Re: zase ROOTKIT
Napsal: 15 pro 2009 19:56
OTL TXT ME TEN PROGRAM NEUDĚLAL NEVÍM MOŽNA JSEM CHYBOVAL SKUSÍM TEN SCAN ZNOVU
Stránka 7 z 12
Re: zase ROOTKIT
Napsal: 15 pro 2009 19:56
ok
Re: zase ROOTKIT
Napsal: 15 pro 2009 20:08
OTL logfile created on: 15.12.2009 19:54:28 - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\user\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
511,48 Mb Total Physical Memory | 149,48 Mb Available Physical Memory | 29,22% Memory free
1,22 Gb Paging File | 0,79 Gb Available in Paging File | 64,76% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 37,61 Gb Free Space | 25,24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: VLASTN-81FD8C78
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2009.12.15 18:47:33 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Plocha\OTL.exe
PRC - [2009.11.18 10:41:10 | 01,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009.11.18 10:41:05 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009.10.11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009.10.11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009.07.16 08:05:07 | 00,189,744 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2009.07.16 06:48:45 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009.02.04 05:41:55 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008.11.26 08:23:04 | 00,881,664 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2008.10.17 09:16:22 | 00,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\Opera.exe
PRC - [2008.04.14 13:00:00 | 01,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.14 13:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004.08.30 12:48:34 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
========== Modules (SafeList) ==========
MOD - [2009.12.15 18:47:33 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Plocha\OTL.exe
MOD - [2009.11.18 10:41:21 | 00,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2008.05.13 08:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2006.05.03 22:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
========== Win32 Services (SafeList) ==========
SRV - [2009.11.18 10:41:05 | 00,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009.10.11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009.07.16 08:05:07 | 00,189,744 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009.07.16 06:48:45 | 00,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.02.04 05:41:55 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008.07.29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - [2009.11.18 10:41:20 | 00,132,808 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2009.10.10 18:15:45 | 00,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009.07.09 19:19:48 | 00,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.03.15 11:25:46 | 00,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.03.05 10:32:39 | 00,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.02.17 10:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.02.17 10:43:28 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.02.17 10:43:28 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.02.04 08:27:21 | 03,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.12.24 20:09:52 | 00,000,206 | ---- | M] () [File_System | System | Stopped] -- C:\Program Files\Samsung\Samsung PC Studio 3\StarOpen.reg -- (StarOpen)
DRV - [2008.10.30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2008.04.14 13:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008.04.14 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008.04.13 21:05:40 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007.05.02 11:11:18 | 00,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 11:11:18 | 00,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 11:11:16 | 00,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007.03.01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2005.01.14 17:14:07 | 00,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004.12.03 11:20:41 | 00,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004.10.28 11:47:59 | 00,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.08.30 16:36:24 | 00,637,713 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.02.24 10:08:52 | 00,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2002.12.27 03:41:00 | 00,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, =
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A A0 D6 E0 EA 69 CA 01 [binary data]
IE - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.seznam.cz/
IE - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\S-1-5-21-1409082233-1580818891-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: (565 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts:
O1 - Hosts:
O3 - HKU\.DEFAULT\..\Toolbar\webbrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\webbrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 7 Days ==========
[2009.12.15 18:47:33 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Plocha\OTL.exe
[2009.12.14 22:48:03 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2009.12.13 08:59:08 | 00,000,000 | ---D | C] -- C:\Program Files\Ares
[2009.12.13 08:53:56 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009.12.12 14:56:12 | 00,000,000 | ---D | C] -- C:\GTR2
[2009.12.12 09:34:27 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2009.12.11 20:08:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2009.12.11 20:08:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2009.12.10 16:12:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Dokumenty\Flight Simulator Files
[2009.12.09 14:05:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Dokumenty\BOING MAMA LETÍ
[2009.12.09 13:22:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Dokumenty\AUTAAAUATAAAUAAT
[2009.11.23 12:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\TuneUp Software
[2009.11.19 17:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.10.22 11:41:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.10.22 11:41:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2008.10.19 13:14:05 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
========== Files - Modified Within 7 Days ==========
[2009.12.15 18:55:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.12.15 18:55:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.12.15 18:47:33 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Plocha\OTL.exe
[2009.12.15 17:57:32 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\user\Dokumenty\Default.rdp
[2009.12.15 17:52:20 | 00,000,565 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.12.14 22:50:34 | 07,913,472 | ---- | M] () -- C:\Documents and Settings\user\ntuser.dat
[2009.12.14 22:50:34 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2009.12.14 21:04:53 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.12.14 19:27:21 | 00,005,219 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2009.12.14 10:47:18 | 00,093,696 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.13 22:06:23 | 04,769,132 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Data aplikací\IconCache.db
[2009.12.13 11:58:36 | 00,056,826 | -H-- | M] () -- C:\treeinfo.wc
[2009.12.13 08:59:10 | 00,000,626 | ---- | M] () -- C:\Documents and Settings\user\Plocha\Ares.lnk
[2009.12.12 15:11:58 | 00,000,466 | ---- | M] () -- C:\Documents and Settings\user\Plocha\GTR 2.lnk
[2009.12.12 14:27:17 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.12.11 20:11:59 | 05,466,642 | ---- | M] () -- C:\WINDOWS\REGBK06.ZIP
[2009.12.11 20:03:37 | 00,017,244 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\services
[2009.12.11 20:03:36 | 00,001,358 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\protocol
[2009.12.11 19:42:12 | 00,360,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.12913940
[2009.12.10 16:22:18 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\Kočičky.doc
[2009.12.10 16:17:49 | 00,002,561 | ---- | M] () -- C:\Documents and Settings\user\Plocha\Microsoft Office Word 2003.lnk
[2009.12.10 16:02:46 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Microsoft Flight Simulator 2004.lnk
[2009.12.08 21:05:39 | 00,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091211-194212.backup
[2009.12.08 21:03:04 | 00,000,142 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\FixHosts.bat
[2009.12.08 21:00:06 | 00,000,142 | ---- | M] () -- C:\Documents and Settings\user\Plocha\FixHosts.bat
========== Files Created - No Company Name ==========
[2009.12.13 08:59:10 | 00,000,626 | ---- | C] () -- C:\Documents and Settings\user\Plocha\Ares.lnk
[2009.12.12 15:11:58 | 00,000,466 | ---- | C] () -- C:\Documents and Settings\user\Plocha\GTR 2.lnk
[2009.12.11 20:09:53 | 05,466,642 | ---- | C] () -- C:\WINDOWS\REGBK06.ZIP
[2009.12.10 16:22:17 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\user\Dokumenty\Kočičky.doc
[2009.12.10 16:02:45 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Microsoft Flight Simulator 2004.lnk
[2009.12.08 21:03:04 | 00,000,142 | ---- | C] () -- C:\Documents and Settings\user\Dokumenty\FixHosts.bat
[2009.08.23 17:45:12 | 00,000,115 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.07.16 06:49:24 | 00,139,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.06.27 15:59:51 | 00,000,146 | ---- | C] () -- C:\WINDOWS\cavscan.INI
[2009.06.08 18:08:47 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.05.20 13:45:42 | 00,000,253 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009.04.01 13:08:00 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.03.10 10:13:59 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009.01.27 09:01:15 | 00,000,055 | ---- | C] () -- C:\WINDOWS\cryvideotoavi.ini
[2008.12.27 15:27:24 | 00,091,266 | ---- | C] () -- C:\Documents and Settings\user\Data aplikací\install.txt
[2008.12.27 09:59:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2008.12.26 11:13:47 | 00,000,024 | ---- | C] () -- C:\WINDOWS\sysc_drv.ini
[2008.12.24 19:18:11 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\LauncherAccess.dt
[2008.11.29 20:32:55 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\wintab32.dll
[2008.11.09 17:53:42 | 00,000,038 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Data aplikací\Thumbs.db
[2008.10.26 06:37:51 | 00,093,696 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.22 12:49:27 | 00,000,124 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Data aplikací\fusioncache.dat
[2008.10.17 23:27:43 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.10.17 23:27:38 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.10.17 23:27:38 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.10.17 23:27:37 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.10.17 23:21:07 | 00,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.10.17 22:50:39 | 00,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2008.10.17 22:50:38 | 00,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2008.10.17 22:33:54 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008.10.17 22:27:42 | 00,005,219 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.06.19 08:59:36 | 00,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007.04.20 07:57:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.04.20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.04.20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.04.20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.04.20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.04.20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.04.20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.04.20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.04.20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2004.06.27 21:49:42 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9
< End of report >
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\user\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
511,48 Mb Total Physical Memory | 149,48 Mb Available Physical Memory | 29,22% Memory free
1,22 Gb Paging File | 0,79 Gb Available in Paging File | 64,76% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 37,61 Gb Free Space | 25,24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: VLASTN-81FD8C78
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2009.12.15 18:47:33 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Plocha\OTL.exe
PRC - [2009.11.18 10:41:10 | 01,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009.11.18 10:41:05 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009.10.11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009.10.11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009.07.16 08:05:07 | 00,189,744 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2009.07.16 06:48:45 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009.02.04 05:41:55 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008.11.26 08:23:04 | 00,881,664 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2008.10.17 09:16:22 | 00,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\Opera.exe
PRC - [2008.04.14 13:00:00 | 01,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.14 13:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004.08.30 12:48:34 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
========== Modules (SafeList) ==========
MOD - [2009.12.15 18:47:33 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Plocha\OTL.exe
MOD - [2009.11.18 10:41:21 | 00,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2008.05.13 08:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2006.05.03 22:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
========== Win32 Services (SafeList) ==========
SRV - [2009.11.18 10:41:05 | 00,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009.10.11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009.07.16 08:05:07 | 00,189,744 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009.07.16 06:48:45 | 00,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.02.04 05:41:55 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008.07.29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - [2009.11.18 10:41:20 | 00,132,808 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2009.10.10 18:15:45 | 00,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009.07.09 19:19:48 | 00,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.03.15 11:25:46 | 00,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.03.05 10:32:39 | 00,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.02.17 10:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.02.17 10:43:28 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.02.17 10:43:28 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.02.04 08:27:21 | 03,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.12.24 20:09:52 | 00,000,206 | ---- | M] () [File_System | System | Stopped] -- C:\Program Files\Samsung\Samsung PC Studio 3\StarOpen.reg -- (StarOpen)
DRV - [2008.10.30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2008.04.14 13:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008.04.14 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008.04.13 21:05:40 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007.05.02 11:11:18 | 00,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 11:11:18 | 00,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 11:11:16 | 00,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007.03.01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2005.01.14 17:14:07 | 00,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004.12.03 11:20:41 | 00,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004.10.28 11:47:59 | 00,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.08.30 16:36:24 | 00,637,713 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.02.24 10:08:52 | 00,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2002.12.27 03:41:00 | 00,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, =
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A A0 D6 E0 EA 69 CA 01 [binary data]
IE - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.seznam.cz/
IE - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\S-1-5-21-1409082233-1580818891-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: (565 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts:
O1 - Hosts:
O3 - HKU\.DEFAULT\..\Toolbar\webbrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\webbrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1409082233-1580818891-839522115-1004\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 7 Days ==========
[2009.12.15 18:47:33 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Plocha\OTL.exe
[2009.12.14 22:48:03 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2009.12.13 08:59:08 | 00,000,000 | ---D | C] -- C:\Program Files\Ares
[2009.12.13 08:53:56 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009.12.12 14:56:12 | 00,000,000 | ---D | C] -- C:\GTR2
[2009.12.12 09:34:27 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2009.12.11 20:08:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2009.12.11 20:08:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2009.12.10 16:12:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Dokumenty\Flight Simulator Files
[2009.12.09 14:05:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Dokumenty\BOING MAMA LETÍ
[2009.12.09 13:22:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Dokumenty\AUTAAAUATAAAUAAT
[2009.11.23 12:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\TuneUp Software
[2009.11.19 17:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.10.22 11:41:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.10.22 11:41:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2008.10.19 13:14:05 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
========== Files - Modified Within 7 Days ==========
[2009.12.15 18:55:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.12.15 18:55:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.12.15 18:47:33 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Plocha\OTL.exe
[2009.12.15 17:57:32 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\user\Dokumenty\Default.rdp
[2009.12.15 17:52:20 | 00,000,565 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.12.14 22:50:34 | 07,913,472 | ---- | M] () -- C:\Documents and Settings\user\ntuser.dat
[2009.12.14 22:50:34 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2009.12.14 21:04:53 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.12.14 19:27:21 | 00,005,219 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2009.12.14 10:47:18 | 00,093,696 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.13 22:06:23 | 04,769,132 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Data aplikací\IconCache.db
[2009.12.13 11:58:36 | 00,056,826 | -H-- | M] () -- C:\treeinfo.wc
[2009.12.13 08:59:10 | 00,000,626 | ---- | M] () -- C:\Documents and Settings\user\Plocha\Ares.lnk
[2009.12.12 15:11:58 | 00,000,466 | ---- | M] () -- C:\Documents and Settings\user\Plocha\GTR 2.lnk
[2009.12.12 14:27:17 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.12.11 20:11:59 | 05,466,642 | ---- | M] () -- C:\WINDOWS\REGBK06.ZIP
[2009.12.11 20:03:37 | 00,017,244 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\services
[2009.12.11 20:03:36 | 00,001,358 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\protocol
[2009.12.11 19:42:12 | 00,360,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.12913940
[2009.12.10 16:22:18 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\Kočičky.doc
[2009.12.10 16:17:49 | 00,002,561 | ---- | M] () -- C:\Documents and Settings\user\Plocha\Microsoft Office Word 2003.lnk
[2009.12.10 16:02:46 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Microsoft Flight Simulator 2004.lnk
[2009.12.08 21:05:39 | 00,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091211-194212.backup
[2009.12.08 21:03:04 | 00,000,142 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\FixHosts.bat
[2009.12.08 21:00:06 | 00,000,142 | ---- | M] () -- C:\Documents and Settings\user\Plocha\FixHosts.bat
========== Files Created - No Company Name ==========
[2009.12.13 08:59:10 | 00,000,626 | ---- | C] () -- C:\Documents and Settings\user\Plocha\Ares.lnk
[2009.12.12 15:11:58 | 00,000,466 | ---- | C] () -- C:\Documents and Settings\user\Plocha\GTR 2.lnk
[2009.12.11 20:09:53 | 05,466,642 | ---- | C] () -- C:\WINDOWS\REGBK06.ZIP
[2009.12.10 16:22:17 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\user\Dokumenty\Kočičky.doc
[2009.12.10 16:02:45 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Microsoft Flight Simulator 2004.lnk
[2009.12.08 21:03:04 | 00,000,142 | ---- | C] () -- C:\Documents and Settings\user\Dokumenty\FixHosts.bat
[2009.08.23 17:45:12 | 00,000,115 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.07.16 06:49:24 | 00,139,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.06.27 15:59:51 | 00,000,146 | ---- | C] () -- C:\WINDOWS\cavscan.INI
[2009.06.08 18:08:47 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.05.20 13:45:42 | 00,000,253 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009.04.01 13:08:00 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.03.10 10:13:59 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009.01.27 09:01:15 | 00,000,055 | ---- | C] () -- C:\WINDOWS\cryvideotoavi.ini
[2008.12.27 15:27:24 | 00,091,266 | ---- | C] () -- C:\Documents and Settings\user\Data aplikací\install.txt
[2008.12.27 09:59:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2008.12.26 11:13:47 | 00,000,024 | ---- | C] () -- C:\WINDOWS\sysc_drv.ini
[2008.12.24 19:18:11 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\LauncherAccess.dt
[2008.11.29 20:32:55 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\wintab32.dll
[2008.11.09 17:53:42 | 00,000,038 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Data aplikací\Thumbs.db
[2008.10.26 06:37:51 | 00,093,696 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.22 12:49:27 | 00,000,124 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Data aplikací\fusioncache.dat
[2008.10.17 23:27:43 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.10.17 23:27:38 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.10.17 23:27:38 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.10.17 23:27:37 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.10.17 23:21:07 | 00,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.10.17 22:50:39 | 00,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2008.10.17 22:50:38 | 00,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2008.10.17 22:33:54 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008.10.17 22:27:42 | 00,005,219 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.06.19 08:59:36 | 00,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007.04.20 07:57:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.04.20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.04.20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.04.20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.04.20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.04.20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.04.20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.04.20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.04.20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2004.06.27 21:49:42 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9
< End of report >
Re: zase ROOTKIT
Napsal: 16 pro 2009 17:14
Je to ok.
Zkuste jeste browser Chrome a FF,jestli se ta hlaska bude objevovat.
Je to,jako by se pres vas nekdo pripojoval do internetu,ale jak rikam,v logach nic neni.
Jeste udelejte tento krok:
Stahnete a rozbalte do slozky na plochu Ultimate Process Manager v5.0.0w
Spustte pod uctem s admin pravy a vpravo dole klepnete na tlacitko Vytvorit log.
V nasledujicim okne zaskrtnete tyto polozky:
SmallARK
Bezici procesy
Scanner
Po spusteni
Moduly
Blokace
Sluzby
Ovladace
INetStat
Ostatni
\System32
\Drivers
Filter MS
DigiSign
a zkontrolujte cestu v hornim radku,kam se log ulozi,popr. si ji zmente.
Po oskenovani pc a ulozeni logu jej nasledne vlozte sem.
Zkuste jeste browser Chrome a FF,jestli se ta hlaska bude objevovat.
Je to,jako by se pres vas nekdo pripojoval do internetu,ale jak rikam,v logach nic neni.
Jeste udelejte tento krok:
Stahnete a rozbalte do slozky na plochu Ultimate Process Manager v5.0.0wSpustte pod uctem s admin pravy a vpravo dole klepnete na tlacitko Vytvorit log.
V nasledujicim okne zaskrtnete tyto polozky:
SmallARK
Bezici procesy
Scanner
Po spusteni
Moduly
Blokace
Sluzby
Ovladace
INetStat
Ostatni
\System32
\Drivers
Filter MS
DigiSign
a zkontrolujte cestu v hornim radku,kam se log ulozi,popr. si ji zmente.
Po oskenovani pc a ulozeni logu jej nasledne vlozte sem.
Re: zase ROOTKIT
Napsal: 17 pro 2009 05:43
Zdravím tady je ten log
Windows XP SP 3 (build 2600)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
UPM DB: Ne (0)
DigiSign: Ano
Log vygenerován: 17.12.2009 5:36:27
================================================================
SmallArk
================================================================
[?] ntdll.dll NtAllocateVirtualMemory JMP 10001950 -> n/a
[?] ntdll.dll ZwClose JMP 100082B0 -> n/a
[?] ntdll.dll NtCreateFile JMP 100018D0 -> n/a
[?] ntdll.dll ZwCreateProcess JMP 10001890 -> n/a
[?] ntdll.dll ZwCreateProcessEx JMP 100019B0 -> n/a
[?] ntdll.dll ZwDeleteFile JMP 10001910 -> n/a
[?] ntdll.dll NtFreeVirtualMemory JMP 10001A30 -> n/a
[?] ntdll.dll ZwLoadDriver JMP 10001970 -> n/a
[?] ntdll.dll ZwOpenFile JMP 100018F0 -> n/a
[?] ntdll.dll NtProtectVirtualMemory JMP 10001930 -> n/a
[?] ntdll.dll NtSetInformationProcess JMP 100019D0 -> n/a
[?] ntdll.dll ZwUnloadDriver JMP 10001990 -> n/a
[?] ntdll.dll NtWriteVirtualMemory JMP 100018B0 -> n/a
[?] ntdll.dll RtlAllocateHeap JMP 10001A10 -> n/a
[?] ntdll.dll LdrLoadDll JMP 10004550 -> n/a
[?] ntdll.dll LdrUnloadDll JMP 100081E0 -> n/a
[?] ntdll.dll LdrGetProcedureAddress JMP 100019F0 -> n/a
Procesy + scan
================================================================
[!] C:\Program Files\Ares\Ares.exe
|_ Proces Heuri: Spouští se po startu, EntryPoint v sekci: .ASPACK,
[?] C:\Program Files\Opera\Opera.exe
|_ Proces Heuri:
[?] C:\Program Files\WinRAR\WinRAR.exe
|_ Proces Heuri: Bez výrobce,
[?] C:\DOCUME~1\user\LOCALS~1\temp\Rar$EX01.188\upm.exe
|_ Proces Heuri:
Po spuštění
================================================================
HKCU Run
|_ [!] [ares] C:\Program Files\Ares\Ares.exe -h
HKLM Run
|_ [?] [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun
HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\iedkcs32.dll,BrandIEActiveSetup SIGNUP (Soubor nenalezen)
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [X][{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll (Soubor nenalezen)
|_ [X][{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] C:\WINDOWS\Program Files\Outlook Express\setup50.exe /APP:OE /CALLER:WINNT /user /install (Soubor nenalezen)
|_ [X][{7790769C-0471-11d2-AF11-00C04FA35D02}] C:\WINDOWS\Program Files\Outlook Express\setup50.exe /APP:WAB /CALLER:WINNT /user /install (Soubor nenalezen)
|_ [X][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll (Soubor nenalezen)
|_ [X][{89B4C1CD-B018-4511-B0A1-5476DBF70820}] c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install (Soubor nenalezen)
HKLM Winlogon Notify
|_ [?] [!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
HKCU IE WebBrowser Toolbar
|_ [X][{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}] (Soubor nenalezen)
Moduly
================================================================
[?] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
|_ Výrobce: SUPERAntiSpyware.com
|_ Popis: SUPERAntiSpyware WinLogon Processor
|_ MD5: 972EDEDE23AC8D59AAC0C09799C6F18A (356352)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ winlogon.exe
[?] C:\Program Files\COMODO\COMODO Internet Security\scanners\script.cav
|_ Výrobce:
|_ Popis:
|_ MD5: E8EB53D3D9ED34EDDC11218960B45829 (28672)
|_ Procesy:
|_ cmdagent.exe
[?] C:\WINDOWS\system32\mdimon.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: Microsoft® Document Imaging
|_ MD5: CF0376023360AADD55C89BA50564AFDC (17920)
|_ Soubor Heuri: ncmpny,
|_ Procesy:
|_ spoolsv.exe
[?] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: Microsoft® Document Imaging
|_ MD5: 58E13A2292839321D3CDC918D5A4F5AE (18944)
|_ Procesy:
|_ spoolsv.exe
[?] C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
|_ Výrobce: SuperAdBlocker.com
|_ Popis: ShellExecuteHook
|_ MD5: ECD5517A6633826057D4F050927DDF56 (77824)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ explorer.exe
[?] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: aspnet_isapi.lib
|_ MD5: A54235D77F14C5DBA7931BE1EBFD1763 (258048)
|_ Soubor Heuri: ncmpny,
|_ Procesy:
|_ jqs.exe
[?] C:\WINDOWS\system32\netfxperf.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: netfxperf.lib
|_ MD5: 31FB4B337DD09BDF99429D7DBB5FDD48 (32768)
|_ Procesy:
|_ jqs.exe
[?] C:\Program Files\Java\jre6\bin\msvcr71.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: Microsoft® C Runtime Library
|_ MD5: 86F1895AE8C5E8B17D99ECE768A70732 (348160)
|_ Soubor Heuri: ncmpny,
|_ Procesy:
|_ jqs.exe
[!] C:\Program Files\Opera\opera.dll
|_ Výrobce: Opera Software
|_ Popis: Opera Internet Browser
|_ MD5: ED01B58CC963123D770701ECFC4A938E (3739648)
|_ Soubor Heuri: no vrfy, cx (UPX1)?,
|_ Procesy:
|_ Opera.exe
[X] C:\Program Files\WinRAR\rarlng.dll
|_ Výrobce:
|_ Popis:
|_ MD5: B00DEED63396B97FF5BEE860C201D86B (319488)
|_ Soubor Heuri: ncmpny, cx (CODE)?, time mism.,
|_ Procesy:
|_ WinRAR.exe
[?] C:\DOCUME~1\user\LOCALS~1\temp\Rar$EX01.188\upm.dll
|_ Výrobce: Lodus Software
|_ Popis: Ultimate Process Manager Core Library
|_ MD5: 53E76DFB5653675E7D1A2980F36BE104 (14336)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ upm.exe
[X] C:\DOCUME~1\user\LOCALS~1\temp\Rar$EX01.188\LDE.dll
|_ Výrobce:
|_ Popis:
|_ MD5: 0F13A4173A599AAA15E3B270E5E27A7F (10752)
|_ Soubor Heuri: ncmpny, cx (UPX1)?,
|_ Procesy:
|_ upm.exe
[?] C:\DOCUME~1\user\LOCALS~1\temp\Rar$EX01.328\prjXTab.ocx
|_ Výrobce: xyz
|_ Popis: ?
|_ MD5: A5BB28FFBB25AAF3FE75E22D102BC6F4 (159744)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ upm.exe
[?] C:\DOCUME~1\user\LOCALS~1\temp\Rar$EX01.188\olepro32.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: ?
|_ MD5: 33F14F23DFAE4B43CDD4E535CD7C1963 (83456)
|_ Soubor Heuri: ncmpny,
|_ Procesy:
|_ upm.exe
Služby
================================================================
[?] InstallDriver Table Manager
|_ Cesta: C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
| |_ Výrobce: Macrovision Corporation
| |_ Popis: IDriverT Module
| |_ MD5: 4BE737C89F295D13D9AB1545B15F6BE2 (69632)
| |_ Soubor Heuri: no vrfy,
|
|_ Jméno: IDriverT
|_ StartName: LocalSystem
[?] Java Quick Starter
|_ Cesta: C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
| |_ Soubor Heuri: cant open (Název souboru, adresáře nebo jmenovka svazku je nesprávná.)
|
|_ Jméno: JavaQuickStarterService
|_ StartName: LocalSystem
[?]
|_ Cesta:
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
| |_ Soubor Heuri: cant open (Systém nemůže nalézt uvedenou cestu.)
|
|_ Jméno:
|_ StartName:
Ovladače
================================================================
[?] C:\WINDOWS\system32\drivers\sfsync02.sys
|_ ServiceName: StarForce Protection Synchronization Driver (version 2.x)
|
|_ Výrobce: Protection Technology
|_ Popis: StarForce Protection Synchronization Driver
|_ MD5: 798D918D8F20380008277CE3CE5319D1 (20544)
|_ Soubor Heuri: no vrfy,
[?] C:\WINDOWS\system32\drivers\sfhlp02.sys
|_ ServiceName: StarForce Protection Helper Driver (version 2.x)
|
|_ Výrobce: Protection Technology
|_ Popis: StarForce Protection Helper Driver
|_ MD5: 3AD2B15CCC03FEBFBAF5FF057822AA75 (6656)
|_ Soubor Heuri: no vrfy,
[?] C:\WINDOWS\system32\drivers\sfdrv01.sys
|_ ServiceName: StarForce Protection Environment Driver (version 1.x)
|
|_ Výrobce: Protection Technology
|_ Popis: StarForce Protection Environment Driver
|_ MD5: 56250672235BBE54BA8A4963B1AC997C (47616)
|_ Soubor Heuri: no vrfy,
[?] C:\WINDOWS\System32\Drivers\SCDEmu.SYS
|_ ServiceName: SCDEmu
|
|_ Výrobce: PowerISO Computing, Inc.
|_ Popis: PowerISO Virtual Drive
|_ MD5: F441BA47BD8610CB9536965BD7D1F943 (56268)
|_ Soubor Heuri: no vrfy,
[?] C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
|_ ServiceName: SASKUTIL
|
|_ Výrobce: SUPERAdBlocker.com and SUPERAntiSpyware.com
|_ Popis: SASKUTIL.SYS
|_ MD5: 64C100DBF57C6CB6E7D5D24153F5E444 (55024)
|_ Soubor Heuri: no vrfy,
[?] C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
|_ ServiceName: SASDIFSV
|
|_ Výrobce: SUPERAdBlocker.com and SUPERAntiSpyware.com
|_ Popis: SASDIFSV.SYS
|_ MD5: C030C9A39E85B6F04A8DD25D1A50258A (8944)
|_ Soubor Heuri: no vrfy,
[?] C:\WINDOWS\System32\Drivers\dump_atapi.sys
|_ ServiceName: N/A
|
|_ Výrobce:
|_ Popis:
|_ MD5:
|_ Soubor Heuri: cant open (Systém nemůže nalézt uvedený soubor.) nosvc,
[?] C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
|_ ServiceName: N/A
|
|_ Výrobce:
|_ Popis:
|_ MD5:
|_ Soubor Heuri: cant open (Systém nemůže nalézt uvedený soubor.) nosvc,
Soubory
================================================================
System32:
[?] AAD.DLL
|_Výrobce: Microsoft Corporation
|_Popis: Advanced Windows 32 Base API
|_MD5: 0CDC4A0C6B820FAD99FB4CA74CD0C476 (683520)
|_Soubor Heuri: ncmpny,
[?] AAK.dll
|_Výrobce: Microsoft Corporation
|_Popis: Windows NT BASE API Client DLL
|_MD5: 98DA079F61265BC26D4587E280B79F30 (982016)
|_Soubor Heuri: ncmpny,
[?] AAP.DLL
|_Výrobce: Microsoft Corporation
|_Popis: Process Status Helper
|_MD5: FBF21330B53F92C17F4FF5F7B0C23BDB (23040)
|_Soubor Heuri: ncmpny,
[?] ac3acm.acm
|_Výrobce: fccHandler
|_Popis: AC-3 ACM Codec
|_MD5: D95393B383FB3DB265836C84B53892A3 (118784)
|_Soubor Heuri: no vrfy,
[?] AgCPanelFrench.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: E6BD737176FFB83381FEFE0C69E31882 (53248)
|_Soubor Heuri: no vrfy, (AGCPAN~1.DLL)
[?] AgCPanelGerman.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: EF613E9FDAC3B435BD354C4A9F5095BF (53248)
|_Soubor Heuri: no vrfy, (AGCPAN~2.DLL)
[?] AgCPanelJapanese.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: 9935756F2560C9BC19DE88087D232540 (53248)
|_Soubor Heuri: no vrfy, (AGCPAN~3.DLL)
[?] AgCPanelKorean.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: 4FB2CA1F9DD07B8D3AF2FA302E9BAA99 (53248)
|_Soubor Heuri: no vrfy, (AGCPAN~4.DLL)
[?] AgCPanelPortugese.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: 8AA21A743F57275D5FB6B34D3797655D (53248)
|_Soubor Heuri: no vrfy, (AG9726~1.DLL)
[?] AgCPanelSimplifiedChinese.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: 590BB09971098DD245C2193FE0A9B9B9 (53248)
|_Soubor Heuri: no vrfy, (AGE9E8~1.DLL)
[?] AgCPanelSpanish.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: D323D17E02AA85F49D4796EFF74D2DE2 (53248)
|_Soubor Heuri: no vrfy, (AGE5A0~1.DLL)
[?] AgCPanelSwedish.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: 41B99B2DCBB86DE8EDC6621546C2EACE (53248)
|_Soubor Heuri: no vrfy, (AGE927~1.DLL)
[?] AgCPanelTraditionalChinese.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: 68FCEDF6CD7147930F67FD166F3F3BB5 (53248)
|_Soubor Heuri: no vrfy, (AGACAA~1.DLL)
[!] AS-IFce1.ocx
|_Výrobce: Cyotek
|_Popis: Ariad® Interface Components
|_MD5: 90983FA6B4958DE2CAFC1FB5E2900DA3 (597834)
|_Soubor Heuri: no vrfy, cx (.neolit)?,
[?] ati2sgag.exe
|_Výrobce:
|_Popis: ATI Smart
|_MD5: 828C43CA21C642D26EB130B9FEB9DB5A (593920)
|_Soubor Heuri: no vrfy,
[?] cdintf251.dll
|_Výrobce: Amyuni Technologies
http://www.amyuni.com
|_Popis: Common Driver Interface DLL
|_MD5: 26C866148472D0F058A5D1148FEC1776 (2134016)
|_Soubor Heuri: no vrfy, (CDINTF~1.DLL)
[?] CoreAAC.ax
|_Výrobce:
|_Popis: CoreAAC
|_MD5: 6636FD123E77073C1A07D1EC0831334C (606208)
|_Soubor Heuri: no vrfy,
[?] DC210.dll
|_Výrobce: Eastman Kodak Company
|_Popis: DC210
|_MD5: DD39528B147AE4ED360F528A95DD4D1C (45568)
|_Soubor Heuri: no vrfy,
[?] DC240.dll
|_Výrobce: Eastman Kodak Company
|_Popis: DC240.DLL
|_MD5: 9668886499D152C355279B7A493CFFDC (110592)
|_Soubor Heuri: no vrfy,
[?] DC265.dll
|_Výrobce: Eastman Kodak Company
|_Popis: DC265 1.0.0600
|_MD5: 6448B76EB5FF31F0E193A2A113C87F66 (230400)
|_Soubor Heuri: no vrfy,
[?] DC265Ifr.ocx
|_Výrobce: FlashPoint Technology, Inc.
|_Popis: FTI Device Digita Infrared ActiveX Control Module
|_MD5: 48DDDF2BD9C421E7BDDBD5861E95E515 (59904)
|_Soubor Heuri: no vrfy,
[?] DC265Ser.ocx
|_Výrobce: FlashPoint Technology, Inc.
|_Popis: FTI Device Digita Serial ActiveX Control Module
|_MD5: 473EC0D7880D780A7C588DDF11B578E8 (60928)
|_Soubor Heuri: no vrfy,
[?] DC265USB.ocx
|_Výrobce: FlashPoint Technology, Inc.
|_Popis: FTI Device Digita USB ActiveX Control Module
|_MD5: C012A207DDAC9B75FBCCECEA65AABFC0 (58368)
|_Soubor Heuri: no vrfy,
[?] DC_KDC265.apl
|_Výrobce: ACD Systems, Ltd.
|_Popis: DC_KDC265
|_MD5: F5660D5A7C78EED2180077E655A6BF6D (61440)
|_Soubor Heuri: no vrfy, (DC_KDC~1.APL)
[?] Digita.sys
|_Výrobce:
|_Popis:
|_MD5: 81A3CFF05560C1BE2789B1F7BDD66B53 (6688)
|_Soubor Heuri: ncmpny,
[!] divx.dll
|_Výrobce: DivX, Inc.
|_Popis: DivX
|_MD5: 5E1E3DB1E221217A9D8741DF89B739A1 (682496)
|_Soubor Heuri: no vrfy, infected?
[?] dpl100.dll
|_Výrobce: DivX, Inc.
|_Popis: dpl100
|_MD5: A02A458E8725BB0C21895703FAA92C2B (81920)
|_Soubor Heuri: no vrfy,
[!] dvdaudio.ax
|_Výrobce: Fraunhofer
|_Popis: Fraunhofer MPEG2 Audio Filter
|_MD5: 956CC0C18329FCD8E16303D6E2CC63B5 (65024)
|_Soubor Heuri: no vrfy, cx (UPX1)?,
[!] dvdvideo.ax
|_Výrobce: Fraunhofer
|_Popis: Fraunhofer MPEG2 Video Filter
|_MD5: C0258BD99EC38A58F2E4DE5643DE8663 (85504)
|_Soubor Heuri: no vrfy, cx (UPX1)?,
[?] DwgThumbnail.ocx
|_Výrobce: Autodesk Developer Consulting Group
|_Popis: AutoCAD DwgThumbnail Control
|_MD5: EF6051D6F147000A6668DFC3744DA59E (274432)
|_Soubor Heuri: no vrfy, (DWGTHU~1.OCX)
[?] dxtmeta2.dll
|_Výrobce: MetaCreations Corporation
|_Popis: DXTMeta2 Module
|_MD5: 756AB095998FBFB13703CB26FECDA3C3 (268048)
|_Soubor Heuri: no vrfy,
[?] eEmpty.exe
|_Výrobce: MicroWorld Technologies Inc.
|_Popis: eScan Empty Container
|_MD5: C602D1E31E493914CD485550E0E46B7F (28672)
|_Soubor Heuri: no vrfy,
[?] ekfpixaudio.dll
|_Výrobce: Eastman Kodak Company
|_Popis: NIF KIES AUDIO Library
|_MD5: 4310AD6C60A615594DF02AFBEE282151 (43520)
|_Soubor Heuri: no vrfy, (EKFPIX~1.DLL)
[?] ekfpixexif.dll
|_Výrobce: Eastman Kodak Company
|_Popis: NIF KIES EXIF Library
|_MD5: 834569E493DDC79873AEFE438D3E891B (138240)
|_Soubor Heuri: no vrfy, (EKFPIX~2.DLL)
[?] ekfpixguid.dll
|_Výrobce: Eastman Kodak Company
|_Popis: NIF KIES GUID Library
|_MD5: 14681286D797A819130A1152C4D8375F (4608)
|_Soubor Heuri: no vrfy, (EKFPIX~3.DLL)
[?] ekfpixio130.dll
|_Výrobce: Eastman Kodak Company
|_Popis: NIF KIES I/O Layer API
|_MD5: 6AD17384D9A2D6666F8DD0210606DF4C (446976)
|_Soubor Heuri: no vrfy, (EKFPIX~4.DLL)
[?] ekfpixjpeg.dll
|_Výrobce: Eastman Kodak Company
|_Popis: NIF KIES JPEG Library
|_MD5: 3C49F6C07FB45BA00AF56FAB36EC5592 (97280)
|_Soubor Heuri: no vrfy, (EK6A9D~1.DLL)
[?] ekfpixpsets.dll
|_Výrobce: Eastman Kodak Company
|_Popis: NIF KIES PSETS Library
|_MD5: DBCE9314F85BF3A981AE846C242E38CF (68096)
|_Soubor Heuri: no vrfy, (EK7665~1.DLL)
[?] F210.dll
|_Výrobce: Eastman Kodak Company
|_Popis: F210.DLL
|_MD5: 42755C7296936C50683A850DAA5738E9 (32768)
|_Soubor Heuri: no vrfy,
[?] framedyn.dll
|_Výrobce: Microsoft Corporation
|_Popis: WMI SDK Provider Framework
|_MD5: 5AB61F434FC83CF87EFF68A20E5F93E2 (174592)
|_Soubor Heuri: ncmpny,
[?] INKED.DLL
|_Výrobce: Microsoft Corporation
|_Popis: Microsoft Tablet PC Platform Component
|_MD5: 7E0A591C84447AE4410B2525591EECB6 (204800)
|_Soubor Heuri: ncmpny,
[!] iviaudio.ax
|_Výrobce: InterVideo Inc.
|_Popis: IVIAUDIO
|_MD5: 7E37B767DA3FEAAB6665BF650EC20C62 (154112)
|_Soubor Heuri: no vrfy, cx (UPX1)?,
[?] javacpl.cpl
|_Výrobce: Sun Microsystems, Inc.
|_Popis: Java(TM) Control Panel
|_MD5: 80D852AFDC9FD524CF6A6F3485FD3A10 (73728)
|_Soubor Heuri: no vrfy,
[?] Jgar500.dll
|_Výrobce: Johnson-Grace Company
|_Popis: JG Static Art Content Player DLL
|_MD5: 738CD1EB0EAAF82810F15A2E7D4EE155 (11264)
|_Soubor Heuri: no vrfy,
[?] Jgdw500.dll
|_Výrobce: America Online
|_Popis: JG ART DLL
|_MD5: 393BCB9D419D04E998CFB4FF841CFC53 (144896)
|_Soubor Heuri: no vrfy,
[?] Jgid500.dll
|_Výrobce: Johnson-Grace Company
|_Popis: JG Image Decoder DLL
|_MD5: 462032BF2197C1EE17DDD78A30EE905F (11264)
|_Soubor Heuri: no vrfy,
[?] Jgme500.dll
|_Výrobce: Johnson-Grace Company
|_Popis: JG Memory DLL
|_MD5: 88A0493AE27AB358F68E4A3A116E8617 (7168)
|_Soubor Heuri: no vrfy,
[?] Jgpl500.dll
|_Výrobce: Johnson-Grace Company
|_Popis: JG ART Player DLL
|_MD5: C6D0FB4B8E67637E6BF36EF59C978B32 (15872)
|_Soubor Heuri: no vrfy,
[?] Jgst500.dll
|_Výrobce: Johnson-Grace Company
|_Popis: JG Stream DLL
|_MD5: A019B573DDC750DA4C668DCEF60DC3C1 (13312)
|_Soubor Heuri: no vrfy,
[?] lameACM.acm
|_Výrobce: http://www.mp3dev.org/
|_Popis: Lame MP3 codec engine
|_MD5: 5C7769B696513302C31253C7E3F001C4 (389120)
|_Soubor Heuri: no vrfy,
[?] ldf252.dll
|_Výrobce:
|_Popis:
|_MD5: E2CA26C9F267EBA5C8B3F8DFEA67319F (335872)
|_Soubor Heuri: ncmpny,
[?] libavidd-1.3.0.dll
|_Výrobce: Gromada.com
|_Popis: AVI file format support via DirectX interface
|_MD5: FC1DE80BF863BB29B4A3F4732CBB86C7 (28672)
|_Soubor Heuri: no vrfy, (LIBAVI~1.DLL)
[?] libfilefmt-1.4.1.dll
|_Výrobce: Gromada.com
|_Popis: Multimedia file formats support library
|_MD5: 5F91DC7CDE99BA7F3EE8CF41CCE1AC5D (3326976)
|_Soubor Heuri: no vrfy, (LIBFIL~1.DLL)
[!] libmedia.dll
|_Výrobce: Gromada.com
|_Popis: Audio/Video Conversion Functions for Developers
|_MD5: 56A82F53368ABAE55A9759AD6DACB391 (774144)
|_Soubor Heuri: no vrfy, cx (CODE)?,
[?] lwf214p.dll
|_Výrobce: LuraTech GmbH
|_Popis: LuraWave C-SDK Professional DLL
|_MD5: CA8FC4F957C129A4EE3855F123AE1AAD (126976)
|_Soubor Heuri: no vrfy,
[?] mdimon.dll
|_Výrobce: Microsoft Corporation
|_Popis: Microsoft® Document Imaging
|_MD5: CF0376023360AADD55C89BA50564AFDC (17920)
|_Soubor Heuri: ncmpny,
[?] mfc71.dll
|_Výrobce: Microsoft Corporation
|_Popis: MFCDLL Shared Library - Retail Version
|_MD5: 1FD3F9722119BDF7B8CFF0ECD1E84EA6 (1060864)
|_Soubor Heuri: ncmpny,
[!] mpgaudio.ax
|_Výrobce: GuGo Films
|_Popis: MPEG Audio Codec (Sample)
|_MD5: EDC256225AD7F30EDF4D6793ACE03A9A (17408)
|_Soubor Heuri: no vrfy, cx (UPX1)?,
[?] MSRDO20.DLL
|_Výrobce: Microsoft Corporation
|_Popis: MSRDO20 rdoEngine control
|_MD5: 31564551D2BF423E350277778965373E (397312)
|_Soubor Heuri: ncmpny,
[?] MSSTDFMT.DLL
|_Výrobce: Microsoft Corporation
|_Popis: Microsoft Standard Data Formating Object DLL
|_MD5: 38950FBC15EA45BE9B8988D897007FB1 (118784)
|_Soubor Heuri: ncmpny,
[?] MSSTKPRP.DLL
|_Výrobce: Microsoft Corporation
|_Popis: msprop32.ocx
|_MD5: D08A99C462298C041139789627168A0B (94208)
|_Soubor Heuri: ncmpny,
[?] msvcp71.dll
|_Výrobce: Microsoft Corporation
|_Popis: Microsoft® C++ Runtime Library
|_MD5: 561FA2ABB31DFA8FAB762145F81667C2 (499712)
|_Soubor Heuri: ncmpny,
[?] msvcr71.dll
|_Výrobce: Microsoft Corporation
|_Popis: Microsoft® C Runtime Library
|_MD5: 86F1895AE8C5E8B17D99ECE768A70732 (348160)
|_Soubor Heuri: ncmpny,
[?] pncrt.dll
|_Výrobce: Real Networks, Inc
|_Popis: Real Networks C/C++ Runtime Library
|_MD5: 13001EB0A58B4DE96126B16AB15FD8CC (278528)
|_Soubor Heuri: no vrfy,
[?] pndx5032.dll
|_Výrobce: RealNetworks, Inc.
|_Popis: 32 bit DirectX helper DLL
|_MD5: B74E422BC81236042529DC8A42A18423 (5632)
|_Soubor Heuri: no vrfy,
[?] qt-dx331.dll
|_Výrobce:
|_Popis:
|_MD5: 02CE4DF5C0ED4024775F8C908B271638 (3596288)
|_Soubor Heuri: ncmpny,
[?] RDOCURS.DLL
|_Výrobce: Microsoft Corporation
|_Popis: Microsoft RDO Client Cursor DLL
|_MD5: 225E83468AC37B57E46E3BFCF2A17C9C (151552)
|_Soubor Heuri: ncmpny,
[?] Roboex32.dll
|_Výrobce: Blue Sky Software Corporation.
|_Popis: RoboHELP Extensions for WinHelp
|_MD5: E20CCD8C640A0DBABA12FE7031B9A721 (317952)
|_Soubor Heuri: no vrfy,
[?] SCP32.DLL
|_Výrobce: Microsoft Corporation
|_Popis: Code Page Translation Library
|_MD5: 781BB5095E39817469AB034138C07EBE (15872)
|_Soubor Heuri: ncmpny,
[?] SecureNet.dll
|_Výrobce: My Privacy Tools, Inc.
|_Popis: My Privacy Tools SecureNet Service.
|_MD5: 9EE2FAC473AE386A5931B622EB1372D0 (163840)
|_Soubor Heuri: no vrfy, (SECURE~1.DLL)
[?] sherlock2.exe
|_Výrobce:
|_Popis:
|_MD5: 5362FF7951544DF1F5BF2F0269B555C3 (80912)
|_Soubor Heuri: ncmpny, (SHERLO~1.EXE)
[?] skeydrv.dll
|_Výrobce: Eutron
|_Popis: SmartKey Standalone Driver
|_MD5: 0FA9F158442A3772C9F9134777692DC6 (73728)
|_Soubor Heuri: no vrfy,
[?] Slide.ocx
|_Výrobce: Autodesk
|_Popis: AutoCAD Slide Control
|_MD5: E8A81408CA7B15DA9471DC755F98695C (339968)
|_Soubor Heuri: no vrfy,
[?] unrar.dll
|_Výrobce:
|_Popis:
|_MD5: BC8123E9966E126FDEB3064EB2FA3302 (164352)
|_Soubor Heuri: ncmpny,
[?] vb5db.dll
|_Výrobce: Microsoft Corporation
|_Popis: Visual Basic ICursor Interface Library
|_MD5: 4C6F2D2CE86330335801F2982B26223E (89360)
|_Soubor Heuri: ncmpny,
[?] VB6STKIT.DLL
|_Výrobce: Microsoft Corporation
|_Popis: Visual Basic Setup Toolkit Library DLL
|_MD5: CFF867572B44212B01B711C1FA009537 (101888)
|_Soubor Heuri: ncmpny,
[?] VBAME.DLL
|_Výrobce: Microsoft Corporation
|_Popis: VBA : Middle East Support
|_MD5: ED7B718D63D2CA397AC2FF12CE78DF7B (40960)
|_Soubor Heuri: ncmpny,
[?] vbar332.dll
|_Výrobce: Microsoft Corporation
|_Popis: Visual Basic for Applications Runtime - Expression Service
|_MD5: 9D1864AE5F6FF8BBDE86A3F5A448110D (368912)
|_Soubor Heuri: ncmpny,
[?] VSFLEX3.OCX
|_Výrobce: VideoSoft
|_Popis: vsFlex3 ActiveX Controls
|_MD5: C758EBC719C0D07B1B0E251C77F11BFD (225280)
|_Soubor Heuri: no vrfy,
[?] WINCTL4.OCX
|_Výrobce: Capital Intellect Inc
|_Popis: ?
|_MD5: 9F529163830F068D088BC6550AD7CCC6 (835584)
|_Soubor Heuri: no vrfy,
[?] WINLCTL5.DLL
|_Výrobce: Capital Intellect Inc
|_Popis: ?
|_MD5: 7C0A26B6F68D7B2FF3B1EA11C18FB29F (393216)
|_Soubor Heuri: no vrfy,
[?] wintab32.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: EA4AC505634CFB167AFF6A375A719E55 (61440)
|_Soubor Heuri: no vrfy,
[?] WINUTIL5.DLL
|_Výrobce: Capital Intellect Inc
|_Popis: WINUTL5
|_MD5: 2C2D8877BE92B452A82A541D06F6D3EB (495616)
|_Soubor Heuri: no vrfy,
[?] WISPTIS.EXE
|_Výrobce: Microsoft Corporation
|_Popis: Microsoft Tablet PC Platform Component
|_MD5: E1A12B50D09AD8D6416BA1420FE7D583 (189952)
|_Soubor Heuri: ncmpny,
[?] wmpeffects.dll
|_Výrobce: Microsoft Corporation
|_Popis: Windows Media Player Effects
|_MD5: E99514A3C219DC423637F96C2C8651DB (295936)
|_Soubor Heuri: ncmpny, (WMPEFF~1.DLL)
[?] xa275437.exe
|_Výrobce: Sports Interactive
|_Popis: Football Manager 2009
|_MD5: EDDAAD359C7EA23A71152A791B07366C (27840512)
|_Soubor Heuri: no vrfy, time mism.,
[?] xa280859.exe
|_Výrobce: Sports Interactive
|_Popis: Football Manager 2009
|_MD5: EDDAAD359C7EA23A71152A791B07366C (27840512)
|_Soubor Heuri: no vrfy, time mism.,
[?] xa330875.exe
|_Výrobce: Sports Interactive
|_Popis: Football Manager 2009
|_MD5: 0ED58549874D216689672EA70DD324E0 (27840512)
|_Soubor Heuri: no vrfy, time mism.,
[?] xa335281.exe
|_Výrobce: Sports Interactive
|_Popis: Football Manager 2009
|_MD5: EDDAAD359C7EA23A71152A791B07366C (27840512)
|_Soubor Heuri: no vrfy, time mism.,
[?] xa43400359.exe.mwt
|_Výrobce: Sports Interactive
|_Popis: Football Manager 2009
|_MD5: 3DBD717685918C58131F77910BCB570A (27860992)
|_Soubor Heuri: no vrfy, (XA4340~1.MWT)
[?] xa43418859.exe
|_Výrobce: Sports Interactive
|_Popis: Football Manager 2009
|_MD5: EDDAAD359C7EA23A71152A791B07366C (27840512)
|_Soubor Heuri: no vrfy, (XA4341~1.EXE)
[?] xvid.ax
|_Výrobce:
|_Popis:
|_MD5: 118EDDF2C9A5B7A086013486FAE30BC4 (69632)
|_Soubor Heuri: ncmpny,
[?] xvid.dll
|_Výrobce:
|_Popis:
|_MD5: 422B0BBF7576C040B1D38175F878CEE4 (159744)
|_Soubor Heuri: ncmpny,
[?] xvidcore.dll
|_Výrobce:
|_Popis:
|_MD5: E56ACDEECA362987B151AE738764583E (679936)
|_Soubor Heuri: ncmpny,
[?] xvidvfw.dll
|_Výrobce:
|_Popis:
|_MD5: 8E2EEFE8B9DE358055CE19318E622148 (159839)
|_Soubor Heuri: ncmpny,
[?] yv12vfw.dll
|_Výrobce: http://www.helixcommunity.org
|_Popis: Helix YV12 YUV Codec
|_MD5: DD602C1FBA3A3E962627569C9E10AF7C (217088)
|_Soubor Heuri: no vrfy,
Drivers:
[?] scdemu.sys
|_Výrobce: PowerISO Computing, Inc.
|_Popis: PowerISO Virtual Drive
|_MD5: F441BA47BD8610CB9536965BD7D1F943 (56268)
|_Soubor Heuri: no vrfy,
[?] sfdrv01.sys
|_Výrobce: Protection Technology
|_Popis: StarForce Protection Environment Driver
|_MD5: 56250672235BBE54BA8A4963B1AC997C (47616)
|_Soubor Heuri: no vrfy,
[?] sfhlp02.sys
|_Výrobce: Protection Technology
|_Popis: StarForce Protection Helper Driver
|_MD5: 3AD2B15CCC03FEBFBAF5FF057822AA75 (6656)
|_Soubor Heuri: no vrfy,
[?] sfi.dat
|_Výrobce:
|_Popis:
|_MD5:
|_Soubor Heuri: cant open (Přístup byl odepřen.)
[?] sfsync02.sys
|_Výrobce: Protection Technology
|_Popis: StarForce Protection Synchronization Driver
|_MD5: 798D918D8F20380008277CE3CE5319D1 (20544)
|_Soubor Heuri: no vrfy,
lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
UDP (4) Systém 0.0.0.0:445
UDP (808) lsass.exe 0.0.0.0:500
UDP (808) lsass.exe 0.0.0.0:4500
UDP (252) Ares.exe 0.0.0.0:11100
UDP (252) Ares.exe 0.0.0.0:11101
UDP (1280) svchost.exe 127.0.0.1:123
UDP (252) Ares.exe 127.0.0.1:1049
UDP (1528) svchost.exe 127.0.0.1:1900
UDP (1228) PnkBstrA.exe 127.0.0.1:44301
UDP (1336) PnkBstrB.exe 127.0.0.1:45301
Access Violations
================================================================
Zákázání zobrazení některých disků
Ostatní
================================================================
Hosts:
127.0.0.1 localhost
DNS:
10.1.1.1
================================================================
Ultimate Process Manager v5.0.0w - [ Lodus Software ] -
================================================================
Ultimate Process Manager v5.0.0w - [ Lodus Software ] -
Windows XP SP 3 (build 2600)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
UPM DB: Ne (0)
DigiSign: Ano
Log vygenerován: 17.12.2009 5:36:27
================================================================
SmallArk
================================================================
[?] ntdll.dll NtAllocateVirtualMemory JMP 10001950 -> n/a
[?] ntdll.dll ZwClose JMP 100082B0 -> n/a
[?] ntdll.dll NtCreateFile JMP 100018D0 -> n/a
[?] ntdll.dll ZwCreateProcess JMP 10001890 -> n/a
[?] ntdll.dll ZwCreateProcessEx JMP 100019B0 -> n/a
[?] ntdll.dll ZwDeleteFile JMP 10001910 -> n/a
[?] ntdll.dll NtFreeVirtualMemory JMP 10001A30 -> n/a
[?] ntdll.dll ZwLoadDriver JMP 10001970 -> n/a
[?] ntdll.dll ZwOpenFile JMP 100018F0 -> n/a
[?] ntdll.dll NtProtectVirtualMemory JMP 10001930 -> n/a
[?] ntdll.dll NtSetInformationProcess JMP 100019D0 -> n/a
[?] ntdll.dll ZwUnloadDriver JMP 10001990 -> n/a
[?] ntdll.dll NtWriteVirtualMemory JMP 100018B0 -> n/a
[?] ntdll.dll RtlAllocateHeap JMP 10001A10 -> n/a
[?] ntdll.dll LdrLoadDll JMP 10004550 -> n/a
[?] ntdll.dll LdrUnloadDll JMP 100081E0 -> n/a
[?] ntdll.dll LdrGetProcedureAddress JMP 100019F0 -> n/a
Procesy + scan
================================================================
[!] C:\Program Files\Ares\Ares.exe
|_ Proces Heuri: Spouští se po startu, EntryPoint v sekci: .ASPACK,
[?] C:\Program Files\Opera\Opera.exe
|_ Proces Heuri:
[?] C:\Program Files\WinRAR\WinRAR.exe
|_ Proces Heuri: Bez výrobce,
[?] C:\DOCUME~1\user\LOCALS~1\temp\Rar$EX01.188\upm.exe
|_ Proces Heuri:
Po spuštění
================================================================
HKCU Run
|_ [!] [ares] C:\Program Files\Ares\Ares.exe -h
HKLM Run
|_ [?] [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun
HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\iedkcs32.dll,BrandIEActiveSetup SIGNUP (Soubor nenalezen)
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [X][{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll (Soubor nenalezen)
|_ [X][{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] C:\WINDOWS\Program Files\Outlook Express\setup50.exe /APP:OE /CALLER:WINNT /user /install (Soubor nenalezen)
|_ [X][{7790769C-0471-11d2-AF11-00C04FA35D02}] C:\WINDOWS\Program Files\Outlook Express\setup50.exe /APP:WAB /CALLER:WINNT /user /install (Soubor nenalezen)
|_ [X][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll (Soubor nenalezen)
|_ [X][{89B4C1CD-B018-4511-B0A1-5476DBF70820}] c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install (Soubor nenalezen)
HKLM Winlogon Notify
|_ [?] [!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
HKCU IE WebBrowser Toolbar
|_ [X][{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}] (Soubor nenalezen)
Moduly
================================================================
[?] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
|_ Výrobce: SUPERAntiSpyware.com
|_ Popis: SUPERAntiSpyware WinLogon Processor
|_ MD5: 972EDEDE23AC8D59AAC0C09799C6F18A (356352)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ winlogon.exe
[?] C:\Program Files\COMODO\COMODO Internet Security\scanners\script.cav
|_ Výrobce:
|_ Popis:
|_ MD5: E8EB53D3D9ED34EDDC11218960B45829 (28672)
|_ Procesy:
|_ cmdagent.exe
[?] C:\WINDOWS\system32\mdimon.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: Microsoft® Document Imaging
|_ MD5: CF0376023360AADD55C89BA50564AFDC (17920)
|_ Soubor Heuri: ncmpny,
|_ Procesy:
|_ spoolsv.exe
[?] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: Microsoft® Document Imaging
|_ MD5: 58E13A2292839321D3CDC918D5A4F5AE (18944)
|_ Procesy:
|_ spoolsv.exe
[?] C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
|_ Výrobce: SuperAdBlocker.com
|_ Popis: ShellExecuteHook
|_ MD5: ECD5517A6633826057D4F050927DDF56 (77824)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ explorer.exe
[?] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: aspnet_isapi.lib
|_ MD5: A54235D77F14C5DBA7931BE1EBFD1763 (258048)
|_ Soubor Heuri: ncmpny,
|_ Procesy:
|_ jqs.exe
[?] C:\WINDOWS\system32\netfxperf.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: netfxperf.lib
|_ MD5: 31FB4B337DD09BDF99429D7DBB5FDD48 (32768)
|_ Procesy:
|_ jqs.exe
[?] C:\Program Files\Java\jre6\bin\msvcr71.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: Microsoft® C Runtime Library
|_ MD5: 86F1895AE8C5E8B17D99ECE768A70732 (348160)
|_ Soubor Heuri: ncmpny,
|_ Procesy:
|_ jqs.exe
[!] C:\Program Files\Opera\opera.dll
|_ Výrobce: Opera Software
|_ Popis: Opera Internet Browser
|_ MD5: ED01B58CC963123D770701ECFC4A938E (3739648)
|_ Soubor Heuri: no vrfy, cx (UPX1)?,
|_ Procesy:
|_ Opera.exe
[X] C:\Program Files\WinRAR\rarlng.dll
|_ Výrobce:
|_ Popis:
|_ MD5: B00DEED63396B97FF5BEE860C201D86B (319488)
|_ Soubor Heuri: ncmpny, cx (CODE)?, time mism.,
|_ Procesy:
|_ WinRAR.exe
[?] C:\DOCUME~1\user\LOCALS~1\temp\Rar$EX01.188\upm.dll
|_ Výrobce: Lodus Software
|_ Popis: Ultimate Process Manager Core Library
|_ MD5: 53E76DFB5653675E7D1A2980F36BE104 (14336)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ upm.exe
[X] C:\DOCUME~1\user\LOCALS~1\temp\Rar$EX01.188\LDE.dll
|_ Výrobce:
|_ Popis:
|_ MD5: 0F13A4173A599AAA15E3B270E5E27A7F (10752)
|_ Soubor Heuri: ncmpny, cx (UPX1)?,
|_ Procesy:
|_ upm.exe
[?] C:\DOCUME~1\user\LOCALS~1\temp\Rar$EX01.328\prjXTab.ocx
|_ Výrobce: xyz
|_ Popis: ?
|_ MD5: A5BB28FFBB25AAF3FE75E22D102BC6F4 (159744)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ upm.exe
[?] C:\DOCUME~1\user\LOCALS~1\temp\Rar$EX01.188\olepro32.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: ?
|_ MD5: 33F14F23DFAE4B43CDD4E535CD7C1963 (83456)
|_ Soubor Heuri: ncmpny,
|_ Procesy:
|_ upm.exe
Služby
================================================================
[?] InstallDriver Table Manager
|_ Cesta: C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
| |_ Výrobce: Macrovision Corporation
| |_ Popis: IDriverT Module
| |_ MD5: 4BE737C89F295D13D9AB1545B15F6BE2 (69632)
| |_ Soubor Heuri: no vrfy,
|
|_ Jméno: IDriverT
|_ StartName: LocalSystem
[?] Java Quick Starter
|_ Cesta: C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
| |_ Soubor Heuri: cant open (Název souboru, adresáře nebo jmenovka svazku je nesprávná.)
|
|_ Jméno: JavaQuickStarterService
|_ StartName: LocalSystem
[?]
|_ Cesta:
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
| |_ Soubor Heuri: cant open (Systém nemůže nalézt uvedenou cestu.)
|
|_ Jméno:
|_ StartName:
Ovladače
================================================================
[?] C:\WINDOWS\system32\drivers\sfsync02.sys
|_ ServiceName: StarForce Protection Synchronization Driver (version 2.x)
|
|_ Výrobce: Protection Technology
|_ Popis: StarForce Protection Synchronization Driver
|_ MD5: 798D918D8F20380008277CE3CE5319D1 (20544)
|_ Soubor Heuri: no vrfy,
[?] C:\WINDOWS\system32\drivers\sfhlp02.sys
|_ ServiceName: StarForce Protection Helper Driver (version 2.x)
|
|_ Výrobce: Protection Technology
|_ Popis: StarForce Protection Helper Driver
|_ MD5: 3AD2B15CCC03FEBFBAF5FF057822AA75 (6656)
|_ Soubor Heuri: no vrfy,
[?] C:\WINDOWS\system32\drivers\sfdrv01.sys
|_ ServiceName: StarForce Protection Environment Driver (version 1.x)
|
|_ Výrobce: Protection Technology
|_ Popis: StarForce Protection Environment Driver
|_ MD5: 56250672235BBE54BA8A4963B1AC997C (47616)
|_ Soubor Heuri: no vrfy,
[?] C:\WINDOWS\System32\Drivers\SCDEmu.SYS
|_ ServiceName: SCDEmu
|
|_ Výrobce: PowerISO Computing, Inc.
|_ Popis: PowerISO Virtual Drive
|_ MD5: F441BA47BD8610CB9536965BD7D1F943 (56268)
|_ Soubor Heuri: no vrfy,
[?] C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
|_ ServiceName: SASKUTIL
|
|_ Výrobce: SUPERAdBlocker.com and SUPERAntiSpyware.com
|_ Popis: SASKUTIL.SYS
|_ MD5: 64C100DBF57C6CB6E7D5D24153F5E444 (55024)
|_ Soubor Heuri: no vrfy,
[?] C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
|_ ServiceName: SASDIFSV
|
|_ Výrobce: SUPERAdBlocker.com and SUPERAntiSpyware.com
|_ Popis: SASDIFSV.SYS
|_ MD5: C030C9A39E85B6F04A8DD25D1A50258A (8944)
|_ Soubor Heuri: no vrfy,
[?] C:\WINDOWS\System32\Drivers\dump_atapi.sys
|_ ServiceName: N/A
|
|_ Výrobce:
|_ Popis:
|_ MD5:
|_ Soubor Heuri: cant open (Systém nemůže nalézt uvedený soubor.) nosvc,
[?] C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
|_ ServiceName: N/A
|
|_ Výrobce:
|_ Popis:
|_ MD5:
|_ Soubor Heuri: cant open (Systém nemůže nalézt uvedený soubor.) nosvc,
Soubory
================================================================
System32:
[?] AAD.DLL
|_Výrobce: Microsoft Corporation
|_Popis: Advanced Windows 32 Base API
|_MD5: 0CDC4A0C6B820FAD99FB4CA74CD0C476 (683520)
|_Soubor Heuri: ncmpny,
[?] AAK.dll
|_Výrobce: Microsoft Corporation
|_Popis: Windows NT BASE API Client DLL
|_MD5: 98DA079F61265BC26D4587E280B79F30 (982016)
|_Soubor Heuri: ncmpny,
[?] AAP.DLL
|_Výrobce: Microsoft Corporation
|_Popis: Process Status Helper
|_MD5: FBF21330B53F92C17F4FF5F7B0C23BDB (23040)
|_Soubor Heuri: ncmpny,
[?] ac3acm.acm
|_Výrobce: fccHandler
|_Popis: AC-3 ACM Codec
|_MD5: D95393B383FB3DB265836C84B53892A3 (118784)
|_Soubor Heuri: no vrfy,
[?] AgCPanelFrench.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: E6BD737176FFB83381FEFE0C69E31882 (53248)
|_Soubor Heuri: no vrfy, (AGCPAN~1.DLL)
[?] AgCPanelGerman.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: EF613E9FDAC3B435BD354C4A9F5095BF (53248)
|_Soubor Heuri: no vrfy, (AGCPAN~2.DLL)
[?] AgCPanelJapanese.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: 9935756F2560C9BC19DE88087D232540 (53248)
|_Soubor Heuri: no vrfy, (AGCPAN~3.DLL)
[?] AgCPanelKorean.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: 4FB2CA1F9DD07B8D3AF2FA302E9BAA99 (53248)
|_Soubor Heuri: no vrfy, (AGCPAN~4.DLL)
[?] AgCPanelPortugese.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: 8AA21A743F57275D5FB6B34D3797655D (53248)
|_Soubor Heuri: no vrfy, (AG9726~1.DLL)
[?] AgCPanelSimplifiedChinese.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: 590BB09971098DD245C2193FE0A9B9B9 (53248)
|_Soubor Heuri: no vrfy, (AGE9E8~1.DLL)
[?] AgCPanelSpanish.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: D323D17E02AA85F49D4796EFF74D2DE2 (53248)
|_Soubor Heuri: no vrfy, (AGE5A0~1.DLL)
[?] AgCPanelSwedish.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: 41B99B2DCBB86DE8EDC6621546C2EACE (53248)
|_Soubor Heuri: no vrfy, (AGE927~1.DLL)
[?] AgCPanelTraditionalChinese.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: 68FCEDF6CD7147930F67FD166F3F3BB5 (53248)
|_Soubor Heuri: no vrfy, (AGACAA~1.DLL)
[!] AS-IFce1.ocx
|_Výrobce: Cyotek
|_Popis: Ariad® Interface Components
|_MD5: 90983FA6B4958DE2CAFC1FB5E2900DA3 (597834)
|_Soubor Heuri: no vrfy, cx (.neolit)?,
[?] ati2sgag.exe
|_Výrobce:
|_Popis: ATI Smart
|_MD5: 828C43CA21C642D26EB130B9FEB9DB5A (593920)
|_Soubor Heuri: no vrfy,
[?] cdintf251.dll
|_Výrobce: Amyuni Technologies
http://www.amyuni.com
|_Popis: Common Driver Interface DLL
|_MD5: 26C866148472D0F058A5D1148FEC1776 (2134016)
|_Soubor Heuri: no vrfy, (CDINTF~1.DLL)
[?] CoreAAC.ax
|_Výrobce:
|_Popis: CoreAAC
|_MD5: 6636FD123E77073C1A07D1EC0831334C (606208)
|_Soubor Heuri: no vrfy,
[?] DC210.dll
|_Výrobce: Eastman Kodak Company
|_Popis: DC210
|_MD5: DD39528B147AE4ED360F528A95DD4D1C (45568)
|_Soubor Heuri: no vrfy,
[?] DC240.dll
|_Výrobce: Eastman Kodak Company
|_Popis: DC240.DLL
|_MD5: 9668886499D152C355279B7A493CFFDC (110592)
|_Soubor Heuri: no vrfy,
[?] DC265.dll
|_Výrobce: Eastman Kodak Company
|_Popis: DC265 1.0.0600
|_MD5: 6448B76EB5FF31F0E193A2A113C87F66 (230400)
|_Soubor Heuri: no vrfy,
[?] DC265Ifr.ocx
|_Výrobce: FlashPoint Technology, Inc.
|_Popis: FTI Device Digita Infrared ActiveX Control Module
|_MD5: 48DDDF2BD9C421E7BDDBD5861E95E515 (59904)
|_Soubor Heuri: no vrfy,
[?] DC265Ser.ocx
|_Výrobce: FlashPoint Technology, Inc.
|_Popis: FTI Device Digita Serial ActiveX Control Module
|_MD5: 473EC0D7880D780A7C588DDF11B578E8 (60928)
|_Soubor Heuri: no vrfy,
[?] DC265USB.ocx
|_Výrobce: FlashPoint Technology, Inc.
|_Popis: FTI Device Digita USB ActiveX Control Module
|_MD5: C012A207DDAC9B75FBCCECEA65AABFC0 (58368)
|_Soubor Heuri: no vrfy,
[?] DC_KDC265.apl
|_Výrobce: ACD Systems, Ltd.
|_Popis: DC_KDC265
|_MD5: F5660D5A7C78EED2180077E655A6BF6D (61440)
|_Soubor Heuri: no vrfy, (DC_KDC~1.APL)
[?] Digita.sys
|_Výrobce:
|_Popis:
|_MD5: 81A3CFF05560C1BE2789B1F7BDD66B53 (6688)
|_Soubor Heuri: ncmpny,
[!] divx.dll
|_Výrobce: DivX, Inc.
|_Popis: DivX
|_MD5: 5E1E3DB1E221217A9D8741DF89B739A1 (682496)
|_Soubor Heuri: no vrfy, infected?
[?] dpl100.dll
|_Výrobce: DivX, Inc.
|_Popis: dpl100
|_MD5: A02A458E8725BB0C21895703FAA92C2B (81920)
|_Soubor Heuri: no vrfy,
[!] dvdaudio.ax
|_Výrobce: Fraunhofer
|_Popis: Fraunhofer MPEG2 Audio Filter
|_MD5: 956CC0C18329FCD8E16303D6E2CC63B5 (65024)
|_Soubor Heuri: no vrfy, cx (UPX1)?,
[!] dvdvideo.ax
|_Výrobce: Fraunhofer
|_Popis: Fraunhofer MPEG2 Video Filter
|_MD5: C0258BD99EC38A58F2E4DE5643DE8663 (85504)
|_Soubor Heuri: no vrfy, cx (UPX1)?,
[?] DwgThumbnail.ocx
|_Výrobce: Autodesk Developer Consulting Group
|_Popis: AutoCAD DwgThumbnail Control
|_MD5: EF6051D6F147000A6668DFC3744DA59E (274432)
|_Soubor Heuri: no vrfy, (DWGTHU~1.OCX)
[?] dxtmeta2.dll
|_Výrobce: MetaCreations Corporation
|_Popis: DXTMeta2 Module
|_MD5: 756AB095998FBFB13703CB26FECDA3C3 (268048)
|_Soubor Heuri: no vrfy,
[?] eEmpty.exe
|_Výrobce: MicroWorld Technologies Inc.
|_Popis: eScan Empty Container
|_MD5: C602D1E31E493914CD485550E0E46B7F (28672)
|_Soubor Heuri: no vrfy,
[?] ekfpixaudio.dll
|_Výrobce: Eastman Kodak Company
|_Popis: NIF KIES AUDIO Library
|_MD5: 4310AD6C60A615594DF02AFBEE282151 (43520)
|_Soubor Heuri: no vrfy, (EKFPIX~1.DLL)
[?] ekfpixexif.dll
|_Výrobce: Eastman Kodak Company
|_Popis: NIF KIES EXIF Library
|_MD5: 834569E493DDC79873AEFE438D3E891B (138240)
|_Soubor Heuri: no vrfy, (EKFPIX~2.DLL)
[?] ekfpixguid.dll
|_Výrobce: Eastman Kodak Company
|_Popis: NIF KIES GUID Library
|_MD5: 14681286D797A819130A1152C4D8375F (4608)
|_Soubor Heuri: no vrfy, (EKFPIX~3.DLL)
[?] ekfpixio130.dll
|_Výrobce: Eastman Kodak Company
|_Popis: NIF KIES I/O Layer API
|_MD5: 6AD17384D9A2D6666F8DD0210606DF4C (446976)
|_Soubor Heuri: no vrfy, (EKFPIX~4.DLL)
[?] ekfpixjpeg.dll
|_Výrobce: Eastman Kodak Company
|_Popis: NIF KIES JPEG Library
|_MD5: 3C49F6C07FB45BA00AF56FAB36EC5592 (97280)
|_Soubor Heuri: no vrfy, (EK6A9D~1.DLL)
[?] ekfpixpsets.dll
|_Výrobce: Eastman Kodak Company
|_Popis: NIF KIES PSETS Library
|_MD5: DBCE9314F85BF3A981AE846C242E38CF (68096)
|_Soubor Heuri: no vrfy, (EK7665~1.DLL)
[?] F210.dll
|_Výrobce: Eastman Kodak Company
|_Popis: F210.DLL
|_MD5: 42755C7296936C50683A850DAA5738E9 (32768)
|_Soubor Heuri: no vrfy,
[?] framedyn.dll
|_Výrobce: Microsoft Corporation
|_Popis: WMI SDK Provider Framework
|_MD5: 5AB61F434FC83CF87EFF68A20E5F93E2 (174592)
|_Soubor Heuri: ncmpny,
[?] INKED.DLL
|_Výrobce: Microsoft Corporation
|_Popis: Microsoft Tablet PC Platform Component
|_MD5: 7E0A591C84447AE4410B2525591EECB6 (204800)
|_Soubor Heuri: ncmpny,
[!] iviaudio.ax
|_Výrobce: InterVideo Inc.
|_Popis: IVIAUDIO
|_MD5: 7E37B767DA3FEAAB6665BF650EC20C62 (154112)
|_Soubor Heuri: no vrfy, cx (UPX1)?,
[?] javacpl.cpl
|_Výrobce: Sun Microsystems, Inc.
|_Popis: Java(TM) Control Panel
|_MD5: 80D852AFDC9FD524CF6A6F3485FD3A10 (73728)
|_Soubor Heuri: no vrfy,
[?] Jgar500.dll
|_Výrobce: Johnson-Grace Company
|_Popis: JG Static Art Content Player DLL
|_MD5: 738CD1EB0EAAF82810F15A2E7D4EE155 (11264)
|_Soubor Heuri: no vrfy,
[?] Jgdw500.dll
|_Výrobce: America Online
|_Popis: JG ART DLL
|_MD5: 393BCB9D419D04E998CFB4FF841CFC53 (144896)
|_Soubor Heuri: no vrfy,
[?] Jgid500.dll
|_Výrobce: Johnson-Grace Company
|_Popis: JG Image Decoder DLL
|_MD5: 462032BF2197C1EE17DDD78A30EE905F (11264)
|_Soubor Heuri: no vrfy,
[?] Jgme500.dll
|_Výrobce: Johnson-Grace Company
|_Popis: JG Memory DLL
|_MD5: 88A0493AE27AB358F68E4A3A116E8617 (7168)
|_Soubor Heuri: no vrfy,
[?] Jgpl500.dll
|_Výrobce: Johnson-Grace Company
|_Popis: JG ART Player DLL
|_MD5: C6D0FB4B8E67637E6BF36EF59C978B32 (15872)
|_Soubor Heuri: no vrfy,
[?] Jgst500.dll
|_Výrobce: Johnson-Grace Company
|_Popis: JG Stream DLL
|_MD5: A019B573DDC750DA4C668DCEF60DC3C1 (13312)
|_Soubor Heuri: no vrfy,
[?] lameACM.acm
|_Výrobce: http://www.mp3dev.org/
|_Popis: Lame MP3 codec engine
|_MD5: 5C7769B696513302C31253C7E3F001C4 (389120)
|_Soubor Heuri: no vrfy,
[?] ldf252.dll
|_Výrobce:
|_Popis:
|_MD5: E2CA26C9F267EBA5C8B3F8DFEA67319F (335872)
|_Soubor Heuri: ncmpny,
[?] libavidd-1.3.0.dll
|_Výrobce: Gromada.com
|_Popis: AVI file format support via DirectX interface
|_MD5: FC1DE80BF863BB29B4A3F4732CBB86C7 (28672)
|_Soubor Heuri: no vrfy, (LIBAVI~1.DLL)
[?] libfilefmt-1.4.1.dll
|_Výrobce: Gromada.com
|_Popis: Multimedia file formats support library
|_MD5: 5F91DC7CDE99BA7F3EE8CF41CCE1AC5D (3326976)
|_Soubor Heuri: no vrfy, (LIBFIL~1.DLL)
[!] libmedia.dll
|_Výrobce: Gromada.com
|_Popis: Audio/Video Conversion Functions for Developers
|_MD5: 56A82F53368ABAE55A9759AD6DACB391 (774144)
|_Soubor Heuri: no vrfy, cx (CODE)?,
[?] lwf214p.dll
|_Výrobce: LuraTech GmbH
|_Popis: LuraWave C-SDK Professional DLL
|_MD5: CA8FC4F957C129A4EE3855F123AE1AAD (126976)
|_Soubor Heuri: no vrfy,
[?] mdimon.dll
|_Výrobce: Microsoft Corporation
|_Popis: Microsoft® Document Imaging
|_MD5: CF0376023360AADD55C89BA50564AFDC (17920)
|_Soubor Heuri: ncmpny,
[?] mfc71.dll
|_Výrobce: Microsoft Corporation
|_Popis: MFCDLL Shared Library - Retail Version
|_MD5: 1FD3F9722119BDF7B8CFF0ECD1E84EA6 (1060864)
|_Soubor Heuri: ncmpny,
[!] mpgaudio.ax
|_Výrobce: GuGo Films
|_Popis: MPEG Audio Codec (Sample)
|_MD5: EDC256225AD7F30EDF4D6793ACE03A9A (17408)
|_Soubor Heuri: no vrfy, cx (UPX1)?,
[?] MSRDO20.DLL
|_Výrobce: Microsoft Corporation
|_Popis: MSRDO20 rdoEngine control
|_MD5: 31564551D2BF423E350277778965373E (397312)
|_Soubor Heuri: ncmpny,
[?] MSSTDFMT.DLL
|_Výrobce: Microsoft Corporation
|_Popis: Microsoft Standard Data Formating Object DLL
|_MD5: 38950FBC15EA45BE9B8988D897007FB1 (118784)
|_Soubor Heuri: ncmpny,
[?] MSSTKPRP.DLL
|_Výrobce: Microsoft Corporation
|_Popis: msprop32.ocx
|_MD5: D08A99C462298C041139789627168A0B (94208)
|_Soubor Heuri: ncmpny,
[?] msvcp71.dll
|_Výrobce: Microsoft Corporation
|_Popis: Microsoft® C++ Runtime Library
|_MD5: 561FA2ABB31DFA8FAB762145F81667C2 (499712)
|_Soubor Heuri: ncmpny,
[?] msvcr71.dll
|_Výrobce: Microsoft Corporation
|_Popis: Microsoft® C Runtime Library
|_MD5: 86F1895AE8C5E8B17D99ECE768A70732 (348160)
|_Soubor Heuri: ncmpny,
[?] pncrt.dll
|_Výrobce: Real Networks, Inc
|_Popis: Real Networks C/C++ Runtime Library
|_MD5: 13001EB0A58B4DE96126B16AB15FD8CC (278528)
|_Soubor Heuri: no vrfy,
[?] pndx5032.dll
|_Výrobce: RealNetworks, Inc.
|_Popis: 32 bit DirectX helper DLL
|_MD5: B74E422BC81236042529DC8A42A18423 (5632)
|_Soubor Heuri: no vrfy,
[?] qt-dx331.dll
|_Výrobce:
|_Popis:
|_MD5: 02CE4DF5C0ED4024775F8C908B271638 (3596288)
|_Soubor Heuri: ncmpny,
[?] RDOCURS.DLL
|_Výrobce: Microsoft Corporation
|_Popis: Microsoft RDO Client Cursor DLL
|_MD5: 225E83468AC37B57E46E3BFCF2A17C9C (151552)
|_Soubor Heuri: ncmpny,
[?] Roboex32.dll
|_Výrobce: Blue Sky Software Corporation.
|_Popis: RoboHELP Extensions for WinHelp
|_MD5: E20CCD8C640A0DBABA12FE7031B9A721 (317952)
|_Soubor Heuri: no vrfy,
[?] SCP32.DLL
|_Výrobce: Microsoft Corporation
|_Popis: Code Page Translation Library
|_MD5: 781BB5095E39817469AB034138C07EBE (15872)
|_Soubor Heuri: ncmpny,
[?] SecureNet.dll
|_Výrobce: My Privacy Tools, Inc.
|_Popis: My Privacy Tools SecureNet Service.
|_MD5: 9EE2FAC473AE386A5931B622EB1372D0 (163840)
|_Soubor Heuri: no vrfy, (SECURE~1.DLL)
[?] sherlock2.exe
|_Výrobce:
|_Popis:
|_MD5: 5362FF7951544DF1F5BF2F0269B555C3 (80912)
|_Soubor Heuri: ncmpny, (SHERLO~1.EXE)
[?] skeydrv.dll
|_Výrobce: Eutron
|_Popis: SmartKey Standalone Driver
|_MD5: 0FA9F158442A3772C9F9134777692DC6 (73728)
|_Soubor Heuri: no vrfy,
[?] Slide.ocx
|_Výrobce: Autodesk
|_Popis: AutoCAD Slide Control
|_MD5: E8A81408CA7B15DA9471DC755F98695C (339968)
|_Soubor Heuri: no vrfy,
[?] unrar.dll
|_Výrobce:
|_Popis:
|_MD5: BC8123E9966E126FDEB3064EB2FA3302 (164352)
|_Soubor Heuri: ncmpny,
[?] vb5db.dll
|_Výrobce: Microsoft Corporation
|_Popis: Visual Basic ICursor Interface Library
|_MD5: 4C6F2D2CE86330335801F2982B26223E (89360)
|_Soubor Heuri: ncmpny,
[?] VB6STKIT.DLL
|_Výrobce: Microsoft Corporation
|_Popis: Visual Basic Setup Toolkit Library DLL
|_MD5: CFF867572B44212B01B711C1FA009537 (101888)
|_Soubor Heuri: ncmpny,
[?] VBAME.DLL
|_Výrobce: Microsoft Corporation
|_Popis: VBA : Middle East Support
|_MD5: ED7B718D63D2CA397AC2FF12CE78DF7B (40960)
|_Soubor Heuri: ncmpny,
[?] vbar332.dll
|_Výrobce: Microsoft Corporation
|_Popis: Visual Basic for Applications Runtime - Expression Service
|_MD5: 9D1864AE5F6FF8BBDE86A3F5A448110D (368912)
|_Soubor Heuri: ncmpny,
[?] VSFLEX3.OCX
|_Výrobce: VideoSoft
|_Popis: vsFlex3 ActiveX Controls
|_MD5: C758EBC719C0D07B1B0E251C77F11BFD (225280)
|_Soubor Heuri: no vrfy,
[?] WINCTL4.OCX
|_Výrobce: Capital Intellect Inc
|_Popis: ?
|_MD5: 9F529163830F068D088BC6550AD7CCC6 (835584)
|_Soubor Heuri: no vrfy,
[?] WINLCTL5.DLL
|_Výrobce: Capital Intellect Inc
|_Popis: ?
|_MD5: 7C0A26B6F68D7B2FF3B1EA11C18FB29F (393216)
|_Soubor Heuri: no vrfy,
[?] wintab32.dll
|_Výrobce: ?
|_Popis: ?
|_MD5: EA4AC505634CFB167AFF6A375A719E55 (61440)
|_Soubor Heuri: no vrfy,
[?] WINUTIL5.DLL
|_Výrobce: Capital Intellect Inc
|_Popis: WINUTL5
|_MD5: 2C2D8877BE92B452A82A541D06F6D3EB (495616)
|_Soubor Heuri: no vrfy,
[?] WISPTIS.EXE
|_Výrobce: Microsoft Corporation
|_Popis: Microsoft Tablet PC Platform Component
|_MD5: E1A12B50D09AD8D6416BA1420FE7D583 (189952)
|_Soubor Heuri: ncmpny,
[?] wmpeffects.dll
|_Výrobce: Microsoft Corporation
|_Popis: Windows Media Player Effects
|_MD5: E99514A3C219DC423637F96C2C8651DB (295936)
|_Soubor Heuri: ncmpny, (WMPEFF~1.DLL)
[?] xa275437.exe
|_Výrobce: Sports Interactive
|_Popis: Football Manager 2009
|_MD5: EDDAAD359C7EA23A71152A791B07366C (27840512)
|_Soubor Heuri: no vrfy, time mism.,
[?] xa280859.exe
|_Výrobce: Sports Interactive
|_Popis: Football Manager 2009
|_MD5: EDDAAD359C7EA23A71152A791B07366C (27840512)
|_Soubor Heuri: no vrfy, time mism.,
[?] xa330875.exe
|_Výrobce: Sports Interactive
|_Popis: Football Manager 2009
|_MD5: 0ED58549874D216689672EA70DD324E0 (27840512)
|_Soubor Heuri: no vrfy, time mism.,
[?] xa335281.exe
|_Výrobce: Sports Interactive
|_Popis: Football Manager 2009
|_MD5: EDDAAD359C7EA23A71152A791B07366C (27840512)
|_Soubor Heuri: no vrfy, time mism.,
[?] xa43400359.exe.mwt
|_Výrobce: Sports Interactive
|_Popis: Football Manager 2009
|_MD5: 3DBD717685918C58131F77910BCB570A (27860992)
|_Soubor Heuri: no vrfy, (XA4340~1.MWT)
[?] xa43418859.exe
|_Výrobce: Sports Interactive
|_Popis: Football Manager 2009
|_MD5: EDDAAD359C7EA23A71152A791B07366C (27840512)
|_Soubor Heuri: no vrfy, (XA4341~1.EXE)
[?] xvid.ax
|_Výrobce:
|_Popis:
|_MD5: 118EDDF2C9A5B7A086013486FAE30BC4 (69632)
|_Soubor Heuri: ncmpny,
[?] xvid.dll
|_Výrobce:
|_Popis:
|_MD5: 422B0BBF7576C040B1D38175F878CEE4 (159744)
|_Soubor Heuri: ncmpny,
[?] xvidcore.dll
|_Výrobce:
|_Popis:
|_MD5: E56ACDEECA362987B151AE738764583E (679936)
|_Soubor Heuri: ncmpny,
[?] xvidvfw.dll
|_Výrobce:
|_Popis:
|_MD5: 8E2EEFE8B9DE358055CE19318E622148 (159839)
|_Soubor Heuri: ncmpny,
[?] yv12vfw.dll
|_Výrobce: http://www.helixcommunity.org
|_Popis: Helix YV12 YUV Codec
|_MD5: DD602C1FBA3A3E962627569C9E10AF7C (217088)
|_Soubor Heuri: no vrfy,
Drivers:
[?] scdemu.sys
|_Výrobce: PowerISO Computing, Inc.
|_Popis: PowerISO Virtual Drive
|_MD5: F441BA47BD8610CB9536965BD7D1F943 (56268)
|_Soubor Heuri: no vrfy,
[?] sfdrv01.sys
|_Výrobce: Protection Technology
|_Popis: StarForce Protection Environment Driver
|_MD5: 56250672235BBE54BA8A4963B1AC997C (47616)
|_Soubor Heuri: no vrfy,
[?] sfhlp02.sys
|_Výrobce: Protection Technology
|_Popis: StarForce Protection Helper Driver
|_MD5: 3AD2B15CCC03FEBFBAF5FF057822AA75 (6656)
|_Soubor Heuri: no vrfy,
[?] sfi.dat
|_Výrobce:
|_Popis:
|_MD5:
|_Soubor Heuri: cant open (Přístup byl odepřen.)
[?] sfsync02.sys
|_Výrobce: Protection Technology
|_Popis: StarForce Protection Synchronization Driver
|_MD5: 798D918D8F20380008277CE3CE5319D1 (20544)
|_Soubor Heuri: no vrfy,
lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
UDP (4) Systém 0.0.0.0:445
UDP (808) lsass.exe 0.0.0.0:500
UDP (808) lsass.exe 0.0.0.0:4500
UDP (252) Ares.exe 0.0.0.0:11100
UDP (252) Ares.exe 0.0.0.0:11101
UDP (1280) svchost.exe 127.0.0.1:123
UDP (252) Ares.exe 127.0.0.1:1049
UDP (1528) svchost.exe 127.0.0.1:1900
UDP (1228) PnkBstrA.exe 127.0.0.1:44301
UDP (1336) PnkBstrB.exe 127.0.0.1:45301
Access Violations
================================================================
Zákázání zobrazení některých disků
Ostatní
================================================================
Hosts:
127.0.0.1 localhost
DNS:
10.1.1.1
================================================================
Ultimate Process Manager v5.0.0w - [ Lodus Software ] -
================================================================
Ultimate Process Manager v5.0.0w - [ Lodus Software ] -
Re: zase ROOTKIT
Napsal: 17 pro 2009 20:08
Log zkontroluji zitra.
Re: zase ROOTKIT
Napsal: 18 pro 2009 13:30
jasan 
Re: zase ROOTKIT
Napsal: 18 pro 2009 15:37
Log je ok.
Takze vase LAN IP je 10.1.6.10.
Ta v internetu videt neni.
Jdete sem WhatismyIP a napiste mi,co mate zobrazeno za IP.
To je IP,kterou mate pridelenou od providera.
Takze vase LAN IP je 10.1.6.10.
Ta v internetu videt neni.
Jdete sem WhatismyIP a napiste mi,co mate zobrazeno za IP.
To je IP,kterou mate pridelenou od providera.
Re: zase ROOTKIT
Napsal: 18 pro 2009 19:07
je to IP 93.91.144.178
Re: zase ROOTKIT
Napsal: 19 pro 2009 02:06
Takze kontaktovat providera a zeptat se ho,jestli je obeznamen s tim,co je to vlastne za adresu.
Re: zase ROOTKIT
Napsal: 19 pro 2009 12:40
diky za ochotu jdu tam 
Re: zase ROOTKIT
Napsal: 19 pro 2009 17:28
Pak dejte vedet,jak jste pochodil.
Re: zase ROOTKIT
Napsal: 22 pro 2009 07:17
tak jsem tam byl ta IP adresa je opravdu nová protože se měnil provider
to co se připojuje mojí novou IP adresou jsou prý viry takže odvirovat počítač tak nevím
máte chut se stím ještě zabyvat.S tou hláškou v proližeči jeto zase stejny včera zase vybafla ,že to dělaji viry
jo a začala se mi otevírat a zavírat sama dvd mechanika ale při manualním otevirani se ani nehne
to co se připojuje mojí novou IP adresou jsou prý viry takže odvirovat počítač tak nevím
máte chut se stím ještě zabyvat.S tou hláškou v proližeči jeto zase stejny včera zase vybafla ,že to dělaji viry
jo a začala se mi otevírat a zavírat sama dvd mechanika ale při manualním otevirani se ani nehne
Re: zase ROOTKIT
Napsal: 22 pro 2009 08:58
zaskocim iba na okamih:
pokial sa objavi kolega -
1. pouzi SDFix v nudzovom rezime
2. prescanuj PC s AVPTool
pokial sa objavi kolega -
1. pouzi SDFix v nudzovom rezime
2. prescanuj PC s AVPTool
Re: zase ROOTKIT
Napsal: 22 pro 2009 15:50
tady je report TXT NEVÍM JESTLI JE TEN LOG DOBŘE PROVEDENY
SDFix: Version 1.240
Run by user on út 22.12.2009 at 14:37
Microsoft Windows XP [Verze 5.1.2600]
Running From: c:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
SDFix: Version 1.240
Run by user on út 22.12.2009 at 14:37
Microsoft Windows XP [Verze 5.1.2600]
Running From: c:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting