\programy\UTILITY\DownloadStudio\ds_img.htm
IE: Download Page Using DownloadStudio... - c:\programy\UTILITY\DownloadStudio\ds_all.htm
IE: Download Selection Using DownloadStudio... - c:\programy\UTILITY\DownloadStudio\ds_sel.htm
IE: Download Target Using DownloadStudio... - c:\programy\UTILITY\DownloadStudio\ds_file.htm
IE: Show Page Links Using DownloadStudio... - c:\programy\UTILITY\DownloadStudio\ds_link.htm
IE: Subscribe To RSS Feed... - c:\programy\UTILITY\DownloadStudio\ds_rss.htm
TCP: DhcpNameServer = 192.168.100.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SiS7012 - c:\program files\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-29 17:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1024)
c:\programy\ANTIVIRY\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(4092)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\programy\UTILITY\TuneUp\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-02-29 17:33:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-29 16:33
.
Pre-Run: 13 560 197 120 bytes free
Post-Run: 9 adresárov, 13 470 048 256 voľných bajtov
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - BAB086FDA178616203622B26CDCA80AE
Re: prosim o kontrolu logu,asi rootkity
zopar smejdov zmazanych, nastal nejaky pokrok 
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: prosim o kontrolu logu,asi rootkity
Eset už funguje a pc už bez BSOD.Bol to rootkit?Dakujem za vaš drahocenny čas.Stale ma presmeruje na stranku s kasinom.
Re: prosim o kontrolu logu,asi rootkity
skontroval som pc s Mbamom a nasiel virus.tu je log---Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org
Verzia databázy: v2012.03.01.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Terezia :: TEREZIA-A8D72E4 [administrátor]
Ochrana: Vypnuté
1.3.2012 14:36:15
mbam-log-2012-03-01 (14-36-15).txt
Typ kontroly: Úplná kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM | P2P
Možnosti kontroly vypnuté:
Objektov kontrolovaných: 185697
Uplynutý čas: 44 min, 51 sek
Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)
Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)
Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)
Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)
Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)
Detegované priečinky: 0
(Škodlivé položky neboli zistené)
Detegované súbory: 1
C:\Programy\UTILITY\Total Comander\Total CMA Pack\plugins\wlx\17FileInfo\cadt.dll (Trojan.Constructor) -> Pridanie do karantény a zmazanie úspešné.
(koniec)
www.malwarebytes.org
Verzia databázy: v2012.03.01.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Terezia :: TEREZIA-A8D72E4 [administrátor]
Ochrana: Vypnuté
1.3.2012 14:36:15
mbam-log-2012-03-01 (14-36-15).txt
Typ kontroly: Úplná kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM | P2P
Možnosti kontroly vypnuté:
Objektov kontrolovaných: 185697
Uplynutý čas: 44 min, 51 sek
Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)
Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)
Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)
Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)
Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)
Detegované priečinky: 0
(Škodlivé položky neboli zistené)
Detegované súbory: 1
C:\Programy\UTILITY\Total Comander\Total CMA Pack\plugins\wlx\17FileInfo\cadt.dll (Trojan.Constructor) -> Pridanie do karantény a zmazanie úspešné.
(koniec)
Re: prosim o kontrolu logu,asi rootkity
vycisti PC s CCleanerom - restart a popis ci su este nejake problemy
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: prosim o kontrolu logu,asi rootkity
vycistil som Ccleanerom,pc ja uz v pohode,len mi opera nacita dlho stranky.Dakujem za pomoc
Re: prosim o kontrolu logu,asi rootkity
rado sa stalo
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?