VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

r.o.s.t.a.c.k.a - kontrola logu.

https://forum.viry.cz:443/viewtopic.php?t=32968

Stránka 6 z 12

Napsal: 19 dub 2008 10:28
od r.o.s.t.a.c.k.a
bylo mi doporučeno udělat log z LopFindu, tak prosím o kontrolu znovu.. Díky..

LopFind v4 © Čas: 11:27:51,30 Datum: so 19.04.2008

******************************************

1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:

Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je 9C0B-34B7.

Věpis adres ýe C:\Documents and Settings\All Users\DATAAP~1

18.04.2008 23:48 <DIR> MailFrontier
15.04.2008 15:06 <DIR> Real
29.01.2008 19:33 <DIR> SongbirdVLC
26.11.2007 21:02 <DIR> vsosdk
24.11.2007 18:54 <DIR> That size part chin
20.11.2007 16:43 <DIR> Google
13.11.2007 07:34 <DIR> SlySoft
09.11.2007 14:45 <DIR> DVD Shrink
06.11.2007 18:29 <DIR> Sandlot Games
06.11.2007 18:27 <DIR> Trymedia
30.10.2007 22:58 <DIR> Adobe
18.10.2007 14:28 88 .zreglib
18.10.2007 14:07 <DIR> Ahead
14.10.2007 08:46 <DIR> Nokia
23.09.2007 15:23 <DIR> CyberLink
20.09.2007 17:49 <DIR> nView_Profiles
18.09.2007 16:36 <DIR> TEMP
16.09.2007 21:02 <DIR> CanonBJ
15.09.2007 07:48 <DIR> Microsoft Help
14.09.2007 07:01 <DIR> PC Suite
14.09.2007 07:00 <DIR> Installations
12.09.2007 23:58 305 addr_file.html
12.09.2007 22:38 62 desktop.ini
12.09.2007 22:37 <DIR> Microsoft
12.09.2007 22:37 <DIR> .
12.09.2007 22:37 <DIR> ..
12.09.2007 21:42 <DIR> Avira
3 soubor…, 455 bajt…
Adres ý…: 24, Volněch bajt…: 27014103040
Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je 9C0B-34B7.

Věpis adres ýe C:\Documents and Settings\Nanina\DATAAP~1

15.04.2008 15:06 <DIR> Real
15.04.2008 04:20 8 NMM-MetaData.db
17.03.2008 19:14 <DIR> DVD Flick
14.03.2008 08:52 <DIR> IObit
02.03.2008 23:28 <DIR> Talkback
02.03.2008 23:27 <DIR> Mozilla
12.02.2008 16:21 <DIR> Help
11.02.2008 17:26 <DIR> uTorrent
04.01.2008 18:34 <DIR> QIP
02.01.2008 09:04 <DIR> DAEMON Tools
18.11.2007 12:31 <DIR> DivX
18.11.2007 12:31 <DIR> Media Player Classic
30.10.2007 22:59 <DIR> Adobe
23.10.2007 20:09 <DIR> ROAD BEND DUMB
20.10.2007 08:54 <DIR> Nokia Multimedia Player
18.10.2007 14:28 <DIR> SlySoft
15.10.2007 18:00 34 pcouffin.log
15.10.2007 18:00 7176 pcouffin.cat
15.10.2007 18:00 81920 ezpinst.exe
15.10.2007 18:00 47360 pcouffin.sys
15.10.2007 18:00 1144 pcouffin.inf
15.10.2007 18:00 <DIR> Vso
11.10.2007 13:48 <DIR> SecuROM
07.10.2007 19:15 <DIR> Zoner
18.09.2007 16:37 <DIR> WinRAR
18.09.2007 09:42 <DIR> Canon
14.09.2007 07:04 <DIR> Opera
14.09.2007 07:01 <DIR> Nokia
14.09.2007 07:00 <DIR> PC Suite
12.09.2007 22:39 <DIR> Macromedia
12.09.2007 21:58 <DIR> Ahead
12.09.2007 20:53 <DIR> Identities
12.09.2007 20:53 62 desktop.ini
12.09.2007 20:53 <DIR> ..
12.09.2007 20:53 <DIR> .
12.09.2007 20:53 <DIR> Microsoft
7 soubor…, 137704 bajt…
Adres ý…: 29, Volněch bajt…: 27014103040
Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je 9C0B-34B7.

Věpis adres ýe C:\Documents and Settings\Default User\DATAAP~1

12.09.2007 22:38 62 desktop.ini
12.09.2007 22:37 <DIR> ..
12.09.2007 22:37 <DIR> Microsoft
12.09.2007 22:37 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 3, Volněch bajt…: 27014103040
Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je 9C0B-34B7.

Věpis adres ýe C:\Documents and Settings\LocalService\DATAAP~1

28.02.2008 22:22 <DIR> Ahead
12.09.2007 20:52 <DIR> ..
12.09.2007 20:52 <DIR> Microsoft
12.09.2007 20:52 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 4, Volněch bajt…: 27014098944
Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je 9C0B-34B7.

Věpis adres ýe C:\Documents and Settings\NetworkService\DATAAP~1

12.09.2007 20:52 <DIR> ..
12.09.2007 20:52 <DIR> Microsoft
12.09.2007 20:52 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 27014098944

******************************************

2) Zjišťování přítomnosti ve složce Program Files:

a) Výpis obsahu Program Files složky pro zjištění duplicitních kopií podezřelých adresářů:

Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je 9C0B-34B7.

Věpis adres ýe C:\Program Files

18.04.2008 23:49 <DIR> .
18.04.2008 23:49 <DIR> ..
23.09.2007 13:21 <DIR> 3DO
08.03.2008 10:33 <DIR> Adobe
15.03.2008 08:23 <DIR> AllToAVI
12.09.2007 21:42 <DIR> Avira
12.09.2007 20:56 <DIR> AvRack
06.11.2007 17:22 <DIR> BFG
17.09.2007 19:33 <DIR> Canon
16.09.2007 21:02 <DIR> CanonBJ
13.04.2008 06:51 <DIR> Common Files
12.09.2007 20:45 <DIR> ComPlus Applications
23.09.2007 15:23 <DIR> CyberLink
14.09.2007 07:00 <DIR> DIFX
12.09.2007 22:23 <DIR> directx
28.11.2007 11:02 <DIR> DivX
17.03.2008 19:14 <DIR> DVD Flick
27.12.2007 19:38 <DIR> Elaborate Bytes
31.01.2008 23:33 <DIR> FT DVD Clone 4.0
04.02.2008 18:41 <DIR> Image-Line
25.03.2008 12:25 <DIR> InstallShield Installation Information
12.09.2007 21:45 <DIR> Intel
17.02.2008 22:17 <DIR> Internet Explorer
14.03.2008 08:51 <DIR> IObit
15.04.2008 15:06 <DIR> K-Lite Codec Pack
29.02.2008 22:17 <DIR> MagicISO
12.09.2007 21:36 <DIR> Messenger
12.09.2007 20:49 <DIR> microsoft frontpage
21.12.2007 20:52 <DIR> Microsoft Office
09.03.2008 09:33 <DIR> Microsoft Visual Studio
15.09.2007 07:54 <DIR> Microsoft Visual Studio 8
15.09.2007 07:59 <DIR> Microsoft Works
15.09.2007 07:57 <DIR> Microsoft.NET
13.04.2008 10:23 <DIR> ModTheSims2.com
12.09.2007 21:36 <DIR> Movie Maker
18.04.2008 23:56 <DIR> Mozilla Firefox
15.09.2007 07:59 <DIR> MSBuild
12.09.2007 20:45 <DIR> MSN
12.09.2007 20:45 <DIR> MSN Gaming Zone
07.04.2008 21:15 <DIR> MSXML 6.0
12.09.2007 21:56 <DIR> Nero
12.09.2007 21:34 <DIR> NetMeeting
07.04.2008 21:15 <DIR> Nokia
17.02.2008 22:26 <DIR> NSS
12.09.2007 20:47 <DIR> Online Services
19.10.2007 17:14 <DIR> Opera
12.09.2007 21:34 <DIR> Outlook Express
13.04.2008 06:51 <DIR> PC Connectivity Solution
18.04.2008 13:09 <DIR> QIP
12.09.2007 20:56 <DIR> Realtek Sound Manager
25.03.2008 12:21 <DIR> Rockstar Games
15.02.2008 07:33 <DIR> Sims2Pack Clean Installer
28.02.2008 11:44 <DIR> SlySoft
14.03.2008 20:12 <DIR> SMPlayer
14.01.2008 22:41 <DIR> Symbian-Toys
26.03.2008 11:01 <DIR> totalcmd
12.09.2007 20:53 <DIR> Uninstall Information
11.02.2008 17:26 <DIR> uTorrent
22.12.2007 10:39 <DIR> vso
01.02.2008 19:06 <DIR> VstPlugins
24.09.2007 18:33 <DIR> Windows Media Player
12.09.2007 21:34 <DIR> Windows NT
12.09.2007 20:45 <DIR> WindowsUpdate
18.09.2007 16:36 <DIR> WinRAR
12.09.2007 20:49 <DIR> xerox
26.01.2008 22:58 <DIR> Zero G Registry
18.04.2008 23:47 <DIR> Zone Labs
18.04.2008 23:49 <DIR> ZoneAlarmSB
0 soubor…, 0 bajt…
Adres ý…: 68, Volněch bajt…: 27˙014˙012˙928

b) Vyhledávání podvodných sponzorovaných programů ve složce Program Files:

Nebyly nalezeny žádné podvodné programy.

******************************************

3) Vyhledávání a odstranění podezřelých .job souborů:

a) Soubory přítomné v C:\WINDOWS\tasks\ adresáři:

Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je 9C0B-34B7.

Věpis adres ýe C:\WINDOWS\Tasks

24.11.2007 18:54 276 B1F60F8290A1801E.job
12.09.2007 20:48 6 SA.DAT
12.09.2007 20:46 65 desktop.ini
12.09.2007 20:46 <DIR> ..
12.09.2007 20:46 <DIR> .
3 soubor…, 347 bajt…
Adres ý…: 2, Volněch bajt…: 27˙014˙012˙928

––––––––––––––––––––––––––––––––––––––––––

b) Zjišťování vlastností přítomných .job souborů:

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'B1F60F8290A1801E.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\nanina\dataap~1\roadbe~1\blah software wave.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Nanina'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 04/19/2008 12:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/01/1995
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


––––––––––––––––––––––––––––––––––––––––––

c) Nalezené a odstraněné nežádoucí soubory:

B1F60F8290A1801E.job

––––––––––––––––––––––––––––––––––––––––––

d) Soubory přítomné v adresáři po vymazání:

Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je 9C0B-34B7.

Věpis adres ýe C:\WINDOWS\Tasks

12.09.2007 20:48 6 SA.DAT
12.09.2007 20:46 65 desktop.ini
12.09.2007 20:46 <DIR> ..
12.09.2007 20:46 <DIR> .
2 soubor…, 71 bajt…
Adres ý…: 2, Volněch bajt…: 27˙014˙012˙928

******************************************

4) Zjišťování přítomnosti v registru:

a) Vyhledávání spouštěcích bodů v registru:

Nebyly nalezeny žádné spouštěcí body v registru.

b) Export výjimek IE pop-up blockeru:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow]
"PopupMgr"="yes"

c) Export povolení Windows firewallu:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

Upozornění: Adware.Lop modifikoval Hosts soubor.

»»»»»»»»»»»»» Konec výpisu «««««««««««««««

Napsal: 19 dub 2008 16:12
od riffman
OK...

poprosim o aktualni log z HJT :)

Napsal: 19 dub 2008 16:55
od r.o.s.t.a.c.k.a
Tady je:

Logfile of HijackThis v1.99.1
Scan saved at 17:55:16, on 19.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Programs\DAEMON Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
c:\Programy na očistu PC\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programs\Adobe Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programs\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Napsal: 19 dub 2008 16:59
od riffman
toto muzete jeste fix v HJT

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent

jinak OK :)

Napsal: 19 dub 2008 19:28
od r.o.s.t.a.c.k.a
OK, díky.. :)

Napsal: 19 dub 2008 19:58
od riffman
nemate zac :)

Re: r.o.s.t.a.c.k.a - kontrola logu.

Napsal: 24 čer 2009 14:07
od r.o.s.t.a.c.k.a
Dlouho jsem si nekontrolovala PC, můžu pro jistotu požádat o kontrolu logu, ať případně včas zjistím, kdyby tam něco bylo? Díky

Logfile of HijackThis v1.99.1
Scan saved at 15:06:11, on 24.6.2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)

Running processes:
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\system32\taskeng.exe
D:\Windows\Explorer.EXE
D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Windows\system32\wuauclt.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\ICQ6.5\ICQ.exe
D:\Windows\system32\SearchProtocolHost.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: d:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Re: r.o.s.t.a.c.k.a - kontrola logu.

Napsal: 24 čer 2009 14:56
od riffman
v mem podpisu najdete odkaz RSIT - stahnout, spustit a log dle navodu sem :)

Re: r.o.s.t.a.c.k.a - kontrola logu.

Napsal: 24 čer 2009 15:51
od r.o.s.t.a.c.k.a
Tak tady je:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jana Mazurová at 2009-06-24 16:49:22
Microsoft Windows 7 Ultimate
System drive D: has 265 GB (56%) free of 477 GB
Total RAM: 3327 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:27, on 24.6.2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\system32\taskeng.exe
D:\Windows\Explorer.EXE
D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Windows\system32\wuauclt.exe
C:\Program Files\ICQ6.5\ICQ.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Windows\system32\SearchProtocolHost.exe
D:\Windows\system32\SearchFilterHost.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
D:\Downloads\RSIT.exe
D:\Program Files\trend micro\Jana Mazurová.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 4253 bytes

======Scheduled tasks folder======

D:\Windows\tasks\AWC Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=D:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [2009-04-23 203416]
"Sidebar"=D:\Program Files\Windows Sidebar\sidebar.exe [2009-04-21 1174016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - D:\Windows\System32\webcheck.dll [2009-04-21 236032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{726f7e08-5bb4-11de-ae68-004f4e62ceb7}]
shell\AutoRun\command - J:\_AUTORUN\AUTORUN.EXE
shell\instDX\command - J:\directX\dxsetup.exe
shell\readme\command - notepad readme.txt


======File associations======

.js - edit - D:\Windows\System32\Notepad.exe %1
.js - open - D:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-06-24 16:49:22 ----D---- D:\rsit
2009-06-24 16:49:22 ----D---- D:\Program Files\trend micro
2009-06-23 08:09:44 ----D---- D:\ProgramData\Adobe
2009-06-23 08:09:42 ----D---- D:\Program Files\Common Files\Adobe
2009-06-23 08:09:42 ----D---- D:\Program Files\Adobe
2009-06-22 17:20:04 ----D---- D:\Users\Jana Mazurová\AppData\Roaming\WinRAR
2009-06-19 21:10:26 ----D---- D:\Users\Jana Mazurová\AppData\Roaming\IObit
2009-06-19 21:10:25 ----D---- D:\Program Files\IObit
2009-06-19 21:07:40 ----D---- D:\ProgramData\Avira
2009-06-19 21:07:40 ----D---- D:\Program Files\Avira
2009-06-19 18:17:41 ----D---- D:\Users\Jana Mazurová\AppData\Roaming\Media Player Classic
2009-06-19 10:25:03 ----D---- D:\Saves
2009-06-19 10:05:13 ----A---- D:\Windows\system32\msonpmon.dll
2009-06-19 10:03:53 ----D---- D:\Program Files\Microsoft Works
2009-06-19 10:03:23 ----D---- D:\Program Files\Microsoft Visual Studio
2009-06-19 10:03:22 ----D---- D:\Program Files\Common Files\DESIGNER
2009-06-19 10:03:00 ----D---- D:\Windows\PCHEALTH
2009-06-19 10:03:00 ----D---- D:\Program Files\Microsoft.NET
2009-06-19 10:01:37 ----D---- D:\Program Files\Microsoft Visual Studio 8
2009-06-19 10:01:01 ----D---- D:\ProgramData\Microsoft Help
2009-06-19 10:01:01 ----D---- D:\Program Files\Microsoft Office
2009-06-19 10:00:21 ----RHD---- D:\MSOCache
2009-06-19 08:40:25 ----A---- D:\Windows\_MSRSTRT.EXE
2009-06-19 07:47:17 ----D---- D:\ProgramData\Electronic Arts
2009-06-19 07:46:22 ----D---- D:\ProgramData\Kaspersky Lab
2009-06-19 07:46:22 ----D---- D:\Program Files\Kaspersky Lab
2009-06-19 07:45:13 ----D---- D:\Program Files\Kaspersky antivir
2009-06-19 07:43:17 ----D---- D:\Program Files\Microsoft WSE
2009-06-19 07:42:39 ----SHD---- D:\Windows\Installer
2009-06-19 07:42:36 ----A---- D:\Windows\system32\d3dx9_31.dll
2009-06-19 07:31:32 ----D---- D:\Program Files\Electronic Arts
2009-06-19 07:31:31 ----HD---- D:\Program Files\InstallShield Installation Information
2009-06-19 02:38:31 ----A---- D:\s3rc.exe
2009-06-19 02:36:57 ----D---- D:\Záloha her
2009-06-18 19:36:36 ----D---- D:\Users\Jana Mazurová\AppData\Roaming\Opera
2009-06-18 12:04:43 ----D---- D:\Program Files\Mozilla Firefox
2009-06-18 12:04:39 ----D---- D:\Program Files\uTorrent
2009-06-18 12:02:01 ----D---- D:\Users\Jana Mazurová\AppData\Roaming\uTorrent
2009-06-17 21:04:20 ----HD---- D:\Windows\PIF
2009-06-17 21:04:14 ----A---- D:\Windows\WINCMD.INI
2009-06-17 21:02:25 ----A---- D:\Windows\IsUn0405.exe
2009-06-17 20:23:26 ----A---- D:\Windows\system32\tquery.dll
2009-06-17 20:23:26 ----A---- D:\Windows\system32\sxs.dll
2009-06-17 20:23:26 ----A---- D:\Windows\system32\mssrch.dll
2009-06-17 20:23:25 ----A---- D:\Windows\system32\user32.dll
2009-06-17 20:23:25 ----A---- D:\Windows\system32\SearchProtocolHost.exe
2009-06-17 20:23:25 ----A---- D:\Windows\system32\SearchIndexer.exe
2009-06-17 20:23:25 ----A---- D:\Windows\system32\SearchFilterHost.exe
2009-06-17 20:23:25 ----A---- D:\Windows\system32\mssvp.dll
2009-06-17 20:23:25 ----A---- D:\Windows\system32\mssphtb.dll
2009-06-17 20:23:25 ----A---- D:\Windows\system32\mssph.dll
2009-06-17 20:23:25 ----A---- D:\Windows\system32\msscntrs.dll
2009-06-17 20:23:25 ----A---- D:\Windows\system32\comctl32.dll
2009-06-17 20:23:25 ----A---- D:\Windows\system32\cdosys.dll
2009-06-17 20:23:24 ----A---- D:\Windows\system32\gdi32.dll
2009-06-17 20:23:21 ----A---- D:\Windows\system32\msmpeg2vdec.dll
2009-06-17 20:23:21 ----A---- D:\Windows\system32\MSMPEG2ENC.DLL
2009-06-17 20:23:21 ----A---- D:\Windows\system32\msmpeg2adec.dll
2009-06-17 20:23:21 ----A---- D:\Windows\system32\MSAC3ENC.DLL
2009-06-17 20:23:21 ----A---- D:\Windows\system32\mfAACEnc.dll
2009-06-17 20:23:19 ----A---- D:\Windows\system32\McxDriv.dll
2009-06-17 20:23:17 ----A---- D:\Windows\system32\mshtml.dll
2009-06-17 20:23:16 ----A---- D:\Windows\system32\wininet.dll
2009-06-17 20:23:16 ----A---- D:\Windows\system32\urlmon.dll
2009-06-17 20:23:16 ----A---- D:\Windows\system32\pngfilt.dll
2009-06-17 20:23:16 ----A---- D:\Windows\system32\mstime.dll
2009-06-17 20:23:16 ----A---- D:\Windows\system32\msrating.dll
2009-06-17 20:23:16 ----A---- D:\Windows\system32\mshtmled.dll
2009-06-17 20:23:16 ----A---- D:\Windows\system32\jsproxy.dll
2009-06-17 20:23:16 ----A---- D:\Windows\system32\inseng.dll
2009-06-17 20:23:16 ----A---- D:\Windows\system32\iepeers.dll
2009-06-17 20:23:16 ----A---- D:\Windows\system32\dxtrans.dll
2009-06-17 20:23:16 ----A---- D:\Windows\system32\dxtmsft.dll
2009-06-17 20:23:14 ----A---- D:\Windows\system32\iertutil.dll
2009-06-17 20:22:57 ----D---- D:\Users\Jana Mazurová\AppData\Roaming\ICQ
2009-06-17 20:10:54 ----D---- D:\Program Files\Alcohol Soft
2009-06-17 19:58:16 ----D---- D:\Users\Jana Mazurová\AppData\Roaming\Macromedia
2009-06-17 19:58:16 ----D---- D:\Users\Jana Mazurová\AppData\Roaming\Adobe
2009-06-17 19:58:15 ----D---- D:\Windows\system32\Macromed
2009-06-17 19:56:04 ----D---- D:\Windows\Panther
2009-06-17 19:55:43 ----A---- D:\Windows\system32\rpcss.dll
2009-06-17 19:55:43 ----A---- D:\Windows\system32\lsasrv.dll
2009-06-17 19:51:01 ----D---- D:\Windows.old
2009-06-17 19:44:41 ----D---- D:\Windows\system32\cs
2009-06-17 19:44:41 ----D---- D:\Windows\cs-CZ
2009-06-17 19:44:34 ----D---- D:\Windows\system32\XPSViewer
2009-06-17 19:34:22 ----D---- D:\Users\Jana Mazurová\AppData\Roaming\DAEMON Tools Lite
2009-06-17 19:20:16 ----D---- D:\Users\Jana Mazurová\AppData\Roaming\DAEMON Tools
2009-06-17 19:14:23 ----A---- D:\Windows\system32\PerfStringBackup.INI
2009-06-17 19:12:09 ----D---- D:\Users\Jana Mazurová\AppData\Roaming\Identities
2009-06-17 19:11:51 ----SD---- D:\Users\Jana Mazurová\AppData\Roaming\Microsoft
2009-06-17 19:11:51 ----D---- D:\Users\Jana Mazurová\AppData\Roaming\Media Center Programs
2009-06-17 19:11:30 ----SHD---- D:\Recovery
2009-06-17 18:59:50 ----D---- D:\Windows\SoftwareDistribution
2009-06-17 18:59:45 ----HD---- D:\ProgramData\CanonBJ
2009-06-17 18:57:36 ----D---- D:\Windows\Prefetch
2009-06-17 09:13:41 ----A---- D:\win7.txt
2009-06-07 07:08:57 ----D---- D:\BORDEL

======List of files/folders modified in the last 1 months======

2009-06-24 16:49:23 ----D---- D:\Windows\Temp
2009-06-24 16:49:22 ----RD---- D:\Program Files
2009-06-24 16:49:07 ----D---- D:\Downloads
2009-06-24 14:46:29 ----SHD---- D:\System Volume Information
2009-06-24 13:46:11 ----D---- D:\Windows\system32\config
2009-06-24 11:01:39 ----D---- D:\Windows\System32
2009-06-24 11:01:39 ----D---- D:\Windows\inf
2009-06-23 13:04:41 ----D---- D:\Filmy
2009-06-23 08:09:44 ----HD---- D:\ProgramData
2009-06-23 08:09:42 ----D---- D:\Program Files\Common Files
2009-06-22 13:45:53 ----D---- D:\Windows\system32\Tasks
2009-06-22 13:09:46 ----D---- D:\Windows\system32\LogFiles
2009-06-19 22:32:54 ----D---- D:\Windows\system32\catroot2
2009-06-19 21:17:56 ----D---- D:\Windows\Tasks
2009-06-19 21:07:43 ----D---- D:\Windows\system32\drivers
2009-06-19 21:06:15 ----D---- D:\Windows\winsxs
2009-06-19 10:05:34 ----RSD---- D:\Windows\assembly
2009-06-19 10:03:50 ----D---- D:\Program Files\Common Files\microsoft shared
2009-06-19 10:03:35 ----D---- D:\Program Files\MSBuild
2009-06-19 10:03:21 ----D---- D:\Windows\ShellNew
2009-06-19 10:03:04 ----RSD---- D:\Windows\Fonts
2009-06-19 10:03:00 ----SD---- D:\ProgramData\Microsoft
2009-06-19 10:03:00 ----D---- D:\Windows
2009-06-19 10:01:22 ----A---- D:\Windows\win.ini
2009-06-19 10:01:21 ----D---- D:\Program Files\Common Files\System
2009-06-19 09:50:42 ----D---- D:\Windows\system32\wdi
2009-06-19 08:59:55 ----D---- D:\Windows\system32\DriverStore
2009-06-19 08:59:55 ----D---- D:\Windows\system32\catroot
2009-06-19 07:42:35 ----D---- D:\Windows\Logs
2009-06-17 21:17:32 ----D---- D:\Windows\Microsoft.NET
2009-06-17 20:28:02 ----D---- D:\Windows\system32\migration
2009-06-17 20:28:02 ----D---- D:\Windows\ehome
2009-06-17 20:28:02 ----D---- D:\Program Files\Internet Explorer
2009-06-17 19:58:16 ----D---- D:\Windows\Downloaded Program Files
2009-06-17 19:46:07 ----D---- D:\Windows\rescache
2009-06-17 19:44:44 ----D---- D:\Program Files\Windows Sidebar
2009-06-17 19:44:44 ----D---- D:\Program Files\Windows Media Player
2009-06-17 19:44:44 ----D---- D:\Program Files\Windows Mail
2009-06-17 19:44:44 ----D---- D:\Program Files\Windows Journal
2009-06-17 19:44:44 ----D---- D:\Program Files\DVD Maker
2009-06-17 19:44:42 ----D---- D:\Windows\servicing
2009-06-17 19:44:42 ----D---- D:\Program Files\Windows Photo Viewer
2009-06-17 19:44:42 ----D---- D:\Program Files\Windows Defender
2009-06-17 19:44:41 ----D---- D:\Windows\system32\winrm
2009-06-17 19:44:41 ----D---- D:\Windows\system32\sysprep
2009-06-17 19:44:41 ----D---- D:\Windows\system32\slmgr
2009-06-17 19:44:41 ----D---- D:\Windows\system32\oobe
2009-06-17 19:44:41 ----D---- D:\Windows\system32\migwiz
2009-06-17 19:44:41 ----D---- D:\Windows\system32\Boot
2009-06-17 19:44:41 ----D---- D:\Windows\PolicyDefinitions
2009-06-17 19:44:40 ----D---- D:\Windows\system32\cs-CZ
2009-06-17 19:44:34 ----D---- D:\Windows\system32\WCN
2009-06-17 19:44:34 ----D---- D:\Windows\system32\MUI
2009-06-17 19:44:34 ----D---- D:\Windows\system32\Dism
2009-06-17 19:44:33 ----D---- D:\Windows\system32\Printing_Admin_Scripts
2009-06-17 19:44:32 ----D---- D:\Windows\system32\wbem
2009-06-17 19:44:32 ----D---- D:\Windows\system32\com
2009-06-17 19:44:32 ----D---- D:\Windows\AppPatch
2009-06-17 19:20:17 ----D---- D:\Windows\system32\restore
2009-06-17 19:18:32 ----D---- D:\Windows\system32\CodeIntegrity
2009-06-17 19:12:04 ----SHD---- D:\$Recycle.Bin
2009-06-17 19:11:48 ----RD---- D:\Users
2009-06-17 19:11:30 ----D---- D:\Windows\system32\Recovery
2009-06-17 18:57:30 ----D---- D:\Windows\CSC
2009-06-17 10:05:18 ----D---- D:\Windows\debug
2009-06-12 04:07:19 ----D---- D:\Image
2009-06-10 10:50:20 ----D---- D:\Hudba
2009-06-10 09:14:57 ----D---- D:\fotky

Re: r.o.s.t.a.c.k.a - kontrola logu.

Napsal: 24 čer 2009 16:03
od riffman
jeste tam kousek chybi :)

Re: r.o.s.t.a.c.k.a - kontrola logu.

Napsal: 24 čer 2009 16:52
od r.o.s.t.a.c.k.a
riffman píše:jeste tam kousek chybi :)
Aha.. No chtěla jsem to udělat znovu, ale asi ve 3/4 to hodí error a skončí to.. :(

Re: r.o.s.t.a.c.k.a - kontrola logu.

Napsal: 24 čer 2009 16:56
od riffman
az takhle?

no dobre, tak jinak - v podpisu mam DDS, tak sup na to a log sem :)

Re: r.o.s.t.a.c.k.a - kontrola logu.

Napsal: 24 čer 2009 17:19
od r.o.s.t.a.c.k.a
riffman píše:az takhle?

no dobre, tak jinak - v podpisu mam DDS, tak sup na to a log sem :)
Nepodporuje windows 7 :o

Re: r.o.s.t.a.c.k.a - kontrola logu.

Napsal: 24 čer 2009 17:22
od riffman
vy mate Windows 7? pak vam nemuzu pomoct, protoze 7 nejsou jeste oficialni a nic pod nimi nejde korektne

Re: r.o.s.t.a.c.k.a - kontrola logu.

Napsal: 10 črc 2009 10:54
od r.o.s.t.a.c.k.a
Jelikož mi poslední dobou "zlobil" PC, vrátila jsem se zpět k Windows XP. Chtěla bych zkontrolovat log, děkuji :)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-07-10 11:53:25
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 461 GB (97%) free of 477 GB
Total RAM: 3327 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:34, on 10.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
C:\Program Files\USDownloader\USDownloader.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\vso\ConvertXtoDVD\ConvertXtoDvd.exe
D:\BACKUP\Mozilla\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 4429 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-01-29 16859648]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-09-13 139264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"=C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [2006-09-13 10752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-06-03 139264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9db60d8-6caa-11de-bc6f-004f4e62ceb7}]
shell\AutoRun\command - J:\start.exe /checksection


======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2009-07-10 11:53:25 ----D---- C:\rsit
2009-07-10 11:53:25 ----D---- C:\Program Files\trend micro
2009-07-10 10:52:40 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-10 10:52:35 ----D---- C:\Documents and Settings\Owner\Data aplikací\Media Player Classic
2009-07-10 10:50:41 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-07-10 10:50:41 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-07-10 10:50:41 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-07-10 10:50:41 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-07-10 10:50:40 ----A---- C:\WINDOWS\system32\unrar.dll
2009-07-10 10:50:39 ----A---- C:\WINDOWS\avisplitter.ini
2009-07-10 10:50:37 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-07-10 10:50:36 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-07-10 10:50:36 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-07-10 10:50:36 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-07-10 10:50:36 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-07-10 10:50:36 ----A---- C:\WINDOWS\system32\divx.dll
2009-07-10 10:50:34 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2009-07-10 10:50:34 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-07-10 10:50:34 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-07-10 10:50:33 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-07-10 10:50:32 ----D---- C:\Program Files\K-Lite Codec Pack
2009-07-10 10:50:32 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-07-10 10:47:15 ----D---- C:\Program Files\WinRAR
2009-07-10 10:46:37 ----D---- C:\Documents and Settings\Owner\Data aplikací\Ahead
2009-07-10 10:45:50 ----D---- C:\Program Files\Nero
2009-07-10 10:45:50 ----D---- C:\Program Files\Common Files\Ahead
2009-07-10 10:45:34 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-07-10 10:45:34 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-07-10 10:43:03 ----A---- C:\Documents and Settings\Owner\Data aplikací\ezpinst.exe
2009-07-10 10:43:02 ----D---- C:\Documents and Settings\Owner\Data aplikací\Vso
2009-07-10 10:42:59 ----D---- C:\Program Files\vso
2009-07-10 10:19:11 ----A---- C:\WINDOWS\system32\~GLH000a.TMP
2009-07-10 10:19:03 ----A---- C:\WINDOWS\system32\~GLH0009.TMP
2009-07-10 10:18:35 ----A---- C:\WINDOWS\system32\~GLH0008.TMP
2009-07-10 10:18:28 ----A---- C:\WINDOWS\system32\msxml4r.dll
2009-07-10 10:18:28 ----A---- C:\WINDOWS\system32\msxml4a.dll
2009-07-10 10:18:27 ----A---- C:\WINDOWS\system32\msxml4.dll
2009-07-10 10:18:21 ----A---- C:\WINDOWS\system32\~GLH0007.TMP
2009-07-10 10:17:44 ----A---- C:\WINDOWS\system32\~GLH0006.TMP
2009-07-10 10:17:23 ----A---- C:\WINDOWS\system32\wmv8dmod.dll
2009-07-10 10:17:23 ----A---- C:\WINDOWS\system32\mpg4c32.dll
2009-07-10 10:16:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\MAGIX
2009-07-10 10:15:56 ----A---- C:\WINDOWS\system32\~GLH0005.TMP
2009-07-10 10:15:46 ----A---- C:\WINDOWS\system32\~GLH0004.TMP
2009-07-10 10:15:42 ----A---- C:\WINDOWS\system32\TTIC32.dll
2009-07-10 10:15:42 ----A---- C:\WINDOWS\system32\TTI32.dll
2009-07-10 10:15:42 ----A---- C:\WINDOWS\system32\STRING32.dll
2009-07-10 10:15:42 ----A---- C:\WINDOWS\system32\MXRestore.exe
2009-07-10 10:15:42 ----A---- C:\WINDOWS\system32\mgxcdr.txt
2009-07-10 10:15:42 ----A---- C:\WINDOWS\system32\mgxasio2.dll
2009-07-10 10:15:42 ----A---- C:\WINDOWS\system32\DLLTPO32.dll
2009-07-10 10:15:42 ----A---- C:\WINDOWS\system32\DLLRES32.dll
2009-07-10 10:15:42 ----A---- C:\WINDOWS\system32\DLLRD32.dll
2009-07-10 10:15:42 ----A---- C:\WINDOWS\system32\DLLPTL32.dll
2009-07-10 10:15:42 ----A---- C:\WINDOWS\system32\DLLPRJ32.dll
2009-07-10 10:15:42 ----A---- C:\WINDOWS\system32\DLLPRF32.dll
2009-07-10 10:15:41 ----A---- C:\WINDOWS\system32\DLLPNT32.dll
2009-07-10 10:15:41 ----A---- C:\WINDOWS\system32\DLLMSC32.dll
2009-07-10 10:15:41 ----A---- C:\WINDOWS\system32\DLLIX.dll
2009-07-10 10:15:41 ----A---- C:\WINDOWS\system32\DLLISO32.dll
2009-07-10 10:15:41 ----A---- C:\WINDOWS\system32\DLLIO32.dll
2009-07-10 10:15:41 ----A---- C:\WINDOWS\system32\DLLIMG32.dll
2009-07-10 10:15:41 ----A---- C:\WINDOWS\system32\DLLDRV32.dll
2009-07-10 10:15:41 ----A---- C:\WINDOWS\system32\DLLDIR32.dll
2009-07-10 10:15:41 ----A---- C:\WINDOWS\system32\DLLDEV32.dll
2009-07-10 10:15:41 ----A---- C:\WINDOWS\system32\DLLCPY32.dll
2009-07-10 10:15:41 ----A---- C:\WINDOWS\system32\DLLCDF32.dll
2009-07-10 10:15:41 ----A---- C:\WINDOWS\system32\DLLCDA32.dll
2009-07-10 10:15:41 ----A---- C:\WINDOWS\system32\DLLAV32.dll
2009-07-10 10:14:24 ----D---- C:\Program Files\Common Files\MAGIX Shared
2009-07-10 10:12:28 ----D---- C:\Program Files\MAGIX
2009-07-10 10:12:28 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL
2009-07-10 10:12:28 ----A---- C:\WINDOWS\system32\INETWH32.dll
2009-07-10 10:12:28 ----A---- C:\WINDOWS\system32\HtmlWH.dll
2009-07-10 10:11:53 ----N---- C:\WINDOWS\system32\mgxoschk.dll
2009-07-10 10:11:53 ----D---- C:\WINDOWS\system32\MAGIX
2009-07-10 10:11:53 ----A---- C:\WINDOWS\mgxoschk.ini
2009-07-10 09:45:47 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-07-10 09:45:46 ----D---- C:\Program Files\Microsoft WSE
2009-07-10 09:45:33 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-07-10 09:45:31 ----D---- C:\WINDOWS\Logs
2009-07-10 09:42:56 ----D---- C:\Program Files\Electronic Arts
2009-07-10 09:39:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2009-07-10 09:39:56 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-07-10 09:39:54 ----D---- C:\Program Files\DAEMON Tools Lite
2009-07-09 22:49:31 ----D---- C:\Program Files\USDownloader
2009-07-09 22:16:19 ----D---- C:\Program Files\Mozilla Firefox
2009-07-09 21:35:34 ----D---- C:\Program Files\AskBarDis
2009-07-09 21:35:32 ----D---- C:\Program Files\uTorrent
2009-07-09 21:35:10 ----D---- C:\Documents and Settings\Owner\Data aplikací\uTorrent
2009-07-09 21:10:00 ----D---- C:\Program Files\VstPlugins
2009-07-09 21:10:00 ----A---- C:\WINDOWS\system32\rewire.dll
2009-07-09 21:09:51 ----D---- C:\WINDOWS\LastGood
2009-07-09 21:09:32 ----D---- C:\Program Files\Outsim
2009-07-09 21:08:43 ----D---- C:\Program Files\Image-Line
2009-07-09 20:48:07 ----D---- C:\Documents and Settings\Owner\Data aplikací\Macromedia
2009-07-09 20:48:05 ----D---- C:\Documents and Settings\Owner\Data aplikací\Adobe
2009-07-09 20:47:21 ----D---- C:\Documents and Settings\Owner\Data aplikací\Mozilla
2009-07-09 20:47:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2009-07-09 20:47:05 ----D---- C:\Documents and Settings\Owner\Data aplikací\ICQ
2009-07-09 20:46:47 ----D---- C:\Program Files\ICQ6.5
2009-07-09 19:39:37 ----D---- C:\Program Files\Valve
2009-07-09 18:40:15 ----SHD---- C:\RECYCLER
2009-07-09 18:38:06 ----D---- C:\Program Files\Avira
2009-07-09 18:38:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2009-07-09 18:30:27 ----D---- C:\Documents and Settings\Owner\Data aplikací\DAEMON Tools Lite
2009-07-09 17:15:24 ----A---- C:\WINDOWS\system32\h323log.txt
2009-07-09 17:12:46 ----A---- C:\WINDOWS\system32\usbui.dll
2009-07-09 17:12:00 ----SHD---- C:\WINDOWS\Installer
2009-07-09 17:12:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-09 17:11:59 ----D---- C:\Program Files\Common Files\ODBC
2009-07-09 17:11:59 ----A---- C:\WINDOWS\ODBCINST.INI
2009-07-09 17:11:56 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-07-09 17:11:55 ----RD---- C:\Program Files
2009-07-09 17:11:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-09 17:11:55 ----D---- C:\Program Files\Common Files
2009-07-09 17:11:52 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-07-09 17:11:52 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-07-09 17:11:52 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-07-09 17:11:51 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-07-09 17:11:51 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-07-09 17:11:51 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-07-09 17:11:51 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-07-09 17:11:51 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-07-09 17:11:51 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-07-09 17:11:51 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-07-09 17:11:51 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-07-09 17:11:51 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-07-09 17:11:51 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-07-09 17:11:51 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-07-09 17:11:51 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-07-09 17:11:49 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-07-09 17:11:49 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-07-09 17:11:49 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-07-09 17:11:49 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-07-09 17:11:49 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-07-09 17:11:49 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-07-09 17:11:49 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-07-09 17:11:48 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-07-09 17:11:48 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-07-09 17:11:48 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-07-09 17:11:48 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-07-09 17:11:48 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-07-09 17:11:46 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2009-07-09 17:11:46 ----A---- C:\WINDOWS\system32\kbdsl.dll
2009-07-09 17:11:46 ----A---- C:\WINDOWS\system32\kbdro.dll
2009-07-09 17:11:46 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2009-07-09 17:11:46 ----A---- C:\WINDOWS\system32\kbdpl.dll
2009-07-09 17:11:45 ----A---- C:\WINDOWS\system32\kbdycl.dll
2009-07-09 17:11:45 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2009-07-09 17:11:45 ----A---- C:\WINDOWS\system32\kbdhu.dll
2009-07-09 17:11:45 ----A---- C:\WINDOWS\system32\kbdcr.dll
2009-07-09 17:11:45 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2009-07-09 17:11:44 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-07-09 17:11:44 ----A---- C:\WINDOWS\system32\irclass.dll
2009-07-09 17:11:44 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-07-09 17:11:44 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-07-09 17:11:44 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-07-09 17:11:42 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-07-09 17:11:42 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-07-09 17:11:42 ----A---- C:\WINDOWS\system32\batt.dll
2009-07-09 17:11:41 ----A---- C:\WINDOWS\system32\storprop.dll
2009-07-09 17:11:41 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-07-09 17:11:34 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2009-07-09 17:11:31 ----RA---- C:\WINDOWS\SET8.tmp
2009-07-09 17:11:29 ----RA---- C:\WINDOWS\SET4.tmp
2009-07-09 17:11:27 ----RA---- C:\WINDOWS\SET3.tmp
2009-07-09 17:11:23 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-09 17:11:23 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-09 17:11:18 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-07-09 17:10:58 ----A---- C:\WINDOWS\setuplog.txt
2009-07-09 17:10:56 ----SHD---- C:\System Volume Information
2009-07-09 17:10:56 ----D---- C:\Documents and Settings
2009-07-09 17:10:25 ----RSH---- C:\boot.ini
2009-07-09 17:04:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-09 17:04:46 ----RSD---- C:\WINDOWS\Fonts
2009-07-09 17:04:46 ----RD---- C:\WINDOWS\Web
2009-07-09 17:04:46 ----HD---- C:\WINDOWS\inf
2009-07-09 17:04:46 ----D---- C:\WINDOWS\WinSxS
2009-07-09 17:04:46 ----D---- C:\WINDOWS\twain_32
2009-07-09 17:04:46 ----D---- C:\WINDOWS\Temp
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\wins
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\wbem
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\usmt
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\spool
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\ShellExt
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\Setup
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\ras
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\oobe
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\npp
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\mui
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\inetsrv
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\IME
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\icsxml
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\ias
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\export
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\drivers
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\dhcp
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\cs-cz
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\cs
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\config
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\3com_dmi
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\3076
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\2052
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\1054
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\1042
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\1041
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\1037
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\1033
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\1031
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\1029
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\1028
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32\1025
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system32
2009-07-09 17:04:46 ----D---- C:\WINDOWS\system
2009-07-09 17:04:46 ----D---- C:\WINDOWS\security
2009-07-09 17:04:46 ----D---- C:\WINDOWS\Resources
2009-07-09 17:04:46 ----D---- C:\WINDOWS\repair
2009-07-09 17:04:46 ----D---- C:\WINDOWS\Provisioning
2009-07-09 17:04:46 ----D---- C:\WINDOWS\pchealth
2009-07-09 17:04:46 ----D---- C:\WINDOWS\PeerNet
2009-07-09 17:04:46 ----D---- C:\WINDOWS\Network Diagnostic
2009-07-09 17:04:46 ----D---- C:\WINDOWS\mui
2009-07-09 17:04:46 ----D---- C:\WINDOWS\msapps
2009-07-09 17:04:46 ----D---- C:\WINDOWS\msagent
2009-07-09 17:04:46 ----D---- C:\WINDOWS\Media
2009-07-09 17:04:46 ----D---- C:\WINDOWS\L2Schemas
2009-07-09 17:04:46 ----D---- C:\WINDOWS\java
2009-07-09 17:04:46 ----D---- C:\WINDOWS\ime
2009-07-09 17:04:46 ----D---- C:\WINDOWS\Help
2009-07-09 17:04:46 ----D---- C:\WINDOWS\Driver Cache
2009-07-09 17:04:46 ----D---- C:\WINDOWS\Debug
2009-07-09 17:04:46 ----D---- C:\WINDOWS\Cursors
2009-07-09 17:04:46 ----D---- C:\WINDOWS\Connection Wizard
2009-07-09 17:04:46 ----D---- C:\WINDOWS\Config
2009-07-09 17:04:46 ----D---- C:\WINDOWS\AppPatch
2009-07-09 17:04:46 ----D---- C:\WINDOWS\addins
2009-07-09 17:04:46 ----D---- C:\WINDOWS
2009-07-09 16:55:46 ----D---- C:\Program Files\totalcmd
2009-07-09 16:55:46 ----A---- C:\WINDOWS\wincmd.ini
2009-07-09 16:00:18 ----D---- C:\Documents and Settings\Owner\Data aplikací\Opera
2009-07-09 16:00:14 ----D---- C:\Program Files\Opera
2009-07-09 15:53:54 ----D---- C:\WINDOWS\system32\Lang
2009-07-09 15:53:49 ----D---- C:\Documents and Settings\Owner\Data aplikací\ATI
2009-07-09 15:53:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2009-07-09 15:48:54 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-07-09 15:48:34 ----D---- C:\WINDOWS\RegisteredPackages
2009-07-09 15:48:24 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-07-09 15:48:22 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2009-07-09 15:46:54 ----RSD---- C:\WINDOWS\assembly
2009-07-09 15:46:43 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-09 15:45:18 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-07-09 15:45:16 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2009-07-09 15:45:14 ----RA---- C:\WINDOWS\system32\ATIDEMGX.dll
2009-07-09 15:43:21 ----D---- C:\Program Files\ATI Technologies
2009-07-09 15:42:31 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-09 15:42:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-09 15:42:28 ----D---- C:\Program Files\AMD
2009-07-09 15:42:12 ----D---- C:\Documents and Settings\Owner\Data aplikací\InstallShield
2009-07-09 15:41:47 ----R---- C:\WINDOWS\system32\ChCfg.exe
2009-07-09 15:41:30 ----D---- C:\WINDOWS\system32\RTCOM
2009-07-09 15:41:28 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-07-09 15:41:24 ----R---- C:\WINDOWS\SoundMan.exe
2009-07-09 15:41:23 ----R---- C:\WINDOWS\SkyTel.exe
2009-07-09 15:41:23 ----R---- C:\WINDOWS\RtlUpd.exe
2009-07-09 15:41:21 ----R---- C:\WINDOWS\RTLCPL.exe
2009-07-09 15:41:15 ----R---- C:\WINDOWS\RTHDCPL.exe
2009-07-09 15:41:15 ----R---- C:\WINDOWS\MicCal.exe
2009-07-09 15:41:13 ----R---- C:\WINDOWS\Alcmtr.exe
2009-07-09 15:41:12 ----R---- C:\WINDOWS\alcwzrd.exe
2009-07-09 15:41:11 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-09 15:41:11 ----D---- C:\Program Files\Realtek
2009-07-09 15:41:08 ----A---- C:\WINDOWS\HideWin.exe
2009-07-09 15:41:07 ----R---- C:\WINDOWS\RtlExUpd.dll
2009-07-09 15:41:05 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-09 15:39:30 ----A---- C:\WINDOWS\system32\wpa.bak
2009-07-09 15:31:16 ----D---- C:\Documents and Settings\Owner\Data aplikací\Identities
2009-07-09 15:31:15 ----HD---- C:\Program Files\Uninstall Information
2009-07-09 15:31:11 ----ASH---- C:\Documents and Settings\Owner\Data aplikací\desktop.ini
2009-07-09 15:31:10 ----SD---- C:\Documents and Settings\Owner\Data aplikací\Microsoft
2009-07-09 15:31:03 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-09 15:30:53 ----SD---- C:\WINDOWS\system32\Microsoft
2009-07-09 15:30:53 ----D---- C:\WINDOWS\Prefetch
2009-07-09 15:30:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-09 15:20:54 ----D---- C:\WINDOWS\system32\xircom
2009-07-09 15:20:54 ----D---- C:\Program Files\xerox
2009-07-09 15:20:54 ----D---- C:\Program Files\microsoft frontpage
2009-07-09 15:20:45 ----AH---- C:\AUTOEXEC.BAT
2009-07-09 15:20:45 ----A---- C:\WINDOWS\control.ini
2009-07-09 15:20:37 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-09 15:20:33 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-07-09 15:19:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-09 15:19:41 ----RD---- C:\WINDOWS\Offline Web Pages
2009-07-09 15:19:41 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-07-09 15:19:36 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-07-09 15:19:33 ----HD---- C:\Program Files\WindowsUpdate
2009-07-09 15:19:29 ----D---- C:\Program Files\Online Services
2009-07-09 15:19:15 ----D---- C:\WINDOWS\system32\DirectX
2009-07-09 15:19:10 ----A---- C:\WINDOWS\system32\atrace.dll
2009-07-09 15:19:08 ----A---- C:\WINDOWS\system32\desktop.ini
2009-07-09 15:19:08 ----A---- C:\WINDOWS\desktop.ini
2009-07-09 15:19:02 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-07-09 15:19:01 ----D---- C:\Program Files\Common Files\Services
2009-07-09 15:19:01 ----A---- C:\WINDOWS\system32\acctres.dll
2009-07-09 15:18:58 ----SD---- C:\WINDOWS\Tasks
2009-07-09 15:18:58 ----D---- C:\Program Files\Common Files\MSSoap
2009-07-09 15:18:58 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-07-09 15:18:54 ----D---- C:\WINDOWS\srchasst
2009-07-09 15:18:53 ----D---- C:\WINDOWS\system32\Macromed
2009-07-09 15:18:51 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-07-09 15:18:51 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-07-09 15:18:50 ----A---- C:\WINDOWS\system32\wups.dll
2009-07-09 15:18:50 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-07-09 15:18:50 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-07-09 15:18:50 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-07-09 15:18:50 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-07-09 15:18:50 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-07-09 15:18:50 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-07-09 15:18:50 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-07-09 15:18:50 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-07-09 15:18:50 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-07-09 15:18:49 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-07-09 15:18:49 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-07-09 15:18:45 ----D---- C:\Program Files\Movie Maker
2009-07-09 15:18:30 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-07-09 15:18:30 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-07-09 15:18:29 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-07-09 15:18:29 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-07-09 15:18:26 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-07-09 15:18:26 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-07-09 15:18:25 ----D---- C:\WINDOWS\system32\Restore
2009-07-09 15:18:25 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-07-09 15:18:25 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-07-09 15:18:25 ----A---- C:\WINDOWS\system32\srclient.dll
2009-07-09 15:18:25 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-07-09 15:18:25 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-07-09 15:18:25 ----A---- C:\WINDOWS\system32\ils.dll
2009-07-09 15:18:24 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-07-09 15:18:24 ----A---- C:\WINDOWS\system32\msconf.dll
2009-07-09 15:18:24 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-07-09 15:18:22 ----D---- C:\Program Files\NetMeeting
2009-07-09 15:18:22 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-07-09 15:18:22 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-07-09 15:18:21 ----A---- C:\WINDOWS\system32\inetres.dll
2009-07-09 15:18:21 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-07-09 15:18:19 ----D---- C:\Program Files\Outlook Express
2009-07-09 15:18:19 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-07-09 15:18:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-07-09 15:18:19 ----A---- C:\WINDOWS\system32\mstask.dll
2009-07-09 15:18:18 ----A---- C:\WINDOWS\system32\isign32.dll
2009-07-09 15:18:18 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-07-09 15:18:18 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-07-09 15:18:18 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-07-09 15:18:13 ----D---- C:\Program Files\Common Files\System
2009-07-09 15:18:12 ----D---- C:\Program Files\Internet Explorer
2009-07-09 15:18:01 ----D---- C:\Program Files\ComPlus Applications
2009-07-09 15:17:59 ----A---- C:\WINDOWS\vbaddin.ini
2009-07-09 15:17:59 ----A---- C:\WINDOWS\vb.ini
2009-07-09 15:17:54 ----D---- C:\WINDOWS\Registration
2009-07-09 15:17:27 ----D---- C:\Program Files\Windows Media Player
2009-07-09 15:17:22 ----D---- C:\Program Files\Messenger
2009-07-09 15:17:19 ----D---- C:\Program Files\MSN Gaming Zone
2009-07-09 15:17:19 ----A---- C:\WINDOWS\system32\write.exe
2009-07-09 15:17:12 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-07-09 15:17:12 ----A---- C:\WINDOWS\system32\hticons.dll
2009-07-09 15:17:11 ----A---- C:\WINDOWS\system32\winchat.exe
2009-07-09 15:17:11 ----A---- C:\WINDOWS\system32\avwav.dll
2009-07-09 15:17:11 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-07-09 15:17:11 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-07-09 15:17:06 ----A---- C:\WINDOWS\system32\getuname.dll
2009-07-09 15:17:05 ----A---- C:\WINDOWS\system32\winmine.exe
2009-07-09 15:17:05 ----A---- C:\WINDOWS\system32\sol.exe
2009-07-09 15:17:05 ----A---- C:\WINDOWS\system32\charmap.exe
2009-07-09 15:17:05 ----A---- C:\WINDOWS\system32\calc.exe
2009-07-09 15:17:04 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-07-09 15:17:04 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-07-09 15:17:04 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-07-09 15:17:04 ----A---- C:\WINDOWS\system32\tskill.exe
2009-07-09 15:17:04 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-07-09 15:17:04 ----A---- C:\WINDOWS\system32\tscon.exe
2009-07-09 15:17:04 ----A---- C:\WINDOWS\system32\shadow.exe
2009-07-09 15:17:04 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-07-09 15:17:04 ----A---- C:\WINDOWS\system32\reset.exe
2009-07-09 15:17:04 ----A---- C:\WINDOWS\system32\regini.exe
2009-07-09 15:17:04 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-07-09 15:17:04 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-07-09 15:17:04 ----A---- C:\WINDOWS\system32\freecell.exe
2009-07-09 15:17:03 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-07-09 15:17:03 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-07-09 15:17:03 ----A---- C:\WINDOWS\system32\msg.exe
2009-07-09 15:17:03 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-07-09 15:17:03 ----A---- C:\WINDOWS\system32\logoff.exe
2009-07-09 15:17:03 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-07-09 15:16:59 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-07-09 15:16:58 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-07-09 15:16:58 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-07-09 15:16:57 ----D---- C:\Program Files\Windows NT
2009-07-09 15:16:57 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-07-09 15:16:57 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-07-09 15:16:57 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-07-09 15:16:57 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-07-09 15:16:56 ----A---- C:\WINDOWS\system32\spider.exe
2009-07-09 15:16:55 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-07-09 15:16:55 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-07-09 15:16:55 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-07-09 15:16:55 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-07-09 15:16:54 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-07-09 15:16:54 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-07-09 15:16:54 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-07-09 15:16:54 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-07-09 15:16:54 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-07-09 15:16:54 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-07-09 15:16:54 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-07-09 15:16:53 ----D---- C:\WINDOWS\system32\MsDtc
2009-07-09 15:16:53 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-07-09 15:16:53 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-07-09 15:16:53 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-07-09 15:16:53 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-07-09 15:16:53 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-07-09 15:16:53 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-07-09 15:16:53 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-07-09 15:16:53 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-07-09 15:16:53 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-07-09 15:16:53 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-07-09 15:16:52 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-07-09 15:16:52 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-07-09 15:16:52 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-07-09 15:16:52 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-07-09 15:16:51 ----D---- C:\WINDOWS\system32\Com
2009-07-09 15:16:51 ----A---- C:\WINDOWS\system32\stclient.dll
2009-07-09 15:16:51 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-07-09 15:16:51 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-07-09 15:16:51 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-07-09 15:16:51 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-07-09 15:16:51 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-07-09 15:16:51 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-07-09 15:16:51 ----A---- C:\WINDOWS\system32\colbact.dll
2009-07-09 15:16:50 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-07-09 15:16:50 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-07-09 15:16:50 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-07-09 15:16:50 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-07-09 15:16:50 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-07-09 15:16:49 ----A---- C:\WINDOWS\system32\comuid.dll
2009-07-09 15:16:49 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-07-09 15:16:49 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-07-09 15:16:45 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-07-09 15:16:45 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-07-09 15:16:45 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-07-09 15:16:44 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2009-07-09 17:11:54 ----A---- C:\WINDOWS\system.ini
2009-07-09 15:20:45 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 ACEDRV09;ACEDRV09; \??\C:\WINDOWS\system32\drivers\ACEDRV09.sys []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-06-03 3100160]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-30 4725760]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-07-10 47360]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 a2s3ybga;a2s3ybga; C:\WINDOWS\system32\drivers\a2s3ybga.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-03 552960]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]

-----------------EOF-----------------
Všechny časy jsou v UTC+01:00
Stránka 6 z 12

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz