spomalene Pc

Zpráva

Lestatos · #1 Příspěvek od **Lestatos** » 23 pro 2010 07:17

prosim o kontrolu logu. Dakujem

Logfile of random's system information tool 1.08 (written by random/random)
Run by User at 2010-12-23 07:14:15
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 606 MB (1%) free of 76 GB
Total RAM: 734 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:14:24, on 23. 12. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OVISLINK\Common\AirliveUI.exe
c:\program files\adobe\reader 9.0\reader\reader_sl .exe
c:\program files\internet explorer\wmpscfgs.exe
c:\program files\internet explorer\wmpscfgs.exe
c:\program files\internet explorer\wmpscfgs .exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\WINDOWS\System32\mshta.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\WINDOWS\System32\mshta.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\WINDOWS\System32\mshta.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\WINDOWS\System32\mshta.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\WINDOWS\System32\mshta.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\WINDOWS\System32\mshta.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\WINDOWS\System32\mshta.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\WINDOWS\System32\mshta.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\WINDOWS\System32\mshta.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\WINDOWS\System32\mshta.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\WINDOWS\System32\mshta.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: RadarSync Toolbar - {399d96ca-6f9a-4fff-95fe-284e45ebb935} - C:\Program Files\RadarSync\tbRad2.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: RadarSync Toolbar - {399d96ca-6f9a-4fff-95fe-284e45ebb935} - C:\Program Files\RadarSync\tbRad2.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: RadarSync Toolbar - {399d96ca-6f9a-4fff-95fe-284e45ebb935} - C:\Program Files\RadarSync\tbRad2.dll
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe_Reader] c:\program files\internet explorer\wmpscfgs.exe
O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-606747145-1708537768-854245398-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex (User 'Default user')
O4 - Global Startup: AirLive 802.11G Wireless Utility.lnk = C:\Program Files\OVISLINK\Common\AirliveUI.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\User\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\User\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe

--
End of file - 7904 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At3963.job
C:\WINDOWS\tasks\At3964.job
C:\WINDOWS\tasks\At3965.job
C:\WINDOWS\tasks\At3966.job
C:\WINDOWS\tasks\At3967.job
C:\WINDOWS\tasks\At3968.job
C:\WINDOWS\tasks\At3969.job
C:\WINDOWS\tasks\At3970.job
C:\WINDOWS\tasks\At3971.job
C:\WINDOWS\tasks\At3972.job
C:\WINDOWS\tasks\At3973.job
C:\WINDOWS\tasks\At3974.job
C:\WINDOWS\tasks\At3975.job
C:\WINDOWS\tasks\At3976.job
C:\WINDOWS\tasks\At3977.job
C:\WINDOWS\tasks\At3978.job
C:\WINDOWS\tasks\At3979.job
C:\WINDOWS\tasks\At3980.job
C:\WINDOWS\tasks\At3981.job
C:\WINDOWS\tasks\At3982.job
C:\WINDOWS\tasks\At3983.job
C:\WINDOWS\tasks\At3984.job
C:\WINDOWS\tasks\At3985.job
C:\WINDOWS\tasks\At3986.job
C:\WINDOWS\tasks\At4251.job
C:\WINDOWS\tasks\At4252.job
C:\WINDOWS\tasks\At4253.job
C:\WINDOWS\tasks\At4254.job
C:\WINDOWS\tasks\At4255.job
C:\WINDOWS\tasks\At4256.job
C:\WINDOWS\tasks\At4257.job
C:\WINDOWS\tasks\At4258.job
C:\WINDOWS\tasks\At4259.job
C:\WINDOWS\tasks\At4260.job
C:\WINDOWS\tasks\At4261.job
C:\WINDOWS\tasks\At4262.job
C:\WINDOWS\tasks\At4263.job
C:\WINDOWS\tasks\At4264.job
C:\WINDOWS\tasks\At4265.job
C:\WINDOWS\tasks\At4266.job
C:\WINDOWS\tasks\At4267.job
C:\WINDOWS\tasks\At4268.job
C:\WINDOWS\tasks\At4269.job
C:\WINDOWS\tasks\At4270.job
C:\WINDOWS\tasks\At4271.job
C:\WINDOWS\tasks\At4272.job
C:\WINDOWS\tasks\At4273.job
C:\WINDOWS\tasks\At4274.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{399d96ca-6f9a-4fff-95fe-284e45ebb935}]
RadarSync Toolbar - C:\Program Files\RadarSync\tbRad2.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{399d96ca-6f9a-4fff-95fe-284e45ebb935} - RadarSync Toolbar - C:\Program Files\RadarSync\tbRad2.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2010-10-24 40432]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2010-12-18 40448]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-12-18 40448]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-12-18 40448]
"Adobe_Reader"=c:\program files\internet explorer\wmpscfgs.exe [2010-12-18 40448]
"RelevantKnowledge"=C:\program files\relevantknowledge\rlvknlg.exe [2010-12-18 40448]
"QuickTime Task"=c:\program files\quicktime\qttask .exe [2010-12-18 40448]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2
"hpqwmi"=3
"avg8wd"=2
"avg8emc"=2

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
AirLive 802.11G Wireless Utility.lnk - C:\Program Files\OVISLINK\Common\AirliveUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-10-08 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\User\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\User\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"c:\program files\relevantknowledge\rlvknlg.exe"="c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-13 23:21:04 ----A---- C:\WINDOWS\system32\333.js
2010-12-05 11:32:12 ----A---- C:\WINDOWS\crywmvtoavi.ini
2010-12-05 11:04:01 ----D---- C:\My Video
2010-12-05 09:25:10 ----D---- C:\Program Files\Crystal Software
2010-12-02 14:15:34 ----D---- C:\Program Files\ConduitEngine
2010-12-02 14:15:34 ----A---- C:\WINDOWS\system32\ConduitEngine.tmp

======List of files/folders modified in the last 1 months======

2010-12-23 07:14:25 ----D---- C:\WINDOWS\Prefetch
2010-12-23 07:14:21 ----D---- C:\Program Files\Trend Micro
2010-12-23 07:12:20 ----D---- C:\Documents and Settings\User\Application Data\Skype
2010-12-23 07:02:01 ----AD---- C:\WINDOWS\temp
2010-12-22 20:57:39 ----D---- C:\Documents and Settings\User\Application Data\skypePM
2010-12-22 17:43:15 ----D---- C:\Program Files\PokerStars
2010-12-21 08:21:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-18 07:47:14 ----D---- C:\Program Files\QuickTime
2010-12-18 07:47:13 ----D---- C:\Program Files\RelevantKnowledge
2010-12-18 07:47:12 ----D---- C:\Program Files\Internet Explorer
2010-12-18 07:47:10 ----RD---- C:\Program Files
2010-12-18 07:47:09 ----SD---- C:\WINDOWS\Tasks
2010-12-16 06:42:00 ----D---- C:\Program Files\Absolute Poker
2010-12-14 18:04:23 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2010-12-14 16:04:52 ----D---- C:\Program Files\MP3MyMP3 3.0
2010-12-13 23:21:04 ----D---- C:\WINDOWS\system32
2010-12-10 23:29:20 ----D---- C:\Program Files\FlashGet
2010-12-10 15:19:05 ----D---- C:\Downloads
2010-12-07 22:24:47 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-07 16:34:51 ----D---- C:\WINDOWS\system32\config
2010-12-07 16:34:36 ----D---- C:\WINDOWS\system32\wbem
2010-12-07 16:34:35 ----D---- C:\WINDOWS\Registration
2010-12-07 16:33:59 ----D---- C:\WINDOWS\system32\Restore
2010-12-05 11:32:12 ----D---- C:\WINDOWS
2010-12-05 09:22:53 ----D---- C:\Program Files\Instal
2010-12-02 19:58:22 ----SHD---- C:\WINDOWS\Installer
2010-12-02 19:58:22 ----D---- C:\Config.Msi
2010-12-02 19:58:19 ----D---- C:\WINDOWS\WinSxS
2010-12-02 14:17:12 ----HD---- C:\WINDOWS\inf
2010-12-02 14:15:29 ----D---- C:\Program Files\RadarSync
2010-12-01 18:48:28 ----D---- C:\Program Files\Yahoo!
2010-12-01 06:59:23 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2010-11-30 22:36:31 ----D---- C:\Program Files\Full Tilt Poker

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-16 21419]
R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-06-28 292864]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-06-28 276480]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-10-08 752093]
R3 RT73;AirLive WT-2000USB; C:\WINDOWS\system32\DRIVERS\rt73.sys [2007-09-30 451968]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-04 186016]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 postgresql-8.4;PostgreSQL Server 8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w []
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-11-17 98304]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 23 pro 2010 07:23

Zdravim a pekny den preji

Tam toho je

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
V zadnem pripade ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Lestatos · #3 Příspěvek od **Lestatos** » 23 pro 2010 09:00

log z combofixu je tri krat vacsi ako vasa qvota na pocet znakov v jednej sprave, mam ho nejako rozdelit ? dakujem

#4 Příspěvek od **vyosek** » 23 pro 2010 09:05

Uploadnete jej na LP http://leteckaposta.cz/ ja sem pak vlozim jen podstatnou cast z jeho logu...

Lestatos · #5 Příspěvek od **Lestatos** » 23 pro 2010 09:11

poslal som log len neviem ako ho budete identifikovat . Vela stastia a dakujem.

#6 Příspěvek od **vyosek** » 23 pro 2010 09:46

Na identifikaci logu a hledani haveti v nem jsme vyskoleni

Ovsem chybi mu tu jaksi odkaz na nej

Pripadne mi log poslete na mail vyosek@forum.viry.cz

#7 Příspěvek od **vyosek** » 23 pro 2010 16:21

Pro prehlednost vlozim log z CF (bez casti SnapShot)

ComboFix 10-12-22.04 - User . 12. 2010 8:26.10.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.734.512 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\page
c:\documents and settings\All Users.WINDOWS\Application Data\page\page.ico
c:\documents and settings\All Users.WINDOWS\Application Data\page\page.URL
c:\documents and settings\User\Application Data\Microsoft\~DFK5c23ae9.tmp
c:\documents and settings\User\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\User\Application Data\Microsoft\bass.dll
c:\documents and settings\User\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\User\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\User\Application Data\Microsoft\peaadje.dll
c:\documents and settings\User\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\User\Application Data\Microsoft\rsaadjd.dll
c:\program files\adobe\reader 9.0\reader\reader_sl .exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe.delme81
c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe
c:\program files\Internet Explorer\wmpscfgs .exe
c:\program files\Internet Explorer\wmpscfgs.exe
c:\program files\Internet Explorer\wmpscfgs.exe.delme109
c:\program files\quicktime\qttask .exe
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\MSVCP71.DLL
c:\program files\RelevantKnowledge\MSVCR71.DLL
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg .exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
c:\program files\Synaptics\SynTP\syntpenh.exe
c:\program files\Synaptics\SynTP\syntplpr.exe
C:\test.txt
c:\windows\Tasks\At3963.job
c:\windows\Tasks\At3964.job
c:\windows\Tasks\At3965.job
c:\windows\Tasks\At3966.job
c:\windows\Tasks\At3967.job
c:\windows\Tasks\At3968.job
c:\windows\Tasks\At3969.job
c:\windows\Tasks\At3970.job
c:\windows\Tasks\At3971.job
c:\windows\Tasks\At3972.job
c:\windows\Tasks\At3973.job
c:\windows\Tasks\At3974.job
c:\windows\Tasks\At3975.job
c:\windows\Tasks\At3976.job
c:\windows\Tasks\At3977.job
c:\windows\Tasks\At3978.job
c:\windows\Tasks\At3979.job
c:\windows\Tasks\At3980.job
c:\windows\Tasks\At3981.job
c:\windows\Tasks\At3982.job
c:\windows\Tasks\At3983.job
c:\windows\Tasks\At3984.job
c:\windows\Tasks\At3985.job
c:\windows\Tasks\At3986.job
c:\windows\Tasks\At4251.job

----- File Replicators -----

c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
c:\program files\Common Files\Adobe\Updater6\adobe_updater.exe
c:\program files\HPQ\Quick Launch Buttons\eabservr .exe
c:\program files\Internet Explorer\wmpscfgs .exe
c:\program files\Internet Explorer\wmpscfgs.exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask.exe
c:\program files\RelevantKnowledge\rlvknlg .exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\Synaptics\SynTP\syntpenh.exe
c:\program files\Synaptics\SynTP\syntplpr .exe
c:\program files\Synaptics\SynTP\syntplpr.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP468\A0424204.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP468\A0424205.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP468\A0424206.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP468\A0424207.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP468\A0424208.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP468\A0424211.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0424219.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0424230.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0424231.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0424232.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0424233.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0424237.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0425231.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0425232.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0425233.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0425234.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0425235.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0425236.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0426230.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0426231.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0426232.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0426233.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0426234.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP469\A0426239.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP471\A0427233.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP471\A0427234.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP471\A0427235.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP471\A0427236.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP471\A0427237.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP471\A0427242.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP472\A0428231.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP472\A0428232.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP472\A0428233.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP472\A0428234.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP472\A0428235.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP472\A0428239.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP472\A0429231.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP472\A0429232.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP472\A0429233.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP472\A0429234.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP472\A0429235.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP472\A0429239.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP473\A0430231.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP473\A0430232.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP473\A0430233.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP473\A0430234.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP473\A0430235.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP473\A0430239.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP473\A0431231.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP473\A0431232.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP473\A0431233.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP473\A0431236.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP473\A0431238.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP473\A0431239.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP473\A0431250.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP473\A0431251.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP473\A0431252.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP473\A0431253.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP473\A0431257.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP475\A0431360.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP475\A0431361.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP475\A0431362.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP475\A0431363.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP475\A0431364.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP475\A0431367.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP476\A0431386.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP476\A0432360.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP476\A0432361.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP476\A0432362.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP476\A0432363.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP476\A0432369.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP477\A0432400.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP477\A0432401.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP477\A0432402.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP477\A0432403.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP477\A0432404.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP477\A0432407.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP479\A0433401.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP479\A0433402.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP479\A0433403.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP479\A0433404.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP479\A0433405.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP479\A0433408.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP482\A0433580.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP482\A0433581.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP482\A0433582.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP482\A0433583.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP482\A0433584.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP482\A0433588.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP484\A0434555.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP484\A0434556.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP484\A0434557.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP484\A0434558.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP484\A0434559.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP484\A0434563.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP487\A0435555.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP487\A0435556.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP487\A0435557.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP487\A0435558.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP487\A0435559.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP487\A0435564.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP488\A0436553.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP488\A0436554.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP488\A0436555.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP488\A0436556.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP488\A0436557.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP488\A0436558.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP488\A0436563.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP490\A0437555.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP490\A0437556.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP490\A0437557.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP490\A0437558.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP490\A0437559.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP490\A0437562.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP491\A0438555.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP491\A0438556.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP491\A0438557.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP491\A0438558.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP491\A0438559.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP491\A0438562.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP491\A0438586.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP491\A0438587.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP491\A0438588.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP491\A0438589.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP491\A0438592.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP493\A0438615.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP493\A0438616.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP493\A0438617.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP493\A0438618.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP493\A0438619.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP493\A0438620.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP493\A0438628.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP493\A0438629.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP493\A0438630.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP493\A0438631.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP493\A0438632.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP493\A0438635.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP495\A0439629.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP495\A0439630.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP495\A0439631.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP495\A0439632.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP495\A0439636.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP496\A0440629.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP496\A0440630.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP496\A0440631.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP496\A0440632.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP496\A0440635.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP496\A0440636.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP496\A0441629.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP496\A0441630.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP496\A0441631.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP496\A0441632.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP496\A0441633.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP496\A0441637.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP497\A0442629.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP497\A0442630.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP497\A0442631.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP497\A0442632.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP497\A0442635.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP497\A0442636.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0443629.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0443630.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0443631.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0443632.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0443636.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0443648.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0443649.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0443650.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0443651.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0443655.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0444649.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0444650.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0444651.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0444652.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0444655.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0444675.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0444676.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0444677.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0444680.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0445676.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0445677.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0445678.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP498\A0445681.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0446676.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0446677.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0446678.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0446679.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0446682.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0446696.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0446697.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0446698.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0446701.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0447697.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0447698.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0447699.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0447700.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0447701.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0447708.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0447709.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0447710.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0447711.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0448721.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0448722.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0448723.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0448724.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP499\A0448727.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP502\A0449723.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP502\A0449724.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP502\A0449725.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP502\A0449726.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP502\A0449727.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP502\A0450721.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP502\A0450722.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP502\A0450723.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP502\A0450724.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP502\A0450725.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP502\A0451721.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP502\A0451722.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP502\A0451723.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP502\A0451724.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP502\A0451727.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP504\A0452724.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP504\A0452725.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP504\A0452726.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP504\A0452727.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP504\A0452728.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP505\A0452752.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP505\A0452753.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP505\A0452754.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP505\A0452755.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP505\A0452756.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP505\A0452763.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP505\A0452764.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP505\A0452765.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP505\A0452766.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP505\A0452767.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0452776.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0452777.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0452778.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0452779.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0452780.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0452781.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0452796.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0452797.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0452798.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0452799.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0452800.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0453795.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0453796.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0453797.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0453798.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0453799.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0454795.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0454796.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0454797.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0454798.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP506\A0454799.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP510\A0454915.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP510\A0454916.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP510\A0454917.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP510\A0454918.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP510\A0454919.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP510\A0454920.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP510\A0455795.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP510\A0455796.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP510\A0455797.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP510\A0455798.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP510\A0455799.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP511\A0455800.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP511\A0455803.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP511\A0455804.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP511\A0455805.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP511\A0455806.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP511\A0455807.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP511\A0455859.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP511\A0455860.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP511\A0455861.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP511\A0455862.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP511\A0455863.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP511\A0455908.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP511\A0455909.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP511\A0455910.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP511\A0455911.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP511\A0455912.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP511\A0455913.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP514\A0456909.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP514\A0456910.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP514\A0456911.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP514\A0456912.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP514\A0456913.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP514\A0457909.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP514\A0457910.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP514\A0457911.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP514\A0457912.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP514\A0457913.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP516\A0458909.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP516\A0458910.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP516\A0458911.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP516\A0458912.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP516\A0458913.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP516\A0458914.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP518\A0459909.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP518\A0459910.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP518\A0459911.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP518\A0459912.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP518\A0459913.exe
c:\system volume information\_restore{EE1A417E-11D0-4332-9CA3-519CE5B6DECF}\RP518\A0459914.exe
.
.
((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-13 12:12 . 2010-12-13 12:12 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-12-07 15:34 . 2010-12-07 15:34 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-05 10:04 . 2010-12-05 10:04 -------- d-----w- C:\My Video
2010-12-05 08:25 . 2010-12-05 08:25 -------- d-----w- c:\program files\Crystal Software
2010-12-04 20:37 . 2010-12-10 20:37 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\ConduitEngine
2010-12-02 13:15 . 2010-12-02 13:15 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\ConduitEngine
2010-12-02 13:15 . 2010-12-10 12:21 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\ConduitEngine
2010-12-02 13:15 . 2010-12-02 13:15 -------- d-----w- c:\program files\ConduitEngine
2010-12-02 13:15 . 2010-12-02 13:15 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-15 10:02 . 2010-10-15 09:57 34452784 ----a-w- C:\QuickTimeInstaller.exe
2010-04-20 11:25 . 2010-04-16 16:47 27617116 ----a-w- c:\program files\HmBetaUpdate.exe
2010-04-15 11:49 . 2010-04-15 11:48 12991896 ----a-w- c:\program files\Opera_1051_int_Setup.exe
2010-04-15 11:42 . 2010-03-14 10:10 1924976 ----a-w- c:\program files\install_flash_player.exe
2010-03-14 10:27 . 2010-03-14 10:26 13062056 ----a-w- c:\program files\Opera_1050_int_Setup.exe
2009-06-30 08:29 . 2009-06-30 08:29 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-06-28 08:16 . 2009-06-28 08:16 812344 ----a-w- c:\program files\HJTInstall.exe
2009-06-28 08:09 . 2009-05-26 06:01 31863808 ----a-w- c:\program files\eav_nt32_csy.msi
2009-06-09 14:20 . 2009-06-09 14:14 21646127 ----a-w- c:\program files\scribus-1.3.3.13-win32-install.exe
2009-06-09 12:51 . 2009-06-09 12:49 3371384 ----a-w- c:\program files\mbam-setup.exe
2009-06-07 10:24 . 2009-06-07 10:24 1815369 ----a-w- c:\program files\gbgallerylitesetup.exe
2009-05-26 06:42 . 2009-05-26 06:41 1880289 ----a-w- c:\program files\radarsync.exe
2009-05-24 09:16 . 2009-05-24 09:10 12743232 ----a-w- c:\program files\WinMPG_VideoConvert_Setup-20016.exe
2009-05-24 05:35 . 2009-05-24 05:35 453824 ----a-w- c:\program files\driveragent_488.exe
2009-05-19 12:26 . 2009-05-19 12:24 10143072 ----a-w- c:\program files\AbsolutePoker8_7_6.exe
2009-05-18 15:11 . 2009-05-18 15:09 10770432 ----a-w- c:\program files\LogMeIn.msi
.

Kód: Vybrat vše

<pre>
c:\program files\Common Files\Adobe\Updater6\adobe_updater .exe
c:\program files\QuickTime\qttask                        .exe
c:\windows\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{399d96ca-6f9a-4fff-95fe-284e45ebb935}"= "c:\program files\RadarSync\tbRad2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{399d96ca-6f9a-4fff-95fe-284e45ebb935}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{399d96ca-6f9a-4fff-95fe-284e45ebb935}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\RadarSync\tbRad2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{399d96ca-6f9a-4fff-95fe-284e45ebb935}"= "c:\program files\RadarSync\tbRad2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{399d96ca-6f9a-4fff-95fe-284e45ebb935}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{399D96CA-6F9A-4FFF-95FE-284E45EBB935}"= "c:\program files\RadarSync\tbRad2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{399d96ca-6f9a-4fff-95fe-284e45ebb935}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\quicktime\qttask .exe -atboottime" [X]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2010-10-24 40432]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [N/A]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe" [2010-09-07 232912]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
AirLive 802.11G Wireless Utility.lnk - c:\program files\OVISLINK\Common\AirliveUI.exe [2008-11-16 1290240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"hpqwmi"=3 (0x3)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\User\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [24. 5. 2009 6:35 23600]
.
Contents of the 'Scheduled Tasks' folder

2010-12-22 c:\windows\Tasks\At1.job
- c:\windows\system32\flttmc.exe [2008-11-12 00:12]
.
.
------- Supplementary Scan -------
.
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\13knlli7.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\relevantknowledge\rlvknlg.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-23 08:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800BEVE-00UYT0 rev.01.04A01 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82B7A555]<<
c:\docume~1\User\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82b807b0]; MOV EAX, [0x82b8082c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82B90AB8]
3 CLASSPNP[0xF7842FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000006e[0x82B54348]
5 ACPI[0xF77B9620] -> nt!IofCallDriver[0x804E37D5] -> [0x82B93940]
\Driver\atapi[0x82B3E618] -> IRP_MJ_CREATE -> 0x82B7A555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD800BEVE-00UYT0____________________01.04A01#5&1545bf8&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x82B7A39B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\WININET.dll
.
Completion time: 2010-12-23 08:44:35
ComboFix-quarantined-files.txt 2010-12-23 07:44
ComboFix2.txt 2010-03-11 06:41
ComboFix3.txt 2010-03-09 14:47
ComboFix4.txt 2010-03-09 05:52
ComboFix5.txt 2010-12-23 06:34

Pre-Run: 6 912 122 880 bytes free
Post-Run: 8 368 525 312 bytes free

- - End Of File - - 0786A83DECBFA9A4AD33123906A5A8FE

#8 Příspěvek od **vyosek** » 23 pro 2010 16:29

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

RenV::
c:\program files\Common Files\Adobe\Updater6\adobe_updater .exe
c:\program files\QuickTime\qttask                        .exe
c:\windows\system32\ctfmon .exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
"Adobe_Reader"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=-

Collect::
c:\windows\system32\flttmc.exe
c:\windows\Tasks\At1.job

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]

AtJob::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Lestatos · #9 Příspěvek od **Lestatos** » 23 pro 2010 17:48

posielam log z combofix.

ComboFix 10-12-22.06 - User . 12. 2010 17:30:15.11.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.734.512 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt

file zipped: c:\windows\system32\flttmc.exe
file zipped: c:\windows\Tasks\At1.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\flttmc.exe
c:\windows\system32\hkcmd.exe.delme32
c:\windows\system32\igfxtray.exe.delme31
c:\windows\Tasks\At1.job

.
((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-13 12:12 . 2010-12-13 12:12 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-12-07 15:34 . 2010-12-07 15:34 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-05 10:04 . 2010-12-05 10:04 -------- d-----w- C:\My Video
2010-12-05 08:25 . 2010-12-05 08:25 -------- d-----w- c:\program files\Crystal Software
2010-12-04 20:37 . 2010-12-10 20:37 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\ConduitEngine
2010-12-02 13:15 . 2010-12-02 13:15 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\ConduitEngine
2010-12-02 13:15 . 2010-12-10 12:21 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\ConduitEngine
2010-12-02 13:15 . 2010-12-02 13:15 -------- d-----w- c:\program files\ConduitEngine
2010-12-02 13:15 . 2010-12-02 13:15 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-15 10:02 . 2010-10-15 09:57 34452784 ----a-w- C:\QuickTimeInstaller.exe
2010-04-20 11:25 . 2010-04-16 16:47 27617116 ----a-w- c:\program files\HmBetaUpdate.exe
2010-04-15 11:49 . 2010-04-15 11:48 12991896 ----a-w- c:\program files\Opera_1051_int_Setup.exe
2010-04-15 11:42 . 2010-03-14 10:10 1924976 ----a-w- c:\program files\install_flash_player.exe
2010-03-14 10:27 . 2010-03-14 10:26 13062056 ----a-w- c:\program files\Opera_1050_int_Setup.exe
2009-06-30 08:29 . 2009-06-30 08:29 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-06-28 08:16 . 2009-06-28 08:16 812344 ----a-w- c:\program files\HJTInstall.exe
2009-06-28 08:09 . 2009-05-26 06:01 31863808 ----a-w- c:\program files\eav_nt32_csy.msi
2009-06-09 14:20 . 2009-06-09 14:14 21646127 ----a-w- c:\program files\scribus-1.3.3.13-win32-install.exe
2009-06-09 12:51 . 2009-06-09 12:49 3371384 ----a-w- c:\program files\mbam-setup.exe
2009-06-07 10:24 . 2009-06-07 10:24 1815369 ----a-w- c:\program files\gbgallerylitesetup.exe
2009-05-26 06:42 . 2009-05-26 06:41 1880289 ----a-w- c:\program files\radarsync.exe
2009-05-24 09:16 . 2009-05-24 09:10 12743232 ----a-w- c:\program files\WinMPG_VideoConvert_Setup-20016.exe
2009-05-24 05:35 . 2009-05-24 05:35 453824 ----a-w- c:\program files\driveragent_488.exe
2009-05-19 12:26 . 2009-05-19 12:24 10143072 ----a-w- c:\program files\AbsolutePoker8_7_6.exe
2009-05-18 15:11 . 2009-05-18 15:09 10770432 ----a-w- c:\program files\LogMeIn.msi
.

((((((((((((((((((((((((((((( SnapShot_2010-12-23_07.40.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-23 16:06 . 2010-12-23 16:06 16384 c:\windows\temp\Perflib_Perfdata_62c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{399d96ca-6f9a-4fff-95fe-284e45ebb935}"= "c:\program files\RadarSync\tbRad2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{399d96ca-6f9a-4fff-95fe-284e45ebb935}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{399d96ca-6f9a-4fff-95fe-284e45ebb935}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\RadarSync\tbRad2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{399d96ca-6f9a-4fff-95fe-284e45ebb935}"= "c:\program files\RadarSync\tbRad2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{399d96ca-6f9a-4fff-95fe-284e45ebb935}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{399D96CA-6F9A-4FFF-95FE-284E45EBB935}"= "c:\program files\RadarSync\tbRad2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{399d96ca-6f9a-4fff-95fe-284e45ebb935}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2010-10-24 40432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
AirLive 802.11G Wireless Utility.lnk - c:\program files\OVISLINK\Common\AirliveUI.exe [2008-11-16 1290240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"hpqwmi"=3 (0x3)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\User\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [24. 5. 2009 6:35 23600]
.
.
------- Supplementary Scan -------
.
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\13knlli7.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SynTPLpr - c:\program files\Synaptics\SynTP\SynTPLpr.exe
HKLM-Run-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-23 17:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800BEVE-00UYT0 rev.01.04A01 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82B7A555]<<
c:\docume~1\User\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82b807b0]; MOV EAX, [0x82b8082c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82B90AB8]
3 CLASSPNP[0xF7842FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000006e[0x82B54348]
5 ACPI[0xF77B9620] -> nt!IofCallDriver[0x804E37D5] -> [0x82B93940]
\Driver\atapi[0x82B3E618] -> IRP_MJ_CREATE -> 0x82B7A555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD800BEVE-00UYT0____________________01.04A01#5&1545bf8&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x82B7A39B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\WININET.dll
.
Completion time: 2010-12-23 17:45:25
ComboFix-quarantined-files.txt 2010-12-23 16:45
ComboFix2.txt 2010-12-23 07:44
ComboFix3.txt 2010-03-11 06:41
ComboFix4.txt 2010-03-09 14:47
ComboFix5.txt 2010-12-23 15:54

Pre-Run: 8 358 494 208 bytes free
Post-Run: 8 365 637 632 bytes free

- - End Of File - - 51F3B1A73E7991BE08A3822FD31F764D

#10 Příspěvek od **vyosek** » 23 pro 2010 17:54

Udelejte sken pomoci TDSS Killeru - postup dle kolegy

stell píše: Stiahnite si prosím TDSSKiller a uložte ho na plochu.

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom adresári (zvyčajne C:\ zložka) vo forme "TDSSKiller. _log.txt". Prosím, skopírujte a vložte obsah súboru tu.

Lestatos · #11 Příspěvek od **Lestatos** » 23 pro 2010 18:07

log z TDSSKiller

2010/12/23 18:01:31.0300 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/23 18:01:31.0300 ================================================================================
2010/12/23 18:01:31.0300 SystemInfo:
2010/12/23 18:01:31.0300
2010/12/23 18:01:31.0300 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/23 18:01:31.0300 Product type: Workstation
2010/12/23 18:01:31.0300 ComputerName: NOTEBOOK
2010/12/23 18:01:31.0300 UserName: User
2010/12/23 18:01:31.0300 Windows directory: C:\WINDOWS
2010/12/23 18:01:31.0300 System windows directory: C:\WINDOWS
2010/12/23 18:01:31.0300 Processor architecture: Intel x86
2010/12/23 18:01:31.0300 Number of processors: 1
2010/12/23 18:01:31.0300 Page size: 0x1000
2010/12/23 18:01:31.0300 Boot type: Normal boot
2010/12/23 18:01:31.0300 ================================================================================
2010/12/23 18:01:31.0511 Initialize success
2010/12/23 18:01:48.0625 ================================================================================
2010/12/23 18:01:48.0625 Scan started
2010/12/23 18:01:48.0625 Mode: Manual;
2010/12/23 18:01:48.0625 ================================================================================
2010/12/23 18:01:49.0597 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/23 18:01:49.0647 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/23 18:01:49.0777 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/23 18:01:49.0827 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/12/23 18:01:49.0877 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/23 18:01:50.0248 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/23 18:01:50.0338 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/23 18:01:50.0458 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/23 18:01:50.0538 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/23 18:01:50.0628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/23 18:01:50.0748 CAMCAUD (df813edff93fde099e95f1b48a665d0c) C:\WINDOWS\system32\drivers\camcaud.sys
2010/12/23 18:01:50.0858 CAMCHALA (cb9eda5216b6218e0a377813a767bf7e) C:\WINDOWS\system32\drivers\camchal.sys
2010/12/23 18:01:51.0099 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/23 18:01:51.0179 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/23 18:01:51.0249 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/23 18:01:51.0319 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/23 18:01:51.0429 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/23 18:01:51.0529 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/23 18:01:51.0780 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/23 18:01:51.0920 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/23 18:01:52.0040 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/23 18:01:52.0110 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/23 18:01:52.0170 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/23 18:01:52.0301 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2010/12/23 18:01:52.0411 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2010/12/23 18:01:52.0451 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2010/12/23 18:01:52.0531 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/23 18:01:52.0641 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
2010/12/23 18:01:52.0731 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
2010/12/23 18:01:52.0841 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/23 18:01:52.0951 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/23 18:01:53.0042 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/23 18:01:53.0092 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/23 18:01:53.0132 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/23 18:01:53.0202 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/23 18:01:53.0272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/23 18:01:53.0382 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/23 18:01:53.0442 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/23 18:01:53.0582 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/23 18:01:53.0743 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/23 18:01:53.0873 ialm (510a5e1cb84e82d4e89dff3d96752048) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/12/23 18:01:53.0953 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/23 18:01:54.0083 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/23 18:01:54.0133 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/23 18:01:54.0223 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/23 18:01:54.0323 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/23 18:01:54.0574 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/23 18:01:54.0674 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/23 18:01:54.0724 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/23 18:01:54.0774 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/23 18:01:54.0824 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/23 18:01:54.0874 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/23 18:01:54.0994 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/23 18:01:55.0095 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/23 18:01:55.0255 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/23 18:01:55.0355 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/23 18:01:55.0395 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/23 18:01:55.0495 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/23 18:01:55.0525 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/23 18:01:55.0625 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/23 18:01:55.0715 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/23 18:01:55.0775 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/23 18:01:55.0866 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/23 18:01:55.0906 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/23 18:01:55.0956 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/23 18:01:56.0066 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/23 18:01:56.0086 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/23 18:01:56.0136 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/23 18:01:56.0206 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/23 18:01:56.0266 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/23 18:01:56.0316 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/23 18:01:56.0426 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/23 18:01:56.0497 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/23 18:01:56.0567 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/23 18:01:56.0717 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/23 18:01:56.0777 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/23 18:01:56.0847 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/23 18:01:56.0937 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/23 18:01:57.0037 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/23 18:01:57.0097 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/23 18:01:57.0137 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/23 18:01:57.0198 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/23 18:01:57.0248 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/23 18:01:57.0368 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/23 18:01:57.0398 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/23 18:01:57.0678 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/23 18:01:57.0788 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/23 18:01:57.0879 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/23 18:01:58.0109 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/23 18:01:58.0159 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/23 18:01:58.0209 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/23 18:01:58.0249 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/23 18:01:58.0279 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/23 18:01:58.0379 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/23 18:01:58.0489 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/23 18:01:58.0580 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/23 18:01:58.0780 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\rt73.sys
2010/12/23 18:01:58.0860 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/12/23 18:01:58.0960 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/23 18:01:59.0070 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/23 18:01:59.0140 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/23 18:01:59.0281 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/23 18:01:59.0391 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/23 18:01:59.0501 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/23 18:01:59.0611 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/23 18:01:59.0661 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/23 18:01:59.0911 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/23 18:01:59.0972 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/23 18:02:00.0072 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/23 18:02:00.0122 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/23 18:02:00.0162 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/23 18:02:00.0212 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/23 18:02:00.0392 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
2010/12/23 18:02:00.0472 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/23 18:02:00.0622 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/23 18:02:00.0783 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/23 18:02:00.0883 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/23 18:02:00.0973 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/23 18:02:01.0073 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/23 18:02:01.0113 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/23 18:02:01.0193 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/23 18:02:01.0283 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/23 18:02:01.0384 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/23 18:02:01.0484 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/23 18:02:01.0584 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/23 18:02:01.0704 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/23 18:02:01.0764 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/23 18:02:01.0884 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/23 18:02:01.0974 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/23 18:02:01.0984 ================================================================================
2010/12/23 18:02:01.0984 Scan finished
2010/12/23 18:02:01.0984 ================================================================================
2010/12/23 18:02:02.0004 Detected object count: 1
2010/12/23 18:02:46.0078 \HardDisk0 - will be cured after reboot
2010/12/23 18:02:46.0078 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/23 18:02:58.0355 Deinitialize success

#12 Příspěvek od **vyosek** » 23 pro 2010 18:10

Stahnete SPTD http://www.duplexsecure.com/en/downloads

Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
Ulozte na plochu a spustte
Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

Ulozte na plochu a spustte
Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe ale nespoustejte

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\Desktop\mbr" -t
```
Kliknete na OK
Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Lestatos · #13 Příspěvek od **Lestatos** » 23 pro 2010 18:21

bohuzial poslednemu povelu nerozumiemiem (mbr.exe) ,ked dam start a run tak sa nic nedeje, objavi sa stavivy riadok , trosku amatersky som skusil napisat WIN+R ale to asi nebude to prave orechove, prosim o jednoduchsi postup pre idiotov ako som ja , dakujem.

Lestatos · #14 Příspěvek od **Lestatos** » 23 pro 2010 18:52

tak som to zvladol

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800BEVE-00UYT0 rev.01.04A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82B59AB8]
3 CLASSPNP[0xF7842FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000006e[0x82BEB470]
5 ACPI[0xF77B9620] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x82B93940]
kernel: MBR read successfully
user & kernel MBR OK

#15 Příspěvek od **vyosek** » 23 pro 2010 21:29

Zvladl jste to paradne...prave do toho "stavivy riadok" jste mel nakopirovat ten zeleny text, coz jste udelal, jinak bych nevidel ten krasny log, ktery rika ze TDSS rootkit je fuc...

Jak se chova PC

VIRY.CZ

spomalene Pc

spomalene Pc

Re: spomalene Pc

Re: spomalene Pc

Re: spomalene Pc

Re: spomalene Pc

Re: spomalene Pc

Re: spomalene Pc

Re: spomalene Pc

Re: spomalene Pc

Re: spomalene Pc

Re: spomalene Pc

Re: spomalene Pc

Re: spomalene Pc

Re: spomalene Pc

Re: spomalene Pc