"ending program" pri vypinani pocitaca

Zpráva

persoholic · #1 Příspěvek od **persoholic** » 04 pro 2010 22:45

hi all.
mam takyto problem. pri vypinani pocitaca (winxp sp3 all updates) sa mi zacalo objavovat okno s popisom:
ending program xxx (vzdy su to tri znaky alebo cisla / kombinacia)

na pocitaci bezi este smart security 4, nic neregistruje, ani ine nastroje nic nenasli...
any idea? .-(

#2 Příspěvek od **motji** » 04 pro 2010 23:07

Dobrý večer

Nemáte zapnutý skype nebo icq, qip?
Poprosím o log ze Rsitu, viz můj podpis.

persoholic · #3 Příspěvek od **persoholic** » 05 pro 2010 14:53

ahoj,
tu je log. skype na tomto kompe nemam, ale nie je problem doinstalovat, ak bude potreba...

Logfile of random's system information tool 1.08 (written by random/random)
Run by dusko at 2010-12-05 14:52:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 73 GB (73%) free of 100 GB
Total RAM: 2046 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:52:31, on 5.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\xRaidSetup.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXKERNL.Exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\GRETECH\GomPlayer\GOM.exe
C:\Program Files\rsit\RSIT.exe
C:\Program Files\trend micro\dusko.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9755276578
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6098 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-11-19 1966080]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2215064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"DigidesignMMERefresh"=C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2010-05-04 77824]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
"NexusServer"=C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe [2007-03-26 389120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
VPN Client.lnk - C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-05 14:44:16 ----D---- C:\Program Files\trend micro
2010-12-04 21:52:21 ----D---- C:\Program Files\rsit
2010-12-04 21:42:27 ----D---- C:\Program Files\CCleaner
2010-12-04 21:40:18 ----D---- C:\Program Files\Google
2010-12-04 20:47:40 ----D---- C:\rsit
2010-12-04 15:23:50 ----D---- C:\Documents and Settings\dusko\Application Data\Malwarebytes
2010-12-04 15:23:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-12-04 15:23:43 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-12-04 15:23:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-04 15:23:40 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-11-28 13:45:37 ----A---- C:\WINDOWS\system32\MSL_All-DLL80_x86.dll
2010-11-28 13:45:20 ----A---- C:\WINDOWS\BorisFX BCC6.ini
2010-11-28 13:45:20 ----A---- C:\WINDOWS\BorisFX BCC XML.ini
2010-11-28 13:42:32 ----A---- C:\WINDOWS\system32\artelinit.dll
2010-11-28 13:41:49 ----A---- C:\WINDOWS\Avid FX5.8.ini
2010-11-28 13:11:07 ----D---- C:\Documents and Settings\All Users\Application Data\Grass Valley
2010-11-28 13:09:15 ----A---- C:\WINDOWS\system32\drivers\hardlock.sys
2010-11-28 13:09:11 ----A---- C:\WINDOWS\system32\paveno.dll
2010-11-28 13:09:11 ----A---- C:\WINDOWS\system32\cvpcdvc.dll
2010-11-28 13:09:11 ----A---- C:\WINDOWS\system32\cuvccodc.dll
2010-11-28 13:09:11 ----A---- C:\WINDOWS\system32\cseuvec.dll
2010-11-28 13:09:11 ----A---- C:\WINDOWS\system32\csellc.dll
2010-11-28 13:09:11 ----A---- C:\WINDOWS\system32\csehqa.dll
2010-11-28 13:09:11 ----A---- C:\WINDOWS\system32\cllccodc.dll
2010-11-28 13:09:11 ----A---- C:\WINDOWS\system32\cdvhcodc.dll
2010-11-28 13:09:11 ----A---- C:\WINDOWS\system32\cdv5codc.dll
2010-11-28 13:07:27 ----RA---- C:\WINDOWS\system32\pavplal.dll
2010-11-28 13:07:27 ----A---- C:\WINDOWS\system32\pavedius.dll
2010-11-28 13:07:27 ----A---- C:\WINDOWS\system32\pavapi.dll
2010-11-28 13:07:26 ----D---- C:\Program Files\Common Files\Snell & Wilcox Shared
2010-11-28 13:07:26 ----A---- C:\WINDOWS\hasp_windows.dll
2010-11-28 13:07:26 ----A---- C:\WINDOWS\csejpeg.dll
2010-11-28 13:07:20 ----RA---- C:\WINDOWS\system32\pncrt.dll
2010-11-28 13:07:20 ----RA---- C:\WINDOWS\system32\helixprodctrl.dll
2010-11-28 13:07:15 ----A---- C:\WINDOWS\system32\csempeg3.dll
2010-11-28 13:07:14 ----D---- C:\Program Files\Grass Valley
2010-11-28 13:07:14 ----D---- C:\Program Files\Common Files\Grass Valley
2010-11-28 13:07:14 ----D---- C:\Program Files\Common Files\Canopus Shared
2010-11-28 13:07:14 ----A---- C:\WINDOWS\system32\hlCDVC.dll
2010-11-28 13:07:14 ----A---- C:\WINDOWS\system32\csthread.dll
2010-11-28 13:07:14 ----A---- C:\WINDOWS\system32\csedvh.dll
2010-11-28 13:07:14 ----A---- C:\WINDOWS\system32\csedv.dll
2010-11-28 13:07:14 ----A---- C:\WINDOWS\system32\csccdvcx.dll
2010-11-28 13:07:14 ----A---- C:\WINDOWS\system32\csccdvc.dll
2010-11-28 13:07:14 ----A---- C:\WINDOWS\system32\cdvccodc.dll
2010-11-28 13:06:41 ----D---- C:\Documents and Settings\dusko\Application Data\InstallShield
2010-11-28 12:52:01 ----A---- C:\WINDOWS\system32\BLUE1 Render Engine 8BPC.dll
2010-11-28 12:51:59 ----A---- C:\WINDOWS\system32\Boris Utilities.dll
2010-11-28 12:51:59 ----A---- C:\WINDOWS\system32\Boris Render Node.dll
2010-11-28 12:51:59 ----A---- C:\WINDOWS\system32\Boris GL Scene.dll
2010-11-28 12:51:59 ----A---- C:\WINDOWS\system32\Boris GL Renderer.dll
2010-11-28 12:51:59 ----A---- C:\WINDOWS\BorisBLUE2.5.ini
2010-11-28 01:25:41 ----A---- C:\WINDOWS\BorisRED4.3.ini
2010-11-28 01:25:27 ----A---- C:\WINDOWS\system32\BCC5_RED_16Bit.dll
2010-11-28 01:21:29 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2010-11-28 01:20:47 ----A---- C:\WINDOWS\Graffiti5.2.ini
2010-11-28 01:04:10 ----RA---- C:\WINDOWS\system32\qtmlClient.dll
2010-11-28 01:04:10 ----A---- C:\WINDOWS\system32\MtxPreview.dll
2010-11-28 01:04:10 ----A---- C:\WINDOWS\system32\MtxParhBFXPreview.dll
2010-11-28 01:04:10 ----A---- C:\WINDOWS\system32\CvoAPI.dll
2010-11-28 01:04:10 ----A---- C:\WINDOWS\BorisFX9.2.ini
2010-11-28 01:02:32 ----D---- C:\Program Files\Boris FX, Inc
2010-11-28 00:15:19 ----A---- C:\boot.ini.Avid
2010-11-27 23:59:52 ----D---- C:\Program Files\Licenses
2010-11-27 23:59:11 ----D---- C:\WINDOWS\system32\MEDIA
2010-11-27 23:58:45 ----D---- C:\Program Files\Common Files\PACE
2010-11-27 23:58:12 ----D---- C:\Program Files\Common Files\Avid
2010-11-27 23:55:44 ----D---- C:\WINDOWS\system32\appmgmt
2010-11-27 23:42:54 ----D---- C:\Program Files\QuickTime
2010-11-27 23:42:53 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-11-27 23:42:39 ----D---- C:\Program Files\Common Files\Apple
2010-11-27 23:42:32 ----D---- C:\Program Files\Apple Software Update
2010-11-27 23:42:32 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2010-11-27 23:28:44 ----D---- C:\Documents and Settings\dusko\Application Data\Avid
2010-11-27 23:28:32 ----D---- C:\Program Files\Common Files\PACE Anti-Piracy
2010-11-27 23:28:32 ----D---- C:\Documents and Settings\dusko\Application Data\PACE Anti-Piracy
2010-11-27 23:28:32 ----D---- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2010-11-27 23:22:49 ----D---- C:\Documents and Settings\All Users\Application Data\Pinnacle
2010-11-27 23:22:48 ----D---- C:\Documents and Settings\All Users\Application Data\Avid
2010-11-27 23:15:31 ----D---- C:\Program Files\Avid
2010-11-27 23:14:35 ----A---- C:\WINDOWS\system32\javaws.exe
2010-11-27 23:14:35 ----A---- C:\WINDOWS\system32\javaw.exe
2010-11-27 23:14:35 ----A---- C:\WINDOWS\system32\java.exe
2010-11-27 23:14:17 ----D---- C:\Program Files\Java
2010-11-27 23:14:15 ----D---- C:\Program Files\Common Files\Java
2010-11-27 23:14:09 ----D---- C:\Documents and Settings\dusko\Application Data\Sun
2010-11-27 23:13:39 ----D---- C:\Program Files\Common Files\SafeNet Sentinel
2010-11-27 23:13:35 ----D---- C:\WINDOWS\Downloaded Installations
2010-11-27 23:12:33 ----D---- C:\Program Files\Digidesign
2010-11-27 23:12:33 ----D---- C:\Program Files\Common Files\Digidesign
2010-11-21 12:46:45 ----A---- C:\WINDOWS\system32\SIntfNT.dll
2010-11-21 12:46:45 ----A---- C:\WINDOWS\system32\SIntf32.dll
2010-11-21 12:46:44 ----A---- C:\WINDOWS\system32\SIntf16.dll
2010-11-21 12:38:09 ----A---- C:\WINDOWS\DIIUnin.pif
2010-11-21 12:38:09 ----A---- C:\WINDOWS\DIIUnin.exe
2010-11-21 12:31:14 ----D---- C:\Program Files\Diablo II
2010-11-20 23:42:46 ----D---- C:\Documents and Settings\dusko\Application Data\GRETECH
2010-11-20 23:42:05 ----D---- C:\Program Files\GRETECH
2010-11-20 00:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-11-20 00:17:14 ----D---- C:\Program Files\Common Files\Adobe
2010-11-20 00:17:14 ----D---- C:\Program Files\Adobe
2010-11-18 22:22:51 ----D---- C:\Documents and Settings\dusko\Application Data\vlc
2010-11-17 21:35:54 ----D---- C:\Documents and Settings\dusko\Application Data\WinRAR
2010-11-17 21:35:16 ----D---- C:\Program Files\WinRAR
2010-11-14 23:27:02 ----D---- C:\Program Files\Microsoft Silverlight
2010-11-14 23:14:09 ----A---- C:\WINDOWS\system32\muweb.dll
2010-11-14 23:14:09 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-11-14 23:14:09 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-11-14 23:03:34 ----D---- C:\Program Files\VideoLAN
2010-11-14 23:02:52 ----A---- C:\WINDOWS\system32\msonpmon.dll
2010-11-14 23:02:38 ----D---- C:\Program Files\Microsoft Works
2010-11-14 23:02:31 ----D---- C:\Program Files\Common Files\DESIGNER
2010-11-14 23:00:45 ----D---- C:\WINDOWS\SHELLNEW
2010-11-14 23:00:12 ----D---- C:\Program Files\Microsoft Office
2010-11-14 23:00:11 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-11-14 22:59:42 ----RHD---- C:\MSOCache
2010-11-14 22:41:59 ----D---- C:\WINDOWS\Internet Logs
2010-11-14 22:41:09 ----D---- C:\Program Files\Common Files\Deterministic Networks
2010-11-14 22:41:08 ----D---- C:\Program Files\Cisco Systems
2010-11-14 22:38:11 ----D---- C:\Program Files\Mozilla Firefox
2010-11-14 22:04:17 ----HD---- C:\WINDOWS\PIF
2010-11-14 21:52:29 ----D---- C:\Documents and Settings\dusko\Application Data\Macromedia
2010-11-14 21:52:29 ----D---- C:\Documents and Settings\dusko\Application Data\Adobe
2010-11-14 21:06:27 ----D---- C:\Program Files\totalcmd
2010-11-14 21:06:27 ----A---- C:\WINDOWS\wincmd.ini
2010-11-14 21:06:27 ----A---- C:\WINDOWS\UC.PIF
2010-11-14 21:06:27 ----A---- C:\WINDOWS\RAR.PIF
2010-11-14 21:06:27 ----A---- C:\WINDOWS\PKZIP.PIF
2010-11-14 21:06:27 ----A---- C:\WINDOWS\PKUNZIP.PIF
2010-11-14 21:06:27 ----A---- C:\WINDOWS\NOCLOSE.PIF
2010-11-14 21:06:27 ----A---- C:\WINDOWS\LHA.PIF
2010-11-14 21:06:27 ----A---- C:\WINDOWS\ARJ.PIF
2010-11-14 21:05:41 ----D---- C:\Documents and Settings\dusko\Application Data\ESET
2010-11-14 21:05:01 ----D---- C:\Program Files\ESET
2010-11-14 21:05:01 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2010-11-14 21:02:30 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-11-14 21:02:27 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2010-11-14 21:02:20 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-11-14 20:10:46 ----D---- C:\Documents and Settings\dusko\Application Data\Thunderbird
2010-11-14 20:10:17 ----D---- C:\Documents and Settings\dusko\Application Data\Mozilla
2010-11-14 20:02:31 ----D---- C:\Documents and Settings\dusko\Application Data\Windows Desktop Search
2010-11-14 20:02:26 ----D---- C:\Documents and Settings\dusko\Application Data\Identities
2010-11-14 20:02:15 ----SD---- C:\Documents and Settings\dusko\Application Data\Microsoft
2010-11-14 20:02:15 ----ASH---- C:\Documents and Settings\dusko\Application Data\desktop.ini
2010-11-14 19:58:25 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-11-14 19:51:05 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-11-14 19:51:04 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-11-14 19:50:49 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-11-14 19:50:27 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-11-14 19:32:50 ----D---- C:\WINDOWS\system32\winrm
2010-11-14 19:32:50 ----D---- C:\WINDOWS\system32\WindowsPowerShell
2010-11-14 19:32:48 ----HDC---- C:\WINDOWS\$968930Uinstall_KB968930$
2010-11-14 19:32:47 ----D---- C:\WINDOWS\$NtUninstallKB968930$
2010-11-14 19:29:37 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2010-11-14 19:29:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-11-14 19:24:07 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2010-11-14 19:24:00 ----D---- C:\Program Files\NVIDIA Corporation
2010-11-14 19:20:28 ----D---- C:\Program Files\Microsoft.NET
2010-11-14 19:19:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2010-11-14 19:17:20 ----D---- C:\WINDOWS\system32\XPSViewer
2010-11-14 19:17:19 ----D---- C:\Program Files\MSBuild
2010-11-14 19:17:15 ----D---- C:\Program Files\Reference Assemblies
2010-11-14 19:17:03 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-11-14 19:17:03 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-11-14 19:17:03 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-11-14 19:14:40 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2010-11-14 19:14:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-11-14 19:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-11-14 19:14:23 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-11-14 19:14:05 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-11-14 19:14:05 ----D---- C:\Program Files\Windows Desktop Search
2010-11-14 19:14:00 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2010-11-14 19:13:55 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2010-11-14 19:08:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-14 19:08:15 ----D---- C:\Program Files\Intel
2010-11-14 19:08:15 ----A---- C:\WINDOWS\system32\CSVer.dll
2010-11-14 18:58:49 ----D---- C:\Program Files\Windows Media Connect 2
2010-11-14 18:58:14 ----D---- C:\WINDOWS\system32\LogFiles
2010-11-14 18:58:14 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-11-14 18:58:11 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-11-14 18:58:04 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2010-11-14 18:58:03 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2010-11-14 18:58:01 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2010-11-14 18:58:00 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2010-11-14 18:57:59 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2010-11-14 18:57:58 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2010-11-14 18:57:57 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2010-11-14 18:57:56 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2010-11-14 18:57:55 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010-11-14 18:57:54 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2010-11-14 18:57:53 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010-11-14 18:57:43 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-11-14 18:57:43 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2010-11-14 18:57:43 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2010-11-14 18:57:42 ----D---- C:\WINDOWS\Temp
2010-11-14 18:57:03 ----RSD---- C:\WINDOWS\assembly
2010-11-14 18:57:03 ----D---- C:\WINDOWS\Microsoft.NET
2010-11-14 18:57:02 ----D---- C:\WINDOWS\system32\URTTemp
2010-11-14 18:56:46 ----SHD---- C:\RECYCLER
2010-11-14 18:56:33 ----D---- C:\Program Files\Mozilla Thunderbird
2010-11-14 18:52:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-11-14 18:52:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-11-14 18:52:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-11-14 18:52:21 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-11-14 18:41:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-11-14 18:41:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-11-14 18:40:58 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-11-14 18:40:55 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-11-14 18:40:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-11-14 18:40:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-11-14 18:40:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2360131$
2010-11-14 18:40:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-11-14 18:40:38 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-11-14 18:40:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-11-14 18:40:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-11-14 18:40:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-11-14 18:40:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-11-14 18:40:25 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-11-14 18:40:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-11-14 18:40:19 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-11-14 18:40:15 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-11-14 18:40:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-11-14 18:40:08 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-11-14 18:40:05 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-11-14 18:40:02 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-11-14 18:39:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-11-14 18:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-11-14 18:39:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-11-14 18:39:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-11-14 18:39:46 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-11-14 18:39:44 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-11-14 18:39:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-11-14 18:39:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-11-14 18:39:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-11-14 18:39:31 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-11-14 18:39:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-11-14 18:39:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-11-14 18:39:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-11-14 18:39:20 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-11-14 18:39:17 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-11-14 18:39:14 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-11-14 18:39:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-11-14 18:39:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-11-14 18:39:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-11-14 18:39:01 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-11-14 18:38:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-11-14 18:38:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-11-14 18:38:51 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-11-14 18:38:48 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-11-14 18:38:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-11-14 18:38:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-11-14 18:38:38 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-11-14 18:38:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-11-14 18:38:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-11-14 18:38:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-11-14 18:38:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-11-14 18:38:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-11-14 18:38:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-11-14 18:38:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-11-14 18:38:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-11-14 18:37:47 ----D---- C:\WINDOWS\ie8updates
2010-11-14 18:37:38 ----D---- C:\WINDOWS\WBEM
2010-11-14 18:37:04 ----HDC---- C:\WINDOWS\ie8
2010-11-14 18:36:39 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-14 18:34:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-11-14 18:34:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-11-14 18:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-11-14 18:34:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-11-14 18:34:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-11-14 18:34:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-11-14 18:34:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-11-14 18:34:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-11-14 18:34:28 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-11-14 18:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-11-14 18:34:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-11-14 18:34:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-11-14 18:34:11 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-11-14 18:29:10 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-11-14 18:29:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-11-14 18:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-11-14 18:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2010-11-14 18:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-11-14 18:28:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-11-14 18:28:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-11-14 18:28:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-11-14 18:28:48 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-11-14 18:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-11-14 18:28:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-11-14 18:28:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-11-14 18:28:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-11-14 18:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-11-14 18:26:44 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-11-14 18:24:06 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2010-11-14 18:22:59 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2010-11-14 18:22:52 ----D---- C:\WINDOWS\system32\PreInstall
2010-11-14 18:22:50 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-11-14 18:21:32 ----A---- C:\WINDOWS\system32\wups2.dll
2010-11-14 18:21:32 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2010-11-14 18:21:31 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-11-14 18:21:31 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2010-11-14 18:21:31 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-11-14 18:14:40 ----D---- C:\WINDOWS\Prefetch
2010-11-14 18:11:20 ----N---- C:\WINDOWS\system32\msxml6r.dll
2010-11-14 18:11:20 ----A---- C:\WINDOWS\system32\msxml6.dll
2010-11-14 18:11:13 ----N---- C:\WINDOWS\system32\smtpapi.dll
2010-11-14 18:11:13 ----N---- C:\WINDOWS\system32\rwnh.dll
2010-11-14 18:11:13 ----N---- C:\WINDOWS\system32\drivers\irbus.sys
2010-11-14 18:11:13 ----N---- C:\WINDOWS\system32\comsdupd.exe
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\eapsvc.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\eapqec.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\eappprxy.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\eapphost.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\eappgnui.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\eappcfg.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\eapolqec.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\dot3ui.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\dot3svc.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\dot3msm.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\dot3api.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\dimsroam.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\credssp.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\azroles.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\ati3duag.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2010-11-14 18:11:12 ----N---- C:\WINDOWS\system32\aaclient.dll
2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\napstat.exe
2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\napmontr.dll
2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\napipsec.dll
2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\mssha.dll
2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\mmcperf.exe
2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\mmcex.dll
2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll

persoholic · #4 Příspěvek od **persoholic** » 05 pro 2010 14:54

druha cast logu... nedovoli to vlozit naraz - ma to viac znakov...

2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\kmsvc.dll
2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\kbdpash.dll
2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2010-11-14 18:11:11 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\wmphoto.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\wlanapi.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\verclsid.exe
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\tspkg.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\tsgqec.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\slserv.exe
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\slrundll.exe
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\slgen.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\slextspk.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\slcoinst.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\setupn.exe
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\s3gnb.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\rasqec.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\qutil.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\qcliprov.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\qagentrt.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\qagent.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2010-11-14 18:11:10 ----N---- C:\WINDOWS\system32\onex.dll
2010-11-14 18:11:10 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2010-11-14 18:11:09 ----N---- C:\WINDOWS\slrundll.exe
2010-11-14 18:11:09 ----D---- C:\WINDOWS\system32\scripting
2010-11-14 18:11:09 ----D---- C:\WINDOWS\system32\en-us
2010-11-14 18:11:09 ----D---- C:\WINDOWS\system32\en
2010-11-14 18:11:09 ----D---- C:\WINDOWS\l2schemas
2010-11-14 18:11:09 ----A---- C:\WINDOWS\system32\xmllite.dll
2010-11-14 18:11:08 ----D---- C:\WINDOWS\system32\bits
2010-11-14 18:10:27 ----D---- C:\WINDOWS\ServicePackFiles
2010-11-14 18:09:38 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2010-11-14 18:09:38 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2010-11-14 18:09:38 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2010-11-14 18:09:38 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2010-11-14 18:09:38 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2010-11-14 18:09:38 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2010-11-14 18:09:38 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2010-11-14 18:09:38 ----D---- C:\WINDOWS\network diagnostic
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\hdaudbus.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2010-11-14 18:09:37 ----N---- C:\WINDOWS\system32\drivers\agp440.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2010-11-14 18:09:36 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2010-11-14 18:09:36 ----A---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2010-11-14 18:08:52 ----A---- C:\WINDOWS\002865_.tmp
2010-11-14 18:08:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-11-14 18:08:44 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-11-14 18:07:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-11-14 18:05:45 ----A---- C:\WINDOWS\system32\wpa.bak
2010-11-14 17:45:08 ----A---- C:\WINDOWS\system32\h323log.txt
2010-11-14 17:40:15 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2010-11-14 17:39:38 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2010-11-14 17:39:25 ----A---- C:\WINDOWS\system32\drivers\enum1394.sys
2010-11-14 17:39:21 ----A---- C:\WINDOWS\system32\drivers\RTL8139.sys
2010-11-14 17:38:58 ----A---- C:\WINDOWS\system32\usbui.dll
2010-11-14 17:38:16 ----A---- C:\WINDOWS\imsins.BAK
2010-11-14 17:38:14 ----SHD---- C:\WINDOWS\Installer
2010-11-14 17:38:14 ----D---- C:\Program Files\Common Files\ODBC
2010-11-14 17:38:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-14 17:38:14 ----A---- C:\WINDOWS\ODBCINST.INI
2010-11-14 17:38:11 ----RD---- C:\Program Files
2010-11-14 17:38:11 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-11-14 17:38:11 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-11-14 17:38:11 ----D---- C:\Program Files\Common Files
2010-11-14 17:38:09 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-11-14 17:38:09 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-11-14 17:38:09 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-11-14 17:38:08 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-11-14 17:38:08 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-11-14 17:38:08 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-11-14 17:38:08 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-11-14 17:38:08 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-11-14 17:38:08 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-11-14 17:38:08 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-11-14 17:38:08 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-11-14 17:38:07 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-11-14 17:38:07 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-11-14 17:38:07 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-11-14 17:38:07 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-11-14 17:38:06 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-11-14 17:38:06 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-11-14 17:38:06 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-11-14 17:38:06 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-11-14 17:38:06 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-11-14 17:38:06 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-11-14 17:38:06 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-11-14 17:38:05 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-11-14 17:38:05 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-11-14 17:38:05 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-11-14 17:38:05 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-11-14 17:38:05 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-11-14 17:38:03 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2010-11-14 17:38:03 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2010-11-14 17:38:03 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2010-11-14 17:38:03 ----RA---- C:\WINDOWS\system32\kbdro.dll
2010-11-14 17:38:03 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2010-11-14 17:38:03 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2010-11-14 17:38:03 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2010-11-14 17:38:03 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2010-11-14 17:38:03 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2010-11-14 17:38:03 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2010-11-14 17:38:03 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2010-11-14 17:38:03 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2010-11-14 17:38:03 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2010-11-14 17:38:01 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-11-14 17:38:01 ----A---- C:\WINDOWS\system32\irclass.dll
2010-11-14 17:38:01 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-11-14 17:38:01 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-11-14 17:38:01 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-11-14 17:37:59 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-11-14 17:37:59 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-11-14 17:37:59 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2010-11-14 17:37:59 ----A---- C:\WINDOWS\system32\batt.dll
2010-11-14 17:37:59 ----A---- C:\WINDOWS\notepad.exe
2010-11-14 17:37:55 ----A---- C:\WINDOWS\system32\storprop.dll
2010-11-14 17:37:50 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-11-14 17:36:40 ----RA---- C:\WINDOWS\SET29.tmp
2010-11-14 17:36:09 ----RA---- C:\WINDOWS\SET8.tmp
2010-11-14 17:36:07 ----RA---- C:\WINDOWS\SET4.tmp
2010-11-14 17:36:06 ----RA---- C:\WINDOWS\SET3.tmp
2010-11-14 17:36:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-14 17:36:02 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-14 17:35:56 ----ASD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-11-14 17:35:41 ----A---- C:\WINDOWS\setuplog.txt
2010-11-14 17:35:39 ----SHD---- C:\System Volume Information
2010-11-14 17:35:39 ----D---- C:\Documents and Settings
2010-11-14 17:35:06 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-14 17:35:06 ----A---- C:\WINDOWS\system32\xRaidSetup.exe
2010-11-14 17:35:06 ----A---- C:\WINDOWS\system32\xRaidAPI.dll
2010-11-14 17:35:05 ----D---- C:\WINDOWS\RaidTool
2010-11-14 17:34:44 ----SH---- C:\boot.ini
2010-11-14 17:33:50 ----D---- C:\Program Files\Common Files\InstallShield
2010-11-14 17:33:41 ----A---- C:\WINDOWS\system32\drivers\jraid.sys
2010-11-14 17:30:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-14 17:30:22 ----RSD---- C:\WINDOWS\Fonts
2010-11-14 17:30:22 ----RD---- C:\WINDOWS\Web
2010-11-14 17:30:22 ----HD---- C:\WINDOWS\inf
2010-11-14 17:30:22 ----D---- C:\WINDOWS\WinSxS
2010-11-14 17:30:22 ----D---- C:\WINDOWS\twain_32
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\wins
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\wbem
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\usmt
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\spool
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\ShellExt
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\Setup
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\ras
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\oobe
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\npp
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\mui
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\inetsrv
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\IME
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\icsxml
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\ias
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\export
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\drivers\disdn
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\drivers
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\dhcp
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\config
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\3com_dmi
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\3076
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\2052
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\1054
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\1042
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\1041
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\1037
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\1033
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\1031
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\1028
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32\1025
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system32
2010-11-14 17:30:22 ----D---- C:\WINDOWS\system
2010-11-14 17:30:22 ----D---- C:\WINDOWS\security
2010-11-14 17:30:22 ----D---- C:\WINDOWS\Resources
2010-11-14 17:30:22 ----D---- C:\WINDOWS\repair
2010-11-14 17:30:22 ----D---- C:\WINDOWS\Provisioning
2010-11-14 17:30:22 ----D---- C:\WINDOWS\pchealth
2010-11-14 17:30:22 ----D---- C:\WINDOWS\PeerNet
2010-11-14 17:30:22 ----D---- C:\WINDOWS\mui
2010-11-14 17:30:22 ----D---- C:\WINDOWS\msapps
2010-11-14 17:30:22 ----D---- C:\WINDOWS\msagent
2010-11-14 17:30:22 ----D---- C:\WINDOWS\Media
2010-11-14 17:30:22 ----D---- C:\WINDOWS\java
2010-11-14 17:30:22 ----D---- C:\WINDOWS\ime
2010-11-14 17:30:22 ----D---- C:\WINDOWS\Help
2010-11-14 17:30:22 ----D---- C:\WINDOWS\ehome
2010-11-14 17:30:22 ----D---- C:\WINDOWS\Driver Cache
2010-11-14 17:30:22 ----D---- C:\WINDOWS\Debug
2010-11-14 17:30:22 ----D---- C:\WINDOWS\Cursors
2010-11-14 17:30:22 ----D---- C:\WINDOWS\Connection Wizard
2010-11-14 17:30:22 ----D---- C:\WINDOWS\Config
2010-11-14 17:30:22 ----D---- C:\WINDOWS\AppPatch
2010-11-14 17:30:22 ----D---- C:\WINDOWS\addins
2010-11-14 17:30:22 ----D---- C:\WINDOWS
2010-11-14 17:30:22 ----ASH---- C:\pagefile.sys
2010-11-14 16:59:46 ----HD---- C:\Program Files\Uninstall Information
2010-11-14 16:59:33 ----D---- C:\WINDOWS\SoftwareDistribution
2010-11-14 16:59:26 ----SD---- C:\WINDOWS\system32\Microsoft
2010-11-14 16:59:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-14 16:50:15 ----D---- C:\WINDOWS\system32\xircom
2010-11-14 16:50:15 ----D---- C:\Program Files\xerox
2010-11-14 16:50:15 ----D---- C:\Program Files\microsoft frontpage
2010-11-14 16:50:01 ----HD---- C:\WINDOWS\$hf_mig$
2010-11-14 16:50:00 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2010-11-14 16:49:48 ----RASH---- C:\MSDOS.SYS
2010-11-14 16:49:48 ----RASH---- C:\IO.SYS
2010-11-14 16:49:48 ----A---- C:\WINDOWS\control.ini
2010-11-14 16:49:48 ----A---- C:\CONFIG.SYS
2010-11-14 16:49:48 ----A---- C:\AUTOEXEC.BAT
2010-11-14 16:49:42 ----A---- C:\WINDOWS\OEWABLog.txt
2010-11-14 16:49:39 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-11-14 16:49:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-11-14 16:49:06 ----RD---- C:\WINDOWS\Offline Web Pages
2010-11-14 16:49:06 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-11-14 16:49:02 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-11-14 16:49:00 ----AHD---- C:\Program Files\WindowsUpdate
2010-11-14 16:48:46 ----D---- C:\WINDOWS\system32\DirectX
2010-11-14 16:48:31 ----A---- C:\WINDOWS\system32\atrace.dll
2010-11-14 16:48:29 ----A---- C:\WINDOWS\system32\desktop.ini
2010-11-14 16:48:29 ----A---- C:\WINDOWS\desktop.ini
2010-11-14 16:48:23 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-11-14 16:48:22 ----D---- C:\Program Files\Common Files\Services
2010-11-14 16:48:22 ----A---- C:\WINDOWS\system32\acctres.dll
2010-11-14 16:48:20 ----SD---- C:\WINDOWS\Tasks
2010-11-14 16:48:20 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-11-14 16:48:19 ----D---- C:\Program Files\Common Files\MSSoap
2010-11-14 16:48:16 ----D---- C:\WINDOWS\system32\Macromed
2010-11-14 16:48:16 ----D---- C:\WINDOWS\srchasst
2010-11-14 16:48:14 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-11-14 16:48:13 ----A---- C:\WINDOWS\system32\wups.dll
2010-11-14 16:48:13 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-11-14 16:48:13 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-11-14 16:48:13 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-11-14 16:48:13 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-11-14 16:48:13 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-11-14 16:48:13 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-11-14 16:48:13 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-11-14 16:48:13 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-11-14 16:48:13 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-11-14 16:48:13 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-11-14 16:48:13 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-11-14 16:48:10 ----D---- C:\Program Files\Movie Maker
2010-11-14 16:48:07 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-11-14 16:48:07 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-11-14 16:48:07 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-11-14 16:48:07 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-11-14 16:48:04 ----D---- C:\WINDOWS\system32\Restore
2010-11-14 16:48:04 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-11-14 16:48:04 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-11-14 16:48:04 ----A---- C:\WINDOWS\system32\srclient.dll
2010-11-14 16:48:04 ----A---- C:\WINDOWS\system32\fltmc.exe
2010-11-14 16:48:04 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-11-14 16:48:04 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2010-11-14 16:48:04 ----A---- C:\WINDOWS\system32\drivers\fltmgr.sys
2010-11-14 16:48:03 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-11-14 16:48:03 ----A---- C:\WINDOWS\system32\msconf.dll
2010-11-14 16:48:03 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-11-14 16:48:03 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-11-14 16:48:03 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-11-14 16:48:03 ----A---- C:\WINDOWS\system32\ils.dll
2010-11-14 16:48:01 ----D---- C:\Program Files\NetMeeting
2010-11-14 16:48:01 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-11-14 16:48:00 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-11-14 16:48:00 ----A---- C:\WINDOWS\system32\inetres.dll
2010-11-14 16:48:00 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-11-14 16:47:58 ----D---- C:\Program Files\Outlook Express
2010-11-14 16:47:58 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-11-14 16:47:58 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-11-14 16:47:58 ----A---- C:\WINDOWS\system32\mstask.dll
2010-11-14 16:47:58 ----A---- C:\WINDOWS\system32\isign32.dll
2010-11-14 16:47:58 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-11-14 16:47:58 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-11-14 16:47:57 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-11-14 16:47:53 ----D---- C:\Program Files\Internet Explorer
2010-11-14 16:47:53 ----D---- C:\Program Files\Common Files\System
2010-11-14 16:47:31 ----D---- C:\Program Files\ComPlus Applications
2010-11-14 16:47:29 ----A---- C:\WINDOWS\vbaddin.ini
2010-11-14 16:47:29 ----A---- C:\WINDOWS\vb.ini
2010-11-14 16:47:26 ----D---- C:\WINDOWS\Registration
2010-11-14 16:47:21 ----D---- C:\Program Files\Windows Media Player
2010-11-14 16:47:21 ----D---- C:\Program Files\Online Services
2010-11-14 16:47:17 ----D---- C:\Program Files\Messenger
2010-11-14 16:47:14 ----D---- C:\Program Files\MSN Gaming Zone
2010-11-14 16:47:14 ----A---- C:\WINDOWS\system32\write.exe
2010-11-14 16:47:07 ----A---- C:\WINDOWS\system32\winchat.exe
2010-11-14 16:47:07 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-11-14 16:47:07 ----A---- C:\WINDOWS\system32\hticons.dll
2010-11-14 16:47:07 ----A---- C:\WINDOWS\system32\avwav.dll
2010-11-14 16:47:07 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-11-14 16:47:07 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-11-14 16:47:01 ----A---- C:\WINDOWS\system32\sol.exe
2010-11-14 16:47:01 ----A---- C:\WINDOWS\system32\charmap.exe
2010-11-14 16:47:01 ----A---- C:\WINDOWS\system32\getuname.dll
2010-11-14 16:47:01 ----A---- C:\WINDOWS\system32\calc.exe
2010-11-14 16:47:00 ----A---- C:\WINDOWS\system32\winmine.exe
2010-11-14 16:47:00 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-11-14 16:47:00 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-11-14 16:47:00 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-11-14 16:47:00 ----A---- C:\WINDOWS\system32\tskill.exe
2010-11-14 16:47:00 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-11-14 16:47:00 ----A---- C:\WINDOWS\system32\tscon.exe
2010-11-14 16:47:00 ----A---- C:\WINDOWS\system32\shadow.exe
2010-11-14 16:47:00 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-11-14 16:47:00 ----A---- C:\WINDOWS\system32\reset.exe
2010-11-14 16:47:00 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-11-14 16:47:00 ----A---- C:\WINDOWS\system32\freecell.exe
2010-11-14 16:46:59 ----A---- C:\WINDOWS\system32\regini.exe
2010-11-14 16:46:59 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-11-14 16:46:59 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-11-14 16:46:59 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-11-14 16:46:59 ----A---- C:\WINDOWS\system32\msg.exe
2010-11-14 16:46:59 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-11-14 16:46:59 ----A---- C:\WINDOWS\system32\logoff.exe
2010-11-14 16:46:59 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-11-14 16:46:58 ----A---- C:\WINDOWS\system32\stclient.dll
2010-11-14 16:46:58 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-11-14 16:46:58 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-11-14 16:46:58 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-11-14 16:46:58 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-11-14 16:46:58 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-11-14 16:46:58 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-11-14 16:46:58 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-11-14 16:46:54 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-11-14 16:46:46 ----D---- C:\Program Files\MSN
2010-11-14 16:46:45 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-11-14 16:46:45 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-11-14 16:46:45 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-11-14 16:46:45 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-11-14 16:46:44 ----D---- C:\Program Files\Windows NT
2010-11-14 16:46:44 ----A---- C:\WINDOWS\system32\spider.exe
2010-11-14 16:46:44 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-11-14 16:46:44 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2010-11-14 16:46:44 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2010-11-14 16:46:44 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-11-14 16:46:43 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-11-14 16:46:43 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-11-14 16:46:43 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-11-14 16:46:43 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-11-14 16:46:43 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-11-14 16:46:43 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-11-14 16:46:43 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-11-14 16:46:43 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-11-14 16:46:43 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-11-14 16:46:43 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2010-11-14 16:46:42 ----D---- C:\WINDOWS\system32\MsDtc
2010-11-14 16:46:42 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-11-14 16:46:42 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-11-14 16:46:42 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-11-14 16:46:42 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-11-14 16:46:42 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-11-14 16:46:42 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-11-14 16:46:42 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-11-14 16:46:42 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-11-14 16:46:42 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-11-14 16:46:42 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-11-14 16:46:41 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-11-14 16:46:41 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-11-14 16:46:41 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-11-14 16:46:41 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-11-14 16:46:40 ----D---- C:\WINDOWS\system32\Com
2010-11-14 16:46:40 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-11-14 16:46:40 ----A---- C:\WINDOWS\system32\colbact.dll
2010-11-14 16:46:40 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-11-14 16:46:40 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-11-14 16:46:40 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-11-14 16:46:40 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-11-14 16:46:39 ----A---- C:\WINDOWS\system32\comuid.dll
2010-11-14 16:46:39 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-11-14 16:46:35 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-11-14 16:46:35 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-11-14 16:46:35 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-11-14 16:46:35 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-11-14 16:46:29 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2010-11-14 16:46:29 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys

======List of files/folders modified in the last 1 months======

2010-11-20 23:46:39 ----A---- C:\WINDOWS\system.ini
2010-11-14 19:43:50 ----A---- C:\WINDOWS\win.ini
2010-11-14 16:49:31 ----ASH---- C:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2008-11-04 83296]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 TPkd;TPkd; C:\WINDOWS\system32\drivers\TPkd.sys [2009-12-23 86016]
R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2009-10-05 25244]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2007-04-27 90688]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-11-16 131984]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-10 10604128]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2010-03-23 1528616]
R2 DigiRefresh;Digidesign MME Refresh Service; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2010-05-04 77824]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-04 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#5 Příspěvek od **motji** » 05 pro 2010 15:27

Není třeba, ptala jsem se proto, že tohle mi dělá qip, většinou se mi zobrazí, že se ukončuje smajlík

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

persoholic · #6 Příspěvek od **persoholic** » 05 pro 2010 16:32

poslusne hlasim, ze som vse vykonal dle navodu...

log:

ComboFix 10-12-04.01 - dusko 05.12.2010 16:23:04.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2046.1719 [GMT 1:00]
Running from: c:\documents and settings\dusko\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\dusko\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
.

2010-12-04 19:47 . 2010-12-04 19:47 -------- d-----w- C:\rsit
2010-11-14 21:59 . 2010-11-14 21:59 -------- d-----r- C:\MSOCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-20 21:56 . 2010-10-20 21:56 544256 ----a-w- c:\windows\system32\mmclient.dll
2010-09-18 11:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 14:16 . 2010-09-09 14:16 81920 ------w- c:\windows\system32\ieencode.dll
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2010-05-04 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"NexusServer"="c:\program files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [2007-03-26 389120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-11-14 6144]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.8.2010 14:16 810144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4.12.2010 21:40 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28.2.2006 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\dusko\Application Data\Mozilla\Firefox\Profiles\nm6gps40.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://taivasalla.net/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/resul ... 65DFEE}&q=
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\dusko\Application Data\Mozilla\Firefox\Profiles\nm6gps40.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\dusko\Application Data\Mozilla\Firefox\Profiles\nm6gps40.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\dusko\Desktop\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 16:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-12-05 16:27:38
ComboFix-quarantined-files.txt 2010-12-05 15:27

Pre-Run: 76 566 888 448 bytes free
Post-Run: 77 355 143 168 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional Avid 2.7GB" /3GB /userva=2700 /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A385E4B5FD22B6BBDAD4E851F41F684E

persoholic · #7 Příspěvek od **persoholic** » 05 pro 2010 16:46

este dodatok - pocas skenovania zahlasil nieco ako detekted rootkit aktivity a vyziadal si restart...
ending program - 668 (momentalne) pretrvava...

edit: objavuje sa aj pri odhlaseni uzivatela...

#8 Příspěvek od **motji** » 05 pro 2010 23:11

Ten qip/icq používáte?

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC

Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe
- spustte,
- potvrdte disabled
-log vložte zde

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu

start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

persoholic · #9 Příspěvek od **persoholic** » 06 pro 2010 19:43

motji píše:Ten qip/icq používáte?

nie, ani jeden...

motji píše: odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

ziadne nemam nainstalovane

motji píše: Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC

moznost uninstall nebola pristupna, restart sa nekonal...

motji píše: Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe
- spustte,
- potvrdte disabled
-log vložte zde

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:43 on 06/12/2010 (dusko)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

motji píše: Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

celkom prdel, dvakrat sa mi restartol pocitac, program nedobehol...
prvy log:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-06 18:45:15
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e Hitachi_HDT725050VLA360 rev.V56OA7EA
Running: gmer.exe; Driver: C:\DOCUME~1\dusko\LOCALS~1\Temp\axtdypob.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.15 ----

motji píše: stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu

start-spustit
do okénka zkopírujte
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t
ok

vytvoří se log s názvem mbr.log, vložte ho zde

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HDT725050VLA360 rev.V56OA7EA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0xE0BBB1A6] -> \Device\Harddisk0\DR0[0xFAD4AAB8]
3 CLASSPNP[0xF66E8FD7] -> ntkrnlpa!IofCallDriver[0xE0BBB1A6] -> \Device\00000078[0xFAD4E9E8]
5 ACPI[0xF655F620] -> ntkrnlpa!IofCallDriver[0xE0BBB1A6] -> \Device\Ide\IdeDeviceP2T0L0-e[0xFACC6940]
kernel: MBR read successfully
user & kernel MBR OK

#10 Příspěvek od **motji** » 06 pro 2010 21:59

Měl by jste ještě velký log z Gmeru, nebo nejde udělat?

Otestujte na www.virustotal.com
C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe

v nouzovém režimu se ten proces také ukončuje?

persoholic · #11 Příspěvek od **persoholic** » 06 pro 2010 22:24

ahoj...

log z gmer nejde spravit, vzdy sa restartuju windowsy. v service mode vsak nedojde k okamzitemu resetu, ale na okamih vidno modru obrazovku... naozaj na okamih

co sa tyka toho suboru:

File name:
PNXKERNL.exe
Submission date:
2010-12-06 21:10:46 (UTC)
Current status:
queued (#2) queued (#2) analysing finished
Result:
0/ 43 (0.0%)

#12 Příspěvek od **motji** » 07 pro 2010 07:00

Takže BSOD, nejspíš konflikt s driverem Gmeru

.

Stáhněte
http://rootrepeal.googlepages.com/RootRepeal.zip
-Stáhněte,rozbalte a spusťte
-vyberte záložku Files, klikněte na Scan,
-proběhne sken, po něm klikněte na Save Report , tím se uloží log, který zkopírujete sem

-postupně vyberte všechny záložky a udělejte skeny.

Ještě se zeptám, ten skrytý proces se začal objevovat kdy? neinstaloval jste nějaký nový program?

persoholic · #13 Příspěvek od **persoholic** » 07 pro 2010 10:01

popravde neviem, tento pocitac som instaloval ako striznu, po mne tam pribudli nejake veci (firefox, thundebird, niektore boris efekty...), kamos ma poprosil aby som sa na to pozrel

kedy presne to zacalo nie je schopny povedat, jednoducho si to zrazu vsimol...

tu je log, mam modru obrazovku, ked sa pokusim oskenovat iny disk (raidove pole).

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/12/07 09:51
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF27BD000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF6BC2000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBE818000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\tempfile
Status: Allocation size mismatch (API: 33570816, Raw: 0)

Path: C:\Documents and Settings\dusko\Local Settings\temp\A9REBD3.tmp
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\systemindex.ntfy12.gthr
Status: Size mismatch (API: 27862, Raw: 27318)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0xf2a47610

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0xf2a47c10

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0xf2a47730

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0xf2a474b0

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0xf2a47570

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0xf2a476d0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0xf2a47690

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0xf2a47650

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0xf2a477d0

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0xf2a47510

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0xf2a47590

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0xf2a474d0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0xf2a475d0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0xf2a47750

==EOF==

#14 Příspěvek od **motji** » 07 pro 2010 11:13

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

persoholic · #15 Příspěvek od **persoholic** » 07 pro 2010 11:32

Vaše zpráva obsahuje 184711 znaků. Maximální povolený počet znaků je 60000.

to je otl.log.
mam to rozkuskovat, alebo to viem poslat aj inak?

VIRY.CZ

"ending program" pri vypinani pocitaca

"ending program" pri vypinani pocitaca

Re: "ending program" pri vypinani pocitaca

Re: "ending program" pri vypinani pocitaca

Re: "ending program" pri vypinani pocitaca

Re: "ending program" pri vypinani pocitaca

Re: "ending program" pri vypinani pocitaca

Re: "ending program" pri vypinani pocitaca

Re: "ending program" pri vypinani pocitaca

Re: "ending program" pri vypinani pocitaca

Re: "ending program" pri vypinani pocitaca

Re: "ending program" pri vypinani pocitaca

Re: "ending program" pri vypinani pocitaca

Re: "ending program" pri vypinani pocitaca

Re: "ending program" pri vypinani pocitaca

Re: "ending program" pri vypinani pocitaca