Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
win32/Mebroot.K Trojan
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: win32/Mebroot.K Trojan
Tak a jeste pouzijeme Ultimate Process Manager 4.1.3 - navod na vytvoreni logu viz muj podpis - UPM.Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: win32/Mebroot.K Trojan
Windows XP SP 3 (build 2600)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v7.00.6000.16827 (vista_gdr.090226-1506)
Log vygenerován: 13.5.2009 20:28:38
================================================================
SmallARK
================================================================
[?]NtConnectPort -> <?>
[?]NtCreateKey -> sphs.sys
[?]NtEnumerateKey -> sphs.sys
[?]NtEnumerateValueKey -> sphs.sys
[?]NtOpenKey -> sphs.sys
[?]NtQueryKey -> sphs.sys
[?]NtQueryValueKey -> sphs.sys
[?]NtSetValueKey -> sphs.sys
[?]NtUnloadKey -> uphcleanhlp.sys
Běžící procesy
================================================================
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\UPHCLEAN\UPHCLEAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE
C:\PROGRAM FILES\UPM\UPM.EXE
Scanner
================================================================
[?] ati2evxx.exe
Non Microsoft v System32:
[?] ati2evxx.exe
Non Microsoft v System32:
[?] LSSrvc.exe
Nemá okno
Soubor 7%
[R] PnkBstrA.exe
Podobná jména: PNKBSTRA.EXE X PNKBSTRB.EXE
[R] PnkBstrB.exe
Podobná jména: PNKBSTRB.EXE X PNKBSTRA.EXE
[?] uphclean.exe
Ověřený Microsoft: Ne
Nemá okno
Soubor 25%
[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]
[?] soundman.exe
Spouští se po startu HKLM Run [SoundMan]
Soubor 14%
[?] issch.exe
Spouští se po startu HKLM Run [ISUSScheduler]
Nemá okno
Soubor 7%
[R] MOM.exe
EntryPoint v sekci:
|_ Celkový počet sekcí: 3
Podvržená cesta modulu: (00DB0000) [DLL] ?
Podvržená cesta modulu: (01160000) [DLL] ?
[R] reader_sl.exe
Spouští se po startu HKLM Run [Adobe Reader Speed Launcher]
[R] ccApp.exe
Spouští se po startu HKLM Run [ccApp]
[R] VPTray.exe
Spouští se po startu HKLM Run [vptray]
[S] ctfmon.exe
Spouští se po startu HKCU Run [CTFMON.EXE]
[R] NMBgMonitor.exe
Spouští se po startu HKCU Run [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[R] CCC.exe
EntryPoint v sekci:
|_ Celkový počet sekcí: 3
Podvržená cesta modulu: (00DB0000) [DLL] ?
Podvržená cesta modulu: (038E0000) [DLL] ?
Podvržená cesta modulu: (03A30000) [DLL] ?
Podvržená cesta modulu: (03AD0000) [DLL] ?
Podvržená cesta modulu: (03BF0000) [DLL] ?
Podvržená cesta modulu: (03C30000) [DLL] ?
Podvržená cesta modulu: (03F30000) [DLL] ?
Podvržená cesta modulu: (04620000) [DLL] ?
Podvržená cesta modulu: (04650000) [DLL] ?
Podvržená cesta modulu: (04930000) [DLL] ?
Podvržená cesta modulu: (04AA0000) [DLL] ?
Podvržená cesta modulu: (04CA0000) [DLL] ?
Podvržená cesta modulu: (050C0000) [DLL] ?
Podvržená cesta modulu: (057E0000) [DLL] ?
Podvržená cesta modulu: (05BD0000) [DLL] ?
Podvržená cesta modulu: (06020000) [DLL] ?
Podvržená cesta modulu: (062D0000) [DLL] ?
[?] UPM.exe
Soubor 7%
Po spuštění
================================================================
HKCU Run
|_ [R][DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
HKLM Run
|_ [?][SoundMan] C:\WINDOWS\SOUNDMAN.EXE
|_ [?][ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay
|_ [?][ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
|_ [?][ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start
HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [?][{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] C:\WINDOWS\INF\msnetmtg.inf ,NetMtg.Install.PerUser.NT
|_ [?][{5945c046-1e7d-11d1-bc44-00c04fd912be}] C:\WINDOWS\INF\msmsgs.inf ,BLC.QuietInstall.PerUser
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS\INF\wmp.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll
HKLM Winlogon Notify
|_ [?][AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll
Po spuštění
|_ C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
|_ C:\Corel\Graphics8\Programs\MFIndexer.exe
HKLM BHO
|_ [X][{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] (Soubor nenalezen)
HKCU IE WebBrowser Toolbar
|_ [X][{A057A204-BACC-4D26-9990-79A187E2698E}] (Soubor nenalezen)
Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] Ati HotKey Poller
|_ Cesta: C:\WINDOWS\system32\Ati2evxx.exe
| |_ Výrobce: ATI Technologies Inc.
| |_ Popis: ATI External Event Utility EXE Module
| |_ MD5: E4F45E3B56003B41E7C7863F79F4C108
|
|_ Jméno: Ati HotKey Poller
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency:
[?] ATI Smart
|_ Cesta: C:\WINDOWS\system32\ati2sgag.exe
| |_ Výrobce:
| |_ Popis: ATI Smart
| |_ MD5: F0F4C750200CF48BBCA3426D22AC23DA
|
|_ Jméno: ATI Smart
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ:
|_ Dependency:
[?] LightScribeService Direct Disc Labeling Service
|_ Cesta: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
| |_ Výrobce: Hewlett-Packard Company
| |_ Popis:
| |_ MD5: 559C9B7800FAC92FC515CD0003D7C631
|
|_ Jméno: LightScribeService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
[?] User Profile Hive Cleanup
|_ Cesta: C:\Program Files\UPHClean\uphclean.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: User Profile Hive Cleanup Service
| |_ MD5: 3F9A3232E5F942874488981F3242C989
|
|_ Jméno: UPHClean
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] Service for Realtek AC97 Audio (WDM)
|_ Cesta: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
| |_ Výrobce: Realtek Semiconductor Corp.
| |_ Popis: Realtek AC'97 Audio Driver (WDM)
| |_ MD5: 0A24F3D25CDE25A2EB6F2F9770FC471B
|
|_ Jméno: ALCXWDM
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] ati2mtag
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
| |_ Výrobce: ATI Technologies Inc.
| |_ Popis: ATI Radeon WindowsNT Miniport Driver
| |_ MD5: ED24215D4223C60989F02E196A1FFF73
|
|_ Jméno: ati2mtag
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] nvata
|_ Cesta: C:\WINDOWS\system32\DRIVERS\nvata.sys
| |_ Výrobce: NVIDIA Corporation
| |_ Popis: NVIDIA® nForce(TM) IDE Performance Driver
| |_ MD5: 0344AA9113DC16EEC379F4652020849D
|
|_ Jméno: nvata
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] nvatabus
|_ Cesta: C:\WINDOWS\system32\DRIVERS\nvatabus.sys
| |_ Výrobce: NVIDIA Corporation
| |_ Popis: NVIDIA® nForce(TM) IDE Performance Driver
| |_ MD5: E4F1F95A6BBBFBBFF9A713C6063AA2CB
|
|_ Jméno: nvatabus
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] Padus ASPI Shell
|_ Cesta: C:\WINDOWS\system32\drivers\pfc.sys
| |_ Výrobce: Padus, Inc.
| |_ Popis: Padus(R) ASPI Shell
| |_ MD5: 5903FA75200807AD739286BBF40C4904
|
|_ Jméno: pfc
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] sptd
|_ Cesta: C:\WINDOWS\System32\Drivers\sptd.sys
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: sptd
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
TCP (1084) svchost.exe 0.0.0.0:135 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (4) Systém 5.232.91.216:139 LISTENING
TCP (1300) ccProxy.exe 127.0.0.1:1025 LISTENING
TCP (316) alg.exe 127.0.0.1:1026 LISTENING
TCP (2068) ccApp.exe 127.0.0.1:1027 LISTENING
TCP (0) 127.0.0.1:1041 TIME_WAIT
TCP (4) Systém 192.168.1.17:139 LISTENING
TCP (0) 192.168.1.17:1039 TIME_WAIT
TCP (0) 192.168.1.17:1044 TIME_WAIT
TCP (0) 192.168.1.17:1045 TIME_WAIT
TCP (0) 192.168.1.17:1048 TIME_WAIT
TCP (0) 192.168.1.17:1051 TIME_WAIT
TCP (4076) firefox.exe 192.168.1.17:1056 CLOSING
TCP (0) 192.168.1.17:1059 TIME_WAIT
TCP (0) 192.168.1.17:1060 TIME_WAIT
TCP (0) 192.168.1.17:1064 TIME_WAIT
TCP (0) 192.168.1.17:1069 TIME_WAIT
TCP (0) 192.168.1.17:1070 TIME_WAIT
TCP (0) 192.168.1.17:1096 TIME_WAIT
TCP (0) 192.168.1.17:1099 TIME_WAIT
TCP (0) 192.168.1.17:1100 TIME_WAIT
TCP (0) 192.168.1.17:1109 TIME_WAIT
TCP (0) 192.168.1.17:1110 TIME_WAIT
TCP (4020) UPM.exe 192.168.1.17:1115 <-> 199.7.71.190:80 ESTABLISHED
TCP (4020) UPM.exe 192.168.1.17:1116 <-> 199.7.71.190:80 ESTABLISHED
UDP (4) Systém 0.0.0.0:445 <-> 65.54.89.33:80 ESTABLISHED
UDP (820) lsass.exe 0.0.0.0:500
UDP (820) lsass.exe 0.0.0.0:4500
UDP (1436) svchost.exe 5.232.91.216:123
UDP (4) Systém 5.232.91.216:137
UDP (4) Systém 5.232.91.216:138
UDP (1768) svchost.exe 5.232.91.216:1900
UDP (1436) svchost.exe 127.0.0.1:123
UDP (1768) svchost.exe 127.0.0.1:1900
UDP (2012) PnkBstrA.exe 127.0.0.1:44301
UDP (2024) PnkBstrB.exe 127.0.0.1:45301
UDP (1436) svchost.exe 192.168.1.17:123
UDP (4) Systém 192.168.1.17:137
UDP (4) Systém 192.168.1.17:138
UDP (1768) svchost.exe 192.168.1.17:1900
Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] cpwmon2k.dll
|_ Cesta: C:\WINDOWS\system32\cpwmon2k.dll
|_ MD5: 2B8563A5DD94F4148A9D00764BD54D35
|_ Výrobce:
|_ Procesy
|_ spoolsv.exe (1456)
[?] lssproxy.dll
|_ Cesta: C:\Program Files\Common Files\LightScribe\LSSProxy.dll
|_ MD5: 938437451AFFAE8F76E0145D81D7960C
|_ Výrobce: Hewlett-Packard Company
|_ Procesy
|_ LSSrvc.exe (1416)
[?] lslog.dll
|_ Cesta: C:\Program Files\Common Files\LightScribe\LSLog.dll
|_ MD5: CF259D14E763F6EF88767655F9D64D0E
|_ Výrobce: Hewlett-Packard Company
|_ Procesy
|_ LSSrvc.exe (1416)
[?] dec2tar.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2TAR.dll
|_ MD5: 3A73CA98FEC1F1A82013B5F515DC97C2
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2rtf.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2RTF.dll
|_ MD5: 2106F91E497D54EA479B725269D3E305
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] cba.dll
|_ Cesta: C:\WINDOWS\system32\cba.dll
|_ MD5: 969ED5442234E20E6BD70590060D2251
|_ Výrobce: Intel® Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] msgsys.dll
|_ Cesta: C:\WINDOWS\system32\msgsys.dll
|_ MD5: 9BA1AC225EBD0B961D71C9079E4439B0
|_ Výrobce: Intel® Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] nts.dll
|_ Cesta: C:\WINDOWS\system32\nts.dll
|_ MD5: 131B429CA3FED796E88F8725050DC767
|_ Výrobce: Intel® Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] pds.dll
|_ Cesta: C:\WINDOWS\system32\pds.dll
|_ MD5: F31132DD69FD05978F7F7624BAFC386C
|_ Výrobce: Intel® Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2amg.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2AMG.dll
|_ MD5: AD4DDD0C9D98DF80085A2CF4F4E90B75
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2arj.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2ARJ.dll
|_ MD5: 240D4B7C6DD1641240822DC78E8D7FF3
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2cab.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2CAB.dll
|_ MD5: A863E6EE5660734F4F8B89D9FAAF13DE
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2gzip.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2GZIP.dll
|_ MD5: A895F4356143EDF3E534DAD5B7C574F5
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2id.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2ID.dll
|_ MD5: 2CCE2DAAF9BF652606BBBE329EC972F3
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2lha.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2LHA.dll
|_ MD5: D51F1656296D4C39DA117369CE72B89E
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2lz.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2LZ.dll
|_ MD5: B35E405D219ED8169316B770E2F5D402
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2ss.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2SS.dll
|_ MD5: 78CDCBC58D099CC8E28B2ED3F7668B2B
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2tnef.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2TNEF.dll
|_ MD5: D9746ADF721E5710A718C9FF1C90ADF2
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2zip.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2Zip.dll
|_ MD5: 8CCADC61E9197A7D5F1AD9DDD7E2D0D5
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] decsdk.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\DecSDK.dll
|_ MD5: 2C0C1A313B9CA94DD9B5D1DC951E1A5D
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2text.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2Text.dll
|_ MD5: 779687B486FA67DEFA26B4CC74AB3F54
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2.dll
|_ MD5: AAC4E433871A4340E074C10058A82FAA
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] mom.implementation.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3009.40194__90ba9c70f846762e\MOM.Implementation.DLL
|_ MD5: 2368D162F43DD2F49DF22E08FA08F646
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ MOM.exe (1220)
|_ MOM.exe (1220)
|_ CCC.exe (2384)
|_ CCC.exe (2384)
[?] aem.server.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3009.39932__90ba9c70f846762e\AEM.Server.DLL
|_ MD5: 17FDE6498F07AACC02F8FCF8E9D6B432
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ MOM.exe (1220)
|_ MOM.exe (1220)
|_ CCC.exe (2384)
|_ CCC.exe (2384)
[?] log.foundation.implementation.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3009.40193__90ba9c70f846762e\LOG.Foundation.Implementation.dll
|_ MD5: 10C8E93DEBEB5C5DCDCDB282EB2A683F
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ MOM.exe (1220)
|_ CCC.exe (2384)
[?] ccc.implementation.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3009.40194__90ba9c70f846762e\CCC.Implementation.DLL
|_ MD5: 07F9D128C7BAD7DF482DA7E3E416062C
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
|_ CCC.exe (2384)
[?] aticccom.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.DLL
|_ MD5: AE4F8967541F9F9B70E03B9C8F562042
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
|_ CCC.exe (2384)
[?] cli.component.runtime.extension.eeu.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3009.39933__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
|_ MD5: D1CB80C7CCCB8791B283A24F35D6438C
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] atidemos.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3009.39934__90ba9c70f846762e\ATIDEMOS.DLL
|_ MD5: 1B1C8C6941F388E1B225F8A3D844EF60
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
|_ CCC.exe (2384)
[?] apm.server.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3009.39931__90ba9c70f846762e\APM.Server.DLL
|_ MD5: F53852F67D8E9B19FA3E7B715D21B4A2
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
|_ CCC.exe (2384)
[?] cli.aspect.displaysmanager.graphics.wizard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3009.39983__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
|_ MD5: 4B50673FFD74F4AE5A0038C5786FDC1F
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.component.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3009.39949__90ba9c70f846762e\CLI.Component.Dashboard.dll
|_ MD5: 482F40E9F9C151BF5BE761AAC0EEC5EB
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.devicetv.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3009.40173__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
|_ MD5: F2E77B409A09D9F2C0FAD475B5D2CFE4
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.mmvideo.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3009.40102__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
|_ MD5: 334BBB7B6E409C214417B30D369C1EEE
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] atidvcr.dll
|_ Cesta: C:\Program Files\Common Files\ATI Technologies\Multimedia\atidvcr.dll
|_ MD5: B899E7BCC5475B4E369B5FBB2BC3AC59
|_ Výrobce: ATI Technologies, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] atixcode.dll
|_ Cesta: C:\Program Files\Common Files\ATI Technologies\Multimedia\atixcode.dll
|_ MD5: 7DC63A355360CCD165FC93F1E827EB64
|_ Výrobce: ATI Technologies, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.devicecrt.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3009.40095__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
|_ MD5: FA0B606554A2DD122FAF1DB45F448198
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.devicecrt.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3009.40101__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
|_ MD5: 722D30D2934624A1A51645B6F4F27551
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.devicecv.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3009.40135__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
|_ MD5: ADEAE09D7A90CED2BE44C3EF763EBF65
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.devicedfp.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3009.40094__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
|_ MD5: C210777A6BE5412CD11F1F1657EC3814
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.devicelcd.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3009.40128__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
|_ MD5: 843440206AC5F3808BF98E865A3355CE
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.deviceproperty.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3009.40094__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
|_ MD5: D16EA18EFA64D8046106B7161EF06D9D
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.devicetv.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3009.40172__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
|_ MD5: 240FFB8AB1A38AF3A392C5B32AB917BB
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.devicetv.graphics.wizard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3009.40180__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
|_ MD5: A677CF288FCEBA8E764AD37F1B018CC8
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.displayscolour2.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3009.40010__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
|_ MD5: 0E91062A8BB5F8A5A43F61B4702663ED
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.displayscolour2.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3009.40016__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
|_ MD5: A70A60E043C1325D5315A7E8D562BFE2
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.displaysmanager.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3009.39963__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
|_ MD5: 0987247160D677B455500517D10EC471
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.displaysoptions.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3009.40116__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
|_ MD5: 42330950D5AA3539FC2244F299DB0A5B
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.displaysoptions.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3009.40115__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
|_ MD5: B9C25E999FDDB4913F23875D96B3934E
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.hotkeyshandling.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3009.39962__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
|_ MD5: 4E9F3DB60E616587E10CAE5D73453C90
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.infocentre.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3009.40004__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
|_ MD5: D48F7B98DCA714B1B8F6841970313000
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.infocentre.graphics.wizard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3009.39997__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
|_ MD5: B2CDB0AF5BA544A48E6B7803B075697C
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.mmvideo.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3009.40102__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
|_ MD5: 173820E14938F9729C9C72811FE63865
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.mmvideo.graphics.wizard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3009.40163__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
|_ MD5: B511FFFC01DFFE452F050B9D8944021F
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.radeon3d.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3009.40143__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
|_ MD5: A52D48044FA19B69903542458621C621
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.radeon3d.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3009.40142__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
|_ MD5: 179DBD99ABE4D69C021DF4CDED3A6879
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.radeon3d.graphics.wizard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3009.40149__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
|_ MD5: 0AFD846BEE80BA1C21B66240D9160579
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.transcode.graphics.wizard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3009.40202__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
|_ MD5: A4020B188CA10799819E84D652DA646B
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.vpurecover.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3009.39990__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
|_ MD5: BE0A4DE1752513BC947152980AA57182
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.vpurecover.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3009.39990__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
|_ MD5: 6F0FB5F689EEBECE7F04428FBCBBA045
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.welcome.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3009.40208__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
|_ MD5: CCD7EC02533B9255D064AD8877FD464F
|_ Výrobce: Advanced Mirco Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.caste.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3009.39955__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
|_ MD5: B20B94A48C39F2CE251E19B83710ACF8
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.caste.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3009.39941__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
|_ MD5: 8CC2FE545367FE381AA903B45721E86A
|_ Výrobce: Advanced Mirco Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.caste.graphics.wizard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3009.39975__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
|_ MD5: AA442D9901D5270C68A10EAFCB791A9C
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.component.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3009.39933__90ba9c70f846762e\CLI.Component.Runtime.dll
|_ MD5: BA2D1FD302143254E34D2E7F02CABE46
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.component.systemtray.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3009.40186__90ba9c70f846762e\CLI.Component.Systemtray.dll
|_ MD5: 5554715F73F1D670B370A035B0A94305
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.component.wizard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3009.39969__90ba9c70f846762e\CLI.Component.Wizard.dll
|_ MD5: 8756962B3962D735B2077165F461F847
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] aem.plugin.source.kit.server.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3009.40217__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
|_ MD5: 442958C0C000B84C719BB9EFF3E0C5D7
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] localization.foundation.implementation.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3009.40228__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
|_ MD5: FF166DCD08521A1ECDAB43804CF58CC7
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v7.00.6000.16827 (vista_gdr.090226-1506)
Log vygenerován: 13.5.2009 20:28:38
================================================================
SmallARK
================================================================
[?]NtConnectPort -> <?>
[?]NtCreateKey -> sphs.sys
[?]NtEnumerateKey -> sphs.sys
[?]NtEnumerateValueKey -> sphs.sys
[?]NtOpenKey -> sphs.sys
[?]NtQueryKey -> sphs.sys
[?]NtQueryValueKey -> sphs.sys
[?]NtSetValueKey -> sphs.sys
[?]NtUnloadKey -> uphcleanhlp.sys
Běžící procesy
================================================================
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\UPHCLEAN\UPHCLEAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE
C:\PROGRAM FILES\UPM\UPM.EXE
Scanner
================================================================
[?] ati2evxx.exe
Non Microsoft v System32:
[?] ati2evxx.exe
Non Microsoft v System32:
[?] LSSrvc.exe
Nemá okno
Soubor 7%
[R] PnkBstrA.exe
Podobná jména: PNKBSTRA.EXE X PNKBSTRB.EXE
[R] PnkBstrB.exe
Podobná jména: PNKBSTRB.EXE X PNKBSTRA.EXE
[?] uphclean.exe
Ověřený Microsoft: Ne
Nemá okno
Soubor 25%
[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]
[?] soundman.exe
Spouští se po startu HKLM Run [SoundMan]
Soubor 14%
[?] issch.exe
Spouští se po startu HKLM Run [ISUSScheduler]
Nemá okno
Soubor 7%
[R] MOM.exe
EntryPoint v sekci:
|_ Celkový počet sekcí: 3
Podvržená cesta modulu: (00DB0000) [DLL] ?
Podvržená cesta modulu: (01160000) [DLL] ?
[R] reader_sl.exe
Spouští se po startu HKLM Run [Adobe Reader Speed Launcher]
[R] ccApp.exe
Spouští se po startu HKLM Run [ccApp]
[R] VPTray.exe
Spouští se po startu HKLM Run [vptray]
[S] ctfmon.exe
Spouští se po startu HKCU Run [CTFMON.EXE]
[R] NMBgMonitor.exe
Spouští se po startu HKCU Run [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[R] CCC.exe
EntryPoint v sekci:
|_ Celkový počet sekcí: 3
Podvržená cesta modulu: (00DB0000) [DLL] ?
Podvržená cesta modulu: (038E0000) [DLL] ?
Podvržená cesta modulu: (03A30000) [DLL] ?
Podvržená cesta modulu: (03AD0000) [DLL] ?
Podvržená cesta modulu: (03BF0000) [DLL] ?
Podvržená cesta modulu: (03C30000) [DLL] ?
Podvržená cesta modulu: (03F30000) [DLL] ?
Podvržená cesta modulu: (04620000) [DLL] ?
Podvržená cesta modulu: (04650000) [DLL] ?
Podvržená cesta modulu: (04930000) [DLL] ?
Podvržená cesta modulu: (04AA0000) [DLL] ?
Podvržená cesta modulu: (04CA0000) [DLL] ?
Podvržená cesta modulu: (050C0000) [DLL] ?
Podvržená cesta modulu: (057E0000) [DLL] ?
Podvržená cesta modulu: (05BD0000) [DLL] ?
Podvržená cesta modulu: (06020000) [DLL] ?
Podvržená cesta modulu: (062D0000) [DLL] ?
[?] UPM.exe
Soubor 7%
Po spuštění
================================================================
HKCU Run
|_ [R][DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
HKLM Run
|_ [?][SoundMan] C:\WINDOWS\SOUNDMAN.EXE
|_ [?][ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay
|_ [?][ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
|_ [?][ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start
HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [?][{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] C:\WINDOWS\INF\msnetmtg.inf ,NetMtg.Install.PerUser.NT
|_ [?][{5945c046-1e7d-11d1-bc44-00c04fd912be}] C:\WINDOWS\INF\msmsgs.inf ,BLC.QuietInstall.PerUser
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS\INF\wmp.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll
HKLM Winlogon Notify
|_ [?][AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll
Po spuštění
|_ C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
|_ C:\Corel\Graphics8\Programs\MFIndexer.exe
HKLM BHO
|_ [X][{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] (Soubor nenalezen)
HKCU IE WebBrowser Toolbar
|_ [X][{A057A204-BACC-4D26-9990-79A187E2698E}] (Soubor nenalezen)
Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] Ati HotKey Poller
|_ Cesta: C:\WINDOWS\system32\Ati2evxx.exe
| |_ Výrobce: ATI Technologies Inc.
| |_ Popis: ATI External Event Utility EXE Module
| |_ MD5: E4F45E3B56003B41E7C7863F79F4C108
|
|_ Jméno: Ati HotKey Poller
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency:
[?] ATI Smart
|_ Cesta: C:\WINDOWS\system32\ati2sgag.exe
| |_ Výrobce:
| |_ Popis: ATI Smart
| |_ MD5: F0F4C750200CF48BBCA3426D22AC23DA
|
|_ Jméno: ATI Smart
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ:
|_ Dependency:
[?] LightScribeService Direct Disc Labeling Service
|_ Cesta: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
| |_ Výrobce: Hewlett-Packard Company
| |_ Popis:
| |_ MD5: 559C9B7800FAC92FC515CD0003D7C631
|
|_ Jméno: LightScribeService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
[?] User Profile Hive Cleanup
|_ Cesta: C:\Program Files\UPHClean\uphclean.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: User Profile Hive Cleanup Service
| |_ MD5: 3F9A3232E5F942874488981F3242C989
|
|_ Jméno: UPHClean
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] Service for Realtek AC97 Audio (WDM)
|_ Cesta: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
| |_ Výrobce: Realtek Semiconductor Corp.
| |_ Popis: Realtek AC'97 Audio Driver (WDM)
| |_ MD5: 0A24F3D25CDE25A2EB6F2F9770FC471B
|
|_ Jméno: ALCXWDM
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] ati2mtag
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
| |_ Výrobce: ATI Technologies Inc.
| |_ Popis: ATI Radeon WindowsNT Miniport Driver
| |_ MD5: ED24215D4223C60989F02E196A1FFF73
|
|_ Jméno: ati2mtag
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] nvata
|_ Cesta: C:\WINDOWS\system32\DRIVERS\nvata.sys
| |_ Výrobce: NVIDIA Corporation
| |_ Popis: NVIDIA® nForce(TM) IDE Performance Driver
| |_ MD5: 0344AA9113DC16EEC379F4652020849D
|
|_ Jméno: nvata
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] nvatabus
|_ Cesta: C:\WINDOWS\system32\DRIVERS\nvatabus.sys
| |_ Výrobce: NVIDIA Corporation
| |_ Popis: NVIDIA® nForce(TM) IDE Performance Driver
| |_ MD5: E4F1F95A6BBBFBBFF9A713C6063AA2CB
|
|_ Jméno: nvatabus
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] Padus ASPI Shell
|_ Cesta: C:\WINDOWS\system32\drivers\pfc.sys
| |_ Výrobce: Padus, Inc.
| |_ Popis: Padus(R) ASPI Shell
| |_ MD5: 5903FA75200807AD739286BBF40C4904
|
|_ Jméno: pfc
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] sptd
|_ Cesta: C:\WINDOWS\System32\Drivers\sptd.sys
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: sptd
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
TCP (1084) svchost.exe 0.0.0.0:135 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (4) Systém 5.232.91.216:139 LISTENING
TCP (1300) ccProxy.exe 127.0.0.1:1025 LISTENING
TCP (316) alg.exe 127.0.0.1:1026 LISTENING
TCP (2068) ccApp.exe 127.0.0.1:1027 LISTENING
TCP (0) 127.0.0.1:1041 TIME_WAIT
TCP (4) Systém 192.168.1.17:139 LISTENING
TCP (0) 192.168.1.17:1039 TIME_WAIT
TCP (0) 192.168.1.17:1044 TIME_WAIT
TCP (0) 192.168.1.17:1045 TIME_WAIT
TCP (0) 192.168.1.17:1048 TIME_WAIT
TCP (0) 192.168.1.17:1051 TIME_WAIT
TCP (4076) firefox.exe 192.168.1.17:1056 CLOSING
TCP (0) 192.168.1.17:1059 TIME_WAIT
TCP (0) 192.168.1.17:1060 TIME_WAIT
TCP (0) 192.168.1.17:1064 TIME_WAIT
TCP (0) 192.168.1.17:1069 TIME_WAIT
TCP (0) 192.168.1.17:1070 TIME_WAIT
TCP (0) 192.168.1.17:1096 TIME_WAIT
TCP (0) 192.168.1.17:1099 TIME_WAIT
TCP (0) 192.168.1.17:1100 TIME_WAIT
TCP (0) 192.168.1.17:1109 TIME_WAIT
TCP (0) 192.168.1.17:1110 TIME_WAIT
TCP (4020) UPM.exe 192.168.1.17:1115 <-> 199.7.71.190:80 ESTABLISHED
TCP (4020) UPM.exe 192.168.1.17:1116 <-> 199.7.71.190:80 ESTABLISHED
UDP (4) Systém 0.0.0.0:445 <-> 65.54.89.33:80 ESTABLISHED
UDP (820) lsass.exe 0.0.0.0:500
UDP (820) lsass.exe 0.0.0.0:4500
UDP (1436) svchost.exe 5.232.91.216:123
UDP (4) Systém 5.232.91.216:137
UDP (4) Systém 5.232.91.216:138
UDP (1768) svchost.exe 5.232.91.216:1900
UDP (1436) svchost.exe 127.0.0.1:123
UDP (1768) svchost.exe 127.0.0.1:1900
UDP (2012) PnkBstrA.exe 127.0.0.1:44301
UDP (2024) PnkBstrB.exe 127.0.0.1:45301
UDP (1436) svchost.exe 192.168.1.17:123
UDP (4) Systém 192.168.1.17:137
UDP (4) Systém 192.168.1.17:138
UDP (1768) svchost.exe 192.168.1.17:1900
Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] cpwmon2k.dll
|_ Cesta: C:\WINDOWS\system32\cpwmon2k.dll
|_ MD5: 2B8563A5DD94F4148A9D00764BD54D35
|_ Výrobce:
|_ Procesy
|_ spoolsv.exe (1456)
[?] lssproxy.dll
|_ Cesta: C:\Program Files\Common Files\LightScribe\LSSProxy.dll
|_ MD5: 938437451AFFAE8F76E0145D81D7960C
|_ Výrobce: Hewlett-Packard Company
|_ Procesy
|_ LSSrvc.exe (1416)
[?] lslog.dll
|_ Cesta: C:\Program Files\Common Files\LightScribe\LSLog.dll
|_ MD5: CF259D14E763F6EF88767655F9D64D0E
|_ Výrobce: Hewlett-Packard Company
|_ Procesy
|_ LSSrvc.exe (1416)
[?] dec2tar.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2TAR.dll
|_ MD5: 3A73CA98FEC1F1A82013B5F515DC97C2
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2rtf.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2RTF.dll
|_ MD5: 2106F91E497D54EA479B725269D3E305
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] cba.dll
|_ Cesta: C:\WINDOWS\system32\cba.dll
|_ MD5: 969ED5442234E20E6BD70590060D2251
|_ Výrobce: Intel® Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] msgsys.dll
|_ Cesta: C:\WINDOWS\system32\msgsys.dll
|_ MD5: 9BA1AC225EBD0B961D71C9079E4439B0
|_ Výrobce: Intel® Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] nts.dll
|_ Cesta: C:\WINDOWS\system32\nts.dll
|_ MD5: 131B429CA3FED796E88F8725050DC767
|_ Výrobce: Intel® Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] pds.dll
|_ Cesta: C:\WINDOWS\system32\pds.dll
|_ MD5: F31132DD69FD05978F7F7624BAFC386C
|_ Výrobce: Intel® Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2amg.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2AMG.dll
|_ MD5: AD4DDD0C9D98DF80085A2CF4F4E90B75
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2arj.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2ARJ.dll
|_ MD5: 240D4B7C6DD1641240822DC78E8D7FF3
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2cab.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2CAB.dll
|_ MD5: A863E6EE5660734F4F8B89D9FAAF13DE
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2gzip.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2GZIP.dll
|_ MD5: A895F4356143EDF3E534DAD5B7C574F5
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2id.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2ID.dll
|_ MD5: 2CCE2DAAF9BF652606BBBE329EC972F3
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2lha.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2LHA.dll
|_ MD5: D51F1656296D4C39DA117369CE72B89E
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2lz.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2LZ.dll
|_ MD5: B35E405D219ED8169316B770E2F5D402
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2ss.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2SS.dll
|_ MD5: 78CDCBC58D099CC8E28B2ED3F7668B2B
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2tnef.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2TNEF.dll
|_ MD5: D9746ADF721E5710A718C9FF1C90ADF2
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2zip.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2Zip.dll
|_ MD5: 8CCADC61E9197A7D5F1AD9DDD7E2D0D5
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] decsdk.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\DecSDK.dll
|_ MD5: 2C0C1A313B9CA94DD9B5D1DC951E1A5D
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2text.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2Text.dll
|_ MD5: 779687B486FA67DEFA26B4CC74AB3F54
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] dec2.dll
|_ Cesta: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2.dll
|_ MD5: AAC4E433871A4340E074C10058A82FAA
|_ Výrobce: Symantec Corporation
|_ Procesy
|_ Rtvscan.exe (404)
[?] mom.implementation.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3009.40194__90ba9c70f846762e\MOM.Implementation.DLL
|_ MD5: 2368D162F43DD2F49DF22E08FA08F646
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ MOM.exe (1220)
|_ MOM.exe (1220)
|_ CCC.exe (2384)
|_ CCC.exe (2384)
[?] aem.server.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3009.39932__90ba9c70f846762e\AEM.Server.DLL
|_ MD5: 17FDE6498F07AACC02F8FCF8E9D6B432
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ MOM.exe (1220)
|_ MOM.exe (1220)
|_ CCC.exe (2384)
|_ CCC.exe (2384)
[?] log.foundation.implementation.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3009.40193__90ba9c70f846762e\LOG.Foundation.Implementation.dll
|_ MD5: 10C8E93DEBEB5C5DCDCDB282EB2A683F
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ MOM.exe (1220)
|_ CCC.exe (2384)
[?] ccc.implementation.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3009.40194__90ba9c70f846762e\CCC.Implementation.DLL
|_ MD5: 07F9D128C7BAD7DF482DA7E3E416062C
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
|_ CCC.exe (2384)
[?] aticccom.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.DLL
|_ MD5: AE4F8967541F9F9B70E03B9C8F562042
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
|_ CCC.exe (2384)
[?] cli.component.runtime.extension.eeu.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3009.39933__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
|_ MD5: D1CB80C7CCCB8791B283A24F35D6438C
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] atidemos.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3009.39934__90ba9c70f846762e\ATIDEMOS.DLL
|_ MD5: 1B1C8C6941F388E1B225F8A3D844EF60
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
|_ CCC.exe (2384)
[?] apm.server.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3009.39931__90ba9c70f846762e\APM.Server.DLL
|_ MD5: F53852F67D8E9B19FA3E7B715D21B4A2
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
|_ CCC.exe (2384)
[?] cli.aspect.displaysmanager.graphics.wizard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3009.39983__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
|_ MD5: 4B50673FFD74F4AE5A0038C5786FDC1F
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.component.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3009.39949__90ba9c70f846762e\CLI.Component.Dashboard.dll
|_ MD5: 482F40E9F9C151BF5BE761AAC0EEC5EB
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.devicetv.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3009.40173__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
|_ MD5: F2E77B409A09D9F2C0FAD475B5D2CFE4
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.mmvideo.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3009.40102__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
|_ MD5: 334BBB7B6E409C214417B30D369C1EEE
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] atidvcr.dll
|_ Cesta: C:\Program Files\Common Files\ATI Technologies\Multimedia\atidvcr.dll
|_ MD5: B899E7BCC5475B4E369B5FBB2BC3AC59
|_ Výrobce: ATI Technologies, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] atixcode.dll
|_ Cesta: C:\Program Files\Common Files\ATI Technologies\Multimedia\atixcode.dll
|_ MD5: 7DC63A355360CCD165FC93F1E827EB64
|_ Výrobce: ATI Technologies, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.devicecrt.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3009.40095__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
|_ MD5: FA0B606554A2DD122FAF1DB45F448198
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.devicecrt.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3009.40101__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
|_ MD5: 722D30D2934624A1A51645B6F4F27551
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.devicecv.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3009.40135__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
|_ MD5: ADEAE09D7A90CED2BE44C3EF763EBF65
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.devicedfp.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3009.40094__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
|_ MD5: C210777A6BE5412CD11F1F1657EC3814
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.devicelcd.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3009.40128__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
|_ MD5: 843440206AC5F3808BF98E865A3355CE
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.deviceproperty.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3009.40094__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
|_ MD5: D16EA18EFA64D8046106B7161EF06D9D
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.devicetv.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3009.40172__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
|_ MD5: 240FFB8AB1A38AF3A392C5B32AB917BB
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.devicetv.graphics.wizard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3009.40180__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
|_ MD5: A677CF288FCEBA8E764AD37F1B018CC8
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.displayscolour2.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3009.40010__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
|_ MD5: 0E91062A8BB5F8A5A43F61B4702663ED
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.displayscolour2.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3009.40016__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
|_ MD5: A70A60E043C1325D5315A7E8D562BFE2
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.displaysmanager.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3009.39963__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
|_ MD5: 0987247160D677B455500517D10EC471
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.displaysoptions.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3009.40116__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
|_ MD5: 42330950D5AA3539FC2244F299DB0A5B
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.displaysoptions.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3009.40115__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
|_ MD5: B9C25E999FDDB4913F23875D96B3934E
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.hotkeyshandling.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3009.39962__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
|_ MD5: 4E9F3DB60E616587E10CAE5D73453C90
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.infocentre.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3009.40004__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
|_ MD5: D48F7B98DCA714B1B8F6841970313000
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.infocentre.graphics.wizard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3009.39997__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
|_ MD5: B2CDB0AF5BA544A48E6B7803B075697C
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.mmvideo.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3009.40102__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
|_ MD5: 173820E14938F9729C9C72811FE63865
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.mmvideo.graphics.wizard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3009.40163__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
|_ MD5: B511FFFC01DFFE452F050B9D8944021F
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.radeon3d.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3009.40143__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
|_ MD5: A52D48044FA19B69903542458621C621
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.radeon3d.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3009.40142__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
|_ MD5: 179DBD99ABE4D69C021DF4CDED3A6879
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.radeon3d.graphics.wizard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3009.40149__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
|_ MD5: 0AFD846BEE80BA1C21B66240D9160579
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.transcode.graphics.wizard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3009.40202__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
|_ MD5: A4020B188CA10799819E84D652DA646B
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.vpurecover.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3009.39990__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
|_ MD5: BE0A4DE1752513BC947152980AA57182
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.vpurecover.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3009.39990__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
|_ MD5: 6F0FB5F689EEBECE7F04428FBCBBA045
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.aspect.welcome.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3009.40208__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
|_ MD5: CCD7EC02533B9255D064AD8877FD464F
|_ Výrobce: Advanced Mirco Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.caste.graphics.dashboard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3009.39955__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
|_ MD5: B20B94A48C39F2CE251E19B83710ACF8
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.caste.graphics.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3009.39941__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
|_ MD5: 8CC2FE545367FE381AA903B45721E86A
|_ Výrobce: Advanced Mirco Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.caste.graphics.wizard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3009.39975__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
|_ MD5: AA442D9901D5270C68A10EAFCB791A9C
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.component.runtime.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3009.39933__90ba9c70f846762e\CLI.Component.Runtime.dll
|_ MD5: BA2D1FD302143254E34D2E7F02CABE46
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.component.systemtray.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3009.40186__90ba9c70f846762e\CLI.Component.Systemtray.dll
|_ MD5: 5554715F73F1D670B370A035B0A94305
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] cli.component.wizard.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3009.39969__90ba9c70f846762e\CLI.Component.Wizard.dll
|_ MD5: 8756962B3962D735B2077165F461F847
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] aem.plugin.source.kit.server.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3009.40217__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
|_ MD5: 442958C0C000B84C719BB9EFF3E0C5D7
|_ Výrobce: Advanced Micro Devices Inc.
|_ Procesy
|_ CCC.exe (2384)
[?] localization.foundation.implementation.dll
|_ Cesta: C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3009.40228__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
|_ MD5: FF166DCD08521A1ECDAB43804CF58CC7
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Procesy
|_ CCC.exe (2384)
================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]
Re: win32/Mebroot.K Trojan
IceSword-cervene polozky v SSDT-Daemon Tools a legitimni driver Windows - takze ok.
Stahnete a spustte Norman Sinowal Cleaner
v pripade pozadavku restartu provedte.
Pote vlozte novy log z mbr.
Stáhnete si DDS a uložte ho na plochu.Zavřete všechna spuštěná okna a spusťte program, potvrďte licenční podmínky a postupujte podle pokynů. Začne scanování.Až skončí, tak by měl vytvořit 2 logy proto se vam 2krát otevře notepad. Jeden log bude mít název DDS.txt a druhý attach.txt.Zkopírujte sem pouze ten DDS.txt.V pripade nejasnosti navod zde
Stahnete Rootkit Unhooker ,nainstalujte a spustte.
Prejdete na kartu Report a kliknete na tlacitko Scan.V nasledujicim okne oznacte vsechny polozky a potvrdte OK, pri vyzve na volbu
disku zvolte systemovy disk (C:) a pockejte na dokonceni scanu.Po jeho ukonceni bezte do menu, zvolte nabidku File a
nasledne kliknete na Save report, pojmenujte a ulozte soubor s logem.Obsah vlozte sem.
Stahnete a spustte Norman Sinowal Cleanerv pripade pozadavku restartu provedte.
Pote vlozte novy log z mbr.
Stáhnete si DDS a uložte ho na plochu.Zavřete všechna spuštěná okna a spusťte program, potvrďte licenční podmínky a postupujte podle pokynů. Začne scanování.Až skončí, tak by měl vytvořit 2 logy proto se vam 2krát otevře notepad. Jeden log bude mít název DDS.txt a druhý attach.txt.Zkopírujte sem pouze ten DDS.txt.V pripade nejasnosti navod zde Stahnete Rootkit Unhooker ,nainstalujte a spustte.Prejdete na kartu Report a kliknete na tlacitko Scan.V nasledujicim okne oznacte vsechny polozky a potvrdte OK, pri vyzve na volbu
disku zvolte systemovy disk (C:) a pockejte na dokonceni scanu.Po jeho ukonceni bezte do menu, zvolte nabidku File a
nasledne kliknete na Save report, pojmenujte a ulozte soubor s logem.Obsah vlozte sem.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: win32/Mebroot.K Trojan
Tak prvni log:
Norman SinowalMBR Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/05/13 16:21:18
Norman Scanner Engine Version: 5.92.04
Nvcbin.def Version: 5.92.00, Date: 2008/05/13 16:21:18, Variants: 0
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 3
Logged on user: DENDANEW\Owner
Scan started: 13/05/2009 22:49:01
Scanning bootsectors...
No SinowalMBR hooks found
Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 1s 234ms
Scanning running processes and process memory...
Number of processes/threads found: 2666
Number of processes/threads scanned: 2666
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 20s
Scanning file system...
Scanning: C:\*.*
C:\Hry\Heroes 3 Complete\games\AUTOSAVE.GM1/unknown0 (Error whilst scanning file: I/O Error)
C:\Hry\Heroes 3 Complete\games\AUTOSAVE.GM2/unknown0 (Error whilst scanning file: I/O Error)
C:\Hry\Heroes 3 Complete\games\NEWGAME.GM1/unknown0 (Error whilst scanning file: I/O Error)
C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img/unknown0 (Error whilst scanning file: I/O Error)
C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb)
Running post-scan cleanup routine:
Number of files found: 158369
Number of archives unpacked: 1165
Number of files scanned: 158334
Number of files not scanned: 35
Number of files skipped due to exclude list: 0
Number of infected files found: 1
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 32m 36s
a z MBR:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
PE file found in sector at 0x01D1C06C0 !
Jeste pozn. zacina mit chaos v tom co jsem instal a co bylo jen spusteno .. nemel bych vzdy dany soft následne odinstalovat ??
Norman SinowalMBR Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/05/13 16:21:18
Norman Scanner Engine Version: 5.92.04
Nvcbin.def Version: 5.92.00, Date: 2008/05/13 16:21:18, Variants: 0
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 3
Logged on user: DENDANEW\Owner
Scan started: 13/05/2009 22:49:01
Scanning bootsectors...
No SinowalMBR hooks found
Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 1s 234ms
Scanning running processes and process memory...
Number of processes/threads found: 2666
Number of processes/threads scanned: 2666
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 20s
Scanning file system...
Scanning: C:\*.*
C:\Hry\Heroes 3 Complete\games\AUTOSAVE.GM1/unknown0 (Error whilst scanning file: I/O Error)
C:\Hry\Heroes 3 Complete\games\AUTOSAVE.GM2/unknown0 (Error whilst scanning file: I/O Error)
C:\Hry\Heroes 3 Complete\games\NEWGAME.GM1/unknown0 (Error whilst scanning file: I/O Error)
C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img/unknown0 (Error whilst scanning file: I/O Error)
C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb)
Running post-scan cleanup routine:
Number of files found: 158369
Number of archives unpacked: 1165
Number of files scanned: 158334
Number of files not scanned: 35
Number of files skipped due to exclude list: 0
Number of infected files found: 1
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 32m 36s
a z MBR:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
PE file found in sector at 0x01D1C06C0 !
Jeste pozn. zacina mit chaos v tom co jsem instal a co bylo jen spusteno .. nemel bych vzdy dany soft následne odinstalovat ??
Re: win32/Mebroot.K Trojan
DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 23:34:01,81 on st 13.05.2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1444 [GMT 2:00]
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Owner\Plocha\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.cz/
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\corelm~1.lnk - c:\corel\graphics8\programs\MFIndexer.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/ ... 0944608546
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {14217C79-DF98-4835-8813-19C59AF3B74E} = 212.158.128.2,212.158.128.3
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\dataap~1\mozilla\firefox\profiles\4h6rsqhy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.SOAPEncoding.schemaCollection", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
============= SERVICES / DRIVERS ===============
R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-5-12 255072]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-5-12 291936]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-5-12 242784]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2004-5-12 1230056]
R3 mbr;mbr;\??\c:\docume~1\owner\locals~1\temp\mbr.sys --> c:\docume~1\owner\locals~1\temp\mbr.sys [?]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090508.003\naveng.sys [2009-5-8 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090508.003\navex15.sys [2009-5-8 876144]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-3-2 69120]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};\??\c:\windows\temp\6.tmp --> c:\windows\temp\6.tmp [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-5-12 87136]
S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2004-5-12 173288]
S4 cdawdm;CDAWDM;c:\windows\system32\drivers\cdawdm.sys --> c:\windows\system32\drivers\CDAWDM.sys [?]
=============== Created Last 30 ================
2009-05-13 20:28 <DIR> --d----- c:\program files\UPM
2009-05-12 22:23 <DIR> --d----- c:\program files\HD Tune
2009-05-07 13:42 <DIR> --d----- c:\docume~1\owner\dataap~1\Mael
2009-05-07 13:31 <DIR> --d----- c:\program files\HxD
2009-05-03 22:00 <DIR> --d----- c:\documents and settings\owner\DoctorWeb
2009-05-03 21:43 <DIR> --d----- c:\program files\TrojanHunter 5.1
2009-05-03 19:26 <DIR> --d-h--- c:\windows\PIF
2009-04-15 15:01 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 15:01 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 15:01 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 15:01 111,104 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 15:01 728,064 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 15:01 709,632 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 15:01 684,032 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 15:01 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 15:01 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 15:00 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 15:00 216,576 -c------ c:\windows\system32\dllcache\wordpad.exe
==================== Find3M ====================
2009-05-10 18:40 138,920 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-10 18:40 189,072 a------- c:\windows\system32\PnkBstrB.exe
2009-04-15 19:47 437,518 a------- c:\windows\system32\perfh005.dat
2009-04-15 19:47 82,746 a------- c:\windows\system32\perfc005.dat
2009-03-06 16:23 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 02:14 826,368 a------- c:\windows\system32\wininet.dll
2009-02-28 16:44 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-02-20 19:13 78,336 a------- c:\windows\system32\ieencode.dll
2008-07-14 18:40 22,328 a------- c:\docume~1\owner\dataap~1\PnkBstrK.sys
2008-10-08 22:31 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2008-10-08 22:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-10-08 22:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100820081009\index.dat
2008-10-08 22:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
============= FINISH: 23:34:15,01 ===============
Run by Owner at 23:34:01,81 on st 13.05.2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1444 [GMT 2:00]
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Owner\Plocha\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.cz/
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\corelm~1.lnk - c:\corel\graphics8\programs\MFIndexer.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/ ... 0944608546
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {14217C79-DF98-4835-8813-19C59AF3B74E} = 212.158.128.2,212.158.128.3
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\dataap~1\mozilla\firefox\profiles\4h6rsqhy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.SOAPEncoding.schemaCollection", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
============= SERVICES / DRIVERS ===============
R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-5-12 255072]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-5-12 291936]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-5-12 242784]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2004-5-12 1230056]
R3 mbr;mbr;\??\c:\docume~1\owner\locals~1\temp\mbr.sys --> c:\docume~1\owner\locals~1\temp\mbr.sys [?]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090508.003\naveng.sys [2009-5-8 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090508.003\navex15.sys [2009-5-8 876144]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-3-2 69120]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};\??\c:\windows\temp\6.tmp --> c:\windows\temp\6.tmp [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-5-12 87136]
S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2004-5-12 173288]
S4 cdawdm;CDAWDM;c:\windows\system32\drivers\cdawdm.sys --> c:\windows\system32\drivers\CDAWDM.sys [?]
=============== Created Last 30 ================
2009-05-13 20:28 <DIR> --d----- c:\program files\UPM
2009-05-12 22:23 <DIR> --d----- c:\program files\HD Tune
2009-05-07 13:42 <DIR> --d----- c:\docume~1\owner\dataap~1\Mael
2009-05-07 13:31 <DIR> --d----- c:\program files\HxD
2009-05-03 22:00 <DIR> --d----- c:\documents and settings\owner\DoctorWeb
2009-05-03 21:43 <DIR> --d----- c:\program files\TrojanHunter 5.1
2009-05-03 19:26 <DIR> --d-h--- c:\windows\PIF
2009-04-15 15:01 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 15:01 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 15:01 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 15:01 111,104 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 15:01 728,064 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 15:01 709,632 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 15:01 684,032 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 15:01 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 15:01 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 15:00 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 15:00 216,576 -c------ c:\windows\system32\dllcache\wordpad.exe
==================== Find3M ====================
2009-05-10 18:40 138,920 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-10 18:40 189,072 a------- c:\windows\system32\PnkBstrB.exe
2009-04-15 19:47 437,518 a------- c:\windows\system32\perfh005.dat
2009-04-15 19:47 82,746 a------- c:\windows\system32\perfc005.dat
2009-03-06 16:23 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 02:14 826,368 a------- c:\windows\system32\wininet.dll
2009-02-28 16:44 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-02-20 19:13 78,336 a------- c:\windows\system32\ieencode.dll
2008-07-14 18:40 22,328 a------- c:\docume~1\owner\dataap~1\PnkBstrK.sys
2008-10-08 22:31 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2008-10-08 22:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-10-08 22:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100820081009\index.dat
2008-10-08 22:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
============= FINISH: 23:34:15,01 ===============
Re: win32/Mebroot.K Trojan
Tak Rootkit Unhooker po spusteni se rozjel .. u Files chtel potvrdit disk... a po chvilce hodil error a soucasne Symantek hodil hlasku Trojan Horse C:/windows/system32/B0800F21.exe a pokusil se to hodit do karanteny.. přístup odepren 
Ale Rootkit pak pokracuje
Ale Rootkit pak pokracuje
Re: win32/Mebroot.K Trojan
RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.7.300.505
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>SSDT State
NtConnectPort
Actual Address 0xE19B60B8
Hooked by: Unknown module filename
NtCreateKey
Actual Address 0xB9EA80E0
Hooked by: spsv.sys
NtEnumerateKey
Actual Address 0xB9EC6CA2
Hooked by: spsv.sys
NtEnumerateValueKey
Actual Address 0xB9EC7030
Hooked by: spsv.sys
NtOpenKey
Actual Address 0xB9EA80C0
Hooked by: spsv.sys
NtQueryKey
Actual Address 0xB9EC7108
Hooked by: spsv.sys
NtQueryValueKey
Actual Address 0xB9EC6F88
Hooked by: spsv.sys
NtSetValueKey
Actual Address 0xB9EC719A
Hooked by: spsv.sys
NtUnloadKey
Actual Address 0x9F6766D0
Hooked by: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
==============================================
>Shadow
==============================================
>Processes
Process: System
Process Id: 4
EPROCESS Address: 0x89DBCA00
Process: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Process Id: 324
EPROCESS Address: 0x88D85550
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 416
EPROCESS Address: 0x890D26E8
Process: C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
Process Id: 460
EPROCESS Address: 0x892C2790
Process: C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
Process Id: 492
EPROCESS Address: 0x892A6790
Process: C:\WINDOWS\system32\smss.exe
Process Id: 668
EPROCESS Address: 0x8905D6E8
Process: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Process Id: 712
EPROCESS Address: 0x893BD668
Process: C:\WINDOWS\system32\csrss.exe
Process Id: 732
EPROCESS Address: 0x89A69408
Process: C:\WINDOWS\system32\winlogon.exe
Process Id: 772
EPROCESS Address: 0x8997B3D8
Process: C:\WINDOWS\system32\services.exe
Process Id: 816
EPROCESS Address: 0x8908B6E8
Process: C:\WINDOWS\system32\lsass.exe
Process Id: 828
EPROCESS Address: 0x8908E6E8
Process: C:\WINDOWS\system32\ati2evxx.exe
Process Id: 992
EPROCESS Address: 0x890D96E8
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1012
EPROCESS Address: 0x8906D6E8
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1092
EPROCESS Address: 0x8904D6E8
Process: C:\WINDOWS\system32\PnkBstrA.exe
Process Id: 1164
EPROCESS Address: 0x89A6D020
Process: C:\WINDOWS\system32\PnkBstrB.exe
Process Id: 1176
EPROCESS Address: 0x89B03598
Process: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Process Id: 1236
EPROCESS Address: 0x89AD6590
Process: C:\WINDOWS\system32\alg.exe
Process Id: 1324
EPROCESS Address: 0x89575458
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1444
EPROCESS Address: 0x8956C020
Process: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
Process Id: 1468
EPROCESS Address: 0x89B33DA0
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1504
EPROCESS Address: 0x89A6ECF0
Process: C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
Process Id: 1624
EPROCESS Address: 0x89AE06E0
Process: C:\WINDOWS\system32\ati2evxx.exe
Process Id: 1644
EPROCESS Address: 0x89B769E8
Process: C:\WINDOWS\system32\wdfmgr.exe
Process Id: 1660
EPROCESS Address: 0x89536B10
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1724
EPROCESS Address: 0x89904998
Process: C:\Program Files\UPHClean\uphclean.exe
Process Id: 1744
EPROCESS Address: 0x8955EBB8
Process: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Process Id: 1776
EPROCESS Address: 0x88D35A08
Process: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Process Id: 1892
EPROCESS Address: 0x892FD790
Process: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Process Id: 1916
EPROCESS Address: 0x89306790
Process: C:\WINDOWS\system32\spoolsv.exe
Process Id: 2044
EPROCESS Address: 0x8930B790
Process: C:\WINDOWS\explorer.exe
Process Id: 2132
EPROCESS Address: 0x890836E8
Process: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
Process Id: 2200
EPROCESS Address: 0x89A18A08
Process: C:\WINDOWS\soundman.exe
Process Id: 2220
EPROCESS Address: 0x895579E0
Process: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Process Id: 2240
EPROCESS Address: 0x8957D850
Process: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
Process Id: 2260
EPROCESS Address: 0x89A54868
Process: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Process Id: 2324
EPROCESS Address: 0x88D98DA0
Process: C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
Process Id: 2332
EPROCESS Address: 0x89505DA0
Process: C:\WINDOWS\system32\ctfmon.exe
Process Id: 2340
EPROCESS Address: 0x88DE3DA0
Process: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Process Id: 2348
EPROCESS Address: 0x88DC4BC0
Process: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
Process Id: 2356
EPROCESS Address: 0x8959E620
Process: C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
Process Id: 2532
EPROCESS Address: 0x89BB1668
Process: C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
Process Id: 2592
EPROCESS Address: 0x8959C318
Process: C:\RkUnhooker\1f635oXl5l0blj.exe
Process Id: 4880
EPROCESS Address: 0x8866F300
==============================================
>Drivers
Driver: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xB7C1A000
Size: 4349952 bytes
Driver: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Address: 0xB80FA000
Size: 4026368 bytes
Driver: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBF17C000
Size: 3178496 bytes
Driver: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000
Size: 2068224 bytes
Driver: PnpManager
Address: 0x804D7000
Size: 2068224 bytes
Driver: RAW
Address: 0x804D7000
Size: 2068224 bytes
Driver: WMIxWDM
Address: 0x804D7000
Size: 2068224 bytes
Driver: Win32k
Address: 0xBF800000
Size: 1847296 bytes
Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1847296 bytes
Driver: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBF484000
Size: 1765376 bytes
Driver: PCI_PNP1440
Address: 0xB9EA7000
Size: 1048576 bytes
Driver: spsv.sys
Address: 0xB9EA7000
Size: 1048576 bytes
Driver: sptd
Address: 0xB9EA7000
Size: 1048576 bytes
Driver: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090508.003\navex15.sys
Address: 0xA7583000
Size: 872448 bytes
Driver: Ntfs.sys
Address: 0xB9D16000
Size: 577536 bytes
Driver: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBF05F000
Size: 520192 bytes
Driver: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBF0DE000
Size: 458752 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA18C1000
Size: 458752 bytes
Driver: C:\WINDOWS\System32\Drivers\a7lkyrpd.SYS
Address: 0xB7BA1000
Size: 413696 bytes
Driver: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB7A17000
Size: 385024 bytes
Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA1A6C000
Size: 364544 bytes
Driver: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0x9F563000
Size: 335872 bytes
Driver: C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys
Address: 0xA766B000
Size: 323584 bytes
Driver: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF012000
Size: 315392 bytes
Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000
Size: 286720 bytes
Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0x9EC25000
Size: 266240 bytes
Driver: C:\WINDOWS\system32\DRIVERS\NVNRM.SYS
Address: 0xB8073000
Size: 262144 bytes
Driver: C:\WINDOWS\System32\Drivers\SYMTDI.SYS
Address: 0xA1A2C000
Size: 262144 bytes
Driver: C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS
Address: 0xA19A6000
Size: 229376 bytes
Driver: C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS
Address: 0xB8040000
Size: 208896 bytes
Driver: ACPI.sys
Address: 0xB9E61000
Size: 188416 bytes
Driver: C:\WINDOWS\System32\atiok3x2.dll
Address: 0xBF14E000
Size: 188416 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0x9F605000
Size: 184320 bytes
Driver: NDIS.sys
Address: 0xB9CE9000
Size: 184320 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA1931000
Size: 176128 bytes
Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA197E000
Size: 163840 bytes
Driver: C:\WINDOWS\System32\Drivers\SYMFW.SYS
Address: 0xA19DE000
Size: 163840 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA1A06000
Size: 155648 bytes
Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB80D6000
Size: 147456 bytes
Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB8CC9000
Size: 147456 bytes
Driver: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xB80B3000
Size: 143360 bytes
Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA195C000
Size: 139264 bytes
Driver: ACPI_HAL
Address: 0x806D0000
Size: 131840 bytes
Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806D0000
Size: 131840 bytes
Driver: fltmgr.sys
Address: 0xB9DCC000
Size: 131072 bytes
Driver: ftdisk.sys
Address: 0xB9E31000
Size: 126976 bytes
Driver: Mup.sys
Address: 0xB9CCF000
Size: 106496 bytes
Driver: atapi.sys
Address: 0xB9E19000
Size: 98304 bytes
Driver: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xB9E8F000
Size: 98304 bytes
Driver: C:\WINDOWS\System32\Drivers\dump_nvata.sys
Address: 0xA18AA000
Size: 94208 bytes
Driver: KSecDD.sys
Address: 0xB9DA3000
Size: 94208 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB7AD6000
Size: 94208 bytes
Driver: nvata.sys
Address: 0xB9DEC000
Size: 94208 bytes
Driver: nvatabus.sys
Address: 0xB9E03000
Size: 90112 bytes
Driver: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090508.003\naveng.sys
Address: 0xA756E000
Size: 86016 bytes
Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0x9F206000
Size: 86016 bytes
Driver: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB7B8D000
Size: 81920 bytes
Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB7C06000
Size: 81920 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA1AC5000
Size: 77824 bytes
Driver: C:\Program Files\Symantec\SYMEVENT.SYS
Address: 0xA7658000
Size: 77824 bytes
Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000
Size: 73728 bytes
Driver: sr.sys
Address: 0xB9DBA000
Size: 73728 bytes
Driver: pci.sys
Address: 0xB9E50000
Size: 69632 bytes
Driver: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB7AC5000
Size: 69632 bytes
Driver: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Address: 0xB8D4D000
Size: 65536 bytes
Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xA1B88000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA1B8000
Size: 65536 bytes
Driver: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys
Address: 0xB0072000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xB8D6D000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA198000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xB8D7D000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0x9F3C3000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB5D5C000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA0E8000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xB8D5D000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB89C4000
Size: 53248 bytes
Driver: VolSnap.sys
Address: 0xBA0C8000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB89A4000
Size: 49152 bytes
Driver: C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
Address: 0xA2136000
Size: 49152 bytes
Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xA20E6000
Size: 45056 bytes
Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA1A8000
Size: 45056 bytes
Driver: MountMgr.sys
Address: 0xBA0B8000
Size: 45056 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xB89B4000
Size: 45056 bytes
Driver: C:\WINDOWS\System32\Drivers\SYMIDS.SYS
Address: 0xA2116000
Size: 45056 bytes
Driver: isapnp.sys
Address: 0xBA0A8000
Size: 40960 bytes
Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB5D7C000
Size: 40960 bytes
Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB8984000
Size: 40960 bytes
Driver: disk.sys
Address: 0xBA0D8000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xB8994000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xA2106000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
Address: 0xB00C2000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xA2126000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xA1BE0000
Size: 32768 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA3F8000
Size: 32768 bytes
Driver: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xBA360000
Size: 28672 bytes
Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000
Size: 28672 bytes
Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA370000
Size: 24576 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA368000
Size: 24576 bytes
Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS
Address: 0xA1F95000
Size: 24576 bytes
Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xA1F75000
Size: 24576 bytes
Driver: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xB0335000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\hamachi.sys
Address: 0xBA390000
Size: 20480 bytes
Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xA1F65000
Size: 20480 bytes
Driver: PartMgr.sys
Address: 0xBA330000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA380000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA388000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA378000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xBA3F0000
Size: 20480 bytes
Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xA1BA0000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xB9C9F000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB2445000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
Address: 0xBA570000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xB9CAB000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB67AE000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\drivers\EIO.sys
Address: 0x9F642000
Size: 12288 bytes
Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys
Address: 0x9E6D9000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB9CA7000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\drivers\pfc.sys
Address: 0xBA568000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xBA5A4000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
Address: 0xB7962000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Address: 0x9F676000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBA60A000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA638000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA608000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA60C000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xA1EEA000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA60E000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA612000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\SYMDNS.SYS
Address: 0xAF9C6000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBA626000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xBA5AA000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA7C1000
Size: 4096 bytes
Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xA20A4000
Size: 4096 bytes
Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xA1D69000
Size: 4096 bytes
Driver: pciide.sys
Address: 0xBA670000
Size: 4096 bytes
Driver: unknown_irp_handler
Address: 0x89DCE1F8
Size: 3592 bytes
Driver: unknown_irp_handler
Address: 0x89DCF1F8
Size: 3592 bytes
Driver: unknown_irp_handler
Address: 0x89A091F8
Size: 3592 bytes
Driver: unknown_irp_handler
Address: 0x89D631F8
Size: 3592 bytes
Driver: unknown_irp_handler
Address: 0x89A041F8
Size: 3592 bytes
Driver: unknown_irp_handler
Address: 0x89BBE1F8
Size: 3592 bytes
Driver: unknown_irp_handler
Address: 0x89D641F8
Size: 3592 bytes
Driver: unknown_irp_handler
Address: 0x8954C500
Size: 2816 bytes
Driver: unknown_irp_handler
Address: 0x89BBD500
Size: 2816 bytes
Driver: unknown_irp_handler
Address: 0x8958E500
Size: 2816 bytes
Driver: unknown_irp_handler
Address: 0x89A51500
Size: 2816 bytes
==============================================
>Stealth
==============================================
>Files
==============================================
>Hooks
ntkrnlpa.exe+0x0002AF78, Type: Inline - RelativeCall at address 0x80501F78 hook handler located in [unknown_code_page]
[2132]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]
==============================================
Rootkit Unhooker kernel version: 3.7.300.505
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>SSDT State
NtConnectPort
Actual Address 0xE19B60B8
Hooked by: Unknown module filename
NtCreateKey
Actual Address 0xB9EA80E0
Hooked by: spsv.sys
NtEnumerateKey
Actual Address 0xB9EC6CA2
Hooked by: spsv.sys
NtEnumerateValueKey
Actual Address 0xB9EC7030
Hooked by: spsv.sys
NtOpenKey
Actual Address 0xB9EA80C0
Hooked by: spsv.sys
NtQueryKey
Actual Address 0xB9EC7108
Hooked by: spsv.sys
NtQueryValueKey
Actual Address 0xB9EC6F88
Hooked by: spsv.sys
NtSetValueKey
Actual Address 0xB9EC719A
Hooked by: spsv.sys
NtUnloadKey
Actual Address 0x9F6766D0
Hooked by: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
==============================================
>Shadow
==============================================
>Processes
Process: System
Process Id: 4
EPROCESS Address: 0x89DBCA00
Process: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Process Id: 324
EPROCESS Address: 0x88D85550
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 416
EPROCESS Address: 0x890D26E8
Process: C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
Process Id: 460
EPROCESS Address: 0x892C2790
Process: C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
Process Id: 492
EPROCESS Address: 0x892A6790
Process: C:\WINDOWS\system32\smss.exe
Process Id: 668
EPROCESS Address: 0x8905D6E8
Process: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Process Id: 712
EPROCESS Address: 0x893BD668
Process: C:\WINDOWS\system32\csrss.exe
Process Id: 732
EPROCESS Address: 0x89A69408
Process: C:\WINDOWS\system32\winlogon.exe
Process Id: 772
EPROCESS Address: 0x8997B3D8
Process: C:\WINDOWS\system32\services.exe
Process Id: 816
EPROCESS Address: 0x8908B6E8
Process: C:\WINDOWS\system32\lsass.exe
Process Id: 828
EPROCESS Address: 0x8908E6E8
Process: C:\WINDOWS\system32\ati2evxx.exe
Process Id: 992
EPROCESS Address: 0x890D96E8
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1012
EPROCESS Address: 0x8906D6E8
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1092
EPROCESS Address: 0x8904D6E8
Process: C:\WINDOWS\system32\PnkBstrA.exe
Process Id: 1164
EPROCESS Address: 0x89A6D020
Process: C:\WINDOWS\system32\PnkBstrB.exe
Process Id: 1176
EPROCESS Address: 0x89B03598
Process: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Process Id: 1236
EPROCESS Address: 0x89AD6590
Process: C:\WINDOWS\system32\alg.exe
Process Id: 1324
EPROCESS Address: 0x89575458
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1444
EPROCESS Address: 0x8956C020
Process: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
Process Id: 1468
EPROCESS Address: 0x89B33DA0
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1504
EPROCESS Address: 0x89A6ECF0
Process: C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
Process Id: 1624
EPROCESS Address: 0x89AE06E0
Process: C:\WINDOWS\system32\ati2evxx.exe
Process Id: 1644
EPROCESS Address: 0x89B769E8
Process: C:\WINDOWS\system32\wdfmgr.exe
Process Id: 1660
EPROCESS Address: 0x89536B10
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1724
EPROCESS Address: 0x89904998
Process: C:\Program Files\UPHClean\uphclean.exe
Process Id: 1744
EPROCESS Address: 0x8955EBB8
Process: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Process Id: 1776
EPROCESS Address: 0x88D35A08
Process: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Process Id: 1892
EPROCESS Address: 0x892FD790
Process: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Process Id: 1916
EPROCESS Address: 0x89306790
Process: C:\WINDOWS\system32\spoolsv.exe
Process Id: 2044
EPROCESS Address: 0x8930B790
Process: C:\WINDOWS\explorer.exe
Process Id: 2132
EPROCESS Address: 0x890836E8
Process: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
Process Id: 2200
EPROCESS Address: 0x89A18A08
Process: C:\WINDOWS\soundman.exe
Process Id: 2220
EPROCESS Address: 0x895579E0
Process: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Process Id: 2240
EPROCESS Address: 0x8957D850
Process: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
Process Id: 2260
EPROCESS Address: 0x89A54868
Process: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Process Id: 2324
EPROCESS Address: 0x88D98DA0
Process: C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
Process Id: 2332
EPROCESS Address: 0x89505DA0
Process: C:\WINDOWS\system32\ctfmon.exe
Process Id: 2340
EPROCESS Address: 0x88DE3DA0
Process: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Process Id: 2348
EPROCESS Address: 0x88DC4BC0
Process: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
Process Id: 2356
EPROCESS Address: 0x8959E620
Process: C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
Process Id: 2532
EPROCESS Address: 0x89BB1668
Process: C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
Process Id: 2592
EPROCESS Address: 0x8959C318
Process: C:\RkUnhooker\1f635oXl5l0blj.exe
Process Id: 4880
EPROCESS Address: 0x8866F300
==============================================
>Drivers
Driver: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xB7C1A000
Size: 4349952 bytes
Driver: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Address: 0xB80FA000
Size: 4026368 bytes
Driver: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBF17C000
Size: 3178496 bytes
Driver: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000
Size: 2068224 bytes
Driver: PnpManager
Address: 0x804D7000
Size: 2068224 bytes
Driver: RAW
Address: 0x804D7000
Size: 2068224 bytes
Driver: WMIxWDM
Address: 0x804D7000
Size: 2068224 bytes
Driver: Win32k
Address: 0xBF800000
Size: 1847296 bytes
Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1847296 bytes
Driver: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBF484000
Size: 1765376 bytes
Driver: PCI_PNP1440
Address: 0xB9EA7000
Size: 1048576 bytes
Driver: spsv.sys
Address: 0xB9EA7000
Size: 1048576 bytes
Driver: sptd
Address: 0xB9EA7000
Size: 1048576 bytes
Driver: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090508.003\navex15.sys
Address: 0xA7583000
Size: 872448 bytes
Driver: Ntfs.sys
Address: 0xB9D16000
Size: 577536 bytes
Driver: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBF05F000
Size: 520192 bytes
Driver: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBF0DE000
Size: 458752 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA18C1000
Size: 458752 bytes
Driver: C:\WINDOWS\System32\Drivers\a7lkyrpd.SYS
Address: 0xB7BA1000
Size: 413696 bytes
Driver: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB7A17000
Size: 385024 bytes
Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA1A6C000
Size: 364544 bytes
Driver: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0x9F563000
Size: 335872 bytes
Driver: C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys
Address: 0xA766B000
Size: 323584 bytes
Driver: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF012000
Size: 315392 bytes
Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000
Size: 286720 bytes
Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0x9EC25000
Size: 266240 bytes
Driver: C:\WINDOWS\system32\DRIVERS\NVNRM.SYS
Address: 0xB8073000
Size: 262144 bytes
Driver: C:\WINDOWS\System32\Drivers\SYMTDI.SYS
Address: 0xA1A2C000
Size: 262144 bytes
Driver: C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS
Address: 0xA19A6000
Size: 229376 bytes
Driver: C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS
Address: 0xB8040000
Size: 208896 bytes
Driver: ACPI.sys
Address: 0xB9E61000
Size: 188416 bytes
Driver: C:\WINDOWS\System32\atiok3x2.dll
Address: 0xBF14E000
Size: 188416 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0x9F605000
Size: 184320 bytes
Driver: NDIS.sys
Address: 0xB9CE9000
Size: 184320 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA1931000
Size: 176128 bytes
Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA197E000
Size: 163840 bytes
Driver: C:\WINDOWS\System32\Drivers\SYMFW.SYS
Address: 0xA19DE000
Size: 163840 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA1A06000
Size: 155648 bytes
Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB80D6000
Size: 147456 bytes
Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB8CC9000
Size: 147456 bytes
Driver: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xB80B3000
Size: 143360 bytes
Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA195C000
Size: 139264 bytes
Driver: ACPI_HAL
Address: 0x806D0000
Size: 131840 bytes
Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806D0000
Size: 131840 bytes
Driver: fltmgr.sys
Address: 0xB9DCC000
Size: 131072 bytes
Driver: ftdisk.sys
Address: 0xB9E31000
Size: 126976 bytes
Driver: Mup.sys
Address: 0xB9CCF000
Size: 106496 bytes
Driver: atapi.sys
Address: 0xB9E19000
Size: 98304 bytes
Driver: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xB9E8F000
Size: 98304 bytes
Driver: C:\WINDOWS\System32\Drivers\dump_nvata.sys
Address: 0xA18AA000
Size: 94208 bytes
Driver: KSecDD.sys
Address: 0xB9DA3000
Size: 94208 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB7AD6000
Size: 94208 bytes
Driver: nvata.sys
Address: 0xB9DEC000
Size: 94208 bytes
Driver: nvatabus.sys
Address: 0xB9E03000
Size: 90112 bytes
Driver: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090508.003\naveng.sys
Address: 0xA756E000
Size: 86016 bytes
Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0x9F206000
Size: 86016 bytes
Driver: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB7B8D000
Size: 81920 bytes
Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB7C06000
Size: 81920 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA1AC5000
Size: 77824 bytes
Driver: C:\Program Files\Symantec\SYMEVENT.SYS
Address: 0xA7658000
Size: 77824 bytes
Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000
Size: 73728 bytes
Driver: sr.sys
Address: 0xB9DBA000
Size: 73728 bytes
Driver: pci.sys
Address: 0xB9E50000
Size: 69632 bytes
Driver: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB7AC5000
Size: 69632 bytes
Driver: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Address: 0xB8D4D000
Size: 65536 bytes
Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xA1B88000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA1B8000
Size: 65536 bytes
Driver: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys
Address: 0xB0072000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xB8D6D000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA198000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xB8D7D000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0x9F3C3000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB5D5C000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA0E8000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xB8D5D000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB89C4000
Size: 53248 bytes
Driver: VolSnap.sys
Address: 0xBA0C8000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB89A4000
Size: 49152 bytes
Driver: C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
Address: 0xA2136000
Size: 49152 bytes
Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xA20E6000
Size: 45056 bytes
Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA1A8000
Size: 45056 bytes
Driver: MountMgr.sys
Address: 0xBA0B8000
Size: 45056 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xB89B4000
Size: 45056 bytes
Driver: C:\WINDOWS\System32\Drivers\SYMIDS.SYS
Address: 0xA2116000
Size: 45056 bytes
Driver: isapnp.sys
Address: 0xBA0A8000
Size: 40960 bytes
Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB5D7C000
Size: 40960 bytes
Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB8984000
Size: 40960 bytes
Driver: disk.sys
Address: 0xBA0D8000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xB8994000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xA2106000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
Address: 0xB00C2000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xA2126000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xA1BE0000
Size: 32768 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA3F8000
Size: 32768 bytes
Driver: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xBA360000
Size: 28672 bytes
Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000
Size: 28672 bytes
Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA370000
Size: 24576 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA368000
Size: 24576 bytes
Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS
Address: 0xA1F95000
Size: 24576 bytes
Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xA1F75000
Size: 24576 bytes
Driver: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xB0335000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\hamachi.sys
Address: 0xBA390000
Size: 20480 bytes
Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xA1F65000
Size: 20480 bytes
Driver: PartMgr.sys
Address: 0xBA330000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA380000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA388000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA378000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xBA3F0000
Size: 20480 bytes
Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xA1BA0000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xB9C9F000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB2445000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
Address: 0xBA570000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xB9CAB000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB67AE000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\drivers\EIO.sys
Address: 0x9F642000
Size: 12288 bytes
Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys
Address: 0x9E6D9000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB9CA7000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\drivers\pfc.sys
Address: 0xBA568000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xBA5A4000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
Address: 0xB7962000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Address: 0x9F676000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBA60A000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA638000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA608000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA60C000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xA1EEA000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA60E000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA612000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\SYMDNS.SYS
Address: 0xAF9C6000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBA626000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xBA5AA000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA7C1000
Size: 4096 bytes
Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xA20A4000
Size: 4096 bytes
Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xA1D69000
Size: 4096 bytes
Driver: pciide.sys
Address: 0xBA670000
Size: 4096 bytes
Driver: unknown_irp_handler
Address: 0x89DCE1F8
Size: 3592 bytes
Driver: unknown_irp_handler
Address: 0x89DCF1F8
Size: 3592 bytes
Driver: unknown_irp_handler
Address: 0x89A091F8
Size: 3592 bytes
Driver: unknown_irp_handler
Address: 0x89D631F8
Size: 3592 bytes
Driver: unknown_irp_handler
Address: 0x89A041F8
Size: 3592 bytes
Driver: unknown_irp_handler
Address: 0x89BBE1F8
Size: 3592 bytes
Driver: unknown_irp_handler
Address: 0x89D641F8
Size: 3592 bytes
Driver: unknown_irp_handler
Address: 0x8954C500
Size: 2816 bytes
Driver: unknown_irp_handler
Address: 0x89BBD500
Size: 2816 bytes
Driver: unknown_irp_handler
Address: 0x8958E500
Size: 2816 bytes
Driver: unknown_irp_handler
Address: 0x89A51500
Size: 2816 bytes
==============================================
>Stealth
==============================================
>Files
==============================================
>Hooks
ntkrnlpa.exe+0x0002AF78, Type: Inline - RelativeCall at address 0x80501F78 hook handler located in [unknown_code_page]
[2132]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]
Re: win32/Mebroot.K Trojan
Pokazde kdyz zkusim pustit scan treba jen u Files.. tak to zastavi zrejme symantec a oznaci nejaky soubor jako trojana .. pustil jsem to jeste 2x a dal do karanteny soubory ... B0800F21.exe, 84B9B207.exe, 47A4C808.exe...
Nevim zda nevadi ze mam ten symantec nainstalovanej... ????
Nevim zda nevadi ze mam ten symantec nainstalovanej... ????
Re: win32/Mebroot.K Trojan
Na zaver to poresime.Seznam mam.Jeste pozn. zacina mit chaos v tom co jsem instal a co bylo jen spusteno .. nemel bych vzdy dany soft následne odinstalovat ??
Otestujte na VIRUSTOTALuc:\windows\temp\6.tmp
C:\WINDOWS\System32\Drivers\a7lkyrpd.SYS
(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)
Symantec samozrejme ponechte,bez antiviru to byt nemuze.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: win32/Mebroot.K Trojan
Nevim jak je to mozne ale tyto soubory nikde nejsou ...
je pravda ze jsem pred tim vysypal kos, ale to by myslim nemelo mít vliv ...
... je pravda ze jsem pred tim vysypal kos, ale to by myslim nemelo mít vliv ...
Re: win32/Mebroot.K Trojan
Zitra budeme pokracovat,ted bych uz nevyplodil nic kloudneho 
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: win32/Mebroot.K Trojan
jeste dotaz .. podle tebe muzu ten PC normalne pouzivat ??? Je to synuv ,... hl. na hry .. je mi jasny ze radsi do banky z neho nepolezu ...
Re: win32/Mebroot.K Trojan
Myslim,ze muzete.
Ted udelame nasledujici kroky:
Jdete do Ovladacich panelu a z nasledujiciho seznamu pokud bude neco obsazeno dejte odebrat:
GMER
mbr
CureIt
Eset Mebroot Remover
Fixmebroot
Tcleaner
RR
IceSword
HDTune
UPM
Norman Sinowal Cleaner
DDS
Rootkit Unhooker
Start - spustit - napiste combofix /u - a klepnout na OK
Pouzijte T-Cleaner na vycisteni pc po docasnych souborech pri odvirovani.Postupujte dle instrukci na obrazovce.Pri detekci antivirem se jedna o falesny poplach.
Vycistete pc Ccleanerem.Stahujte zde.Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.
Windows-odskrtnout historii a historii automatickeho vyplnovani formularu.
Aplikace-u prohlizecu internetu odskrtnout Historii internetu.
Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy(nechat ho udelat zalohu-ta je ulozena v Dokumentech).Taktez 2x-3x po sobe.
Stahnete OTListIt2 ,ulozte na plochu,spustte,oznacte "Scan All Users,30days zmente na 7,kliknete na "Run Scan",otevre se log, jeho obsah zkopirujte sem.
Stahnete MBR ulozte ho na plochu-spustte - vytvori se log mbr.log, vlozte ho cely sem.
Ted udelame nasledujici kroky:
Jdete do Ovladacich panelu a z nasledujiciho seznamu pokud bude neco obsazeno dejte odebrat:GMER
mbr
CureIt
Eset Mebroot Remover
Fixmebroot
Tcleaner
RR
IceSword
HDTune
UPM
Norman Sinowal Cleaner
DDS
Rootkit Unhooker
Start - spustit - napiste combofix /u - a klepnout na OK Pouzijte T-Cleaner na vycisteni pc po docasnych souborech pri odvirovani.Postupujte dle instrukci na obrazovce.Pri detekci antivirem se jedna o falesny poplach. Vycistete pc Ccleanerem.Stahujte zde.Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.Windows-odskrtnout historii a historii automatickeho vyplnovani formularu.
Aplikace-u prohlizecu internetu odskrtnout Historii internetu.
Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy(nechat ho udelat zalohu-ta je ulozena v Dokumentech).Taktez 2x-3x po sobe.
Stahnete OTListIt2 ,ulozte na plochu,spustte,oznacte "Scan All Users,30days zmente na 7,kliknete na "Run Scan",otevre se log, jeho obsah zkopirujte sem. Stahnete MBR ulozte ho na plochu-spustte - vytvori se log mbr.log, vlozte ho cely sem.Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: win32/Mebroot.K Trojan
hodilo to dva logy .. nejdrive OTListIt.txt:
OTListIt logfile created on: 15.5.2009 22:27:53 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Owner\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 71,98% Memory free
3,85 Gb Paging File | 3,43 Gb Available in Paging File | 89,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 145,35 Gb Free Space | 62,41% Space Free | Partition Type: NTFS
Drive D: | 642,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DENDANEW
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 7 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - [2008.03.29 05:54:05 | 00,536,576 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008.03.29 05:54:05 | 00,536,576 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2004.05.12 17:54:10 | 00,242,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004.05.12 17:53:16 | 00,255,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2008.04.14 05:22:22 | 01,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006.11.17 05:42:52 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2007.07.17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2004.06.16 06:03:04 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004.05.12 17:52:58 | 00,066,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004.05.12 18:01:22 | 00,124,128 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
PRC - [2008.01.22 10:13:20 | 00,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2008.04.01 11:39:48 | 00,486,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [1998.01.12 18:05:52 | 00,083,456 | ---- | M] (Corel Corporation) -- C:\Corel\Graphics8\Programs\MFIndexer.exe
PRC - [2007.07.17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2004.05.12 17:53:48 | 00,291,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2004.05.12 17:57:46 | 00,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
PRC - [2006.12.14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009.02.28 16:44:09 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009.05.10 18:40:12 | 00,189,072 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2004.03.11 15:58:32 | 00,193,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2004.05.12 17:59:22 | 01,230,056 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2004.03.05 14:08:46 | 00,222,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
PRC - [2004.08.11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2005.04.27 14:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2008.01.22 10:13:26 | 00,275,752 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2008.01.22 10:13:32 | 01,201,448 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2009.05.15 22:26:47 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Plocha\OTListIt2.exe
========== Win32 Services (SafeList) ==========
SRV - File not found -- -- (47A4C808 [On_Demand | Stopped])
SRV - File not found -- -- (84B9B207 [On_Demand | Stopped])
SRV - [2007.10.24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008.03.29 05:54:05 | 00,536,576 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2005.12.14 21:10:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - File not found -- -- (B0800F21 [On_Demand | Stopped])
SRV - [2004.05.12 17:53:16 | 00,255,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2004.05.12 17:53:48 | 00,291,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy [Auto | Running])
SRV - [2004.05.12 17:53:58 | 00,087,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2004.05.12 17:54:10 | 00,242,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2007.10.24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004.05.12 17:57:46 | 00,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2006.10.20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008.04.14 05:21:53 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006.10.30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006.12.14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007.11.28 10:27:24 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2006.10.30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008.01.22 10:13:26 | 00,275,752 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2009.02.28 16:44:09 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009.05.10 18:40:12 | 00,189,072 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2004.05.12 18:00:12 | 00,173,288 | ---- | M] (symantec) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2004.03.11 15:58:32 | 00,193,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [Auto | Running])
SRV - [2004.05.12 17:59:22 | 01,230,056 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2004.03.05 14:08:46 | 00,222,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort [Auto | Running])
SRV - [2004.08.11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2005.04.27 14:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running])
========== Driver Services (SafeList) ==========
DRV - [2006.12.04 17:11:46 | 04,025,984 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2006.07.01 22:42:58 | 00,043,008 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2008.03.29 08:21:53 | 02,873,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2006.06.14 07:56:00 | 00,012,288 | R--- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO [Auto | Running])
DRV - [2007.09.07 14:55:04 | 00,027,672 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\ENTECH.SYS -- (ENTECH [On_Demand | Stopped])
DRV - [2008.07.17 17:26:51 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2009.05.15 10:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090515.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009.05.15 10:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090515.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2005.08.18 17:52:06 | 00,093,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2004.12.07 10:15:54 | 00,087,936 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running])
DRV - [2005.04.06 03:22:28 | 00,033,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2005.04.06 03:22:30 | 00,012,928 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2008.05.17 21:57:02 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2006.03.02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004.02.09 17:43:56 | 00,301,200 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
DRV - [2004.02.09 17:43:56 | 00,037,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [Auto | Running])
DRV - [2007.11.13 12:25:52 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008.05.18 18:55:22 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2004.03.11 15:58:00 | 00,010,688 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2004.03.05 01:46:46 | 00,082,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2004.03.11 15:58:02 | 00,165,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2004.03.11 15:58:06 | 00,046,528 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2006.02.09 17:07:20 | 00,231,200 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS -- (SYMIDSCO [On_Demand | Running])
DRV - [2004.03.11 15:58:04 | 00,051,520 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2004.03.11 15:58:08 | 00,016,288 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2004.03.11 15:58:10 | 00,263,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1417001333-630328440-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1417001333-630328440-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-1417001333-630328440-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-1417001333-630328440-725345543-1003\S-1-5-21-1417001333-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.cz"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009.04.29 06:08:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009.04.29 06:08:34 | 00,000,000 | ---D | M]
[2008.12.23 18:03:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Data aplikací\mozilla\Extensions
[2008.12.23 18:03:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Data aplikací\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008.12.23 18:03:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Data aplikací\mozilla\Firefox\Profiles\4h6rsqhy.default\extensions
[2008.12.23 18:01:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.04.29 06:08:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.04.29 06:08:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.04.29 06:08:30 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008.04.16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008.03.31 21:06:24 | 00,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2008.03.31 21:06:24 | 00,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2008.01.27 11:57:20 | 00,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2008.01.27 11:57:20 | 00,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 21:06:24 | 00,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: (737 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1417001333-630328440-725345543-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1417001333-630328440-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKU\S-1-5-21-1417001333-630328440-725345543-1003..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe (Corel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-630328440-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 0944608546 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{14217C79-DF98-4835-8813-19C59AF3B74E}\\NameServer = 212.158.128.2,212.158.128.3
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2023.08.02 22:51:57 | 00,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{027cd742-c8fd-11dd-92a3-000c76aff543}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{eeadaddb-2342-11dd-afac-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{eeadaddb-2342-11dd-afac-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Setup.exe -- [2008.04.14 05:22:45 | 00,023,040 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009.05.15 22:26:47 | 00,000,000 | ---D | M]
========== Files/Folders - Created Within 7 Days ==========
[2009.05.15 22:26:47 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Plocha\OTListIt2.exe
[2009.05.15 22:23:20 | 00,000,164 | ---- | C] () -- C:\Documents and Settings\Owner\Dokumenty\cc_20090515_222319.reg
[2009.05.15 22:22:19 | 00,003,634 | ---- | C] () -- C:\Documents and Settings\Owner\Dokumenty\cc_20090515_222214.reg
[2009.05.15 22:21:15 | 00,453,088 | ---- | C] () -- C:\Documents and Settings\Owner\Dokumenty\cc_20090515_222108.reg
[2009.05.15 22:11:41 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Owner\Plocha\CCleaner.lnk
[2009.05.15 22:11:40 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009.05.13 23:37:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Data aplikací\AVS4YOU
[2009.05.13 23:37:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVS4YOU
[2009.05.13 23:36:58 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2009.05.13 23:36:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2009.05.13 23:36:58 | 00,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2009.05.13 20:28:14 | 00,000,000 | ---D | C] -- C:\Program Files\UPM
[2009.05.12 20:44:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Plocha\IceSword122en
[2009.05.03 21:43:09 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2009.04.11 12:53:50 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2008.12.20 18:32:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008.07.16 10:06:23 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.06.25 17:45:37 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008.06.07 11:35:25 | 00,000,212 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008.05.31 21:51:44 | 00,000,217 | ---- | C] () -- C:\WINDOWS\MPPAGER.INI
[2008.05.18 19:25:25 | 00,138,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.05.18 19:24:43 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008.05.18 18:55:22 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.05.18 17:48:43 | 00,005,501 | ---- | C] () -- C:\WINDOWS\System32\rtclcmg32.dll
[2008.05.17 21:58:27 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008.05.16 15:18:47 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008.05.16 14:16:56 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2006.03.02 14:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2006.03.02 14:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005.10.14 11:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002.12.05 18:51:00 | 00,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2002.07.17 09:21:20 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\VDIError.dll
[2002.07.17 09:20:18 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\VCkNFS.dll
[2002.07.16 15:11:34 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\Chkmes.dll
[2002.03.21 15:39:02 | 00,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002.03.20 22:01:06 | 00,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[1997.06.14 02:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
========== Files - Modified Within 7 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009.05.15 22:26:47 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Plocha\OTListIt2.exe
[2009.05.15 22:23:23 | 00,000,164 | ---- | M] () -- C:\Documents and Settings\Owner\Dokumenty\cc_20090515_222319.reg
[2009.05.15 22:22:45 | 00,003,634 | ---- | M] () -- C:\Documents and Settings\Owner\Dokumenty\cc_20090515_222214.reg
[2009.05.15 22:21:41 | 00,453,088 | ---- | M] () -- C:\Documents and Settings\Owner\Dokumenty\cc_20090515_222108.reg
[2009.05.15 22:11:41 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Plocha\CCleaner.lnk
[2009.05.15 21:58:15 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\desktop.ini
[2009.05.15 21:58:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.05.15 21:58:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.05.14 22:40:59 | 00,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.05.13 20:29:15 | 00,001,675 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Corel MEDIA FOLDERS INDEXER 8.LNK
[2009.05.13 20:29:15 | 00,001,030 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
[2009.05.12 16:45:59 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.05.10 18:40:38 | 00,138,920 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.05.10 18:40:13 | 00,189,072 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009.05.10 18:40:12 | 00,189,072 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
< End of report >
OTListIt logfile created on: 15.5.2009 22:27:53 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Owner\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 71,98% Memory free
3,85 Gb Paging File | 3,43 Gb Available in Paging File | 89,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 145,35 Gb Free Space | 62,41% Space Free | Partition Type: NTFS
Drive D: | 642,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DENDANEW
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 7 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - [2008.03.29 05:54:05 | 00,536,576 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008.03.29 05:54:05 | 00,536,576 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2004.05.12 17:54:10 | 00,242,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004.05.12 17:53:16 | 00,255,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2008.04.14 05:22:22 | 01,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006.11.17 05:42:52 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2007.07.17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2004.06.16 06:03:04 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004.05.12 17:52:58 | 00,066,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004.05.12 18:01:22 | 00,124,128 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
PRC - [2008.01.22 10:13:20 | 00,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2008.04.01 11:39:48 | 00,486,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [1998.01.12 18:05:52 | 00,083,456 | ---- | M] (Corel Corporation) -- C:\Corel\Graphics8\Programs\MFIndexer.exe
PRC - [2007.07.17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2004.05.12 17:53:48 | 00,291,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2004.05.12 17:57:46 | 00,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
PRC - [2006.12.14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009.02.28 16:44:09 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009.05.10 18:40:12 | 00,189,072 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2004.03.11 15:58:32 | 00,193,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2004.05.12 17:59:22 | 01,230,056 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2004.03.05 14:08:46 | 00,222,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
PRC - [2004.08.11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2005.04.27 14:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2008.01.22 10:13:26 | 00,275,752 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2008.01.22 10:13:32 | 01,201,448 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2009.05.15 22:26:47 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Plocha\OTListIt2.exe
========== Win32 Services (SafeList) ==========
SRV - File not found -- -- (47A4C808 [On_Demand | Stopped])
SRV - File not found -- -- (84B9B207 [On_Demand | Stopped])
SRV - [2007.10.24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008.03.29 05:54:05 | 00,536,576 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2005.12.14 21:10:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - File not found -- -- (B0800F21 [On_Demand | Stopped])
SRV - [2004.05.12 17:53:16 | 00,255,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2004.05.12 17:53:48 | 00,291,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy [Auto | Running])
SRV - [2004.05.12 17:53:58 | 00,087,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2004.05.12 17:54:10 | 00,242,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2007.10.24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004.05.12 17:57:46 | 00,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2006.10.20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008.04.14 05:21:53 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006.10.30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006.12.14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007.11.28 10:27:24 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2006.10.30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008.01.22 10:13:26 | 00,275,752 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2009.02.28 16:44:09 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009.05.10 18:40:12 | 00,189,072 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2004.05.12 18:00:12 | 00,173,288 | ---- | M] (symantec) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2004.03.11 15:58:32 | 00,193,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [Auto | Running])
SRV - [2004.05.12 17:59:22 | 01,230,056 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2004.03.05 14:08:46 | 00,222,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort [Auto | Running])
SRV - [2004.08.11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2005.04.27 14:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running])
========== Driver Services (SafeList) ==========
DRV - [2006.12.04 17:11:46 | 04,025,984 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2006.07.01 22:42:58 | 00,043,008 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2008.03.29 08:21:53 | 02,873,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2006.06.14 07:56:00 | 00,012,288 | R--- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO [Auto | Running])
DRV - [2007.09.07 14:55:04 | 00,027,672 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\ENTECH.SYS -- (ENTECH [On_Demand | Stopped])
DRV - [2008.07.17 17:26:51 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2009.05.15 10:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090515.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009.05.15 10:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090515.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2005.08.18 17:52:06 | 00,093,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2004.12.07 10:15:54 | 00,087,936 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running])
DRV - [2005.04.06 03:22:28 | 00,033,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2005.04.06 03:22:30 | 00,012,928 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2008.05.17 21:57:02 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2006.03.02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004.02.09 17:43:56 | 00,301,200 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
DRV - [2004.02.09 17:43:56 | 00,037,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [Auto | Running])
DRV - [2007.11.13 12:25:52 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008.05.18 18:55:22 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2004.03.11 15:58:00 | 00,010,688 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2004.03.05 01:46:46 | 00,082,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2004.03.11 15:58:02 | 00,165,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2004.03.11 15:58:06 | 00,046,528 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2006.02.09 17:07:20 | 00,231,200 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS -- (SYMIDSCO [On_Demand | Running])
DRV - [2004.03.11 15:58:04 | 00,051,520 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2004.03.11 15:58:08 | 00,016,288 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2004.03.11 15:58:10 | 00,263,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1417001333-630328440-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1417001333-630328440-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-1417001333-630328440-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-1417001333-630328440-725345543-1003\S-1-5-21-1417001333-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.cz"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009.04.29 06:08:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009.04.29 06:08:34 | 00,000,000 | ---D | M]
[2008.12.23 18:03:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Data aplikací\mozilla\Extensions
[2008.12.23 18:03:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Data aplikací\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008.12.23 18:03:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Data aplikací\mozilla\Firefox\Profiles\4h6rsqhy.default\extensions
[2008.12.23 18:01:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.04.29 06:08:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.04.29 06:08:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.04.29 06:08:30 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008.04.16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008.03.31 21:06:24 | 00,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2008.03.31 21:06:24 | 00,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2008.01.27 11:57:20 | 00,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2008.01.27 11:57:20 | 00,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 21:06:24 | 00,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: (737 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1417001333-630328440-725345543-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1417001333-630328440-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKU\S-1-5-21-1417001333-630328440-725345543-1003..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe (Corel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-630328440-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 0944608546 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{14217C79-DF98-4835-8813-19C59AF3B74E}\\NameServer = 212.158.128.2,212.158.128.3
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2023.08.02 22:51:57 | 00,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{027cd742-c8fd-11dd-92a3-000c76aff543}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{eeadaddb-2342-11dd-afac-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{eeadaddb-2342-11dd-afac-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Setup.exe -- [2008.04.14 05:22:45 | 00,023,040 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009.05.15 22:26:47 | 00,000,000 | ---D | M]
========== Files/Folders - Created Within 7 Days ==========
[2009.05.15 22:26:47 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Plocha\OTListIt2.exe
[2009.05.15 22:23:20 | 00,000,164 | ---- | C] () -- C:\Documents and Settings\Owner\Dokumenty\cc_20090515_222319.reg
[2009.05.15 22:22:19 | 00,003,634 | ---- | C] () -- C:\Documents and Settings\Owner\Dokumenty\cc_20090515_222214.reg
[2009.05.15 22:21:15 | 00,453,088 | ---- | C] () -- C:\Documents and Settings\Owner\Dokumenty\cc_20090515_222108.reg
[2009.05.15 22:11:41 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Owner\Plocha\CCleaner.lnk
[2009.05.15 22:11:40 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009.05.13 23:37:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Data aplikací\AVS4YOU
[2009.05.13 23:37:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVS4YOU
[2009.05.13 23:36:58 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2009.05.13 23:36:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2009.05.13 23:36:58 | 00,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2009.05.13 20:28:14 | 00,000,000 | ---D | C] -- C:\Program Files\UPM
[2009.05.12 20:44:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Plocha\IceSword122en
[2009.05.03 21:43:09 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2009.04.11 12:53:50 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2008.12.20 18:32:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008.07.16 10:06:23 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.06.25 17:45:37 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008.06.07 11:35:25 | 00,000,212 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008.05.31 21:51:44 | 00,000,217 | ---- | C] () -- C:\WINDOWS\MPPAGER.INI
[2008.05.18 19:25:25 | 00,138,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.05.18 19:24:43 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008.05.18 18:55:22 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.05.18 17:48:43 | 00,005,501 | ---- | C] () -- C:\WINDOWS\System32\rtclcmg32.dll
[2008.05.17 21:58:27 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008.05.16 15:18:47 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008.05.16 14:16:56 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2006.03.02 14:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2006.03.02 14:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005.10.14 11:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002.12.05 18:51:00 | 00,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2002.07.17 09:21:20 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\VDIError.dll
[2002.07.17 09:20:18 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\VCkNFS.dll
[2002.07.16 15:11:34 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\Chkmes.dll
[2002.03.21 15:39:02 | 00,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002.03.20 22:01:06 | 00,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[1997.06.14 02:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
========== Files - Modified Within 7 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009.05.15 22:26:47 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Plocha\OTListIt2.exe
[2009.05.15 22:23:23 | 00,000,164 | ---- | M] () -- C:\Documents and Settings\Owner\Dokumenty\cc_20090515_222319.reg
[2009.05.15 22:22:45 | 00,003,634 | ---- | M] () -- C:\Documents and Settings\Owner\Dokumenty\cc_20090515_222214.reg
[2009.05.15 22:21:41 | 00,453,088 | ---- | M] () -- C:\Documents and Settings\Owner\Dokumenty\cc_20090515_222108.reg
[2009.05.15 22:11:41 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Plocha\CCleaner.lnk
[2009.05.15 21:58:15 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\desktop.ini
[2009.05.15 21:58:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.05.15 21:58:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.05.14 22:40:59 | 00,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.05.13 20:29:15 | 00,001,675 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Corel MEDIA FOLDERS INDEXER 8.LNK
[2009.05.13 20:29:15 | 00,001,030 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
[2009.05.12 16:45:59 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.05.10 18:40:38 | 00,138,920 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.05.10 18:40:13 | 00,189,072 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009.05.10 18:40:12 | 00,189,072 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
< End of report >
Přispějete na provoz fóra?