Katusha.a / backdoor.generic14
Napsal: 05 lis 2011 17:04
Dobrý den,
snazim se opravit přítelkyně notebook. Používá Windows XP SP3 a účet je administrátorský. Přišel jsem na problém tak že v systemtray nebyla ikona AVG Free 9.0. Jednou se mi podařil ručně zapnout a zobrazil se mi ihned nález virů "Katusha.a" (asi 10 souborů, které jsem ale poznal jakospouštěcí soubory jiných programů např: iTunes, Skype, Winamp atd) a druhý "backdoor.generic14.avbq" asi u dvou neznámých souborů. Od té doby už nejde ani ručně zapnout, jakoby ho něco blokovalo. AVG nejde ani aktualizovat na verzy AVG Free 2012. Pokaždé to vyhodí následující chybu:
Závažnost: Chyba
Chybový kod:0xC0070643
Chybové hlášení: Obecná interníchyba.
Doplňující hlášení: MSI Engine: Selhala instalace produktu.
The installer has encountered an anexpcted error installing this package. his may indicate a problem with package. The error code is 2755.
Kontext: Instalace AVG COre, selhání akce MSI
Co se týče tohoto, zkoušel jsem hledat všemožná fóra a řešení pro tuto chybu. Nic mi nepomohlo.
Zkoušel jsem scan MBAM ale po pár vteřinách se scan zruší a MBAM nejde spustit, musim ho reinstalovat a pak se to opakuje. Zkoušel jsem i AVPTool ale zacne se rozbalovat, asi i instalovatale hláška s přijetím license se neobjeví a program spadne. V nouzovém režimu se dá spustit, neco odstanil ale po najetí do normálního režimu je vše zpátky. Zkoušel jsem to 2x. Také se neustále objevuje při spuštění jakéhokoliv programu hláška Windows Firewall zda blokovat nebo odblokovat. Ve správci úloh běží jakýsi proces 2667165092:1531577953.exe který nejde ničím zabít.
At zkouším cokoliv každý program který by stim mohl něco udělat se po chvíli zablokuje. Taky mi přijde že blokuje nějakým způsobem určité stránky, protože na forum AVG se mi nedaří dostat. Hledal jsem všude možně, tady na foru jsem našel podobné téma http://www.viry.cz/forum/viewtopic.php?f=13&t=113491 kde byl problém vyřešen. Snad mi tady u vás někdo pomůže, protože tohle je fakt zlo.
Díky
Log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Dituška at 2011-11-05 16:41:18
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 53 GB (34%) free of 153 GB
Total RAM: 2039 MB (51% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Dituška\Data aplikací\Mozilla\Firefox\Profiles\h8z3xcgo.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
"{3f963a5b-e555-4543-90e2-c3908898db71}"=C:\Program Files\AVG\AVG9\Firefox
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4]
"Description"=Office Live Update v1.4
"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
npdeploytk.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Dituška\Data aplikací\Mozilla\Firefox\Profiles\h8z3xcgo.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-11-24 1623392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-12 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-12 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"=C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-04-19 225280]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-12 815104]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-10-09 421736]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
C:\Program Files\Atheros\ACU.exe [2006-11-07 381020]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-07-19 49520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-06-27 162328]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2007-06-27 141848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files\QIP 2010\qip.exe [2011-07-18 6812032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2011-10-09 421736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2007-06-27 137752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime Alternative\QTTask.exe [2010-11-29 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-03-27 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2007-05-22 2756608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-07-15 12536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-22 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Dituška\Local Settings\temp\7zS13.tmp\avgmfapx.exe"="C:\Documents and Settings\Dituška\Local Settings\temp\7zS13.tmp\avgmfapx.exe:*:Enabled:AVG Installer Application"
"C:\Documents and Settings\All Users\Data aplikací\MFAData\SelfUpd\avgmfapx.exe"="C:\Documents and Settings\All Users\Data aplikací\MFAData\SelfUpd\avgmfapx.exe:*:Enabled:AVG Installer Application"
"C:\soft a ovladače xp\RSIT.exe"="C:\soft a ovladače xp\RSIT.exe:*:Enabled:RSIT"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave4"=serwvdrv.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-11-05 16:41:18 ----D---- C:\rsit
2011-11-05 16:37:57 ----D---- C:\WINDOWS\LastGood
2011-11-05 15:42:22 ----D---- C:\WINDOWS\system32\drivers\Avg
2011-11-05 15:42:21 ----D---- C:\Documents and Settings\Dituška\Data aplikací\AVG9
2011-11-05 15:37:26 ----D---- C:\Program Files\AVG
2011-11-05 15:37:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2011-11-05 14:23:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-04 22:33:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-10-25 10:22:15 ----D---- C:\Program Files\iPod
2011-10-25 10:22:11 ----D---- C:\Program Files\iTunes
2011-10-25 10:18:18 ----D---- C:\Program Files\Bonjour
2011-10-13 07:13:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-13 07:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-13 07:08:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
======List of files/folders modified in the last 1 month======
2011-11-05 16:41:20 ----D---- C:\Program Files\trend micro
2011-11-05 16:40:32 ----D---- C:\soft a ovladače xp
2011-11-05 16:38:28 ----D---- C:\WINDOWS\Temp
2011-11-05 16:38:28 ----D---- C:\WINDOWS\system32\drivers
2011-11-05 16:38:02 ----HD---- C:\WINDOWS\inf
2011-11-05 16:37:57 ----D---- C:\WINDOWS
2011-11-05 16:37:56 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-05 16:01:14 ----SHD---- C:\WINDOWS\Installer
2011-11-05 16:01:13 ----D---- C:\WINDOWS\WinSxS
2011-11-05 15:48:20 ----D---- C:\WINDOWS\system32
2011-11-05 15:48:20 ----D---- C:\Program Files\ATKGFNEX
2011-11-05 15:47:01 ----D---- C:\WINDOWS\Prefetch
2011-11-05 15:43:50 ----D---- C:\WINDOWS\system32\config
2011-11-05 15:43:37 ----D---- C:\WINDOWS\system32\wbem
2011-11-05 15:43:35 ----D---- C:\WINDOWS\Registration
2011-11-05 15:43:24 ----D---- C:\Program Files\QIP 2010
2011-11-05 15:42:31 ----SD---- C:\Documents and Settings\Dituška\Data aplikací\Microsoft
2011-11-05 15:39:06 ----D---- C:\WINDOWS\system32\dllcache
2011-11-05 15:38:56 ----D---- C:\Program Files\Common Files\System
2011-11-05 15:38:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-11-05 15:38:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-11-05 15:38:00 ----RD---- C:\Program Files
2011-11-05 15:37:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-11-05 15:36:34 ----D---- C:\WINDOWS\system32\Restore
2011-11-05 14:25:00 ----D---- C:\WINDOWS\SoftwareDistribution
2011-11-05 13:48:40 ----SHD---- C:\RECYCLER
2011-11-05 12:44:34 ----SHD---- C:\System Volume Information
2011-11-05 12:27:26 ----A---- C:\WINDOWS\win.ini
2011-11-04 23:31:27 ----D---- C:\Documents and Settings\Dituška\Data aplikací\Winamp
2011-11-04 23:31:24 ----D---- C:\WINDOWS\Debug
2011-11-01 19:24:58 ----A---- C:\WINDOWS\NeroDigital.ini
2011-10-30 08:01:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-29 11:40:51 ----A---- C:\WINDOWS\wincmd.ini
2011-10-25 10:22:14 ----D---- C:\Program Files\Common Files\Apple
2011-10-25 10:18:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-10-21 15:21:37 ----D---- C:\Program Files\Unlocker
2011-10-21 14:02:03 ----D---- C:\Program Files\Apple Software Update
2011-10-21 14:00:22 ----SD---- C:\WINDOWS\Tasks
2011-10-13 13:40:38 ----RSD---- C:\WINDOWS\assembly
2011-10-13 13:37:36 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-13 07:17:21 ----D---- C:\Program Files\Microsoft Silverlight
2011-10-13 07:08:24 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-13 07:08:05 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-13 07:07:27 ----D---- C:\Program Files\Internet Explorer
snazim se opravit přítelkyně notebook. Používá Windows XP SP3 a účet je administrátorský. Přišel jsem na problém tak že v systemtray nebyla ikona AVG Free 9.0. Jednou se mi podařil ručně zapnout a zobrazil se mi ihned nález virů "Katusha.a" (asi 10 souborů, které jsem ale poznal jakospouštěcí soubory jiných programů např: iTunes, Skype, Winamp atd) a druhý "backdoor.generic14.avbq" asi u dvou neznámých souborů. Od té doby už nejde ani ručně zapnout, jakoby ho něco blokovalo. AVG nejde ani aktualizovat na verzy AVG Free 2012. Pokaždé to vyhodí následující chybu:
Závažnost: Chyba
Chybový kod:0xC0070643
Chybové hlášení: Obecná interníchyba.
Doplňující hlášení: MSI Engine: Selhala instalace produktu.
The installer has encountered an anexpcted error installing this package. his may indicate a problem with package. The error code is 2755.
Kontext: Instalace AVG COre, selhání akce MSI
Co se týče tohoto, zkoušel jsem hledat všemožná fóra a řešení pro tuto chybu. Nic mi nepomohlo.
Zkoušel jsem scan MBAM ale po pár vteřinách se scan zruší a MBAM nejde spustit, musim ho reinstalovat a pak se to opakuje. Zkoušel jsem i AVPTool ale zacne se rozbalovat, asi i instalovatale hláška s přijetím license se neobjeví a program spadne. V nouzovém režimu se dá spustit, neco odstanil ale po najetí do normálního režimu je vše zpátky. Zkoušel jsem to 2x. Také se neustále objevuje při spuštění jakéhokoliv programu hláška Windows Firewall zda blokovat nebo odblokovat. Ve správci úloh běží jakýsi proces 2667165092:1531577953.exe který nejde ničím zabít.
At zkouším cokoliv každý program který by stim mohl něco udělat se po chvíli zablokuje. Taky mi přijde že blokuje nějakým způsobem určité stránky, protože na forum AVG se mi nedaří dostat. Hledal jsem všude možně, tady na foru jsem našel podobné téma http://www.viry.cz/forum/viewtopic.php?f=13&t=113491 kde byl problém vyřešen. Snad mi tady u vás někdo pomůže, protože tohle je fakt zlo.
Díky
Log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Dituška at 2011-11-05 16:41:18
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 53 GB (34%) free of 153 GB
Total RAM: 2039 MB (51% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Dituška\Data aplikací\Mozilla\Firefox\Profiles\h8z3xcgo.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
"{3f963a5b-e555-4543-90e2-c3908898db71}"=C:\Program Files\AVG\AVG9\Firefox
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4]
"Description"=Office Live Update v1.4
"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
npdeploytk.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Dituška\Data aplikací\Mozilla\Firefox\Profiles\h8z3xcgo.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-11-24 1623392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-12 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-12 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"=C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-04-19 225280]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-12 815104]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-10-09 421736]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
C:\Program Files\Atheros\ACU.exe [2006-11-07 381020]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-07-19 49520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-06-27 162328]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2007-06-27 141848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files\QIP 2010\qip.exe [2011-07-18 6812032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2011-10-09 421736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2007-06-27 137752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime Alternative\QTTask.exe [2010-11-29 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-03-27 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2007-05-22 2756608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-07-15 12536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-22 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Dituška\Local Settings\temp\7zS13.tmp\avgmfapx.exe"="C:\Documents and Settings\Dituška\Local Settings\temp\7zS13.tmp\avgmfapx.exe:*:Enabled:AVG Installer Application"
"C:\Documents and Settings\All Users\Data aplikací\MFAData\SelfUpd\avgmfapx.exe"="C:\Documents and Settings\All Users\Data aplikací\MFAData\SelfUpd\avgmfapx.exe:*:Enabled:AVG Installer Application"
"C:\soft a ovladače xp\RSIT.exe"="C:\soft a ovladače xp\RSIT.exe:*:Enabled:RSIT"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave4"=serwvdrv.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-11-05 16:41:18 ----D---- C:\rsit
2011-11-05 16:37:57 ----D---- C:\WINDOWS\LastGood
2011-11-05 15:42:22 ----D---- C:\WINDOWS\system32\drivers\Avg
2011-11-05 15:42:21 ----D---- C:\Documents and Settings\Dituška\Data aplikací\AVG9
2011-11-05 15:37:26 ----D---- C:\Program Files\AVG
2011-11-05 15:37:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2011-11-05 14:23:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-04 22:33:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-10-25 10:22:15 ----D---- C:\Program Files\iPod
2011-10-25 10:22:11 ----D---- C:\Program Files\iTunes
2011-10-25 10:18:18 ----D---- C:\Program Files\Bonjour
2011-10-13 07:13:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-13 07:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-13 07:08:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
======List of files/folders modified in the last 1 month======
2011-11-05 16:41:20 ----D---- C:\Program Files\trend micro
2011-11-05 16:40:32 ----D---- C:\soft a ovladače xp
2011-11-05 16:38:28 ----D---- C:\WINDOWS\Temp
2011-11-05 16:38:28 ----D---- C:\WINDOWS\system32\drivers
2011-11-05 16:38:02 ----HD---- C:\WINDOWS\inf
2011-11-05 16:37:57 ----D---- C:\WINDOWS
2011-11-05 16:37:56 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-05 16:01:14 ----SHD---- C:\WINDOWS\Installer
2011-11-05 16:01:13 ----D---- C:\WINDOWS\WinSxS
2011-11-05 15:48:20 ----D---- C:\WINDOWS\system32
2011-11-05 15:48:20 ----D---- C:\Program Files\ATKGFNEX
2011-11-05 15:47:01 ----D---- C:\WINDOWS\Prefetch
2011-11-05 15:43:50 ----D---- C:\WINDOWS\system32\config
2011-11-05 15:43:37 ----D---- C:\WINDOWS\system32\wbem
2011-11-05 15:43:35 ----D---- C:\WINDOWS\Registration
2011-11-05 15:43:24 ----D---- C:\Program Files\QIP 2010
2011-11-05 15:42:31 ----SD---- C:\Documents and Settings\Dituška\Data aplikací\Microsoft
2011-11-05 15:39:06 ----D---- C:\WINDOWS\system32\dllcache
2011-11-05 15:38:56 ----D---- C:\Program Files\Common Files\System
2011-11-05 15:38:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-11-05 15:38:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-11-05 15:38:00 ----RD---- C:\Program Files
2011-11-05 15:37:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-11-05 15:36:34 ----D---- C:\WINDOWS\system32\Restore
2011-11-05 14:25:00 ----D---- C:\WINDOWS\SoftwareDistribution
2011-11-05 13:48:40 ----SHD---- C:\RECYCLER
2011-11-05 12:44:34 ----SHD---- C:\System Volume Information
2011-11-05 12:27:26 ----A---- C:\WINDOWS\win.ini
2011-11-04 23:31:27 ----D---- C:\Documents and Settings\Dituška\Data aplikací\Winamp
2011-11-04 23:31:24 ----D---- C:\WINDOWS\Debug
2011-11-01 19:24:58 ----A---- C:\WINDOWS\NeroDigital.ini
2011-10-30 08:01:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-29 11:40:51 ----A---- C:\WINDOWS\wincmd.ini
2011-10-25 10:22:14 ----D---- C:\Program Files\Common Files\Apple
2011-10-25 10:18:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-10-21 15:21:37 ----D---- C:\Program Files\Unlocker
2011-10-21 14:02:03 ----D---- C:\Program Files\Apple Software Update
2011-10-21 14:00:22 ----SD---- C:\WINDOWS\Tasks
2011-10-13 13:40:38 ----RSD---- C:\WINDOWS\assembly
2011-10-13 13:37:36 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-13 07:17:21 ----D---- C:\Program Files\Microsoft Silverlight
2011-10-13 07:08:24 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-13 07:08:05 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-13 07:07:27 ----D---- C:\Program Files\Internet Explorer
