Prosím o kontrolu logu z HJT po odvirování od reader_s.exe

[Albi1]

Dobrý večer.
Můžete mně zkontrolovat log z HJT, AVG, Spybot-SD, Malwarebytes, SpywareBlaster, AVG-Rootkit nic nehlásí, ale.....
Mám pomalé posuvníky a veškeré pohyby s okny po ploše.
Děkuji.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:21, on 9.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
I:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
I:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
I:\PROGRA~1\AVG\AVG8\avgrsx.exe
I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
I:\PROGRA~1\AVG\AVG8\avgnsx.exe
I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
I:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
I:\Program Files\AVG\AVG8\avgcsrvx.exe
I:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - I:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - I:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] I:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F90F74D2-3746-4D56-9FC0-1D5EFC2DB454}: NameServer = 89.190.64.20,195.146.99.4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - I:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5633 bytes

[motji]

Dobrý večer ,

V logu nic špatného nevidím.

Stáhněte z mého podpisu RSIT,log vložte sem

[Albi1]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rodina at 2009-04-10 23:30:09
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (27%) free of 10 GB
Total RAM: 3070 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:30:18, on 10.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
I:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
I:\Program Files\ASUS\AI Gear\GearHelp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
I:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\wuauclt.exe
I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
I:\PROGRA~1\AVG\AVG8\avgrsx.exe
I:\PROGRA~1\AVG\AVG8\avgnsx.exe
I:\PROGRA~1\AVG\AVG8\avgemc.exe
I:\Program Files\AVG\AVG8\avgcsrvx.exe
I:\Install\RSIT.exe
I:\Program Files\Trend Micro\HijackThis\Rodina.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - I:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - I:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] I:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "I:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [Ai Gear Help] "I:\Program Files\ASUS\AI Gear\GearHelp.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F90F74D2-3746-4D56-9FC0-1D5EFC2DB454}: NameServer = 89.190.64.20,195.146.99.4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - I:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7336 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - I:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - I:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-03 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - I:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-03 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=I:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-04-04 1932568]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"GameFace Messenger"=C:\Program Files\GameFace Messenger\GameFace.exe [2006-08-02 2048000]
"Launch Ai Booster"=I:\Program Files\ASUS\AI Booster\OverClk.exe [2006-11-28 3714048]
"AsusStartupHelp"=C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe [2006-11-14 363008]
"Ai Gear Help"=I:\Program Files\ASUS\AI Gear\GearHelp.exe [2006-07-27 415744]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-11-22 842584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2006-09-08 1085440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-04-04 10520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"I:\Program Files\AVG\AVG8\avgemc.exe"="I:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"I:\Program Files\AVG\AVG8\avgupd.exe"="I:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"I:\Program Files\AVG\AVG8\avgnsx.exe"="I:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"I:\Program Files\Orbitdownloader\orbitnet.exe"="I:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"
"I:\Program Files\uTorrent\utorrent.exe"="I:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"I:\Program Files\Skype\Phone\Skype.exe"="I:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-04-10 23:30:09 ----D---- C:\rsit
2009-04-09 23:01:30 ----D---- C:\Program Files\Microsoft IntelliPoint
2009-04-09 22:49:54 ----A---- C:\WINDOWS\system32\MSVCRTD.DLL
2009-04-09 22:49:54 ----A---- C:\WINDOWS\system32\mfc42d.dll
2009-04-09 22:49:53 ----RA---- C:\WINDOWS\system32\AsIO.dll
2009-04-09 22:47:46 ----RD---- C:\WINDOWS\AsDmiHtm
2009-04-09 22:43:45 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-04-09 22:42:07 ----D---- C:\Program Files\ASUS
2009-04-09 22:41:40 ----A---- C:\WINDOWS\iun6002.exe
2009-04-09 22:41:31 ----D---- C:\Program Files\GameFace Messenger
2009-04-09 22:39:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2009-04-09 22:35:40 ----D---- C:\Program Files\My Company Name
2009-04-09 22:35:30 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-04-09 22:35:29 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-04-09 22:35:29 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-04-09 22:35:29 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-04-09 22:35:29 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-04-09 22:35:28 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-04-09 22:35:28 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-04-09 22:35:28 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-04-09 22:35:28 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-04-09 22:35:27 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-04-09 22:35:27 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-04-09 22:35:27 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-04-09 22:35:26 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-04-09 22:35:26 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-04-09 22:35:26 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-04-09 22:35:15 ----A---- C:\WINDOWS\ATKKBService.exe
2009-04-09 22:35:14 ----A---- C:\WINDOWS\system32\ATKOSDX32.dll
2009-04-09 22:35:14 ----A---- C:\WINDOWS\system32\ATKOSDMini.DLL
2009-04-09 22:35:14 ----A---- C:\WINDOWS\system32\ATKOGL32.dll
2009-04-09 22:35:14 ----A---- C:\WINDOWS\system32\atkid.ini
2009-04-09 22:35:14 ----A---- C:\WINDOWS\system32\ATKDispCPL.dll
2009-04-09 22:35:14 ----A---- C:\WINDOWS\system32\ATKDISP.dll
2009-04-09 22:35:14 ----A---- C:\WINDOWS\system32\asrussian.dll
2009-04-09 22:35:14 ----A---- C:\WINDOWS\system32\askorean.dll
2009-04-09 22:35:14 ----A---- C:\WINDOWS\system32\asjapan.dll
2009-04-09 22:35:14 ----A---- C:\WINDOWS\system32\ASCHT.dll
2009-04-09 22:35:14 ----A---- C:\WINDOWS\system32\aschs.dll
2009-04-09 22:35:14 ----A---- C:\WINDOWS\system32\asgerman.dll
2009-04-09 22:35:14 ----A---- C:\WINDOWS\system32\asfrench.dll
2009-04-09 22:35:14 ----A---- C:\WINDOWS\system32\aseng.dll
2009-04-09 22:34:34 ----D---- C:\WINDOWS\nview
2009-04-09 22:34:34 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-04-09 00:11:11 ----D---- C:\Documents and Settings\Rodina\Data aplikací\Help
2009-04-08 23:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-04-08 22:49:44 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-04-08 22:49:39 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2009-04-08 22:49:35 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2009-04-08 22:49:31 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-04-08 22:49:25 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2009-04-08 22:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2009-04-08 22:49:17 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-04-08 22:49:13 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2009-04-08 22:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-04-08 22:49:03 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-04-08 22:48:59 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-04-08 22:48:55 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-04-08 22:48:51 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-04-08 22:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2009-04-08 22:48:43 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2009-04-08 22:48:39 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-04-08 22:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2009-04-08 22:48:30 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2009-04-08 22:48:26 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2009-04-08 22:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP9$
2009-04-08 22:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-04-08 22:48:06 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2009-04-08 22:48:03 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-04-08 22:47:58 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-04-08 22:47:54 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-04-08 22:47:48 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2009-04-08 22:47:44 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2009-04-08 22:47:40 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-04-08 22:47:36 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-04-08 22:47:32 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-04-08 22:47:24 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2009-04-08 22:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-04-08 22:47:17 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2009-04-08 22:47:13 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-04-08 22:47:08 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2009-04-08 22:47:04 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-04-08 22:47:01 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-04-08 22:46:57 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-04-08 22:46:53 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2009-04-08 22:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-04-08 22:46:46 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2009-04-08 22:46:42 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-04-08 22:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-04-08 22:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-04-08 22:46:29 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2009-04-08 22:46:25 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2009-04-08 22:46:22 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-04-08 22:46:18 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2009-04-08 22:46:14 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-04-08 22:46:10 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2009-04-08 22:46:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-04-08 22:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-04-08 22:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-04-08 22:45:49 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-04-08 22:45:45 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2009-04-08 22:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2009-04-08 22:45:38 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-04-08 22:45:34 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2009-04-08 22:45:30 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2009-04-08 22:45:26 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-04-08 22:45:23 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-04-08 22:45:19 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-04-08 22:45:14 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-04-08 22:45:08 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2009-04-08 22:38:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-07 00:32:13 ----D---- C:\Documents and Settings\Rodina\Data aplikací\Macromedia
2009-04-07 00:24:11 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-04-07 00:24:07 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-04-07 00:24:03 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2009-04-07 00:23:55 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2009-04-07 00:23:47 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-04-07 00:23:35 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-04-06 22:35:31 ----D---- C:\Program Files\I.CA
2009-04-06 22:03:41 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-04-06 21:59:50 ----D---- C:\Documents and Settings\Rodina\Data aplikací\Adobe
2009-04-06 21:56:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2009-04-06 21:56:00 ----D---- C:\Program Files\Common Files\Adobe
2009-04-06 21:56:00 ----D---- C:\Program Files\Adobe
2009-04-06 21:44:00 ----D---- C:\Documents and Settings\Rodina\Data aplikací\Malwarebytes
2009-04-06 21:43:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2009-04-06 21:19:29 ----D---- C:\Documents and Settings\Rodina\Data aplikací\EleFun Games
2009-04-06 21:15:02 ----D---- C:\Documents and Settings\Rodina\Data aplikací\Skype
2009-04-05 22:17:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-05 22:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-05 22:17:31 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-05 22:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-05 22:16:58 ----D---- C:\WINDOWS\ie7updates
2009-04-05 22:16:46 ----D---- C:\WINDOWS\WBEM
2009-04-05 22:16:46 ----D---- C:\WINDOWS\system32\cs-cz
2009-04-05 22:16:36 ----HDC---- C:\WINDOWS\ie7
2009-04-05 22:16:29 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-04-05 22:16:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-04-05 22:16:08 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-04-05 22:16:07 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-04-05 22:15:31 ----D---- C:\WINDOWS\network diagnostic
2009-04-05 22:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2009-04-05 22:15:19 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2009-04-05 22:09:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-04-05 22:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-04-05 22:08:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-05 22:08:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-04-05 22:07:59 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-05 22:07:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-05 22:07:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-04-05 22:07:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-04-05 22:07:38 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-05 22:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-04-05 22:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-05 22:07:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-05 22:07:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-04-05 22:07:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-05 22:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-05 22:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-05 22:07:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-04-05 22:07:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-05 22:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-05 22:06:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-05 22:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-05 22:06:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-05 22:06:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-05 22:06:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-05 22:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-04-05 21:53:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVS4YOU
2009-04-05 21:28:39 ----D---- C:\Documents and Settings\Rodina\Data aplikací\uTorrent
2009-04-05 21:09:54 ----A---- C:\WINDOWS\ODBC.INI
2009-04-05 21:09:51 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-04-05 21:09:14 ----D---- C:\Program Files\Microsoft.NET
2009-04-05 21:08:52 ----D---- C:\Program Files\Common Files\DESIGNER
2009-04-05 21:08:25 ----D---- C:\WINDOWS\SHELLNEW
2009-04-05 11:06:46 ----D---- C:\Documents and Settings\Rodina\Data aplikací\Vso
2009-04-05 10:50:41 ----N---- C:\WINDOWS\Setup1.exe
2009-04-05 10:50:40 ----A---- C:\WINDOWS\ST6UNST.EXE
2009-04-05 10:42:01 ----D---- C:\Documents and Settings\Rodina\Data aplikací\Orbit
2009-04-05 10:19:25 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-04-05 09:03:38 ----D---- C:\WINDOWS\system32\PreInstall
2009-04-05 09:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-04-05 07:42:24 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-04-05 00:03:27 ----HD---- C:\$AVG8.VAULT$
2009-04-04 23:44:31 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-04-04 23:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-04-04 23:44:25 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-04 23:16:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-04-04 23:02:19 ----RA---- C:\WINDOWS\system32\PostProc.dll
2009-04-04 23:02:19 ----RA---- C:\WINDOWS\system32\a3d.dll
2009-04-04 23:02:16 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-04-04 23:02:10 ----N---- C:\WINDOWS\system32\wdmioctl.dll
2009-04-04 23:02:10 ----N---- C:\WINDOWS\system32\SMMedia.dll
2009-04-04 23:02:08 ----N---- C:\WINDOWS\system32\DSndUp.exe
2009-04-04 23:02:08 ----N---- C:\WINDOWS\system32\CleanUp.exe
2009-04-04 23:02:08 ----D---- C:\Program Files\Analog Devices
2009-04-04 23:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-04-04 23:01:26 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-04-04 23:00:31 ----D---- C:\Program Files\DIFX
2009-04-04 23:00:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-04 23:00:00 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-04 22:59:31 ----D---- C:\Program Files\NVIDIA Corporation
2009-04-04 22:58:43 ----A---- C:\WINDOWS\system32\CapabilityTable.exe
2009-04-04 22:58:33 ----N---- C:\WINDOWS\system32\nvuide.exe
2009-04-04 22:58:32 ----RA---- C:\WINDOWS\system32\NVCOI.DLL
2009-04-04 22:58:32 ----RA---- C:\WINDOWS\system32\idecoiins.dll
2009-04-04 22:58:32 ----RA---- C:\WINDOWS\system32\idecoi.dll
2009-04-04 22:58:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-04 22:58:06 ----RA---- C:\WINDOWS\system32\fdco1ins.dll
2009-04-04 22:58:06 ----RA---- C:\WINDOWS\system32\fdco1.dll
2009-04-04 22:58:03 ----RA---- C:\WINDOWS\system32\nvconrm.dll
2009-04-04 22:58:03 ----RA---- C:\WINDOWS\system32\bdco1ins.dll
2009-04-04 22:58:03 ----RA---- C:\WINDOWS\system32\bdco1.dll
2009-04-04 22:58:03 ----A---- C:\WINDOWS\system32\nvunrm.exe
2009-04-04 22:57:44 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-04-04 22:57:34 ----D---- C:\Program Files\Common Files\InstallShield
2009-04-04 22:57:28 ----RA---- C:\WINDOWS\system32\raidmgmt.ini
2009-04-04 22:57:27 ----RA---- C:\WINDOWS\system32\AsusSetup.ini
2009-04-04 22:57:27 ----RA---- C:\WINDOWS\system32\AsusSetup.exe
2009-04-04 22:57:26 ----A---- C:\WINDOWS\AS_Debug.txt
2009-04-04 22:57:05 ----A---- C:\WINDOWS\Ascd_tmp.ini
2009-04-04 21:36:39 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-04-04 21:36:30 ----D---- C:\Documents and Settings\Rodina\Data aplikací\AVGTOOLBAR
2009-04-04 21:36:17 ----D---- C:\Program Files\AVG
2009-04-04 21:36:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2009-04-04 01:19:08 ----D---- C:\Hrajte naplno 2005
2009-04-04 00:42:46 ----A---- C:\WINDOWS\system32\h323log.txt
2009-04-04 00:38:26 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-04-04 00:36:32 ----A---- C:\WINDOWS\system32\usbui.dll
2009-04-04 00:35:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-04 00:35:27 ----SHD---- C:\WINDOWS\Installer
2009-04-04 00:35:27 ----D---- C:\Program Files\Common Files\ODBC
2009-04-04 00:35:27 ----A---- C:\WINDOWS\ODBCINST.INI
2009-04-04 00:35:25 ----RD---- C:\Program Files
2009-04-04 00:35:25 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-04-04 00:35:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-04 00:35:25 ----D---- C:\Program Files\Common Files
2009-04-04 00:35:22 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-04-04 00:35:22 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-04-04 00:35:22 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-04-04 00:35:21 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-04-04 00:35:21 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-04-04 00:35:21 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-04-04 00:35:20 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-04-04 00:35:20 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-04-04 00:35:20 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-04-04 00:35:20 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-04-04 00:35:20 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-04-04 00:35:20 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-04-04 00:35:20 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-04-04 00:35:20 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-04-04 00:35:20 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-04-04 00:35:19 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-04-04 00:35:19 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-04-04 00:35:19 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-04-04 00:35:19 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-04-04 00:35:19 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-04-04 00:35:19 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-04-04 00:35:19 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-04-04 00:35:18 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-04-04 00:35:18 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-04-04 00:35:18 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-04-04 00:35:18 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-04-04 00:35:18 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-04-04 00:35:16 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2009-04-04 00:35:15 ----A---- C:\WINDOWS\system32\kbdycl.dll
2009-04-04 00:35:15 ----A---- C:\WINDOWS\system32\kbdsl.dll
2009-04-04 00:35:15 ----A---- C:\WINDOWS\system32\kbdro.dll
2009-04-04 00:35:15 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2009-04-04 00:35:15 ----A---- C:\WINDOWS\system32\kbdpl.dll
2009-04-04 00:35:15 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2009-04-04 00:35:15 ----A---- C:\WINDOWS\system32\kbdhu.dll
2009-04-04 00:35:15 ----A---- C:\WINDOWS\system32\kbdcr.dll
2009-04-04 00:35:15 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2009-04-04 00:35:14 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-04-04 00:35:14 ----A---- C:\WINDOWS\system32\irclass.dll
2009-04-04 00:35:14 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-04-04 00:35:14 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-04-04 00:35:14 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-04-04 00:35:13 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-04-04 00:35:13 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-04-04 00:35:13 ----A---- C:\WINDOWS\system32\batt.dll
2009-04-04 00:35:12 ----A---- C:\WINDOWS\system32\storprop.dll
2009-04-04 00:35:12 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-04-04 00:35:04 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2009-04-04 00:35:02 ----RA---- C:\WINDOWS\SET8.tmp
2009-04-04 00:35:01 ----RA---- C:\WINDOWS\SET4.tmp
2009-04-04 00:35:00 ----RA---- C:\WINDOWS\SET3.tmp
2009-04-04 00:34:55 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-04 00:34:55 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-04 00:34:49 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-04-04 00:34:30 ----D---- C:\Documents and Settings
2009-04-04 00:06:15 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2009-04-04 00:06:12 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2009-04-04 00:06:11 ----D---- C:\Program Files\SpywareBlaster
2009-04-03 23:39:10 ----RSH---- C:\boot.ini
2009-04-03 23:36:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-03 23:36:49 ----RSD---- C:\WINDOWS\Fonts
2009-04-03 23:36:49 ----RD---- C:\WINDOWS\Web
2009-04-03 23:36:49 ----HD---- C:\WINDOWS\inf
2009-04-03 23:36:49 ----D---- C:\WINDOWS\WinSxS
2009-04-03 23:36:49 ----D---- C:\WINDOWS\twain_32
2009-04-03 23:36:49 ----D---- C:\WINDOWS\Temp
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\wins
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\wbem
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\usmt
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\spool
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\ShellExt
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\Setup
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\ras
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\oobe
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\npp
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\mui
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\inetsrv
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\IME
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\icsxml
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\ias
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\export
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\drivers
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\dhcp
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\config
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\3com_dmi
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\3076
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\2052
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\1054
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\1042
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\1041
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\1037
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\1033
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\1031
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\1029
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\1028
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32\1025
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system32
2009-04-03 23:36:49 ----D---- C:\WINDOWS\system
2009-04-03 23:36:49 ----D---- C:\WINDOWS\security
2009-04-03 23:36:49 ----D---- C:\WINDOWS\Resources
2009-04-03 23:36:49 ----D---- C:\WINDOWS\repair
2009-04-03 23:36:49 ----D---- C:\WINDOWS\Provisioning
2009-04-03 23:36:49 ----D---- C:\WINDOWS\pchealth
2009-04-03 23:36:49 ----D---- C:\WINDOWS\PeerNet
2009-04-03 23:36:49 ----D---- C:\WINDOWS\mui
2009-04-03 23:36:49 ----D---- C:\WINDOWS\msapps
2009-04-03 23:36:49 ----D---- C:\WINDOWS\msagent
2009-04-03 23:36:49 ----D---- C:\WINDOWS\Media
2009-04-03 23:36:49 ----D---- C:\WINDOWS\java
2009-04-03 23:36:49 ----D---- C:\WINDOWS\ime
2009-04-03 23:36:49 ----D---- C:\WINDOWS\Help
2009-04-03 23:36:49 ----D---- C:\WINDOWS\ehome
2009-04-03 23:36:49 ----D---- C:\WINDOWS\Driver Cache
2009-04-03 23:36:49 ----D---- C:\WINDOWS\Debug
2009-04-03 23:36:49 ----D---- C:\WINDOWS\Cursors
2009-04-03 23:36:49 ----D---- C:\WINDOWS\Connection Wizard
2009-04-03 23:36:49 ----D---- C:\WINDOWS\Config
2009-04-03 23:36:49 ----D---- C:\WINDOWS\AppPatch
2009-04-03 23:36:49 ----D---- C:\WINDOWS\addins
2009-04-03 23:36:49 ----D---- C:\WINDOWS
2009-04-03 23:01:29 ----SHD---- C:\RECYCLER
2009-04-03 22:55:25 ----D---- C:\Documents and Settings\Rodina\Data aplikací\Identities
2009-04-03 22:55:24 ----HD---- C:\Program Files\Uninstall Information
2009-04-03 22:55:18 ----ASH---- C:\Documents and Settings\Rodina\Data aplikací\desktop.ini
2009-04-03 22:55:17 ----SD---- C:\Documents and Settings\Rodina\Data aplikací\Microsoft
2009-04-03 22:53:36 ----D---- C:\WINDOWS\SoftwareDistribution
2009-04-03 22:53:34 ----D---- C:\WINDOWS\Prefetch
2009-04-03 22:53:33 ----SD---- C:\WINDOWS\system32\Microsoft
2009-04-03 22:50:53 ----D---- C:\WINDOWS\system32\xircom
2009-04-03 22:50:53 ----D---- C:\Program Files\xerox
2009-04-03 22:50:53 ----D---- C:\Program Files\microsoft frontpage
2009-04-03 22:50:35 ----A---- C:\WINDOWS\control.ini
2009-04-03 22:50:35 ----A---- C:\AUTOEXEC.BAT
2009-04-03 22:50:20 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-04-03 22:49:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-03 22:49:40 ----RD---- C:\WINDOWS\Offline Web Pages
2009-04-03 22:49:40 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-04-03 22:49:36 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-04-03 22:49:32 ----HD---- C:\Program Files\WindowsUpdate
2009-04-03 22:49:27 ----D---- C:\Program Files\Online Services
2009-04-03 22:49:15 ----D---- C:\WINDOWS\system32\DirectX
2009-04-03 22:49:03 ----A---- C:\WINDOWS\system32\atrace.dll
2009-04-03 22:49:01 ----A---- C:\WINDOWS\system32\desktop.ini
2009-04-03 22:49:01 ----A---- C:\WINDOWS\desktop.ini
2009-04-03 22:48:57 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-04-03 22:48:56 ----A---- C:\WINDOWS\system32\acctres.dll
2009-04-03 22:48:55 ----D---- C:\Program Files\Common Files\Services
2009-04-03 22:48:54 ----SD---- C:\WINDOWS\Tasks
2009-04-03 22:48:54 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-04-03 22:48:53 ----D---- C:\Program Files\Common Files\MSSoap
2009-04-03 22:48:51 ----D---- C:\WINDOWS\system32\Macromed
2009-04-03 22:48:51 ----D---- C:\WINDOWS\srchasst
2009-04-03 22:48:49 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-04-03 22:48:49 ----A---- C:\WINDOWS\system32\wups.dll
2009-04-03 22:48:49 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-04-03 22:48:49 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-04-03 22:48:49 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-04-03 22:48:49 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-04-03 22:48:49 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-04-03 22:48:49 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-04-03 22:48:49 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-04-03 22:48:49 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-04-03 22:48:49 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-04-03 22:48:49 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-04-03 22:48:48 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-04-03 22:48:46 ----D---- C:\Program Files\Movie Maker
2009-04-03 22:48:44 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-04-03 22:48:44 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-04-03 22:48:44 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-04-03 22:48:44 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-04-03 22:48:42 ----D---- C:\WINDOWS\system32\Restore
2009-04-03 22:48:42 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-04-03 22:48:42 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-04-03 22:48:42 ----A---- C:\WINDOWS\system32\srclient.dll
2009-04-03 22:48:42 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-04-03 22:48:42 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-04-03 22:48:41 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-04-03 22:48:41 ----A---- C:\WINDOWS\system32\msconf.dll
2009-04-03 22:48:41 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-04-03 22:48:41 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-04-03 22:48:41 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-04-03 22:48:41 ----A---- C:\WINDOWS\system32\ils.dll
2009-04-03 22:48:39 ----D---- C:\Program Files\NetMeeting
2009-04-03 22:48:39 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-04-03 22:48:39 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-04-03 22:48:39 ----A---- C:\WINDOWS\system32\inetres.dll
2009-04-03 22:48:39 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-04-03 22:48:38 ----D---- C:\Program Files\Outlook Express
2009-04-03 22:48:38 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-04-03 22:48:38 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-04-03 22:48:38 ----A---- C:\WINDOWS\system32\mstask.dll
2009-04-03 22:48:37 ----A---- C:\WINDOWS\system32\isign32.dll
2009-04-03 22:48:37 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-04-03 22:48:37 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-04-03 22:48:37 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-04-03 22:48:34 ----D---- C:\Program Files\Common Files\System
2009-04-03 22:48:30 ----D---- C:\Program Files\Internet Explorer
2009-04-03 22:47:54 ----D---- C:\Program Files\ComPlus Applications
2009-04-03 22:47:51 ----A---- C:\WINDOWS\vbaddin.ini
2009-04-03 22:47:51 ----A---- C:\WINDOWS\vb.ini
2009-04-03 22:47:45 ----D---- C:\WINDOWS\Registration
2009-04-03 22:47:34 ----D---- C:\Program Files\Windows Media Player
2009-04-03 22:47:29 ----D---- C:\Program Files\Messenger
2009-04-03 22:47:27 ----D---- C:\Program Files\MSN Gaming Zone
2009-04-03 22:47:27 ----A---- C:\WINDOWS\system32\write.exe
2009-04-03 22:47:21 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-04-03 22:47:21 ----A---- C:\WINDOWS\system32\hticons.dll
2009-04-03 22:47:21 ----A---- C:\WINDOWS\system32\avwav.dll
2009-04-03 22:47:21 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-04-03 22:47:21 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-04-03 22:47:20 ----A---- C:\WINDOWS\system32\winchat.exe
2009-04-03 22:47:16 ----A---- C:\WINDOWS\system32\charmap.exe
2009-04-03 22:47:16 ----A---- C:\WINDOWS\system32\getuname.dll
2009-04-03 22:47:16 ----A---- C:\WINDOWS\system32\calc.exe
2009-04-03 22:47:15 ----A---- C:\WINDOWS\system32\winmine.exe
2009-04-03 22:47:15 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-04-03 22:47:15 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-04-03 22:47:15 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-04-03 22:47:15 ----A---- C:\WINDOWS\system32\tskill.exe
2009-04-03 22:47:15 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-04-03 22:47:15 ----A---- C:\WINDOWS\system32\tscon.exe
2009-04-03 22:47:15 ----A---- C:\WINDOWS\system32\sol.exe
2009-04-03 22:47:15 ----A---- C:\WINDOWS\system32\shadow.exe
2009-04-03 22:47:15 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-04-03 22:47:15 ----A---- C:\WINDOWS\system32\reset.exe
2009-04-03 22:47:15 ----A---- C:\WINDOWS\system32\regini.exe
2009-04-03 22:47:15 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-04-03 22:47:15 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-04-03 22:47:15 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-04-03 22:47:15 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-04-03 22:47:15 ----A---- C:\WINDOWS\system32\freecell.exe
2009-04-03 22:47:14 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-04-03 22:47:14 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-04-03 22:47:14 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-04-03 22:47:14 ----A---- C:\WINDOWS\system32\msg.exe
2009-04-03 22:47:14 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-04-03 22:47:14 ----A---- C:\WINDOWS\system32\logoff.exe
2009-04-03 22:47:14 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-04-03 22:47:14 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-04-03 22:47:13 ----A---- C:\WINDOWS\system32\stclient.dll
2009-04-03 22:47:13 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-04-03 22:47:13 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-04-03 22:47:13 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-04-03 22:47:10 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-04-03 22:47:10 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-04-03 22:47:09 ----D---- C:\Program Files\Windows NT
2009-04-03 22:47:09 ----A---- C:\WINDOWS\system32\spider.exe
2009-04-03 22:47:09 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-04-03 22:47:09 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-04-03 22:47:09 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-04-03 22:47:09 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-04-03 22:47:09 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-04-03 22:47:08 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-04-03 22:47:08 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-04-03 22:47:08 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-04-03 22:47:08 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-04-03 22:47:08 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-04-03 22:47:08 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-04-03 22:47:08 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-04-03 22:47:08 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-04-03 22:47:08 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-04-03 22:47:08 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-04-03 22:47:08 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-04-03 22:47:08 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-04-03 22:47:08 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-04-03 22:47:08 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-04-03 22:47:07 ----D---- C:\WINDOWS\system32\MsDtc
2009-04-03 22:47:07 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-04-03 22:47:07 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-04-03 22:47:07 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-04-03 22:47:07 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-04-03 22:47:07 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-04-03 22:47:07 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-04-03 22:47:07 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-04-03 22:47:07 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-04-03 22:47:07 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-04-03 22:47:06 ----D---- C:\WINDOWS\system32\Com
2009-04-03 22:47:06 ----A---- C:\WINDOWS\system32\comuid.dll
2009-04-03 22:47:06 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-04-03 22:47:06 ----A---- C:\WINDOWS\system32\colbact.dll
2009-04-03 22:47:06 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-04-03 22:47:06 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-04-03 22:47:06 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-04-03 22:47:06 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-04-03 22:47:06 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-04-03 22:47:02 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-04-03 22:47:02 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-04-03 22:47:02 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-04-03 22:47:02 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-04-03 21:41:14 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2009-04-04 00:35:23 ----A---- C:\WINDOWS\system.ini
2009-04-03 22:50:35 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-04-04 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-04-04 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-06 108552]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-09-11 110592]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2005-09-27 16000]
S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 12416]
S3 ai1p6lau;ai1p6lau; C:\WINDOWS\system32\drivers\ai1p6lau.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\1.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-04 241664]
R2 avg8emc;AVG Free8 E-mail Scanner; I:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-04-04 908056]
R2 avg8wd;AVG Free8 WatchDog; I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-04-04 298264]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-09-11 172032]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-13 20543]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-09-11 135227]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-09-11 65599]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 SbPF.Launcher;SbPF.Launcher; I:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 StarWindServiceAE;StarWind AE Service; I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

[motji]

Dejte soubory otestovat na http://www.virustotal.com
C:\WINDOWS\Ascd_tmp.ini
C:\WINDOWS \ SYSTEM32 \ DRIVERS \ Nm.sys

C:\WINDOWS\Setup1.exe
Do okénka zkopírujte cestu k souboru,pokud napíše,že soubor již byl testován,dejte znovu otestovat.
Sem vložte linky s výsledky

Zítra pokračujeme,dobrou noc

[gazzy]

Promiň, že vstupuju. Psal jsem Albimu soukromou (abych vám sem nezasahoval), aby reinstalil ovladače od grafiky. Po jejich nainstalování (zapoměl na ně), prý všechno funguje

[riffman]

uzasnej pristup resit to pomoci PM, to radci skutecne pomuze

gazzy, po dobrym to s vama ocividne nejde, tak to holt pujde po zlym - jeste jednou se nekomu nacpete do threadu, nakopu vam zadek.

[iwigirl]

ještě jednou si na tebe gazzy bude někdo stěžovat, začneme to řešit warningem v ranku a posléze banem.

[Albi1]

Test proveden, infekce nezjištěna. Soubor nm.sys jsem nenašel, pouze nmnt.sys.


Soubor Ascd_tmp.ini přijatý 2009.04.12 14:09:04 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/40 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 38 a 54 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.04.12 -
AhnLab-V3 5.0.0.2 2009.04.11 -
AntiVir 7.9.0.138 2009.04.11 -
Antiy-AVL 2.0.3.1 2009.04.12 -
Authentium 5.1.2.4 2009.04.11 -
Avast 4.8.1335.0 2009.04.11 -
AVG 8.5.0.285 2009.04.11 -
BitDefender 7.2 2009.04.12 -
CAT-QuickHeal 10.00 2009.04.10 -
ClamAV 0.94.1 2009.04.12 -
Comodo 1111 2009.04.12 -
DrWeb 4.44.0.09170 2009.04.12 -
eSafe 7.0.17.0 2009.04.07 -
eTrust-Vet 31.6.6450 2009.04.11 -
F-Prot 4.4.4.56 2009.04.11 -
F-Secure 8.0.14470.0 2009.04.12 -
Fortinet 3.117.0.0 2009.04.12 -
GData 19 2009.04.12 -
Ikarus T3.1.1.49.0 2009.04.12 -
K7AntiVirus 7.10.700 2009.04.11 -
Kaspersky 7.0.0.125 2009.04.12 -
McAfee 5581 2009.04.11 -
McAfee+Artemis 5581 2009.04.11 -
McAfee-GW-Edition 6.7.6 2009.04.11 -
Microsoft 1.4502 2009.04.12 -
NOD32 4002 2009.04.11 -
Norman 6.00.06 2009.04.09 -
nProtect 2009.1.8.0 2009.04.12 -
Panda 10.0.0.14 2009.04.12 -
PCTools 4.4.2.0 2009.04.08 -
Prevx1 V2 2009.04.12 -
Rising 21.24.62.00 2009.04.12 -
Sophos 4.40.0 2009.04.12 -
Sunbelt 3.2.1858.2 2009.04.11 -
Symantec 1.4.4.12 2009.04.12 -
TheHacker 6.3.4.0.305 2009.04.11 -
TrendMicro 8.700.0.1004 2009.04.12 -
VBA32 3.12.10.2 2009.04.12 -
ViRobot 2009.4.10.1688 2009.04.10 -
VirusBuster 4.6.5.0 2009.04.11 -
Rozšiřující informace
File size: 32861 bytes
MD5...: e6d8fee993ef29c55504c6a759c4d9e4
SHA1..: 41be82a1d900b393c3a53480ad93e5320ccf12cf
SHA256: 814111f2f0db2ab3ef4a1bc0f1c2b487a4e7ddc4d933bfa61fed5456d6336f68
SHA512: 5a40c3fd471313381c45480fd6151bac81c59e793c58024aabbab6aa464c86af
f551ba5330eef8a0b3679deaaf1284c00355669c40ccfbeb34fa1ef7695bfd10
ssdeep: 384:yvM17UqsnN2VxGXA06dRP/Iz2J8/L3vF6PbZ6mpH7gyuyeWGARdEJa5lK79p
8xFl:CMzE/csZi4y3jyJ3q

PEiD..: -
TrID..: File type identification
Generic INI configuration (100.0%)
PEInfo: -
RDS...: NSRL Reference Data Set
-
Soubor nmnt.sys přijatý 2009.04.12 14:13:50 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/40 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 38 a 54 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.04.12 -
AhnLab-V3 5.0.0.2 2009.04.11 -
AntiVir 7.9.0.138 2009.04.11 -
Antiy-AVL 2.0.3.1 2009.04.12 -
Authentium 5.1.2.4 2009.04.11 -
Avast 4.8.1335.0 2009.04.11 -
AVG 8.5.0.285 2009.04.11 -
BitDefender 7.2 2009.04.12 -
CAT-QuickHeal 10.00 2009.04.10 -
ClamAV 0.94.1 2009.04.12 -
Comodo 1111 2009.04.12 -
DrWeb 4.44.0.09170 2009.04.12 -
eSafe 7.0.17.0 2009.04.07 -
eTrust-Vet 31.6.6450 2009.04.11 -
F-Prot 4.4.4.56 2009.04.11 -
F-Secure 8.0.14470.0 2009.04.12 -
Fortinet 3.117.0.0 2009.04.12 -
GData 19 2009.04.12 -
Ikarus T3.1.1.49.0 2009.04.12 -
K7AntiVirus 7.10.700 2009.04.11 -
Kaspersky 7.0.0.125 2009.04.12 -
McAfee 5581 2009.04.11 -
McAfee+Artemis 5581 2009.04.11 -
McAfee-GW-Edition 6.7.6 2009.04.11 -
Microsoft 1.4502 2009.04.12 -
NOD32 4002 2009.04.11 -
Norman 6.00.06 2009.04.09 -
nProtect 2009.1.8.0 2009.04.12 -
Panda 10.0.0.14 2009.04.12 -
PCTools 4.4.2.0 2009.04.08 -
Prevx1 V2 2009.04.12 -
Rising 21.24.62.00 2009.04.12 -
Sophos 4.40.0 2009.04.12 -
Sunbelt 3.2.1858.2 2009.04.11 -
Symantec 1.4.4.12 2009.04.12 -
TheHacker 6.3.4.0.305 2009.04.11 -
TrendMicro 8.700.0.1004 2009.04.12 -
VBA32 3.12.10.2 2009.04.12 -
ViRobot 2009.4.10.1688 2009.04.10 -
VirusBuster 4.6.5.0 2009.04.11 -
Rozšiřující informace
File size: 40320 bytes
MD5...: 60cf8c7192b3614f240838ddbaa4a245
SHA1..: 73ff7c56625fb2f938778efe00d7fb6f9712242f
SHA256: 48cce03b545a340d298f005688de874d28e76959fd965218d93e4a33ee0e9c01
SHA512: b47637dc7c8fc3b4dc13c18c1990bc1bbf2d9a6d3625ab72f81a684ea617a8b5
55be2eae638752f21a8430260e79da74a260afaccd4f295b0fff235e21ad1521
ssdeep: 768:PV0A/zwUcOklfxDppd4o2g7whSoOZiY1MRnnh2Uzc3ximYmZK:PV08qOklfx
/d4hg7whGijRhSYx

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x8983
timedatestamp.....: 0x41107b55 (Wed Aug 04 05:59:49 2004)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x63bc 0x6400 6.36 58fc79ddb5dfc7909d685fe899f9bf63
.rdata 0x6700 0x224 0x280 3.25 06196efbc7efda5d2c4d3271f5281ff1
.data 0x6980 0x1c0 0x200 1.39 6935d7c9d77abe8312f1fdcc300e957c
PAGE 0x6b80 0x1bbb 0x1c00 5.92 918478f26bc733624e7b5884e6ef26d5
INIT 0x8780 0xb46 0xb80 5.67 7f048ec626b51fdfb678fbf2f2e6f379
.rsrc 0x9300 0x3e8 0x400 3.36 e80f90e7f6afa7e06befb9e6609196bc
.reloc 0x9700 0x618 0x680 5.73 1c0a4115a4989fe4983099078ff3ad0a

( 4 imports )
> ntoskrnl.exe: ZwSetValueKey, RtlEqualUnicodeString, RtlUnicodeStringToAnsiString, RtlInitAnsiString, ZwCreateKey, ExInterlockedFlushSList, MmMapLockedPagesSpecifyCache, IofCompleteRequest, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, wcslen, KeQuerySystemTime, KeNumberProcessors, KeQueryInterruptTime, RtlCompareMemory, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, memmove, ZwQueryValueKey, KeResetEvent, KeWaitForSingleObject, KeInitializeEvent, KeSetEvent, ExfInterlockedRemoveHeadList, IoFreeMdl, InterlockedPopEntrySList, InterlockedPushEntrySList, MmMapLockedPages, KeCancelTimer, KeInitializeTimer, KeInitializeDpc, KeSetTimer, ExInterlockedAddLargeStatistic, KeTickCount, KeQueryTimeIncrement, KeBugCheckEx, RtlQueryRegistryValues, ZwClose, RtlInitUnicodeString, ZwOpenKey, IoGetCurrentProcess, ExAcquireResourceExclusiveLite, IoSetShareAccess, SeAssignSecurity, IoRemoveShareAccess, ExReleaseResourceLite, ExQueueWorkItem, SeDeassignSecurity, _except_handler3, ExFreePoolWithTag, ExfInterlockedPopEntryList, ExAllocatePoolWithTag, ExfInterlockedPushEntryList, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, ExDeleteResourceLite, IoDeleteDevice, IoCreateDevice, KeInitializeSpinLock, _alldiv, ExInitializeResourceLite
> HAL.dll: KfReleaseSpinLock, KfLowerIrql, KfRaiseIrql, KfAcquireSpinLock
> NDIS.SYS: NdisCopyBuffer, NdisCompletePnPEvent, NdisRegisterProtocol, NdisUnchainBufferAtFront, NdisFreePacket, NdisCloseAdapter, NdisCopyFromPacketToPacket, NdisAllocatePacketPoolEx, NdisSetPacketPoolProtocolId, NdisAllocateBufferPool, NdisRequest, NdisDeregisterProtocol, NdisFreePacketPool, NdisFreeBufferPool, NdisAllocateBuffer, NdisAllocatePacket, NdisOpenAdapter
> TDI.SYS: TdiCopyBufferToMdl

( 0 exports )

RDS...: NSRL Reference Data Set

( Microsoft )

> MSDN Disc 2443.2: nmnt.sys
> MSDN Disc 2443.4: nmnt.sys
> MSDN Disc 2440.5: nmnt.sys
> Operating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: nmnt.sys
> MSDN Disc 2440.3: nmnt.sys
> MSDN Disc 2466.2: nmnt.sys
> Virtual PC for Mac Windows XP Home Edition: nmnt.sys
> MSDN Disc 2441.6: nmnt.sys
> MSDN Disc 2441.7: nmnt.sys
> MSDN Disc 2466.4: nmnt.sys
> MSDN Disc 2476.4: nmnt.sys
> MSDN Disc 2455.6: nmnt.sys
> MSDN Disc 2476.2: nmnt.sys
> Disc 2438.5: nmnt.sys
> MSDN Disc 2440.4: nmnt.sys
> MSDN Disc 2444.3: nmnt.sys
> MSDN Disc 2444.6: nmnt.sys
> MSDN Disc 2444.4: nmnt.sys
> MSDN Disc 2438.7: nmnt.sys
> MSDN Disc 2477.2: nmnt.sys
> MSDN Disc 2439.7: nmnt.sys
> MSDN Disc 2439.6: nmnt.sys
> MSDN Disc 2442.4: nmnt.sys
> MSDN Disc 2442.6: nmnt.sys
> MSDN Disc 2438.8: nmnt.sys
> MSDN Disc 2465.4: nmnt.sys
> MSDN Disc 2465.5: nmnt.sys
> MSDN Disc 2464.5: nmnt.sys
> MSDN Disc 2428.4: nmnt.sys
> MSDN Disc 2439.8: nmnt.sys
> MSDN Disc 2428.8: nmnt.sys
> Virtual PC for Mac Windows XP Professional Edition: nmnt.sys
> MSDN Disc 2428.5: nmnt.sys
> MSDN Disc 2441.5: nmnt.sys

( Gateway )

> Gateway Operating System Windows XP Pro Edition SP2: nmnt.sys


packers (Kaspersky): PE_Patch


Soubor Setup1.exe přijatý 2009.04.12 14:20:29 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/40 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 38 a 54 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.04.12 -
AhnLab-V3 5.0.0.2 2009.04.11 -
AntiVir 7.9.0.138 2009.04.11 -
Antiy-AVL 2.0.3.1 2009.04.12 -
Authentium 5.1.2.4 2009.04.11 -
Avast 4.8.1335.0 2009.04.11 -
AVG 8.5.0.285 2009.04.11 -
BitDefender 7.2 2009.04.12 -
CAT-QuickHeal 10.00 2009.04.10 -
ClamAV 0.94.1 2009.04.12 -
Comodo 1111 2009.04.12 -
DrWeb 4.44.0.09170 2009.04.12 -
eSafe 7.0.17.0 2009.04.07 -
eTrust-Vet 31.6.6450 2009.04.11 -
F-Prot 4.4.4.56 2009.04.11 -
F-Secure 8.0.14470.0 2009.04.12 -
Fortinet 3.117.0.0 2009.04.12 -
GData 19 2009.04.12 -
Ikarus T3.1.1.49.0 2009.04.12 -
K7AntiVirus 7.10.700 2009.04.11 -
Kaspersky 7.0.0.125 2009.04.12 -
McAfee 5581 2009.04.11 -
McAfee+Artemis 5581 2009.04.11 -
McAfee-GW-Edition 6.7.6 2009.04.11 -
Microsoft 1.4502 2009.04.12 -
NOD32 4002 2009.04.11 -
Norman 6.00.06 2009.04.09 -
nProtect 2009.1.8.0 2009.04.12 -
Panda 10.0.0.14 2009.04.12 -
PCTools 4.4.2.0 2009.04.08 -
Prevx1 V2 2009.04.12 -
Rising 21.24.62.00 2009.04.12 -
Sophos 4.40.0 2009.04.12 -
Sunbelt 3.2.1858.2 2009.04.11 -
Symantec 1.4.4.12 2009.04.12 -
TheHacker 6.3.4.0.305 2009.04.11 -
TrendMicro 8.700.0.1004 2009.04.12 -
VBA32 3.12.10.2 2009.04.12 -
ViRobot 2009.4.10.1688 2009.04.10 -
VirusBuster 4.6.5.0 2009.04.11 -
Rozšiřující informace
File size: 548864 bytes
MD5...: 7347f2f1a4f84f82d0b33eadfec44207
SHA1..: 24791baaa774cd0aeacaad29dba5c037478907d0
SHA256: 595f02c5617f49e18a400b4378353d2009e51bd58f23b2c0929bdd588a59599b
SHA512: 6b75c5de3f37cb8224ccdd8e18a27cd8b1c36948c421cf5077c2261530ba992f
edbf6e9d0c7b527d87befcbf64ff33dc45c947ff933f4d2716e88edcc9eadd67
ssdeep: 6144:EOiBAYDt2xpDt2xdDt2xmDt2xsDt2xTLqnH+m2edBE8e6XxYRPRuLPn:FKI
rIjIMI2Ic3dBE8HhY

PEiD..: -
TrID..: File type identification
Win32 Executable Microsoft Visual Basic 6 (68.5%)
Win32 Executable MS Visual C++ (generic) (20.5%)
Win32 Executable Generic (4.6%)
Win32 Dynamic Link Library (generic) (4.1%)
Generic Win/DOS Executable (1.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3c0c
timedatestamp.....: 0x408631fa (Wed Apr 21 08:34:02 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x76f80 0x77000 7.22 fcee4f838707b9358e1be8f3c772d3ac
.data 0x78000 0x6b38 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x7f000 0xce64 0xd000 3.65 0c7ff7c7062dbee5c03795ee5e625a03

( 1 imports )
> MSVBVM60.DLL: __vbaVarTstGt, __vbaVarSub, __vbaStrI2, _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaVarVargNofree, __vbaFreeVar, __vbaLineInputStr, __vbaLenBstr, -, __vbaStrVarMove, -, __vbaEnd, -, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, -, -, _adj_fprem1, __vbaRecAnsiToUni, -, __vbaCopyBytes, __vbaResume, __vbaStrCat, __vbaRecDestruct, __vbaSetSystemError, __vbaNameFile, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaLateMemSt, -, __vbaForEachCollObj, __vbaBoolStr, __vbaExitProc, __vbaFileCloseAll, -, __vbaCyAdd, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaBoolVar, __vbaForEachCollVar, -, __vbaBoolVarNull, _CIsin, -, -, __vbaErase, __vbaLateMemStAd, __vbaNextEachCollObj, -, __vbaVarZero, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, -, __vbaGenerateBoundsError, -, __vbaCyI2, __vbaStrCmp, __vbaVarTstEq, __vbaCyI4, __vbaNextEachCollVar, __vbaPrintObj, __vbaI2I4, DllFunctionCall, __vbaVarOr, __vbaVarLateMemSt, __vbaLbound, __vbaRedimPreserve, _adj_fpatan, __vbaR4Var, __vbaLateIdCallLd, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaNew, -, _CIsqrt, __vbaVarAnd, EVENT_SINK_QueryInterface, __vbaUI1I4, __vbaFpCmpCy, __vbaVarMul, __vbaExceptHandler, -, __vbaPrintFile, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, -, __vbaI2Str, __vbaVarDiv, -, __vbaFPException, __vbaInStrVar, -, -, __vbaUbound, __vbaStrVarVal, __vbaVarCat, -, __vbaDateVar, -, __vbaI2Var, -, -, -, _CIlog, -, __vbaErrorOverflow, __vbaFileOpen, -, __vbaInStr, __vbaNew2, -, __vbaCyMulI2, _adj_fdiv_m32i, -, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, -, __vbaDerefAry1, _adj_fdivr_m32, __vbaPowerR8, -, _adj_fdiv_r, -, -, -, -, __vbaI4Var, __vbaAryLock, __vbaVarAdd, __vbaVarDup, __vbaStrToAnsi, __vbaFpI2, __vbaFpI4, __vbaVarCopy, -, __vbaVarLateMemCallLd, __vbaR8IntI2, __vbaLateMemCallLd, _CIatan, -, __vbaStrMove, __vbaCastObj, __vbaStrVarCopy, -, _allmul, __vbaLenVarB, __vbaLateIdSt, _CItan, -, __vbaAryUnlock, _CIexp, __vbaMidStmtBstr, -, __vbaFreeStr, __vbaFreeObj, -

( 0 exports )

RDS...: NSRL Reference Data Set
-

[motji]

Dobré odpoledne,
otestujte na www.virustotal ještě tento soubor
C:\WINDOWS\system32\1.tmp

a dejte sem výsledek

[Albi1]

Dobrý večer, bohužel soubor 1.tmp v určeném adresáři není............

[riffman]

nez prijde kolegyne - stahnete GMER , rozbalte a spustte

probehne sken, po jehoz ukonceni na vas bafnou vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem


a aby to nebylo malo - http://rootrepeal.googlepages.com/RootRepeal.zip

stahnout, rozbalit, spustit, precvaknout na zalozku Files, klik na Scan, pockat, pak kliknutim na Save Report ulozit log a jeho obsah zkopirovat sem

[Albi1]

Dobré odpoledne, gmer OK, ale RootRepeal zamrzá a nelze ani ukončit, pouze tvrdý reset. A ještě k tomu zpráva obsahuje více než 60.000 znaků. Zkouším přiložit *.txt soubory.
Přípona *.txt není povolena

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-13 15:10:25
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xBA6C3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xBA6C4340]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A2A91E8

AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----


GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-13 17:08:40
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwClose [0xB7A21160]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xB7A20868]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateKey [0xB7A1D320]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xB7A1FE90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xB7A1FD9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xB7A203FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xB7A21210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xB7A1D786]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteValueKey [0xB7A1D846]
SSDT sptd.sys ZwEnumerateKey [0xBA6C3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xBA6C4340]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xBA94A01C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xBA94A168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xB7A20B54]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenKey [0xB7A1D5CA]
SSDT sptd.sys ZwQueryKey [0xBA6C4418]
SSDT sptd.sys ZwQueryValueKey [0xBA6C4298]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xB7A204EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xB7A20E8C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetValueKey [0xB7A1D9BC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xB7A20DE0]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.text USBPORT.SYS!DllUnload BA42C62C 5 Bytes JMP 8A0381C8
? System32\Drivers\agpephao.SYS Systém nemůže nalézt uvedenou cestu. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[316] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[316] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[316] WININET.dll!InternetConnectA 4454499A 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[316] WININET.dll!InternetConnectW 44545B88 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[316] WININET.dll!InternetOpenA 4454C865 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[316] WININET.dll!InternetOpenW 4454CE99 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[316] WININET.dll!InternetOpenUrlA 44550BCA 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[316] WININET.dll!InternetOpenUrlW 4459AEB9 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[316] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[316] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[316] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] WININET.dll!InternetConnectA 4454499A 5 Bytes JMP 00130F54
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] WININET.dll!InternetConnectW 44545B88 5 Bytes JMP 00130FE0
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] WININET.dll!InternetOpenA 4454C865 5 Bytes JMP 00130D24
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] WININET.dll!InternetOpenW 4454CE99 5 Bytes JMP 00130DB0
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] WININET.dll!InternetOpenUrlA 44550BCA 5 Bytes JMP 00130E3C
.text I:\PROGRA~1\AVG\AVG8\avgnsx.exe[400] WININET.dll!InternetOpenUrlW 4459AEB9 5 Bytes JMP 00130EC8
.text I:\PROGRA~1\AVG\AVG8\avgtray.exe[428] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text I:\PROGRA~1\AVG\AVG8\avgtray.exe[428] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text I:\PROGRA~1\AVG\AVG8\avgtray.exe[428] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text I:\PROGRA~1\AVG\AVG8\avgtray.exe[428] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text I:\PROGRA~1\AVG\AVG8\avgtray.exe[428] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text I:\PROGRA~1\AVG\AVG8\avgtray.exe[428] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text I:\PROGRA~1\AVG\AVG8\avgtray.exe[428] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text I:\PROGRA~1\AVG\AVG8\avgtray.exe[428] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text I:\PROGRA~1\AVG\AVG8\avgtray.exe[428] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text I:\PROGRA~1\AVG\AVG8\avgtray.exe[428] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text I:\PROGRA~1\AVG\AVG8\avgtray.exe[428] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text I:\PROGRA~1\AVG\AVG8\avgtray.exe[428] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text I:\PROGRA~1\AVG\AVG8\avgtray.exe[428] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text I:\PROGRA~1\AVG\AVG8\avgtray.exe[428] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text I:\PROGRA~1\AVG\AVG8\avgtray.exe[428] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[436] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[436] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[436] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[436] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[436] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[436] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[436] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[436] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[436] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[436] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[436] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[436] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[436] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[436] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[436] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[448] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[448] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[448] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[448] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[448] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[448] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[448] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[448] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[448] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[448] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[448] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[448] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[448] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[448] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[448] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\RUNDLL32.EXE[472] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\RUNDLL32.EXE[472] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\RUNDLL32.EXE[472] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\RUNDLL32.EXE[472] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\RUNDLL32.EXE[472] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\RUNDLL32.EXE[472] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\RUNDLL32.EXE[472] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\RUNDLL32.EXE[472] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\RUNDLL32.EXE[472] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\RUNDLL32.EXE[472] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\RUNDLL32.EXE[472] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\RUNDLL32.EXE[472] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\RUNDLL32.EXE[472] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\RUNDLL32.EXE[472] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\RUNDLL32.EXE[472] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00030608
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000307AC
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00030720
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] WININET.dll!InternetConnectA 4454499A 5 Bytes JMP 00030F54
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] WININET.dll!InternetConnectW 44545B88 5 Bytes JMP 00030FE0
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] WININET.dll!InternetOpenA 4454C865 5 Bytes JMP 00030D24
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] WININET.dll!InternetOpenW 4454CE99 5 Bytes JMP 00030DB0
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] WININET.dll!InternetOpenUrlA 44550BCA 5 Bytes JMP 00030E3C
.text I:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[568] WININET.dll!InternetOpenUrlW 4459AEB9 5 Bytes JMP 00030EC8
.text I:\Program Files\ASUS\AI Gear\GearHelp.exe[740] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text I:\Program Files\ASUS\AI Gear\GearHelp.exe[740] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text I:\Program Files\ASUS\AI Gear\GearHelp.exe[740] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text I:\Program Files\ASUS\AI Gear\GearHelp.exe[740] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text I:\Program Files\ASUS\AI Gear\GearHelp.exe[740] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text I:\Program Files\ASUS\AI Gear\GearHelp.exe[740] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text I:\Program Files\ASUS\AI Gear\GearHelp.exe[740] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text I:\Program Files\ASUS\AI Gear\GearHelp.exe[740] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text I:\Program Files\ASUS\AI Gear\GearHelp.exe[740] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text I:\Program Files\ASUS\AI Gear\GearHelp.exe[740] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text I:\Program Files\ASUS\AI Gear\GearHelp.exe[740] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text I:\Program Files\ASUS\AI Gear\GearHelp.exe[740] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text I:\Program Files\ASUS\AI Gear\GearHelp.exe[740] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text I:\Program Files\ASUS\AI Gear\GearHelp.exe[740] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text I:\Program Files\ASUS\AI Gear\GearHelp.exe[740] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[768] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\ATKKBService.exe[872] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\ATKKBService.exe[872] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\ATKKBService.exe[872] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\ATKKBService.exe[872] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\ATKKBService.exe[872] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\ATKKBService.exe[872] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\ATKKBService.exe[872] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\ATKKBService.exe[872] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\ATKKBService.exe[872] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\ATKKBService.exe[872] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\ATKKBService.exe[872] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\ATKKBService.exe[872] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\ATKKBService.exe[872] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608
.text C:\WINDOWS\ATKKBService.exe[872] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\ATKKBService.exe[872] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720
.text I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[952] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[952] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[952] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[952] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[952] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[952] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[952] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[952] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[952] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[952] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[952] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[952] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[952] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[952] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[952] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1000] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1060] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1060] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00160720
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1064] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1064] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1064] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1064] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1064] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1064] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1064] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1064] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1064] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1064] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1064] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1064] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1064] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1064] WS2_32.dll!bind

[riffman]

stahnete a ulozte nejlepe na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:



dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

[Albi1]

Dobrý večer, zde je log z ComboFixu:

ComboFix 09-04-13.A2 - Rodina 2009-04-13 19:34.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.3070.2632 [GMT 2:00]
Spuštěný z: c:\documents and settings\Rodina\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: Sunbelt Personal Firewall *disabled*
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-03-13 do 2009-04-13 )))))))))))))))))))))))))))))))
.

2009-04-12 21:44 . 2004-08-03 20:58 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-12 21:44 . 2004-08-03 20:58 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-12 21:41 . 2009-04-12 21:41 -------- d--h--w c:\documents and settings\All Users\Data aplikací\CanonBJ
2009-04-12 21:41 . 2008-05-26 20:00 230912 ----a-w c:\windows\system32\CNMLM9E.DLL
2009-04-12 21:41 . 2009-04-12 21:41 -------- d--h--w c:\windows\system32\CanonIJ Uninstaller Information
2009-04-12 21:41 . 2008-05-30 00:27 270336 ----a-w c:\windows\system32\CNC540L.DLL
2009-04-12 21:41 . 2008-04-07 05:58 1339392 ----a-w c:\windows\system32\CNC540C.DLL
2009-04-12 21:41 . 2008-04-07 05:58 98304 ----a-w c:\windows\system32\CNC540I.DLL
2009-04-12 21:41 . 2007-03-15 05:12 188416 ----a-w c:\windows\system32\CNC540O.DLL
2009-04-12 21:33 . 2004-08-03 21:01 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-12 21:33 . 2004-08-03 21:01 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-12 21:32 . 2004-08-03 21:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-04-12 21:32 . 2004-08-03 21:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-12 21:23 . 2009-04-12 21:23 -------- d-----w c:\documents and settings\Rodina\Data aplikací\Zoner
2009-04-12 21:17 . 2009-04-12 21:17 -------- d-----w c:\documents and settings\Rodina\Local Settings\Data aplikací\Star Stable 1
2009-04-12 20:53 . 2007-08-14 06:12 18816 ------w c:\windows\system32\SAVRKBootTasks.sys
2009-04-12 20:06 . 2009-04-12 20:06 -------- d-----w c:\documents and settings\Rodina\Local Settings\Data aplikací\Identities
2009-04-10 21:30 . 2009-04-10 21:30 -------- d-----w C:\rsit
2009-04-09 20:49 . 2004-02-26 22:00 962612 ----a-w c:\windows\system32\mfc42d.dll
2009-04-09 20:49 . 2004-02-16 22:00 434252 ----a-w c:\windows\system32\MSVCRTD.DLL
2009-04-09 20:49 . 2006-10-18 19:12 12664 ----a-r c:\windows\system32\drivers\AsIO.sys
2009-04-09 20:49 . 2006-01-10 08:50 24576 ----a-r c:\windows\system32\AsIO.dll
2009-04-09 20:49 . 2006-10-19 01:11 12096 ----a-w c:\windows\system32\drivers\AsInsHelp64.sys
2009-04-09 20:49 . 2006-10-19 01:11 10304 ----a-w c:\windows\system32\drivers\AsInsHelp32.sys
2009-04-09 20:47 . 2009-04-09 20:47 -------- d-----r c:\windows\AsDmiHtm
2009-04-09 20:42 . 2005-10-20 14:25 12416 ----a-w c:\windows\system32\drivers\asusgsb32.sys
2009-04-09 20:42 . 2005-09-27 08:02 16000 ----a-w c:\windows\system32\drivers\Video3D32.sys
2009-04-09 20:41 . 2009-04-09 20:41 737280 ----a-w c:\windows\iun6002.exe
2009-04-09 20:39 . 2009-04-09 20:39 -------- d-----w c:\documents and settings\All Users\Data aplikací\NVIDIA
2009-04-09 20:34 . 2009-04-13 17:00 81191 ----a-w c:\windows\system32\nvapps.xml
2009-04-09 20:34 . 2009-04-09 20:36 -------- d-----w c:\windows\nview
2009-04-09 20:34 . 2006-08-11 13:42 16960 ----a-w c:\windows\system32\nvdisp.nvu
2009-04-09 20:34 . 2006-08-11 13:42 208896 ----a-w c:\windows\system32\nvudisp.exe
2009-04-09 20:33 . 2006-06-14 05:56 12288 ----a-r c:\windows\system32\drivers\EIO.sys
2009-04-08 22:11 . 2009-04-08 22:11 -------- d-----w c:\documents and settings\Rodina\Local Settings\Data aplikací\Help
2009-04-08 21:24 . 2007-01-18 12:00 3968 ----a-w c:\windows\system32\drivers\AvgArCln.sys
2009-04-06 19:56 . 2009-04-06 19:56 -------- d-----w c:\documents and settings\Rodina\Local Settings\Data aplikací\Adobe
2009-04-06 19:44 . 2009-04-06 19:44 -------- d-----w c:\documents and settings\Rodina\Data aplikací\Malwarebytes
2009-04-06 19:43 . 2009-03-26 14:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 19:43 . 2009-03-26 14:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:43 . 2009-04-06 19:43 -------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-06 19:19 . 2009-04-06 19:19 -------- d-----w c:\documents and settings\Rodina\Data aplikací\EleFun Games
2009-04-06 19:15 . 2009-04-06 19:22 -------- d-----w c:\documents and settings\Rodina\Data aplikací\Skype
2009-04-05 19:53 . 2009-04-05 19:53 -------- d-----w c:\documents and settings\All Users\Data aplikací\AVS4YOU
2009-04-05 19:31 . 2009-04-05 19:31 685816 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-05 19:28 . 2009-04-05 19:32 -------- d-----w c:\documents and settings\Rodina\Data aplikací\uTorrent
2009-04-05 19:09 . 2009-04-05 19:09 390 ----a-w c:\windows\ODBC.INI
2009-04-05 19:09 . 2004-03-22 13:17 24816 ----a-w c:\windows\system32\mdimon.dll
2009-04-05 19:08 . 2009-04-05 19:09 -------- d-----w c:\windows\SHELLNEW
2009-04-05 18:49 . 2008-10-31 05:09 270888 ----a-r c:\windows\system32\drivers\SbFw.sys
2009-04-05 18:49 . 2008-06-21 02:54 65576 ----a-w c:\windows\system32\drivers\SbFwIm.sys
2009-04-05 09:06 . 2009-04-09 18:44 -------- d-----w c:\documents and settings\Rodina\Data aplikací\Vso
2009-04-05 08:50 . 2009-04-05 08:50 548864 ------w c:\windows\Setup1.exe
2009-04-05 08:50 . 2009-04-05 08:50 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-05 08:42 . 2009-04-05 19:56 -------- d-----w c:\documents and settings\Rodina\Data aplikací\Orbit
2009-04-05 08:19 . 2009-04-06 20:07 -------- d-----w c:\windows\system32\CatRoot_bak
2009-04-05 07:23 . 2008-06-14 18:00 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-05 07:23 . 2008-06-14 18:00 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-04-05 07:11 . 2008-08-14 13:46 2059904 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-05 07:11 . 2008-08-14 13:46 2182528 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-05 07:11 . 2008-08-14 13:46 2138112 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-05 07:11 . 2008-08-14 13:46 2017792 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-05 07:06 . 2008-10-24 11:10 453632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-04 22:03 . 2009-04-05 10:05 -------- d--h--w C:\$AVG8.VAULT$
2009-04-04 21:44 . 2009-04-08 21:33 -------- d--h--w c:\windows\$hf_mig$
2009-04-04 21:16 . 2009-04-13 17:30 -------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-04-04 21:01 . 2005-06-28 08:21 22752 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-04 21:00 . 2009-04-04 21:00 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-04 21:00 . 2006-06-18 21:59 43008 ----a-w c:\windows\system32\drivers\AmdK8.sys
2009-04-04 20:59 . 2009-04-04 20:59 22 ----a-w c:\windows\FileName
2009-04-04 20:57 . 2006-03-23 17:51 208896 ----a-w c:\windows\system32\NVUNINST.EXE
2009-04-04 20:57 . 2006-05-05 11:16 396 ----a-r c:\windows\system32\raidmgmt.ini
2009-04-04 20:57 . 2006-05-05 10:32 941454 ----a-r c:\windows\system32\SATA.bmp
2009-04-04 20:57 . 2006-03-23 18:08 804 ----a-r c:\windows\system32\AsusSetup.ini
2009-04-04 20:57 . 2006-02-21 11:38 486400 ----a-r c:\windows\system32\AsusSetup.exe
2009-04-04 20:57 . 2006-05-05 10:32 941454 ----a-r c:\windows\system32\Alert.bmp
2009-04-04 20:57 . 2009-04-09 20:47 32861 ----a-w c:\windows\Ascd_tmp.ini
2009-04-04 20:57 . 2004-08-13 02:56 5810 ----a-r c:\windows\system32\drivers\ASACPI.sys
2009-04-04 20:56 . 2006-10-11 03:33 10288 ----a-w c:\windows\system32\drivers\ASUSHWIO.SYS
2009-04-04 19:51 . 2009-04-04 19:51 -------- d-sh--w c:\documents and settings\Rodina\UserData
2009-04-04 19:36 . 2009-04-06 19:24 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-04 19:36 . 2009-04-04 19:36 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-04 19:36 . 2009-04-04 19:36 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-04 19:36 . 2009-04-13 13:06 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-04 19:36 . 2009-04-09 21:04 -------- d-----w c:\documents and settings\Rodina\Data aplikací\AVGTOOLBAR
2009-04-04 19:36 . 2009-04-04 19:36 -------- d-----w c:\documents and settings\All Users\Data aplikací\avg8
2009-04-03 23:19 . 2009-04-03 23:19 -------- d-----w C:\Hrajte naplno 2005
2009-04-03 22:38 . 2001-08-17 21:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-04-03 22:38 . 2004-08-17 15:49 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-03 22:37 . 2004-08-17 15:43 58240 ----a-w c:\windows\system32\drivers\redbook.sys
2009-04-03 22:37 . 2001-08-17 21:46 6400 ----a-w c:\windows\system32\drivers\enum1394.sys
2009-04-03 22:36 . 2004-08-17 15:49 75264 ----a-w c:\windows\system32\usbui.dll
2009-04-03 22:34 . 2009-04-13 17:34 -------- d-----w c:\windows\system32\CatRoot2
2009-04-03 22:34 . 2009-04-08 20:47 -------- d-----w c:\windows\system32\CatRoot
2009-04-03 22:34 . 2009-04-12 21:41 -------- d--h--r c:\documents and settings\All Users\Data aplikací
2009-04-03 22:34 . 2009-04-03 22:35 -------- d--h--r c:\documents and settings\Default User\Data aplikací
2009-04-03 22:34 . 2009-04-05 19:39 -------- d-----w C:\Documents and Settings
2009-04-03 22:34 . 2009-04-03 20:50 -------- d--h--w c:\documents and settings\Default User
2009-04-03 22:34 . 2009-04-03 20:49 -------- d-----w c:\documents and settings\All Users
2009-04-03 22:33 . 2009-04-03 20:52 261 ----a-w c:\windows\system32\$winnt$.inf
2009-04-03 22:08 . 2009-04-09 20:39 17848 ----a-w c:\documents and settings\Rodina\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-03 22:06 . 2009-04-06 19:39 -------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-03 22:06 . 2005-08-25 17:18 118784 ----a-w c:\windows\system32\MSSTDFMT.DLL
2009-04-03 22:06 . 2005-04-15 18:58 1071088 ----a-w c:\windows\system32\MSCOMCTL.OCX

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 21:45 . 2009-04-12 21:38 -------- d-----w c:\program files\Canon
2009-04-12 21:44 . 2009-04-12 21:44 -------- d-----w c:\program files\Common Files\CANON
2009-04-12 21:41 . 2009-04-12 21:41 -------- d--h--w c:\program files\CanonBJ
2009-04-12 21:15 . 2009-04-04 21:00 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 21:01 . 2009-04-09 21:01 -------- d-----w c:\program files\Microsoft IntelliPoint
2009-04-09 20:51 . 2009-04-09 20:42 -------- d-----w c:\program files\ASUS
2009-04-09 20:49 . 2009-04-04 20:57 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-09 20:46 . 2009-04-09 20:41 -------- d-----w c:\program files\GameFace Messenger
2009-04-09 20:43 . 2001-10-25 14:00 46196 ----a-w c:\windows\system32\perfc005.dat
2009-04-09 20:43 . 2001-10-25 14:00 309990 ----a-w c:\windows\system32\perfh005.dat
2009-04-09 20:35 . 2009-04-09 20:35 -------- d-----w c:\program files\My Company Name
2009-04-06 20:35 . 2009-04-06 20:35 -------- d-----w c:\program files\I.CA
2009-04-06 19:56 . 2009-04-06 19:56 -------- d-----w c:\program files\Common Files\Adobe
2009-04-06 19:39 . 2009-04-03 22:06 -------- d-----w c:\program files\SpywareBlaster
2009-04-05 19:09 . 2009-04-05 19:09 -------- d-----w c:\program files\Microsoft.NET
2009-04-04 21:02 . 2009-04-04 21:02 -------- d-----w c:\program files\Analog Devices
2009-04-04 21:00 . 2009-04-04 21:00 -------- d-----w c:\program files\DIFX
2009-04-04 20:59 . 2009-04-04 20:59 -------- d-----w c:\program files\NVIDIA Corporation
2009-04-04 19:49 . 2009-04-03 20:49 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-04 19:36 . 2009-04-04 19:36 -------- d-----w c:\program files\AVG
2009-04-03 20:50 . 2009-04-03 20:50 -------- d-----w c:\program files\microsoft frontpage
2009-04-03 20:48 . 2009-04-03 20:48 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-09 14:19 . 2004-08-17 13:44 1846272 ----a-w c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="i:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2006-09-08 1085440]
"AlcoholAutomount"="i:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 219520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="i:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-04 1932568]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"GameFace Messenger"="c:\program files\GameFace Messenger\GameFace.exe" [2006-08-02 2048000]
"Launch Ai Booster"="i:\program files\ASUS\AI Booster\OverClk.exe" [2006-11-28 3714048]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 363008]
"Ai Gear Help"="i:\program files\ASUS\AI Gear\GearHelp.exe" [2006-07-27 415744]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-04 21:36 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"i:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"i:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"i:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"i:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"i:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"i:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 MEMSWEEP2;MEMSWEEP2; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-04 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-06 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;i:\progra~1\AVG\AVG8\avgemc.exe [2009-04-04 908056]
S2 avg8wd;AVG Free8 WatchDog;i:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-04 298264]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]

.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - i:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: {F90F74D2-3746-4D56-9FC0-1D5EFC2DB454} = 89.190.64.20,195.146.99.4
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 19:38
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1140)
c:\windows\system32\nvappfilter.dll
.
Celkový čas: 2009-04-13 19:40
ComboFix-quarantined-files.txt 2009-04-13 17:40

Před spuštěním: 2 516 271 104
Po spuštění: 2,506,960,896

218 --- E O F --- 2009-04-08 21:33

[riffman]

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:

Kód: Vybrat vše

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:



po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem

Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou fukncni konfiguraci