Kontrola logu
Napsal: 05 srp 2012 09:59
Dobrý den.
Mám problém počítač začal DDOS utoky na jiné počítače.
Mohli bych poprosit o zkouknutí problému a případné vyřešení. Děkuji.
Zde je log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Bobec at 2012-08-05 10:55:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 176 GB (37%) free of 477 GB
Total RAM: 3580 MB (89% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:55:53, on 5.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Documents and Settings\Bobec\Plocha\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\ts3server_win32.exe
C:\Documents and Settings\Bobec\Plocha\RSIT.exe
C:\Program Files\trend micro\Bobec.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RunRaidmon] "C:\Program Files\Lsi Logic Corp\Spy\Raidmon.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AbyssWebServer] C:\Program Files\Abyss Web Server\abyssws.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9245872562
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A1886B9-7D0D-4587-8CD5-EBA673A3DDDD}: NameServer = 213.151.89.42
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Spyser - Unknown owner - C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TridiaVNC Server (winvnc) - Tridia Corporation - C:\Program Files\TridiaVNC\win32\WinVNC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe (file missing)
--
End of file - 4236 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\avast! Emergency Update.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Bobec\Data aplikací\Mozilla\Firefox\Profiles\4tap1dtt.default
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {687578b9-7132-4a7a-80e4-30ee31099e03}:3.9.0.3, wrc@avast.com:7.0.1456, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.26"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.270 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Bobec\Data aplikací\Mozilla\Firefox\Profiles\4tap1dtt.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{687578b9-7132-4a7a-80e4-30ee31099e03}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RunRaidmon"=C:\Program Files\Lsi Logic Corp\Spy\Raidmon.exe [2005-08-26 102400]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2008-06-30 52168]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-07-03 4273976]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Programy\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]
"AbyssWebServer"=C:\Program Files\Abyss Web Server\abyssws.exe [2011-07-07 533561]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
Ati2evxx.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programy\CesarFTP\CesarFTP.exe"="C:\Programy\CesarFTP\CesarFTP.exe:*:Enabled:CesarFTP"
"C:\Programy\CesarFTP\Server.exe"="C:\Programy\CesarFTP\Server.exe:*:Enabled:Server"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\Program Files\Activision\cod4\iw3mp.exe"="C:\Program Files\Activision\cod4\iw3mp.exe:*:Enabled:iw3mp"
"C:\Program Files\Abyss Web Server\abyssws.exe"="C:\Program Files\Abyss Web Server\abyssws.exe:*:Enabled:Abyss Web Server X1"
"C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe"="C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe:*:Enabled:v_mysqld"
"C:\Documents and Settings\Bobec\Plocha\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\ts3server_win32.exe"="C:\Documents and Settings\Bobec\Plocha\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server"
"C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-01\iw4.exe"="C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-01\iw4.exe:*:Enabled:iw4"
"C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-02\iw4.exe"="C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-02\iw4.exe:*:Enabled:iw4"
"C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-03\iw4.exe"="C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-03\iw4.exe:*:Enabled:iw4"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 1 TDM\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 1 TDM\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 3 MIX\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 3 MIX\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 2 Drop Zone\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 2 Drop Zone\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 4 DM\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 4 DM\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 5 turnaj\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 5 turnaj\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Program Files\VertrigoServ\Apache\bin\v_apache.exe"="C:\Program Files\VertrigoServ\Apache\bin\v_apache.exe:*:Enabled:Apache HTTP Server"
"C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-01\iw4m.exe"="C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-01\iw4m.exe:*:Enabled:iw4m"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 4 TDM2\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 4 TDM2\iw5mp_server.exe:*:Enabled:iw5mp_server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
======List of files/folders created in the last 1 month======
2012-08-05 10:55:51 ----D---- C:\rsit
2012-08-05 10:48:32 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-08-04 22:56:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2707511$
2012-08-04 22:56:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-08-04 22:52:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2718523$
2012-08-04 22:50:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-08-04 22:49:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2699988$
2012-08-04 22:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-08-04 22:46:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$
2012-08-04 22:43:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2685939$
2012-08-04 22:43:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
======List of files/folders modified in the last 1 month======
2012-08-05 10:55:53 ----D---- C:\Program Files\trend micro
2012-08-05 10:55:16 ----D---- C:\Program Files\Mozilla Firefox
2012-08-05 10:55:01 ----D---- C:\WINDOWS\Prefetch
2012-08-05 10:49:28 ----D---- C:\WINDOWS\Debug
2012-08-05 10:49:28 ----D---- C:\WINDOWS
2012-08-05 10:49:24 ----D---- C:\WINDOWS\temp
2012-08-05 10:48:39 ----SD---- C:\WINDOWS\Tasks
2012-08-05 10:48:32 ----D---- C:\WINDOWS\system32
2012-08-05 10:48:07 ----A---- C:\WINDOWS\RaidMon.txt
2012-08-05 03:18:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-08-05 03:18:14 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-05 03:15:12 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-08-04 23:00:11 ----RSD---- C:\WINDOWS\assembly
2012-08-04 22:59:10 ----D---- C:\WINDOWS\Microsoft.NET
2012-08-04 22:56:54 ----HD---- C:\WINDOWS\inf
2012-08-04 22:56:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-08-04 22:55:57 ----D---- C:\WINDOWS\WinSxS
2012-08-04 22:55:30 ----SHD---- C:\WINDOWS\Installer
2012-08-04 22:52:58 ----HD---- C:\WINDOWS\$hf_mig$
2012-08-04 22:43:29 ----D---- C:\WINDOWS\system32\drivers
2012-08-04 19:59:35 ----D---- C:\WINDOWS\Help
2012-08-01 13:54:40 ----D---- C:\BigBrotherBot
2012-07-29 20:04:23 ----A---- C:\WINDOWS\WORDPAD.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MEGAIDE;MEGAIDE; C:\WINDOWS\system32\DRIVERS\MegaIDE.sys [2008-08-20 178048]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-07-03 25256]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-07-03 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-07-03 721000]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-07-03 353688]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-07-03 54232]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-02-13 242240]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-10-29 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-07-03 21256]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-07-03 97608]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-05 1431040]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2006-04-27 164352]
R3 IAMTXP;Driver for Intel(R) Active Management Technology - KCS; C:\WINDOWS\system32\DRIVERS\IAMTXP.sys [2005-11-29 40448]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-09-24 29184]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-27 231424]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-10-29 12160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-07-03 44808]
R2 Spyser;Spyser; C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe [2005-08-26 270336]
R2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2004-06-15 380928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 XAMPP;XAMPP Service; c:\xampp\service.exe []
S3 Apache2.2;Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-10-10 24636]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 winvnc;TridiaVNC Server; C:\Program Files\TridiaVNC\win32\WinVNC.exe [2001-12-12 249856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-30 66872]
S4 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-02-25 107832]
-----------------EOF-----------------
Mám problém počítač začal DDOS utoky na jiné počítače.
Mohli bych poprosit o zkouknutí problému a případné vyřešení. Děkuji.
Zde je log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Bobec at 2012-08-05 10:55:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 176 GB (37%) free of 477 GB
Total RAM: 3580 MB (89% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:55:53, on 5.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Documents and Settings\Bobec\Plocha\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\ts3server_win32.exe
C:\Documents and Settings\Bobec\Plocha\RSIT.exe
C:\Program Files\trend micro\Bobec.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RunRaidmon] "C:\Program Files\Lsi Logic Corp\Spy\Raidmon.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AbyssWebServer] C:\Program Files\Abyss Web Server\abyssws.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9245872562
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A1886B9-7D0D-4587-8CD5-EBA673A3DDDD}: NameServer = 213.151.89.42
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Spyser - Unknown owner - C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TridiaVNC Server (winvnc) - Tridia Corporation - C:\Program Files\TridiaVNC\win32\WinVNC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe (file missing)
--
End of file - 4236 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\avast! Emergency Update.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Bobec\Data aplikací\Mozilla\Firefox\Profiles\4tap1dtt.default
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {687578b9-7132-4a7a-80e4-30ee31099e03}:3.9.0.3, wrc@avast.com:7.0.1456, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.26"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.270 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Bobec\Data aplikací\Mozilla\Firefox\Profiles\4tap1dtt.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{687578b9-7132-4a7a-80e4-30ee31099e03}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RunRaidmon"=C:\Program Files\Lsi Logic Corp\Spy\Raidmon.exe [2005-08-26 102400]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2008-06-30 52168]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-07-03 4273976]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Programy\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]
"AbyssWebServer"=C:\Program Files\Abyss Web Server\abyssws.exe [2011-07-07 533561]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
Ati2evxx.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programy\CesarFTP\CesarFTP.exe"="C:\Programy\CesarFTP\CesarFTP.exe:*:Enabled:CesarFTP"
"C:\Programy\CesarFTP\Server.exe"="C:\Programy\CesarFTP\Server.exe:*:Enabled:Server"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\Program Files\Activision\cod4\iw3mp.exe"="C:\Program Files\Activision\cod4\iw3mp.exe:*:Enabled:iw3mp"
"C:\Program Files\Abyss Web Server\abyssws.exe"="C:\Program Files\Abyss Web Server\abyssws.exe:*:Enabled:Abyss Web Server X1"
"C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe"="C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe:*:Enabled:v_mysqld"
"C:\Documents and Settings\Bobec\Plocha\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\ts3server_win32.exe"="C:\Documents and Settings\Bobec\Plocha\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server"
"C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-01\iw4.exe"="C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-01\iw4.exe:*:Enabled:iw4"
"C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-02\iw4.exe"="C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-02\iw4.exe:*:Enabled:iw4"
"C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-03\iw4.exe"="C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-03\iw4.exe:*:Enabled:iw4"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 1 TDM\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 1 TDM\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 3 MIX\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 3 MIX\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 2 Drop Zone\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 2 Drop Zone\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 4 DM\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 4 DM\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 5 turnaj\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 5 turnaj\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Program Files\VertrigoServ\Apache\bin\v_apache.exe"="C:\Program Files\VertrigoServ\Apache\bin\v_apache.exe:*:Enabled:Apache HTTP Server"
"C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-01\iw4m.exe"="C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-01\iw4m.exe:*:Enabled:iw4m"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 4 TDM2\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 4 TDM2\iw5mp_server.exe:*:Enabled:iw5mp_server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
======List of files/folders created in the last 1 month======
2012-08-05 10:55:51 ----D---- C:\rsit
2012-08-05 10:48:32 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-08-04 22:56:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2707511$
2012-08-04 22:56:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-08-04 22:52:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2718523$
2012-08-04 22:50:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-08-04 22:49:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2699988$
2012-08-04 22:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-08-04 22:46:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$
2012-08-04 22:43:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2685939$
2012-08-04 22:43:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
======List of files/folders modified in the last 1 month======
2012-08-05 10:55:53 ----D---- C:\Program Files\trend micro
2012-08-05 10:55:16 ----D---- C:\Program Files\Mozilla Firefox
2012-08-05 10:55:01 ----D---- C:\WINDOWS\Prefetch
2012-08-05 10:49:28 ----D---- C:\WINDOWS\Debug
2012-08-05 10:49:28 ----D---- C:\WINDOWS
2012-08-05 10:49:24 ----D---- C:\WINDOWS\temp
2012-08-05 10:48:39 ----SD---- C:\WINDOWS\Tasks
2012-08-05 10:48:32 ----D---- C:\WINDOWS\system32
2012-08-05 10:48:07 ----A---- C:\WINDOWS\RaidMon.txt
2012-08-05 03:18:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-08-05 03:18:14 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-05 03:15:12 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-08-04 23:00:11 ----RSD---- C:\WINDOWS\assembly
2012-08-04 22:59:10 ----D---- C:\WINDOWS\Microsoft.NET
2012-08-04 22:56:54 ----HD---- C:\WINDOWS\inf
2012-08-04 22:56:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-08-04 22:55:57 ----D---- C:\WINDOWS\WinSxS
2012-08-04 22:55:30 ----SHD---- C:\WINDOWS\Installer
2012-08-04 22:52:58 ----HD---- C:\WINDOWS\$hf_mig$
2012-08-04 22:43:29 ----D---- C:\WINDOWS\system32\drivers
2012-08-04 19:59:35 ----D---- C:\WINDOWS\Help
2012-08-01 13:54:40 ----D---- C:\BigBrotherBot
2012-07-29 20:04:23 ----A---- C:\WINDOWS\WORDPAD.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MEGAIDE;MEGAIDE; C:\WINDOWS\system32\DRIVERS\MegaIDE.sys [2008-08-20 178048]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-07-03 25256]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-07-03 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-07-03 721000]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-07-03 353688]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-07-03 54232]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-02-13 242240]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-10-29 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-07-03 21256]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-07-03 97608]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-05 1431040]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2006-04-27 164352]
R3 IAMTXP;Driver for Intel(R) Active Management Technology - KCS; C:\WINDOWS\system32\DRIVERS\IAMTXP.sys [2005-11-29 40448]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-09-24 29184]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-27 231424]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-10-29 12160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-07-03 44808]
R2 Spyser;Spyser; C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe [2005-08-26 270336]
R2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2004-06-15 380928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 XAMPP;XAMPP Service; c:\xampp\service.exe []
S3 Apache2.2;Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-10-10 24636]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 winvnc;TridiaVNC Server; C:\Program Files\TridiaVNC\win32\WinVNC.exe [2001-12-12 249856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-30 66872]
S4 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-02-25 107832]
-----------------EOF-----------------
