Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Podivná aktivita site

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
raskar89
Návštěvník
Návštěvník
Příspěvky: 246
Registrován: 21 kvě 2010 19:08

Podivná aktivita site

#1 Příspěvek od raskar89 »

Dobry vecer, comodo zablokovalo celkem 1488 pokusu o prunik. Vyexportoval jsem vypis. Poradil by mne nekdo prosim co s tim udelat? Diky moc.

2011-01-02 00:00:01 Windows Operating System Zablokováno Příchozí UDP 98.246.49.57 32622 192.168.2.2 57221
2011-01-02 00:00:03 Windows Operating System Zablokováno Příchozí UDP 190.253.167.167 32082 192.168.2.2 57221
2011-01-02 00:00:40 Windows Operating System Zablokováno Příchozí UDP 186.207.13.217 39506 192.168.2.2 57221
2011-01-02 00:01:19 Windows Operating System Zablokováno Příchozí UDP 87.205.186.224 20650 192.168.2.2 57221
2011-01-02 00:01:21 Windows Operating System Zablokováno Příchozí UDP 186.84.125.253 22510 192.168.2.2 57221
2011-01-02 00:01:32 Windows Operating System Zablokováno Příchozí UDP 213.22.33.78 29362 192.168.2.2 57221
2011-01-02 00:01:56 Windows Operating System Zablokováno Příchozí UDP 83.189.58.170 3203 192.168.2.2 57221
2011-01-02 00:02:42 Windows Operating System Zablokováno Příchozí UDP 123.115.182.244 19337 192.168.2.2 57221
2011-01-02 00:02:46 Windows Operating System Zablokováno Příchozí UDP 79.101.135.159 18274 192.168.2.2 57221
2011-01-02 00:02:51 Windows Operating System Zablokováno Příchozí UDP 213.123.14.243 53495 192.168.2.2 57221
2011-01-02 00:03:08 Windows Operating System Zablokováno Příchozí UDP 59.164.231.197 61378 192.168.2.2 57221
2011-01-02 00:03:30 Windows Operating System Zablokováno Příchozí UDP 86.150.247.16 31818 192.168.2.2 57221
2011-01-02 00:03:43 Windows Operating System Zablokováno Příchozí UDP 70.69.161.233 22846 192.168.2.2 57221
2011-01-02 00:04:02 Windows Operating System Zablokováno Příchozí UDP 188.54.48.107 61737 192.168.2.2 57221
2011-01-02 00:05:08 Windows Operating System Zablokováno Příchozí UDP 79.139.245.191 15860 192.168.2.2 57221
2011-01-02 00:05:27 Windows Operating System Zablokováno Příchozí UDP 189.113.209.121 5086 192.168.2.2 57221
2011-01-02 00:05:50 Windows Operating System Zablokováno Příchozí UDP 186.104.204.65 34265 192.168.2.2 57221
2011-01-02 00:06:16 Windows Operating System Zablokováno Příchozí UDP 213.66.89.124 5099 192.168.2.2 57221
2011-01-02 00:06:40 Windows Operating System Zablokováno Příchozí UDP 178.176.67.193 40259 192.168.2.2 57221
2011-01-02 00:06:58 Windows Operating System Zablokováno Příchozí UDP 201.248.104.183 48388 192.168.2.2 57221
2011-01-02 00:07:04 Windows Operating System Zablokováno Příchozí UDP 81.234.77.175 17465 192.168.2.2 57221
2011-01-02 00:07:14 Windows Operating System Zablokováno Příchozí UDP 188.248.145.149 41212 192.168.2.2 57221
2011-01-02 00:07:34 Windows Operating System Zablokováno Příchozí UDP 89.130.3.168 2387 192.168.2.2 57221
2011-01-02 00:07:56 Windows Operating System Zablokováno Příchozí UDP 99.127.105.123 56879 192.168.2.2 57221
2011-01-02 00:08:01 Windows Operating System Zablokováno Příchozí UDP 92.243.182.21 6962 192.168.2.2 57221
2011-01-02 00:08:05 Windows Operating System Zablokováno Příchozí UDP 188.62.49.61 63785 192.168.2.2 57221
2011-01-02 00:08:13 Windows Operating System Zablokováno Příchozí UDP 123.2.76.122 52165 192.168.2.2 57221
2011-01-02 00:08:41 Windows Operating System Zablokováno Příchozí UDP 213.87.114.35 43540 192.168.2.2 57221
2011-01-02 00:09:08 Windows Operating System Zablokováno Příchozí UDP 79.118.117.117 52309 192.168.2.2 57221
2011-01-02 00:09:17 Windows Operating System Zablokováno Příchozí UDP 81.184.188.56 2987 192.168.2.2 57221
2011-01-02 00:09:33 Windows Operating System Zablokováno Příchozí UDP 41.135.11.237 19132 192.168.2.2 57221
2011-01-02 00:09:38 Windows Operating System Zablokováno Příchozí UDP 219.90.221.249 64557 192.168.2.2 57221
2011-01-02 00:09:51 Windows Operating System Zablokováno Příchozí UDP 81.204.233.64 18906 192.168.2.2 57221
2011-01-02 00:09:53 Windows Operating System Zablokováno Příchozí UDP 81.183.218.159 960 192.168.2.2 57221
2011-01-02 00:10:05 Windows Operating System Zablokováno Příchozí UDP 71.86.65.70 24554 192.168.2.2 57221
2011-01-02 00:10:17 Windows Operating System Zablokováno Příchozí UDP 151.82.49.27 42595 192.168.2.2 57221
2011-01-02 00:10:30 Windows Operating System Zablokováno Příchozí UDP 151.59.177.112 51681 192.168.2.2 57221
2011-01-02 00:10:43 Windows Operating System Zablokováno Příchozí UDP 78.151.203.106 2138 192.168.2.2 57221
2011-01-02 00:11:22 Windows Operating System Zablokováno Příchozí UDP 188.134.35.142 27531 192.168.2.2 57221
2011-01-02 00:11:32 Windows Operating System Zablokováno Příchozí UDP 90.210.48.171 45411 192.168.2.2 57221
2011-01-02 00:11:36 Windows Operating System Zablokováno Příchozí UDP 24.20.139.158 22809 192.168.2.2 57221
2011-01-02 00:11:37 Windows Operating System Zablokováno Příchozí UDP 117.193.11.177 60378 192.168.2.2 57221
2011-01-02 00:11:56 Windows Operating System Zablokováno Příchozí UDP 88.104.222.167 55719 192.168.2.2 57221
2011-01-02 00:11:58 Windows Operating System Zablokováno Příchozí UDP 92.124.9.140 2898 192.168.2.2 57221
2011-01-02 00:12:26 Windows Operating System Zablokováno Příchozí UDP 109.111.158.154 37018 192.168.2.2 57221
2011-01-02 00:12:28 Windows Operating System Zablokováno Příchozí UDP 76.67.7.121 34886 192.168.2.2 57221
2011-01-02 00:12:32 Windows Operating System Zablokováno Příchozí UDP 76.67.7.121 34886 192.168.2.2 57221
2011-01-02 00:12:48 Windows Operating System Zablokováno Příchozí UDP 174.29.227.25 49496 192.168.2.2 57221
2011-01-02 00:13:06 Windows Operating System Zablokováno Příchozí UDP 74.58.191.97 6480 192.168.2.2 57221
2011-01-02 00:13:25 Windows Operating System Zablokováno Příchozí UDP 188.81.143.11 43202 192.168.2.2 57221
2011-01-02 00:13:28 Windows Operating System Zablokováno Příchozí UDP 93.108.125.208 35243 192.168.2.2 57221
2011-01-02 00:13:40 Windows Operating System Zablokováno Příchozí UDP 95.17.60.254 25035 192.168.2.2 57221
2011-01-02 00:13:53 Windows Operating System Zablokováno Příchozí UDP 194.187.151.21 22519 192.168.2.2 57221
2011-01-02 00:13:55 Windows Operating System Zablokováno Příchozí UDP 109.121.28.225 20232 192.168.2.2 57221
2011-01-02 00:14:11 Windows Operating System Zablokováno Příchozí UDP 74.12.50.234 63211 192.168.2.2 57221
2011-01-02 00:15:18 Windows Operating System Zablokováno Příchozí UDP 118.210.214.12 23387 192.168.2.2 57221
2011-01-02 00:15:54 Windows Operating System Zablokováno Příchozí UDP 66.41.117.161 22606 192.168.2.2 57221
2011-01-02 00:16:28 Windows Operating System Zablokováno Příchozí UDP 99.248.16.86 41402 192.168.2.2 57221
2011-01-02 00:16:38 Windows Operating System Zablokováno Příchozí UDP 78.84.204.55 3564 192.168.2.2 57221
2011-01-02 00:16:41 Windows Operating System Zablokováno Příchozí UDP 112.210.255.19 43864 192.168.2.2 57221
2011-01-02 00:16:52 Windows Operating System Zablokováno Příchozí UDP 99.240.44.80 2224 192.168.2.2 57221
2011-01-02 00:17:05 Windows Operating System Zablokováno Příchozí UDP 194.50.9.207 36895 192.168.2.2 57221
2011-01-02 00:17:19 Windows Operating System Zablokováno Příchozí UDP 190.73.160.54 24275 192.168.2.2 57221
2011-01-02 00:17:21 Windows Operating System Zablokováno Příchozí UDP 81.231.34.33 64376 192.168.2.2 57221
2011-01-02 00:17:23 Windows Operating System Zablokováno Příchozí UDP 81.83.148.180 54147 192.168.2.2 57221
2011-01-02 00:17:34 Windows Operating System Zablokováno Příchozí UDP 79.46.200.227 5264 192.168.2.2 57221
2011-01-02 00:17:39 Windows Operating System Zablokováno Příchozí UDP 94.194.10.202 61139 192.168.2.2 57221
2011-01-02 00:17:55 Windows Operating System Zablokováno Příchozí UDP 222.129.241.66 55544 192.168.2.2 57221
2011-01-02 00:18:03 Windows Operating System Zablokováno Příchozí UDP 186.6.163.253 30954 192.168.2.2 57221
2011-01-02 00:18:08 Windows Operating System Zablokováno Příchozí UDP 85.120.167.93 43625 192.168.2.2 57221
2011-01-02 00:18:16 Windows Operating System Zablokováno Příchozí UDP 58.96.45.227 995 192.168.2.2 57221
2011-01-02 00:18:32 Windows Operating System Zablokováno Příchozí UDP 86.122.219.185 48992 192.168.2.2 57221
2011-01-02 00:18:58 Windows Operating System Zablokováno Příchozí UDP 146.115.83.123 30576 192.168.2.2 57221
2011-01-02 00:19:12 Windows Operating System Zablokováno Příchozí UDP 94.132.170.172 11857 192.168.2.2 57221
2011-01-02 00:19:28 Windows Operating System Zablokováno Příchozí UDP 94.14.143.70 33500 192.168.2.2 57221
2011-01-02 00:19:30 Windows Operating System Zablokováno Příchozí UDP 95.133.54.216 50325 192.168.2.2 57221
2011-01-02 00:19:33 Windows Operating System Zablokováno Příchozí UDP 79.91.252.100 28232 192.168.2.2 57221
2011-01-02 00:19:38 Windows Operating System Zablokováno Příchozí UDP 178.167.175.209 39578 192.168.2.2 57221
2011-01-02 00:19:41 Windows Operating System Zablokováno Příchozí UDP 81.96.105.238 43061 192.168.2.2 57221
2011-01-02 00:19:51 Windows Operating System Zablokováno Příchozí UDP 72.39.56.189 54934 192.168.2.2 57221
2011-01-02 00:19:56 Windows Operating System Zablokováno Příchozí UDP 174.16.97.224 50258 192.168.2.2 57221
2011-01-02 00:20:03 Windows Operating System Zablokováno Příchozí UDP 85.16.235.190 45908 192.168.2.2 57221
2011-01-02 00:20:08 Windows Operating System Zablokováno Příchozí UDP 68.113.203.181 12859 192.168.2.2 57221
2011-01-02 00:20:20 Windows Operating System Zablokováno Příchozí UDP 71.56.198.205 42080 192.168.2.2 57221
2011-01-02 00:21:02 Windows Operating System Zablokováno Příchozí UDP 89.45.248.112 2557 192.168.2.2 57221
2011-01-02 00:21:05 Windows Operating System Zablokováno Příchozí UDP 95.106.41.155 52523 192.168.2.2 57221
2011-01-02 00:21:06 Windows Operating System Zablokováno Příchozí UDP 196.210.228.205 32103 192.168.2.2 57221
2011-01-02 00:21:20 Windows Operating System Zablokováno Příchozí UDP 86.206.160.128 13345 192.168.2.2 57221
2011-01-02 00:21:46 Windows Operating System Zablokováno Příchozí UDP 87.244.198.18 13883 192.168.2.2 57221
2011-01-02 00:22:36 Windows Operating System Zablokováno Příchozí UDP 213.64.152.139 23767 192.168.2.2 57221
2011-01-02 00:23:12 Windows Operating System Zablokováno Příchozí UDP 82.228.51.175 57246 192.168.2.2 57221
2011-01-02 00:23:31 Windows Operating System Zablokováno Příchozí UDP 46.12.140.51 10962 192.168.2.2 57221
2011-01-02 00:23:48 Windows Operating System Zablokováno Příchozí UDP 62.74.117.97 7637 192.168.2.2 57221
2011-01-02 00:24:05 Windows Operating System Zablokováno Příchozí UDP 94.21.38.107 61042 192.168.2.2 57221
2011-01-02 00:24:08 Windows Operating System Zablokováno Příchozí UDP 125.197.49.58 4191 192.168.2.2 57221
2011-01-02 00:24:49 Windows Operating System Zablokováno Příchozí UDP 93.172.131.178 31419 192.168.2.2 57221
2011-01-02 00:24:54 Windows Operating System Zablokováno Příchozí UDP 178.49.253.41 33150 192.168.2.2 57221
2011-01-02 00:24:58 Windows Operating System Zablokováno Příchozí UDP 178.165.60.7 12384 192.168.2.2 57221
2011-01-02 00:25:25 Windows Operating System Zablokováno Příchozí UDP 86.124.215.160 57290 192.168.2.2 57221
2011-01-02 00:25:29 Windows Operating System Zablokováno Příchozí UDP 183.83.39.168 52524 192.168.2.2 57221
2011-01-02 00:25:45 Windows Operating System Zablokováno Příchozí UDP 189.4.161.78 41850 192.168.2.2 57221
2011-01-02 00:25:46 Windows Operating System Zablokováno Příchozí UDP 109.61.39.2 52413 192.168.2.2 57221
2011-01-02 00:25:49 Windows Operating System Zablokováno Příchozí UDP 75.76.237.77 62048 192.168.2.2 57221
2011-01-02 00:25:58 Windows Operating System Zablokováno Příchozí UDP 216.41.199.168 34160 192.168.2.2 57221
2011-01-02 00:26:12 Windows Operating System Zablokováno Příchozí UDP 188.216.115.24 10922 192.168.2.2 57221
2011-01-02 00:26:26 Windows Operating System Zablokováno Příchozí UDP 85.53.64.107 3305 192.168.2.2 57221
2011-01-02 00:26:39 Windows Operating System Zablokováno Příchozí UDP 78.23.46.214 50692 192.168.2.2 57221
2011-01-02 00:26:41 Windows Operating System Zablokováno Příchozí UDP 189.81.104.137 65029 192.168.2.2 57221
2011-01-02 00:26:50 Windows Operating System Zablokováno Příchozí UDP 189.81.104.137 65029 192.168.2.2 57221
2011-01-02 00:26:53 Windows Operating System Zablokováno Příchozí UDP 80.171.100.126 15345 192.168.2.2 57221
2011-01-02 00:26:59 Windows Operating System Zablokováno Příchozí UDP 86.20.189.54 25916 192.168.2.2 57221
2011-01-02 00:27:21 Windows Operating System Zablokováno Příchozí UDP 94.143.44.18 6774 192.168.2.2 57221
2011-01-02 00:27:57 Windows Operating System Zablokováno Příchozí UDP 65.11.119.56 31943 192.168.2.2 57221
2011-01-02 00:28:01 Windows Operating System Zablokováno Příchozí UDP 82.236.238.140 4 192.168.2.2 57221
2011-01-02 00:28:04 Windows Operating System Zablokováno Příchozí UDP 217.155.199.55 62365 192.168.2.2 57221
2011-01-02 00:28:18 Windows Operating System Zablokováno Příchozí UDP 173.64.190.72 5821 192.168.2.2 57221
2011-01-02 00:28:20 Windows Operating System Zablokováno Příchozí UDP 79.33.61.134 21616 192.168.2.2 57221
2011-01-02 00:28:34 Windows Operating System Zablokováno Příchozí UDP 84.3.236.128 33079 192.168.2.2 57221
2011-01-02 00:28:35 Windows Operating System Zablokováno Příchozí UDP 92.115.46.64 21834 192.168.2.2 57221
2011-01-02 00:28:44 Windows Operating System Zablokováno Příchozí UDP 92.112.174.51 21315 192.168.2.2 57221
2011-01-02 00:28:58 Windows Operating System Zablokováno Příchozí UDP 79.113.210.86 52975 192.168.2.2 57221
2011-01-02 00:29:51 Windows Operating System Zablokováno Příchozí UDP 69.85.237.242 41982 192.168.2.2 57221
2011-01-02 00:29:52 Windows Operating System Zablokováno Příchozí UDP 122.254.32.71 34955 192.168.2.2 57221
2011-01-02 00:30:25 Windows Operating System Zablokováno Příchozí UDP 79.118.117.117 52309 192.168.2.2 57221
2011-01-02 00:30:39 Windows Operating System Zablokováno Příchozí UDP 194.28.71.138 11657 192.168.2.2 57221
2011-01-02 00:31:09 Windows Operating System Zablokováno Příchozí UDP 91.124.44.239 64206 192.168.2.2 57221
2011-01-02 00:31:21 Windows Operating System Zablokováno Příchozí UDP 87.242.7.167 10886 192.168.2.2 57221
2011-01-02 00:31:30 Windows Operating System Zablokováno Příchozí UDP 69.209.201.146 55591 192.168.2.2 57221
2011-01-02 00:31:43 Windows Operating System Zablokováno Příchozí UDP 174.1.104.220 30641 192.168.2.2 57221
2011-01-02 00:31:57 Windows Operating System Zablokováno Příchozí UDP 74.47.9.137 55021 192.168.2.2 57221
2011-01-02 00:32:41 Windows Operating System Zablokováno Příchozí UDP 118.173.60.240 14640 192.168.2.2 57221
2011-01-02 00:33:03 Windows Operating System Zablokováno Příchozí UDP 95.61.224.160 45112 192.168.2.2 57221
2011-01-02 00:33:05 Windows Operating System Zablokováno Příchozí UDP 99.110.12.7 15517 192.168.2.2 57221
2011-01-02 00:33:14 Windows Operating System Zablokováno Příchozí UDP 96.55.192.46 26498 192.168.2.2 57221
2011-01-02 00:33:18 Windows Operating System Zablokováno Příchozí UDP 70.26.123.76 5807 192.168.2.2 57221
2011-01-02 00:33:52 Windows Operating System Zablokováno Příchozí UDP 83.205.157.126 4287 192.168.2.2 57221
2011-01-02 00:34:06 Windows Operating System Zablokováno Příchozí UDP 190.7.195.170 4326 192.168.2.2 57221
2011-01-02 00:34:37 Windows Operating System Zablokováno Příchozí UDP 77.90.72.231 118 192.168.2.2 57221
2011-01-02 00:34:56 Windows Operating System Zablokováno Příchozí UDP 77.77.36.131 58006 192.168.2.2 57221
2011-01-02 00:35:02 Windows Operating System Zablokováno Příchozí UDP 90.229.247.235 52050 192.168.2.2 57221
2011-01-02 00:35:25 Windows Operating System Zablokováno Příchozí UDP 88.199.82.4 29880 192.168.2.2 57221
2011-01-02 00:36:02 Windows Operating System Zablokováno Příchozí UDP 93.86.187.53 1326 192.168.2.2 57221
2011-01-02 00:36:10 Windows Operating System Zablokováno Příchozí UDP 173.51.152.146 9322 192.168.2.2 57221
2011-01-02 00:36:23 Windows Operating System Zablokováno Příchozí UDP 41.232.127.89 59474 192.168.2.2 57221
2011-01-02 00:36:43 Windows Operating System Zablokováno Příchozí UDP 91.143.56.207 20031 192.168.2.2 57221
2011-01-02 00:36:48 Windows Operating System Zablokováno Příchozí UDP 124.103.159.152 51882 192.168.2.2 57221
2011-01-02 00:36:51 Windows Operating System Zablokováno Příchozí UDP 95.96.100.51 35982 192.168.2.2 57221
2011-01-02 00:37:07 Windows Operating System Zablokováno Příchozí UDP 178.176.67.193 40259 192.168.2.2 57221
2011-01-02 00:37:43 Windows Operating System Zablokováno Příchozí UDP 95.8.242.154 37519 192.168.2.2 57221
2011-01-02 00:38:15 Windows Operating System Zablokováno Příchozí UDP 94.59.118.195 50419 192.168.2.2 57221
2011-01-02 00:38:28 Windows Operating System Zablokováno Příchozí UDP 72.174.252.29 55117 192.168.2.2 57221
2011-01-02 00:38:38 Windows Operating System Zablokováno Příchozí UDP 178.49.253.41 26562 192.168.2.2 57221
2011-01-02 00:38:46 Windows Operating System Zablokováno Příchozí UDP 95.72.197.9 6054 192.168.2.2 57221
2011-01-02 00:39:00 Windows Operating System Zablokováno Příchozí UDP 217.137.152.40 59741 192.168.2.2 57221
2011-01-02 00:39:38 Windows Operating System Zablokováno Příchozí UDP 207.6.45.175 40371 192.168.2.2 57221
2011-01-02 00:40:04 Windows Operating System Zablokováno Příchozí UDP 91.154.73.117 33339 192.168.2.2 57221
2011-01-02 00:40:11 Windows Operating System Zablokováno Příchozí UDP 121.54.46.51 61493 192.168.2.2 57221
2011-01-02 00:40:15 Windows Operating System Zablokováno Příchozí UDP 124.171.182.3 2231 192.168.2.2 57221
2011-01-02 00:40:17 Windows Operating System Zablokováno Příchozí UDP 71.86.65.70 24554 192.168.2.2 57221
2011-01-02 00:40:19 Windows Operating System Zablokováno Příchozí UDP 121.45.95.136 25959 192.168.2.2 57221
2011-01-02 00:40:28 Windows Operating System Zablokováno Příchozí UDP 74.216.83.2 34806 192.168.2.2 57221
2011-01-02 00:40:30 Windows Operating System Zablokováno Příchozí UDP 189.81.104.137 65029 192.168.2.2 57221
2011-01-02 00:40:34 Windows Operating System Zablokováno Příchozí UDP 91.205.239.74 6364 192.168.2.2 57221
2011-01-02 00:40:37 Windows Operating System Zablokováno Příchozí UDP 46.36.75.189 10596 192.168.2.2 57221
2011-01-02 00:41:02 Windows Operating System Zablokováno Příchozí UDP 75.131.215.220 16829 192.168.2.2 57221
2011-01-02 00:41:19 Windows Operating System Zablokováno Příchozí UDP 189.58.72.40 4903 192.168.2.2 57221
2011-01-02 00:41:21 Windows Operating System Zablokováno Příchozí UDP 91.144.154.23 21453 192.168.2.2 57221
2011-01-02 00:41:25 Windows Operating System Zablokováno Příchozí UDP 200.120.139.14 16689 192.168.2.2 57221
2011-01-02 00:41:27 Windows Operating System Zablokováno Příchozí UDP 115.99.35.42 58544 192.168.2.2 57221
2011-01-02 00:41:31 Windows Operating System Zablokováno Příchozí UDP 216.252.91.182 49607 192.168.2.2 57221
2011-01-02 00:42:23 Windows Operating System Zablokováno Příchozí UDP 90.50.49.143 63961 192.168.2.2 57221
2011-01-02 00:42:24 Windows Operating System Zablokováno Příchozí UDP 85.118.193.144 61961 192.168.2.2 57221
2011-01-02 00:42:33 Windows Operating System Zablokováno Příchozí UDP 99.73.209.12 12275 192.168.2.2 57221
2011-01-02 00:43:12 Windows Operating System Zablokováno Příchozí UDP 86.58.41.96 150 192.168.2.2 57221
2011-01-02 00:43:34 Windows Operating System Zablokováno Příchozí UDP 124.186.84.47 22210 192.168.2.2 57221
2011-01-02 00:43:52 Windows Operating System Zablokováno Příchozí UDP 71.173.117.154 55491 192.168.2.2 57221
2011-01-02 00:44:03 Windows Operating System Zablokováno Příchozí UDP 2.80.91.204 52819 192.168.2.2 57221
2011-01-02 00:44:19 Windows Operating System Zablokováno Příchozí UDP 86.44.203.45 58532 192.168.2.2 57221
2011-01-02 00:44:27 Windows Operating System Zablokováno Příchozí UDP 72.27.163.120 49273 192.168.2.2 57221
2011-01-02 00:44:44 Windows Operating System Zablokováno Příchozí UDP 99.74.35.12 8370 192.168.2.2 57221
2011-01-02 00:45:01 Windows Operating System Zablokováno Příchozí UDP 69.209.201.146 55591 192.168.2.2 57221
2011-01-02 00:45:12 Windows Operating System Zablokováno Příchozí UDP 83.216.111.61 35054 192.168.2.2 57221
2011-01-02 00:45:19 Windows Operating System Zablokováno Příchozí UDP 112.149.187.226 48068 192.168.2.2 57221
2011-01-02 00:45:23 Windows Operating System Zablokováno Příchozí UDP 188.81.143.11 24827 192.168.2.2 57221
2011-01-02 00:45:42 Windows Operating System Zablokováno Příchozí UDP 121.127.23.14 29995 192.168.2.2 57221
2011-01-02 00:45:50 Windows Operating System Zablokováno Příchozí UDP 88.164.123.186 35771 192.168.2.2 57221
2011-01-02 00:45:52 Windows Operating System Zablokováno Příchozí UDP 122.254.32.71 34955 192.168.2.2 57221
2011-01-02 00:46:10 Windows Operating System Zablokováno Příchozí UDP 62.238.85.27 57882 192.168.2.2 57221
2011-01-02 00:46:50 Windows Operating System Zablokováno Příchozí UDP 94.242.19.27 13444 192.168.2.2 57221
2011-01-02 00:46:53 Windows Operating System Zablokováno Příchozí UDP 80.185.228.248 4 192.168.2.2 57221
2011-01-02 00:47:02 Windows Operating System Zablokováno Příchozí UDP 71.185.52.26 58947 192.168.2.2 57221
2011-01-02 00:47:06 Windows Operating System Zablokováno Příchozí UDP 187.59.166.222 42337 192.168.2.2 57221
2011-01-02 00:47:25 Windows Operating System Zablokováno Příchozí UDP 79.169.29.77 20917 192.168.2.2 57221
2011-01-02 00:47:41 Windows Operating System Zablokováno Příchozí UDP 94.66.188.15 61538 192.168.2.2 57221
2011-01-02 00:47:51 Windows Operating System Zablokováno Příchozí UDP 69.159.66.37 37219 192.168.2.2 57221
2011-01-02 00:48:19 Windows Operating System Zablokováno Příchozí UDP 86.164.233.28 64318 192.168.2.2 57221
2011-01-02 00:48:34 Windows Operating System Zablokováno Příchozí UDP 86.100.74.50 50239 192.168.2.2 57221
2011-01-02 00:48:51 Windows Operating System Zablokováno Příchozí UDP 90.157.159.61 61847 192.168.2.2 57221
2011-01-02 00:49:03 Windows Operating System Zablokováno Příchozí UDP 93.109.38.238 16350 192.168.2.2 57221
2011-01-02 00:49:23 Windows Operating System Zablokováno Příchozí UDP 121.130.182.157 13449 192.168.2.2 57221
2011-01-02 00:49:27 Windows Operating System Zablokováno Příchozí UDP 75.222.29.85 40846 192.168.2.2 57221
2011-01-02 00:49:52 Windows Operating System Zablokováno Příchozí UDP 88.27.221.182 21135 192.168.2.2 57221
2011-01-02 00:51:01 Windows Operating System Zablokováno Příchozí UDP 111.251.177.175 45436 192.168.2.2 57221
2011-01-02 00:51:02 Windows Operating System Zablokováno Příchozí UDP 204.237.105.74 62253 192.168.2.2 57221
2011-01-02 00:51:06 Windows Operating System Zablokováno Příchozí UDP 187.27.44.205 37251 192.168.2.2 57221
2011-01-02 00:51:08 Windows Operating System Zablokováno Příchozí UDP 212.198.88.237 18926 192.168.2.2 57221
2011-01-02 00:51:14 Windows Operating System Zablokováno Příchozí UDP 83.23.207.56 41396 192.168.2.2 57221
2011-01-02 00:51:22 Windows Operating System Zablokováno Příchozí UDP 81.96.105.238 43061 192.168.2.2 57221
2011-01-02 00:51:28 Windows Operating System Zablokováno Příchozí UDP 109.87.204.164 3879 192.168.2.2 57221
2011-01-02 00:52:09 Windows Operating System Zablokováno Příchozí UDP 87.254.146.1 34621 192.168.2.2 57221
2011-01-02 00:52:12 Windows Operating System Zablokováno Příchozí UDP 178.49.253.41 57113 192.168.2.2 57221
2011-01-02 00:52:26 Windows Operating System Zablokováno Příchozí UDP 24.79.15.177 3406 192.168.2.2 57221
2011-01-02 00:52:29 Windows Operating System Zablokováno Příchozí UDP 72.186.30.62 12263 192.168.2.2 57221
2011-01-02 00:52:30 Windows Operating System Zablokováno Příchozí UDP 95.8.242.154 37519 192.168.2.2 57221
2011-01-02 00:52:47 Windows Operating System Zablokováno Příchozí UDP 208.116.56.22 24337 192.168.2.2 14019
2011-01-02 00:53:07 Windows Operating System Zablokováno Příchozí UDP 79.118.117.117 52309 192.168.2.2 57221
2011-01-02 00:53:23 Windows Operating System Zablokováno Příchozí UDP 195.216.173.151 22990 192.168.2.2 57221
2011-01-02 00:53:51 Windows Operating System Zablokováno Příchozí UDP 71.86.65.70 24554 192.168.2.2 57221
2011-01-02 00:54:38 Windows Operating System Zablokováno Příchozí UDP 87.52.17.85 56372 192.168.2.2 57221
2011-01-02 00:55:15 Windows Operating System Zablokováno Příchozí UDP 190.44.239.0 12292 192.168.2.2 57221
2011-01-02 00:55:19 Windows Operating System Zablokováno Příchozí UDP 89.13.208.124 24920 192.168.2.2 57221
2011-01-02 00:55:31 Windows Operating System Zablokováno Příchozí UDP 24.56.254.152 3175 192.168.2.2 57221
2011-01-02 00:55:53 Windows Operating System Zablokováno Příchozí UDP 151.83.39.35 42595 192.168.2.2 57221
2011-01-02 00:56:54 Windows Operating System Zablokováno Příchozí UDP 76.23.79.72 35529 192.168.2.2 57221
2011-01-02 00:57:12 Windows Operating System Zablokováno Příchozí UDP 203.88.178.99 16066 192.168.2.2 57221
2011-01-02 00:57:17 Windows Operating System Zablokováno Příchozí UDP 193.33.33.135 37885 192.168.2.2 57221
2011-01-02 00:57:45 Windows Operating System Zablokováno Příchozí UDP 109.61.39.2 52413 192.168.2.2 57221
2011-01-02 00:57:56 Windows Operating System Zablokováno Příchozí UDP 189.111.16.140 42457 192.168.2.2 57221
2011-01-02 00:58:02 Windows Operating System Zablokováno Příchozí UDP 71.232.41.239 21498 192.168.2.2 57221
2011-01-02 00:58:08 Windows Operating System Zablokováno Příchozí UDP 217.30.66.186 15702 192.168.2.2 57221
2011-01-02 00:58:15 Windows Operating System Zablokováno Příchozí UDP 94.197.14.61 43387 192.168.2.2 57221
2011-01-02 00:58:32 Windows Operating System Zablokováno Příchozí UDP 99.254.24.163 39403 192.168.2.2 57221
2011-01-02 00:58:38 Windows Operating System Zablokováno Příchozí UDP 87.185.165.67 58394 192.168.2.2 57221
2011-01-02 00:58:56 Windows Operating System Zablokováno Příchozí UDP 95.68.103.155 56156 192.168.2.2 57221
2011-01-02 00:59:02 Windows Operating System Zablokováno Příchozí UDP 91.184.213.176 51188 192.168.2.2 57221
2011-01-02 00:59:04 Windows Operating System Zablokováno Příchozí UDP 76.67.7.121 34886 192.168.2.2 57221
2011-01-02 00:59:09 Windows Operating System Zablokováno Příchozí UDP 76.67.7.121 34886 192.168.2.2 57221
2011-01-02 00:59:10 Windows Operating System Zablokováno Příchozí UDP 85.180.150.38 60884 192.168.2.2 57221
2011-01-02 00:59:14 Windows Operating System Zablokováno Příchozí UDP 76.168.235.229 51094 192.168.2.2 57221
2011-01-02 00:59:18 Windows Operating System Zablokováno Příchozí UDP 74.235.229.243 38389 192.168.2.2 57221
2011-01-02 00:59:55 Windows Operating System Zablokováno Příchozí UDP 156.34.73.40 34939 192.168.2.2 57221
2011-01-02 01:00:52 Windows Operating System Zablokováno Příchozí UDP 94.194.10.202 61139 192.168.2.2 57221
2011-01-02 01:01:17 Windows Operating System Zablokováno Příchozí UDP 86.26.163.179 44351 192.168.2.2 57221
2011-01-02 01:01:23 Windows Operating System Zablokováno Příchozí UDP 188.55.125.80 19844 192.168.2.2 57221
2011-01-02 01:02:05 Windows Operating System Zablokováno Příchozí UDP 195.139.197.254 40665 192.168.2.2 57221
2011-01-02 01:02:10 Windows Operating System Zablokováno Příchozí UDP 90.29.138.252 26850 192.168.2.2 57221
2011-01-02 01:02:27 Windows Operating System Zablokováno Příchozí UDP 93.124.142.210 21090 192.168.2.2 57221
2011-01-02 01:02:52 Windows Operating System Zablokováno Příchozí UDP 69.251.61.63 58731 192.168.2.2 57221
2011-01-02 01:03:01 Windows Operating System Zablokováno Příchozí UDP 194.242.14.211 31323 192.168.2.2 57221
2011-01-02 01:03:08 Windows Operating System Zablokováno Příchozí UDP 95.29.94.3 57726 192.168.2.2 57221
2011-01-02 01:03:13 Windows Operating System Zablokováno Příchozí UDP 95.16.147.92 34728 192.168.2.2 57221
2011-01-02 01:03:50 Windows Operating System Zablokováno Příchozí UDP 98.223.69.77 34812 192.168.2.2 57221
2011-01-02 01:03:53 Windows Operating System Zablokováno Příchozí UDP 89.41.108.232 37756 192.168.2.2 57221
2011-01-02 01:04:19 Windows Operating System Zablokováno Příchozí UDP 178.94.5.17 51160 192.168.2.2 57221
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Podivná aktivita site

#2 Příspěvek od motji »

Dobré ranko :)
To je nářez :D a samé cizokrajné země :D .
Ty utoky jsou jen v určitou hodinu, nebo je máte i teď? Hlavně nevypínejte comodo, když to blokuje,jedině dobře. :)

:arrow: Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
raskar89
Návštěvník
Návštěvník
Příspěvky: 246
Registrován: 21 kvě 2010 19:08

Re: Podivná aktivita site

#3 Příspěvek od raskar89 »

Mockrat vam dekuji, no..ted to neni, ale zapl jsem pc teprve pred chvili, mozna to zase zacne, uvidime. V kazdem pripade jsem tady pred par dny resil problem, kdy mne byl nalezen tronaj backdoor, ktery byl odstranen pres CF. Bohuzel i po odstraneni mam porad upload 208B kazdou 2.sekundu. Toto comodo neblokuje bohuzel. To taky neni asi normalni tak casto neco uploadovat.

OTL logfile created on: 2.1.2011 9:45:29 - Run 1
OTL by OldTimer - Version 3.2.20.0 Folder = C:\Users\Eduard\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 52,17 Gb Free Space | 44,81% Space Free | Partition Type: NTFS
Drive D: | 108,63 Gb Total Space | 33,59 Gb Free Space | 30,92% Space Free | Partition Type: NTFS
Drive F: | 1,89 Gb Total Space | 1,68 Gb Free Space | 88,86% Space Free | Partition Type: FAT

Computer Name: EDUARD-PC | User Name: Eduard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.01.02 09:43:53 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Eduard\Desktop\OTL.exe
PRC - [2010.12.31 21:06:35 | 003,395,600 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.12.31 21:06:34 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.12.21 13:04:30 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010.12.10 01:45:04 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.09.10 23:41:42 | 001,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010.09.10 23:41:20 | 002,500,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010.09.07 01:21:16 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008.05.16 03:01:30 | 013,496,320 | ---- | M] (Salaat Time - www.salaattime.com) -- C:\Program Files\Salaat Time\SalaatTime.exe
PRC - [2008.01.15 04:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.12.26 13:38:32 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2007.11.30 10:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.11.28 16:39:42 | 002,465,792 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.11.28 16:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007.11.04 18:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.02 20:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe
PRC - [2007.09.26 10:24:12 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
PRC - [2007.08.31 16:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.08.15 10:38:30 | 000,147,456 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007.08.15 10:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.07 23:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.07.10 09:59:56 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.06.01 10:00:20 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007.06.01 09:41:30 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006.12.20 22:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2005.07.06 14:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe


========== Modules (SafeList) ==========

MOD - [2011.01.02 09:43:53 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Eduard\Desktop\OTL.exe
MOD - [2010.12.31 21:06:33 | 000,187,144 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010.09.10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.12.31 21:06:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.12.21 13:04:30 | 000,987,704 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010.12.21 13:04:30 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.09.10 23:41:42 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010.09.07 00:37:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) Protokol PNRP (Peer Name Resolution Protocol)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalační program ovládacích prvků ActiveX (AxInstSV)
SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2007.10.02 20:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007.08.07 23:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.06.01 10:00:20 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007.06.01 09:41:30 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Eduard\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\DRIVERS\90463701.sys -- (90463701)
DRV - [2010.12.31 21:00:18 | 000,293,968 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.12.31 20:59:23 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.12.31 20:56:49 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.12.31 20:56:37 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.12.31 20:56:27 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.12.05 23:37:34 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.09.10 23:40:42 | 000,078,504 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2010.09.10 23:40:40 | 000,236,088 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010.09.10 23:40:40 | 000,030,112 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010.09.07 01:18:47 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.05.10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.09.28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.09.01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.07.01 23:59:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.05.05 11:15:58 | 001,095,808 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.15 12:19:04 | 002,047,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.12.06 11:12:48 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.10.01 07:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.09.29 16:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007.09.26 14:03:42 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby)
DRV - [2007.09.26 12:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Ovladač adaptéru Intel(R)
DRV - [2007.08.08 19:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.07.30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 09:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.24 10:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.06.20 12:49:06 | 000,049,664 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.04.11 17:18:34 | 000,048,000 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.02.07 12:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\JGOGO.sys -- (JGOGO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2413461409-2882023136-2989487530-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2413461409-2882023136-2989487530-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2413461409-2882023136-2989487530-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8118

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "WebHledani"
FF - prefs.js..browser.startup.homepage: "http://news.google.cz/nwshp?hl=cs&tab=wn"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.8.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: azan-times@hamid.net:1.1.4
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c85cd47 ... &lng=cs&q="
FF - prefs.js..network.proxy.backup.ftp: "localhost"
FF - prefs.js..network.proxy.backup.ftp_port: 8118
FF - prefs.js..network.proxy.backup.gopher: "localhost"
FF - prefs.js..network.proxy.backup.gopher_port: 8118
FF - prefs.js..network.proxy.backup.socks: "localhost"
FF - prefs.js..network.proxy.backup.socks_port: 8118
FF - prefs.js..network.proxy.backup.ssl: "localhost"
FF - prefs.js..network.proxy.backup.ssl_port: 8118
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 8118
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 8118
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 8118
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.20 15:44:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.24 22:35:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.24 22:35:40 | 000,000,000 | ---D | M]

[2010.09.15 13:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eduard\AppData\Roaming\mozilla\Extensions
[2010.09.15 13:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eduard\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.01.01 18:30:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eduard\AppData\Roaming\mozilla\Firefox\Profiles\v7lyw48u.default\extensions
[2010.09.07 01:23:23 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\Eduard\AppData\Roaming\mozilla\Firefox\Profiles\v7lyw48u.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2010.12.15 10:17:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Eduard\AppData\Roaming\mozilla\Firefox\Profiles\v7lyw48u.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.09.07 01:23:23 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Eduard\AppData\Roaming\mozilla\Firefox\Profiles\v7lyw48u.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.12.28 15:07:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Eduard\AppData\Roaming\mozilla\Firefox\Profiles\v7lyw48u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.07 19:45:39 | 000,000,000 | ---D | M] ("Pray Times!") -- C:\Users\Eduard\AppData\Roaming\mozilla\Firefox\Profiles\v7lyw48u.default\extensions\azan-times@hamid.net
[2011.01.01 16:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.07 19:31:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.14 12:21:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.01 16:38:13 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.09.20 15:44:05 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010.10.14 12:21:02 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.08 12:34:27 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.09.08 12:34:27 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.09.08 12:34:27 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.09.08 12:34:27 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.09.08 12:34:27 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.12.30 11:01:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\P4P\P4P.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKU\S-1-5-21-2413461409-2882023136-2989487530-1001..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe (Salaat Time - www.salaattime.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2413461409-2882023136-2989487530-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2413461409-2882023136-2989487530-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2413461409-2882023136-2989487530-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2413461409-2882023136-2989487530-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2413461409-2882023136-2989487530-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2413461409-2882023136-2989487530-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)


========== Files/Folders - Created Within 30 Days ==========

[2011.01.02 09:43:46 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Eduard\Desktop\OTL.exe
[2011.01.01 20:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.01.01 20:22:25 | 000,000,000 | ---D | C] -- C:\Users\Eduard\Desktop\Nová složka (3)
[2011.01.01 18:25:14 | 000,293,968 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.01.01 18:25:14 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.01.01 18:25:14 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.01.01 18:25:14 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.01.01 18:25:14 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.01.01 18:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.01.01 18:25:06 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.01.01 18:25:06 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.01.01 18:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011.01.01 18:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011.01.01 18:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010.12.30 13:38:47 | 000,000,000 | ---D | C] -- C:\Users\Eduard\Desktop\iphone filmy
[2010.12.30 13:35:48 | 000,000,000 | ---D | C] -- C:\Temp
[2010.12.30 13:33:56 | 000,000,000 | ---D | C] -- C:\Users\Eduard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winnydows
[2010.12.30 13:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winnydows
[2010.12.30 13:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\Winnydows
[2010.12.30 11:03:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.12.30 11:03:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\temp
[2010.12.30 10:54:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.12.29 00:14:23 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2010.12.29 00:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2010.12.29 00:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010.12.29 00:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2010.12.28 23:28:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.12.28 23:28:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.12.28 23:28:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.12.28 23:28:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.12.27 21:37:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.12.27 13:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010.12.26 10:47:48 | 000,000,000 | ---D | C] -- C:\Users\Eduard\AppData\Local\Secunia PSI
[2010.12.24 22:37:03 | 000,000,000 | ---D | C] -- C:\Users\Eduard\AppData\Roaming\Apple Computer
[2010.12.24 22:37:03 | 000,000,000 | ---D | C] -- C:\Users\Eduard\AppData\Local\Apple Computer
[2010.12.24 22:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2010.12.24 22:36:45 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010.12.24 22:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.12.24 22:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.12.24 22:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.12.24 22:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2010.12.24 22:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.12.24 22:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.12.24 22:35:20 | 000,000,000 | ---D | C] -- C:\Users\Eduard\AppData\Local\Apple
[2010.12.24 22:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.12.24 22:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.12.24 22:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.12.24 22:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.12.24 00:39:46 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.12.24 00:36:53 | 000,000,000 | ---D | C] -- C:\Users\Eduard\AppData\Local\Sunbelt Software
[2010.12.17 18:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
[2010.12.17 18:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack
[2010.12.17 01:18:53 | 000,000,000 | ---D | C] -- C:\Users\Eduard\Desktop\film
[2010.12.15 10:30:07 | 000,000,000 | ---D | C] -- C:\4581386463297300e3bd92ebac10
[2010.12.15 10:29:31 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2010.12.15 10:29:31 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 10:29:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.15 10:29:26 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 10:29:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 10:29:25 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.15 10:29:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.15 10:29:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.15 10:29:23 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.15 10:29:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.15 10:29:23 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.15 10:29:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.15 10:29:23 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.15 10:29:23 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.15 10:29:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.15 10:29:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.15 10:29:22 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 10:29:22 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 10:29:22 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 10:29:22 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010.12.15 10:29:21 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.13 23:12:32 | 000,000,000 | ---D | C] -- C:\Users\Eduard\Desktop\Blaulicht
[2010.12.06 00:37:05 | 000,000,000 | ---D | C] -- C:\Users\Eduard\AppData\Roaming\Leadertech
[2010.12.06 00:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames Interactive
[2010.12.05 23:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.12.04 17:56:42 | 000,000,000 | ---D | C] -- C:\Users\Eduard\AppData\Roaming\DAEMON Tools Lite
[2010.12.04 17:47:22 | 000,000,000 | ---D | C] -- C:\Users\Eduard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2010.09.07 00:55:15 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2011.01.02 09:45:36 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.02 09:45:36 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.02 09:43:53 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Eduard\Desktop\OTL.exe
[2011.01.02 09:42:29 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2413461409-2882023136-2989487530-1001UA.job
[2011.01.02 09:42:29 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.02 09:42:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.02 02:49:32 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.02 02:48:40 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.02 02:43:44 | 000,137,428 | ---- | M] () -- C:\Users\Eduard\Desktop\1.htm
[2011.01.02 02:36:08 | 000,049,152 | ---- | M] () -- C:\Users\Eduard\Desktop\eseje.doc
[2011.01.02 02:34:00 | 000,027,397 | ---- | M] () -- C:\Users\Eduard\Desktop\eseje.docx
[2011.01.02 01:05:16 | 1070,784,704 | ---- | M] () -- C:\Users\Eduard\Desktop\Fahrenheit 911_cz_tit .avi
[2011.01.01 18:39:41 | 000,000,033 | ---- | M] () -- C:\ATKPF.ini
[2011.01.01 18:39:36 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.01.01 18:25:14 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.01.01 17:16:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2413461409-2882023136-2989487530-1001Core.job
[2010.12.31 21:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.12.31 21:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010.12.31 21:00:18 | 000,293,968 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.12.31 20:59:23 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.12.31 20:56:49 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.12.31 20:56:37 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.12.31 20:56:27 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.12.30 17:15:12 | 000,056,404 | ---- | M] () -- C:\Users\Eduard\Desktop\m.t.30.12.2010.jpg
[2010.12.30 17:00:36 | 000,023,830 | ---- | M] () -- C:\Users\Eduard\Desktop\35615_1533011647191_1291775638_31282732_7657765_n.jpg
[2010.12.30 13:33:56 | 000,001,121 | ---- | M] () -- C:\Users\Eduard\Desktop\XviD4PSP 5.0.lnk
[2010.12.30 11:01:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.12.30 10:56:41 | 000,001,192 | ---- | M] () -- C:\CF-Submit.htm
[2010.12.28 20:40:42 | 000,000,534 | ---- | M] () -- C:\Windows\eReg.dat
[2010.12.28 20:36:40 | 000,631,292 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.12.28 20:36:40 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.28 20:36:40 | 000,121,914 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.12.28 20:36:40 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.25 15:49:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.12.25 11:10:46 | 000,007,613 | ---- | M] () -- C:\Users\Eduard\AppData\Local\Resmon.ResmonCfg
[2010.12.24 16:38:13 | 004,895,624 | ---- | M] () -- C:\Users\Eduard\Desktop\nas.flv
[2010.12.24 16:36:10 | 002,646,960 | ---- | M] () -- C:\Users\Eduard\Desktop\ichlas.flv
[2010.12.24 00:39:46 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.16 17:46:20 | 000,018,432 | ---- | M] () -- C:\Users\Eduard\Desktop\B-35-18.docx
[2010.12.16 01:28:16 | 000,427,737 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101223-224442.backup
[2010.12.15 14:27:20 | 000,309,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.08 01:10:07 | 000,426,705 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101216-012816.backup
[2010.12.05 23:37:34 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010.12.04 17:46:47 | 000,000,000 | ---- | M] () -- C:\Windows\PowerReg.dat

========== Files Created - No Company Name ==========

[2011.01.02 02:43:44 | 000,137,428 | ---- | C] () -- C:\Users\Eduard\Desktop\1.htm
[2011.01.02 02:36:08 | 000,049,152 | ---- | C] () -- C:\Users\Eduard\Desktop\eseje.doc
[2011.01.01 23:05:50 | 1070,784,704 | ---- | C] () -- C:\Users\Eduard\Desktop\Fahrenheit 911_cz_tit .avi
[2011.01.01 16:24:33 | 000,000,033 | ---- | C] () -- C:\ATKPF.ini
[2010.12.30 21:04:57 | 000,027,397 | ---- | C] () -- C:\Users\Eduard\Desktop\eseje.docx
[2010.12.30 17:15:12 | 000,056,404 | ---- | C] () -- C:\Users\Eduard\Desktop\m.t.30.12.2010.jpg
[2010.12.30 17:00:36 | 000,023,830 | ---- | C] () -- C:\Users\Eduard\Desktop\35615_1533011647191_1291775638_31282732_7657765_n.jpg
[2010.12.30 13:33:56 | 000,001,121 | ---- | C] () -- C:\Users\Eduard\Desktop\XviD4PSP 5.0.lnk
[2010.12.30 11:04:48 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010.12.30 10:56:41 | 000,001,192 | ---- | C] () -- C:\CF-Submit.htm
[2010.12.28 23:28:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.12.28 23:28:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.12.28 23:28:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010.12.28 23:28:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.12.28 23:28:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.12.27 13:23:43 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat
[2010.12.25 15:49:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.12.25 11:10:46 | 000,007,613 | ---- | C] () -- C:\Users\Eduard\AppData\Local\Resmon.ResmonCfg
[2010.12.24 16:37:30 | 004,895,624 | ---- | C] () -- C:\Users\Eduard\Desktop\nas.flv
[2010.12.24 16:35:45 | 002,646,960 | ---- | C] () -- C:\Users\Eduard\Desktop\ichlas.flv
[2010.12.18 17:11:57 | 000,000,966 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2413461409-2882023136-2989487530-1001UA.job
[2010.12.18 17:11:56 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2413461409-2882023136-2989487530-1001Core.job
[2010.12.10 01:15:50 | 000,018,432 | ---- | C] () -- C:\Users\Eduard\Desktop\B-35-18.docx
[2010.12.06 22:51:41 | 000,377,856 | ---- | C] () -- C:\Windows\System32\binkw32.dll
[2010.12.04 17:56:59 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.12.04 17:46:47 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010.09.20 15:41:20 | 000,002,511 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.09.19 21:19:39 | 000,000,022 | -HS- | C] () -- C:\Users\Eduard\AppData\Roaming\Sys6925.Config Collection.sys
[2010.09.13 15:47:39 | 000,005,120 | ---- | C] () -- C:\Users\Eduard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.07 01:21:14 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
Nahoru
raskar89
Návštěvník
Návštěvník
Příspěvky: 246
Registrován: 21 kvě 2010 19:08

Re: Podivná aktivita site

#4 Příspěvek od raskar89 »

[2010.09.07 01:07:32 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2010.09.07 01:00:48 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010.09.07 01:00:48 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2010.09.07 00:57:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.09.28 08:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009.07.14 01:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007.06.01 09:58:40 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.08.16 15:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\System32\fftw3.dll

========== LOP Check ==========

[2010.12.06 00:28:28 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\DAEMON Tools Lite
[2010.09.15 21:52:18 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\gnupg
[2010.12.16 18:34:05 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\IrfanView
[2010.12.06 00:37:05 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\Leadertech
[2010.10.22 23:04:42 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\Nokia
[2010.11.06 22:44:23 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\Opera
[2010.10.22 23:04:43 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\PC Suite
[2010.12.16 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\TrueCrypt
[2011.01.01 23:05:18 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\uTorrent
[2009.07.14 05:53:46 | 000,019,436 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
"SalaatTime" = C:\Program Files\Salaat Time\SalaatTime.exe -- [2008.05.16 03:01:30 | 013,496,320 | ---- | M] (Salaat Time - www.salaattime.com)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.09.07 19:16:28 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\Adobe
[2010.12.25 13:44:04 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\Apple Computer
[2010.12.06 00:28:28 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\DAEMON Tools Lite
[2010.09.10 23:41:01 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\dvdcss
[2010.09.15 21:52:18 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\gnupg
[2010.09.20 15:47:19 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\HP
[2010.09.27 18:32:17 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\HpUpdate
[2010.09.07 00:19:42 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\Identities
[2010.09.07 00:48:44 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\InstallShield
[2010.09.07 01:10:23 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\Intel
[2010.12.16 18:34:05 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\IrfanView
[2010.12.06 00:37:05 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\Leadertech
[2010.09.07 01:20:39 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\Macromedia
[2010.09.07 06:31:23 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\Malwarebytes
[2009.07.14 10:19:24 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\Media Center Programs
[2010.12.28 23:25:30 | 000,000,000 | --SD | M] -- C:\Users\Home\AppData\Roaming\Microsoft
[2010.09.07 01:04:18 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\Mozilla
[2010.10.22 23:04:42 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\Nokia
[2010.11.06 22:44:23 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\Opera
[2010.10.22 23:04:43 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\PC Suite
[2010.09.07 20:11:37 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\SUPERAntiSpyware.com
[2010.12.25 20:04:55 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\Tor
[2010.12.16 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\TrueCrypt
[2011.01.01 23:05:18 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\uTorrent
[2010.12.25 20:04:55 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\Vidalia
[2010.12.30 12:26:16 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\vlc
[2010.09.07 06:26:02 | 000,000,000 | ---D | M] -- C:\Users\Eduard\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2010.09.07 01:16:52 | 000,024,894 | R--- | M] () -- C:\Users\Eduard\AppData\Roaming\Microsoft\Installer\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}\_5af141bb.exe


< MD5 for: AGP440.SYS >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CDROM.SYS >
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTOR.SYS >
[2007.09.29 16:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 16:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_633476a5a8eb44de\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\ERDNT\cache\lsass.exe
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.13 17:20:46 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Program Files\Debugging Tools for Windows (x86)\sym\ndis.sys\4A5BBF58b7000\ndis.sys
[2009.07.14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\ERDNT\cache\ndis.sys
[2009.07.14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009.07.14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.06.14 07:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010.06.15 17:25:10 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Program Files\Debugging Tools for Windows (x86)\sym\tcpip.sys\4C15A3DB149000\tcpip.sys
[2010.06.14 07:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\ERDNT\cache\tcpip.sys
[2010.06.14 07:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\System32\drivers\tcpip.sys
[2010.06.14 07:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\ERDNT\cache\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.12.05 23:37:34 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >
[2010.12.31 20:56:27 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.12.31 20:56:37 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.12.31 20:56:49 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.12.31 21:00:18 | 000,293,968 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.12.31 20:59:23 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

< %systemroot%\system32\*.* /3 >
[2011.01.02 09:45:36 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.02 09:45:36 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.01 18:39:36 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.12.31 21:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.01.01 18:25:14 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

< End of report >

OTL Extras logfile created on: 2.1.2011 9:45:29 - Run 1
OTL by OldTimer - Version 3.2.20.0 Folder = C:\Users\Eduard\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 52,17 Gb Free Space | 44,81% Space Free | Partition Type: NTFS
Drive D: | 108,63 Gb Total Space | 33,59 Gb Free Space | 30,92% Space Free | Partition Type: NTFS
Drive F: | 1,89 Gb Total Space | 1,68 Gb Free Space | 88,86% Space Free | Partition Type: FAT

Computer Name: EDUARD-PC | User Name: Eduard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2413461409-2882023136-2989487530-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1407B87C-36E3-4FC1-9051-D08B21E1096F}" = Windows Live Sync
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2396F815-84E0-4353-83D7-8B190556DA42}" = ASUS CopyProtect
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7E5A8023-0E90-4503-A1EA-C9FC25680AF9}" = PS_AIO_03_C4400_Software_Min
"{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}" = HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.1 - Czech
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B1E33614-25CC-4C2A-8CBA-88B51ABF67E0}" = C4400
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"2EFF310ED3BF3BFB24E6CC25AEB5491813E56803" = Balíček ovladače systému Windows - ITE Tech.Inc. (itecir) HIDClass (06/20/2007 5.0.0004.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"jv16 PowerTools 2010" = jv16 PowerTools 2010
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"Polipo" = Polipo 1.0.4.1
"ProInst" = Software Intel(R) PROSet/WirelesstVersion\Uninstall\Polipo
"Salaat Time 2.0 {D91540FA-7A65-4C0B-B475-2936C370EACB}" = Salaat Time 2.0
"Secunia PSI" = Secunia PSI (2.0.0.1003)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tor" = Tor 0.2.1.26
"TrueCrypt" = TrueCrypt
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"uTorrent" = µTorrent
"Vidalia" = Vidalia 0.2.10
"VLC media player" = VLC media player 1.1.5
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XviD4PSP5" = XviD4PSP 5.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30.12.2010 5:56:01 | Computer Name = Eduard-PC | Source = System Restore | ID = 8193
Description =

Error - 30.12.2010 20:09:26 | Computer Name = Eduard-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\Nokia\Nokia PC Suite
7\TIS_Windows7PIM.dll se nezdařilo. Závislé sestavení Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 30.12.2010 20:10:17 | Computer Name = Eduard-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\Windows\ITECIR\x64AMD\DPInst.exe
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 1.1.2011 6:47:24 | Computer Name = Eduard-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: mDNSResponder.exe, verze: 2.0.4.0, časové
razítko: 0x4cae1be1 Název chybujícího modulu: mDNSResponder.exe, verze: 2.0.4.0,
časové razítko: 0x4cae1be1 Kód výjimky: 0xc0000005 Posun chyby: 0x0000110a ID chybujícího
procesu: 0x188 Čas spuštění chybující aplikace: 0x01cba808f6c76d44 Cesta k chybující
aplikaci: C:\Program Files\Bonjour\mDNSResponder.exe Cesta k chybujícímu modulu:
C:\Program Files\Bonjour\mDNSResponder.exe ID zprávy: 843796cf-1594-11e0-bf28-001fc6750ec6

Error - 1.1.2011 8:22:42 | Computer Name = Eduard-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\Nokia\Nokia PC Suite
7\TIS_Windows7PIM.dll se nezdařilo. Závislé sestavení Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 1.1.2011 8:23:31 | Computer Name = Eduard-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\Windows\ITECIR\x64AMD\DPInst.exe
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 1.1.2011 20:16:29 | Computer Name = Eduard-PC | Source = Application Hang | ID = 1002
Description = Program psi.exe verze 2.0.0.1003 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
9e4 Čas spuštění: 01cbaa114aa8b65b Čas ukončení: 23 Cesta k aplikaci: C:\Program Files\Secunia\PSI\psi.exe

ID
hlášení: 88d0e4ef-1605-11e0-93eb-001fc6750ec6

Error - 1.1.2011 21:52:43 | Computer Name = Eduard-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1.1.2011 21:52:43 | Computer Name = Eduard-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15631

Error - 1.1.2011 21:52:43 | Computer Name = Eduard-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15631

[ System Events ]
Error - 30.12.2010 6:03:40 | Computer Name = Eduard-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 30.12.2010 6:03:40 | Computer Name = Eduard-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 30.12.2010 6:03:40 | Computer Name = Eduard-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 30.12.2010 6:03:40 | Computer Name = Eduard-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 30.12.2010 6:03:40 | Computer Name = Eduard-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 30.12.2010 6:03:40 | Computer Name = Eduard-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 30.12.2010 8:21:09 | Computer Name = Eduard-PC | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 1.1.2011 6:47:33 | Computer Name = Eduard-PC | Source = Service Control Manager | ID = 7034
Description = Služba Bonjour Service byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 1.1.2011 20:36:57 | Computer Name = Eduard-PC | Source = Service Control Manager | ID = 7006
Description = Volání ScRegSetValueExW skončilo neúspěšné pro DeleteFlag s touto
chybou: %%5

Error - 1.1.2011 21:49:00 | Computer Name = Eduard-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: 90463701


< End of report >
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Podivná aktivita site

#5 Příspěvek od motji »

:arrow: Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky


:arrow: odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

:arrow: Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC


:arrow: Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe
- spustte,
- potvrdte disabled
-log vložte zde



:arrow: Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

:arrow: stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


:arrow: start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t
ok

:arrow: vytvoří se log s názvem mbr.log, vložte ho zde
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
raskar89
Návštěvník
Návštěvník
Příspěvky: 246
Registrován: 21 kvě 2010 19:08

Re: Podivná aktivita site

#6 Příspěvek od raskar89 »

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:25 on 02/01/2011 (Eduard)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Error disabling (5)


-=E.O.F=-

Automatická kontrola: dokončeno před 1 min. (události: 2, objekty: 248036, čas: 02:21:09)
2.1.2011 23:33:16 Úloha byla spuštěna
3.1.2011 1:54:28 Úloha byla dokončena


daemon tools se nezobrazoval v nainstalovanych, ikdyz nainstalovany byl, kdyz jsem chtel odinstalovat program exe uninstall ve slozce, napsalo comodo ze to zablokoval, protoze mel pretect buffer. odstranil jsem manualne aspon.

gmer nejde spustit. pise load driver C:user/eduard/appdata/local/temp/pwtyypow.sys error 0xC0000160 pristup byl odepren

mbr nejde take spustit, pise ze nemuze nalezt soubor v umisteni, ikdyz je umisteny na plose, tak jak odkazujeme z prikazu ve spustit :-/

SPTD probehlo snad v poradku
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Podivná aktivita site

#7 Příspěvek od motji »

Zkuste gmer spustit v nouzovém režimu :o . Spouštíte ho pod admin. právy?

Ten Mbr.exe zkuste tímto příkazem
"%userprofile%\desktop\mbr" -t
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
raskar89
Návštěvník
Návštěvník
Příspěvky: 246
Registrován: 21 kvě 2010 19:08

Re: Podivná aktivita site

#8 Příspěvek od raskar89 »

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-03 13:18:09
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925082 rev.3.AA
Running: gmer.exe; Driver: C:\Users\Eduard\AppData\Local\Temp\pwtyypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-03 13:36:26
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925082 rev.3.AA
Running: gmer.exe; Driver: C:\Users\Eduard\AppData\Local\Temp\pwtyypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82293599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822B7F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743A2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74385624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743856E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743A250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74398573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74394D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743950CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743951A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [743966D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743982CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74398819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7439907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7439E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74394C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \FileSystem\fastfat \Fat 8D8BD130

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fc6552d49
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fc6552d49@001f005053e8 0x77 0x13 0x40 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x52 0xB9 0xFB 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFD 0x73 0xD2 0x8B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x36 0x72 0x83 0x95 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x07 0x5F 0x2F 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fc6552d49 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fc6552d49@001f005053e8 0x77 0x13 0x40 0xE1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x52 0xB9 0xFB 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFD 0x73 0xD2 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x36 0x72 0x83 0x95 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x07 0x5F 0x2F 0x75 ...

---- EOF - GMER 1.0.15 ----



Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST925082 rev.3.AA -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

device: opened successfully
user: MBR read successfully

Disk trace:
kernel: MBR read successfully
user & kernel MBR OK
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Podivná aktivita site

#9 Příspěvek od motji »

Logy jsou v pořádku, co počítač?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
raskar89
Návštěvník
Návštěvník
Příspěvky: 246
Registrován: 21 kvě 2010 19:08

Re: Podivná aktivita site

#10 Příspěvek od raskar89 »

tech 208B za kazdou druhou sekundu porad trva :(
Nahoru
raskar89
Návštěvník
Návštěvník
Příspěvky: 246
Registrován: 21 kvě 2010 19:08

Re: Podivná aktivita site

#11 Příspěvek od raskar89 »

2011-01-03 13:52:16 Windows Operating System Zablokováno Příchozí UDP 208.116.56.26 24337 192.168.0.197 12000
2011-01-03 13:54:16 Windows Operating System Zablokováno Příchozí UDP 208.116.56.21 24337 192.168.0.197 8655
2011-01-03 13:59:19 Windows Operating System Zablokováno Příchozí UDP 208.116.56.21 24337 192.168.0.197 45273

po zapnuti pc, kolem 13:30 jsem mel 3 zachycene pruniky od comoda. od te doby nic. jen tyto a to vzdy se stejnou IP
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Podivná aktivita site

#12 Příspěvek od motji »

http://en.utrace.de/?query=208.116.56.26+
znáte tu firmu? Blacklist mají čistý :o
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
raskar89
Návštěvník
Návštěvník
Příspěvky: 246
Registrován: 21 kvě 2010 19:08

Re: Podivná aktivita site

#13 Příspěvek od raskar89 »

vubec mne to nic nerika :(

jeste me napadlo, jestli nemuze byt nejaka chyba v tom gadgetu v postranim panelu windows, pouzivam network meter a ten ukazuje porad ty hodnoty, jak jsem o nich psal. Co kdyz neni 100% presny a ta komunikace doopravdy ani neprobiha? v priloze posilam screen
Přílohy
1.jpg
1.jpg (17.64 KiB) Zobrazeno 1870 x
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Podivná aktivita site

#14 Příspěvek od motji »

Používáte Torrenty?Zkuste v nastavení uTorrentu vypnout celé DHT.
Já si myslím, že i ty zablokované utoky budou z těch torrentů.

:arrow: Zkuste ještě tento progránek, měl by Vám ukázat, co leze na síť
http://www.stahuj.centrum.cz/internet_a ... e/tcpview/
(zapněte ho před vypnutím toho DHT)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
raskar89
Návštěvník
Návštěvník
Příspěvky: 246
Registrován: 21 kvě 2010 19:08

Re: Podivná aktivita site

#15 Příspěvek od raskar89 »

TCP Eduard-PC:epmap Eduard-PC:0 LISTENING
TCP Eduard-PC:microsoft-ds Eduard-PC:0 LISTENING
TCP Eduard-PC:rtsp Eduard-PC:0 LISTENING
TCP Eduard-PC:icslap Eduard-PC:0 LISTENING
TCP Eduard-PC:wsd Eduard-PC:0 LISTENING
TCP Eduard-PC:10243 Eduard-PC:0 LISTENING
TCP Eduard-PC:49152 Eduard-PC:0 LISTENING
TCP Eduard-PC:49153 Eduard-PC:0 LISTENING
TCP Eduard-PC:49154 Eduard-PC:0 LISTENING
TCP Eduard-PC:49155 Eduard-PC:0 LISTENING
TCP Eduard-PC:49156 Eduard-PC:0 LISTENING
TCP Eduard-PC:49157 Eduard-PC:0 LISTENING
TCP Eduard-PC:5354 Eduard-PC:0 LISTENING
TCP Eduard-PC:12025 Eduard-PC:0 LISTENING
TCP Eduard-PC:12080 Eduard-PC:0 LISTENING
TCP Eduard-PC:12080 localhost:51461 ESTABLISHED
TCP Eduard-PC:12080 localhost:52081 TIME_WAIT
TCP Eduard-PC:12080 localhost:52089 TIME_WAIT
TCP Eduard-PC:12080 localhost:52092 TIME_WAIT
TCP Eduard-PC:12080 localhost:52132 TIME_WAIT
TCP Eduard-PC:12080 localhost:52134 TIME_WAIT
TCP Eduard-PC:12080 localhost:52135 TIME_WAIT
TCP Eduard-PC:12080 localhost:52138 TIME_WAIT
TCP Eduard-PC:12080 localhost:52142 TIME_WAIT
TCP Eduard-PC:12080 localhost:52148 ESTABLISHED
TCP Eduard-PC:12080 localhost:52150 TIME_WAIT
TCP Eduard-PC:12080 localhost:52153 ESTABLISHED
TCP Eduard-PC:12080 localhost:52154 TIME_WAIT
TCP Eduard-PC:12080 localhost:52155 TIME_WAIT
TCP Eduard-PC:12080 localhost:52156 TIME_WAIT
TCP Eduard-PC:12080 localhost:52157 TIME_WAIT
TCP Eduard-PC:12080 localhost:52160 TIME_WAIT
TCP Eduard-PC:12080 localhost:52166 TIME_WAIT
TCP Eduard-PC:12080 localhost:52167 ESTABLISHED
TCP Eduard-PC:12080 localhost:52168 ESTABLISHED
TCP Eduard-PC:12080 localhost:52172 TIME_WAIT
TCP Eduard-PC:12080 localhost:52174 ESTABLISHED
TCP Eduard-PC:12080 localhost:52176 TIME_WAIT
TCP Eduard-PC:12080 localhost:52177 TIME_WAIT
TCP Eduard-PC:12080 localhost:52180 TIME_WAIT
TCP Eduard-PC:12080 localhost:52184 TIME_WAIT
TCP Eduard-PC:12080 localhost:52190 TIME_WAIT
TCP Eduard-PC:12080 localhost:52191 TIME_WAIT
TCP Eduard-PC:12080 localhost:52196 ESTABLISHED
TCP Eduard-PC:12080 localhost:52198 ESTABLISHED
TCP Eduard-PC:12080 localhost:52200 TIME_WAIT
TCP Eduard-PC:12080 localhost:52226 TIME_WAIT
TCP Eduard-PC:12110 Eduard-PC:0 LISTENING
TCP Eduard-PC:12119 Eduard-PC:0 LISTENING
TCP Eduard-PC:12143 Eduard-PC:0 LISTENING
TCP Eduard-PC:12465 Eduard-PC:0 LISTENING
TCP Eduard-PC:12563 Eduard-PC:0 LISTENING
TCP Eduard-PC:12993 Eduard-PC:0 LISTENING
TCP Eduard-PC:12995 Eduard-PC:0 LISTENING
TCP Eduard-PC:27015 Eduard-PC:0 LISTENING
TCP Eduard-PC:49701 localhost:49702 ESTABLISHED
TCP Eduard-PC:49702 localhost:49701 ESTABLISHED
TCP Eduard-PC:49703 localhost:49704 ESTABLISHED
TCP Eduard-PC:49704 localhost:49703 ESTABLISHED
TCP Eduard-PC:51461 localhost:12080 ESTABLISHED
TCP Eduard-PC:52084 localhost:12080 TIME_WAIT
TCP Eduard-PC:52086 localhost:12080 TIME_WAIT
TCP Eduard-PC:52088 localhost:12080 TIME_WAIT
TCP Eduard-PC:52093 localhost:12080 TIME_WAIT
TCP Eduard-PC:52096 localhost:12080 TIME_WAIT
TCP Eduard-PC:52098 localhost:12080 TIME_WAIT
TCP Eduard-PC:52100 localhost:12080 TIME_WAIT
TCP Eduard-PC:52102 localhost:12080 TIME_WAIT
TCP Eduard-PC:52104 localhost:12080 TIME_WAIT
TCP Eduard-PC:52106 localhost:12080 TIME_WAIT
TCP Eduard-PC:52108 localhost:12080 TIME_WAIT
TCP Eduard-PC:52110 localhost:12080 TIME_WAIT
TCP Eduard-PC:52112 localhost:12080 TIME_WAIT
TCP Eduard-PC:52114 localhost:12080 TIME_WAIT
TCP Eduard-PC:52115 localhost:12080 TIME_WAIT
TCP Eduard-PC:52118 localhost:12080 TIME_WAIT
TCP Eduard-PC:52120 localhost:12080 TIME_WAIT
TCP Eduard-PC:52122 localhost:12080 TIME_WAIT
TCP Eduard-PC:52124 localhost:12080 TIME_WAIT
TCP Eduard-PC:52126 localhost:12080 TIME_WAIT
TCP Eduard-PC:52128 localhost:12080 TIME_WAIT
TCP Eduard-PC:52130 localhost:12080 TIME_WAIT
TCP Eduard-PC:52140 localhost:12080 TIME_WAIT
TCP Eduard-PC:52143 localhost:12080 TIME_WAIT
TCP Eduard-PC:52146 localhost:12080 TIME_WAIT
TCP Eduard-PC:52148 localhost:12080 ESTABLISHED
TCP Eduard-PC:52152 localhost:12080 TIME_WAIT
TCP Eduard-PC:52153 localhost:12080 ESTABLISHED
TCP Eduard-PC:52167 localhost:12080 ESTABLISHED
TCP Eduard-PC:52168 localhost:12080 ESTABLISHED
TCP Eduard-PC:52174 localhost:12080 ESTABLISHED
TCP Eduard-PC:52178 localhost:12080 TIME_WAIT
TCP Eduard-PC:52182 localhost:12080 TIME_WAIT
TCP Eduard-PC:52188 localhost:12080 TIME_WAIT
TCP Eduard-PC:52191 localhost:12080 TIME_WAIT
TCP Eduard-PC:52194 localhost:12080 TIME_WAIT
TCP Eduard-PC:52196 localhost:12080 ESTABLISHED
TCP Eduard-PC:52198 localhost:12080 ESTABLISHED
TCP Eduard-PC:52202 localhost:12080 TIME_WAIT
TCP Eduard-PC:52203 localhost:12080 TIME_WAIT
TCP Eduard-PC:52204 localhost:12080 TIME_WAIT
TCP Eduard-PC:52205 localhost:12080 TIME_WAIT
TCP Eduard-PC:52210 localhost:12080 TIME_WAIT
TCP Eduard-PC:52212 localhost:12080 TIME_WAIT
TCP Eduard-PC:52214 localhost:12080 TIME_WAIT
TCP Eduard-PC:52215 localhost:12080 TIME_WAIT
TCP Eduard-PC:52216 localhost:12080 TIME_WAIT
TCP Eduard-PC:52218 localhost:12080 TIME_WAIT
TCP Eduard-PC:52222 localhost:12080 TIME_WAIT
TCP Eduard-PC:52224 localhost:12080 TIME_WAIT
TCP Eduard-PC:52228 localhost:12080 TIME_WAIT
TCP Eduard-PC:52230 localhost:12080 TIME_WAIT
TCP Eduard-PC:52232 localhost:12080 TIME_WAIT
TCP eduard-pc:netbios-ssn Eduard-PC:0 LISTENING
TCP eduard-pc:51462 channel-132-137.01.snc6.tfbnw.net:http ESTABLISHED
TCP eduard-pc:51974 209.85.149.19:https ESTABLISHED
TCP eduard-pc:52017 cdn3.nacevi.cz:http TIME_WAIT
TCP eduard-pc:52022 www-12-02-snc5.facebook.com:http TIME_WAIT
TCP eduard-pc:52028 www-12-02-snc5.facebook.com:http TIME_WAIT
TCP eduard-pc:52056 209.85.149.18:https ESTABLISHED
TCP eduard-pc:52057 209.85.149.18:https TIME_WAIT
TCP eduard-pc:52060 star-10-02-snc5.facebook.com:http TIME_WAIT
TCP eduard-pc:52067 217.156.169.208:http TIME_WAIT
TCP eduard-pc:52068 217.156.169.208:http TIME_WAIT
TCP eduard-pc:52076 209.85.149.18:https ESTABLISHED
TCP eduard-pc:52149 www-13-02-snc5.facebook.com:http ESTABLISHED
TCP eduard-pc:52159 hp9-pool.centrum.cz:http CLOSE_WAIT
TCP eduard-pc:52170 209.85.149.113:http ESTABLISHED
TCP eduard-pc:52171 img-pool.centrum.cz:http ESTABLISHED
TCP eduard-pc:52175 209.85.149.113:http ESTABLISHED
TCP eduard-pc:52189 ferda.miton.cz:http TIME_WAIT
TCP eduard-pc:52197 217.156.169.176:http ESTABLISHED
TCP eduard-pc:52199 217.156.169.176:http ESTABLISHED
UDP Eduard-PC:isakmp *:*
UDP Eduard-PC:ws-discovery *:*
UDP Eduard-PC:ws-discovery *:*
UDP Eduard-PC:ws-discovery *:*
UDP Eduard-PC:ws-discovery *:*
UDP Eduard-PC:ipsec-msft *:*
UDP Eduard-PC:5004 *:*
UDP Eduard-PC:5005 *:*
UDP Eduard-PC:llmnr *:*
UDP Eduard-PC:49154 *:*
UDP Eduard-PC:49156 *:*
UDP Eduard-PC:57418 *:*
UDP Eduard-PC:57420 *:*
UDP Eduard-PC:ssdp *:*
UDP Eduard-PC:49152 *:*
UDP Eduard-PC:49153 *:*
UDP Eduard-PC:59127 *:*
UDP Eduard-PC:60014 *:*
UDP Eduard-PC:62840 *:*
UDP eduard-pc:netbios-ns *:*
UDP eduard-pc:netbios-dgm *:*
UDP eduard-pc:ssdp *:*
UDP eduard-pc:5353 *:*
UDP eduard-pc:59126 *:*
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“