Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

DCOM Exploit

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Zamčeno
Zpráva
Autor
MisoB
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 20 čer 2008 12:56

Re: DCOM Exploit

#31 Příspěvek od MisoB »

SmallARK sa nedalo zaskrtnut :( a ten log obsahuje o 1000 znakov viac ako je dovolene... co s tym?
Nahoru
Uživatelský avatar
earl
VIP
VIP
Příspěvky: 1279
Registrován: 14 pro 2005 20:59
Bydliště: Brno

Re: DCOM Exploit

#32 Příspěvek od earl »

Hm,no treba rozdelit do dvou postu :)
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
ObrázekAKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ObrázekZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
ObrázekNEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
Obrázek Obrázek
Obrázek Obrázek
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Nahoru
MisoB
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 20 čer 2008 12:56

Re: DCOM Exploit

#33 Příspěvek od MisoB »

Windows Vista SP 2 (build 6002)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
UPM DB: Ne (0)
DigiSign: Ano

Log vygenerován: 17. 12. 2009 16:01:01
================================================================

Procesy + scan
================================================================

[?]
|_ Proces Heuri: Proces se nepodařilo otevřít, ROOTKIT?, Nelze otevřít, Nemá okno,

[?] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
|_ Proces Heuri: Bez výrobce, Nemá okno,

[?] C:\Program Files\ATK Hotkey\ASLDRSrv.exe
|_ Proces Heuri: Bez výrobce, Nemá okno,

[?] C:\Program Files\ATKGFNEX\GFNEXSrv.exe
|_ Proces Heuri: Bez výrobce, Nemá okno,

[?] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
|_ Proces Heuri: EntryPoint v sekci: , Podvržená cesta modulu:(00F50000) [DLL] ?, Podvržená cesta modulu:(011F0000) [DLL] ?,

[?] C:\Program Files\ATK Hotkey\HControl.exe
|_ Proces Heuri:

[?] C:\Program Files\ATKOSD2\ATKOSD2.exe
|_ Proces Heuri: Bez výrobce, Podobná jména:ATKOSD2.EXE X ATKOSD.EXE,

[?] C:\Program Files\Wireless Console 2\wcourier.exe
|_ Proces Heuri: Bez výrobce,

[?] C:\Program Files\P4G\BatteryLife.exe
|_ Proces Heuri:

[?] C:\Program Files\ASUS\ATK Media\DMedia.exe
|_ Proces Heuri: Spouští se po startu,

[?] C:\Program Files\ASUS\Splendid\ACMON.exe
|_ Proces Heuri:

[?] C:\Windows\System32\ASUSTPE.exe
|_ Proces Heuri: Non Microsoft v System32, Spouští se po startu,

[?] C:\Windows\ASScrPro.exe
|_ Proces Heuri: Bez výrobce, Spouští se po startu,

[?] C:\Windows\System32\ACEngSvr.exe
|_ Proces Heuri: Non Microsoft v System32, Nemá okno,

[?] C:\Program Files\ATK Hotkey\ATKOSD.exe
|_ Proces Heuri: Bez výrobce, Podobná jména:ATKOSD.EXE X ATKOSD2.EXE,

[?] C:\Program Files\ATK Hotkey\KBFiltr.exe
|_ Proces Heuri: Bez výrobce,

[?] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
|_ Proces Heuri: EntryPoint v sekci: , Podvržená cesta modulu:(00CC0000) [DLL] ?, Podvržená cesta modulu:(040B0000) [DLL] ?, Podvržená cesta modulu:(04CB0000) [DLL] ?, Podvržená cesta modulu:(04DD0000) [DLL] ?, Podvržená cesta modulu:(05080000) [DLL] ?, Podvržená cesta modulu:(056A0000) [DLL] ?, Podvržená cesta modulu:(05960000) [DLL] ?, Podvržená cesta modulu:(05BF0000) [DLL] ?, Podvržená cesta modulu:(062A0000) [DLL] ?, Podvržená cesta modulu:(067A0000) [DLL] ?, Podvržená cesta modulu:(06910000) [DLL] ?, Podvržená cesta modulu:(06E40000) [DLL] ?, Podvržená cesta modulu:(06FF0000) [DLL] ?, Podvržená cesta modulu:(072B0000) [DLL] ?, Podvržená cesta modulu:(07860000) [DLL] ?, Podvržená cesta modulu:(08B20000) [DLL] ?,

[?] C:\Users\Michal\Desktop\Nový prie
inok (2)\upm.exe
|_ Proces Heuri: Bez výrobce, Skrytá cesta EXE:C:\Users\Michal\Desktop\Nový priečinok (2)\upm.exe,


Po spuštění
================================================================

HKLM Run
|_ [X][Windows Defender] C:\Windows\Program Files\Windows Defender\MSASCui.exe -hide (Soubor nenalezen)
|_ [?] [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
|_ [?] [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
|_ [?] [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
|_ [?] [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
|_ [?] [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe

HKLM ShellServiceObjectDelayLoad
|_ [X][WebCheck] (Soubor nenalezen)

HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] C:\Windows\System32\rundll32.exe C:\Windows\System32\iedkcs32.dll,BrandIEActiveSetup SIGNUP (Soubor nenalezen)
|_ [X][{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] C:\Windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll (Soubor nenalezen)
|_ [X][{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] C:\Windows\Program Files\Windows Mail\WinMail.exe OCInstallUserConfigOE (Soubor nenalezen)
|_ [X][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll (Soubor nenalezen)
|_ [X][{89B4C1CD-B018-4511-B0A1-5476DBF70820}] C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install (Soubor nenalezen)

HKLM Winlogon Notify
|_ [?] [!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

Moduly
================================================================

[?] C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll
|_ Výrobce: ALWIL Software
|_ Popis: Antivirus HW dependent library
|_ MD5: 6D6416FA182FA865D265DFFA5A03C3C2 (81920)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ aswUpdSv.exe
|_ ashServ.exe
|_ ashMaiSv.exe
|_ ashWebSv.exe
|_ ashDisp.exe

[?] C:\Program Files\Alwil Software\Avast4\aswCmnB.dll
|_ Výrobce: ALWIL Software
|_ Popis: High level portable functions
|_ MD5: F8DF17A0090F29EE330B34145152F38A (131072)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ aswUpdSv.exe
|_ ashServ.exe
|_ ashMaiSv.exe
|_ ashWebSv.exe
|_ ashDisp.exe

[?] C:\Program Files\Alwil Software\Avast4\aswCmnS.dll
|_ Výrobce: ALWIL Software
|_ Popis: Common non-portable functions
|_ MD5: 7D79CD441ED208D062B326145C7B3AED (192512)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ aswUpdSv.exe
|_ ashServ.exe
|_ ashMaiSv.exe
|_ ashWebSv.exe
|_ ashDisp.exe

[?] C:\Windows\System32\msvcr71.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: Microsoft® C Runtime Library
|_ MD5: CA2F560921B7B8BE1CF555A5A18D54C3 (348160)
|_ Soubor Heuri: ncmpny,
|_ Procesy:
|_ aswUpdSv.exe
|_ ashServ.exe
|_ ashMaiSv.exe
|_ ashWebSv.exe
|_ ashDisp.exe

[?] C:\Windows\System32\msvcp71.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: Microsoft® C++ Runtime Library
|_ MD5: A94DC60A90EFD7A35C36D971E3EE7470 (503808)
|_ Soubor Heuri: ncmpny,
|_ Procesy:
|_ aswUpdSv.exe
|_ ashServ.exe
|_ ashMaiSv.exe
|_ ashWebSv.exe
|_ ashDisp.exe

[?] C:\Windows\System32\athihvs.dll
|_ Výrobce: Atheros
|_ Popis: IHVS DLL
|_ MD5: 3B5816464996EABEC62DFDB45D70C833 (393216)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ wlanext.exe

[?] C:\Program Files\Alwil Software\Avast4\aswScan.dll
|_ Výrobce: ALWIL Software
|_ Popis: Low level antivirus engine
|_ MD5: 9FB2179200238536B788CB4046C61C24 (86016)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashServ.exe
|_ ashMaiSv.exe
|_ ashWebSv.exe

[?] C:\Program Files\Alwil Software\Avast4\aswEngin.dll
|_ Výrobce: ALWIL Software
|_ Popis: High level antivirus engine
|_ MD5: 144137D2E91504F551E82135673D89AE (1327104)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashServ.exe
|_ ashMaiSv.exe
|_ ashWebSv.exe

[?] C:\Program Files\Alwil Software\Avast4\aswInteg.dll
|_ Výrobce: ALWIL Software
|_ Popis: Integrity checking implementation
|_ MD5: D933B267939363888A40F86017561552 (23040)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashServ.exe

[?] C:\Program Files\Alwil Software\Avast4\ashBase.dll
|_ Výrobce: ALWIL Software
|_ Popis: Basic Functionality Module
|_ MD5: E8B0EDD5C8518D9A1F73AC0C54A94D7C (225280)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashServ.exe
|_ ashMaiSv.exe
|_ ashWebSv.exe
|_ ashDisp.exe

[?] C:\Program Files\Alwil Software\Avast4\aswAux.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast! Auxiliary Library
|_ MD5: 8EA778943B7E155991AE9E3C818269AB (659456)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashServ.exe
|_ ashMaiSv.exe
|_ ashWebSv.exe
|_ ashDisp.exe

[?] C:\Program Files\Alwil Software\Avast4\ashTask.dll
|_ Výrobce: ALWIL Software
|_ Popis: Task Handling Module
|_ MD5: 0B9DBFE71F4EB4355985EE60E6A1DC3F (118784)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashServ.exe
|_ ashMaiSv.exe
|_ ashWebSv.exe
|_ ashDisp.exe

[?] C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast! Sqlt Storage Module
|_ MD5: B26CF29C64FDF7876D0E81C27C80F7BF (233472)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashServ.exe

[?] C:\Program Files\Alwil Software\Avast4\Aavm4h.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast! Asynchronous Virus Monitor (AAVM)
|_ MD5: 6CA1292225B47A5421E941B3CFEF48AF (225280)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashServ.exe
|_ ashMaiSv.exe
|_ ashWebSv.exe
|_ ashDisp.exe

[?] C:\Program Files\Alwil Software\Avast4\AavmRpch.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast! AAVM Remote Procedure Call Library
|_ MD5: F3EAC60879AE425D81DBA70C3DA76D13 (20992)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashServ.exe
|_ ashMaiSv.exe
|_ ashWebSv.exe
|_ ashDisp.exe

[?] C:\Program Files\Alwil Software\Avast4\AhResStd.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast! Standard Shield AAVM Provider Library
|_ MD5: 816CAE36B3D430622EB4D40CF9CC1E82 (43008)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashServ.exe

[?] C:\Program Files\Alwil Software\Avast4\AhResOut.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast! MS Outlook/Exchange AAVM Provider Library
|_ MD5: D3DE25C3CA9BCE6805E028C5DD304304 (29696)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashServ.exe

[?] C:\Program Files\Alwil Software\Avast4\AhResMai.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast! e-Mail Scanner AAVM Provider Library
|_ MD5: 60DA054E9DDFC242346B879EAAF1EBCE (35840)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashServ.exe
|_ ashMaiSv.exe

[?] C:\Program Files\Alwil Software\Avast4\ahResMes.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast!4 Messenger scanner AAVM Provider Library
|_ MD5: A7469E3BE8770E7015CA499BA6729568 (32768)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashServ.exe

[?] C:\Program Files\Alwil Software\Avast4\ahResP2P.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast!4 P2P Shield AAVM Provider Library
|_ MD5: 6E5E0EE9C837229C26C3B53B2036E44D (33280)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashServ.exe

[?] C:\Program Files\Alwil Software\Avast4\AhResNS.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast!4 Network Shield AAVM Provider Library
|_ MD5: B3840EB1F44C28CA25D304FD1DA86954 (35840)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashServ.exe

[?] C:\Program Files\Alwil Software\Avast4\AhResWS.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast! HTTP Scanner AAVM Provider Library
|_ MD5: 0C923A24FB7E7D6B4D210537F36E5296 (53248)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashServ.exe
|_ ashWebSv.exe

[?] C:\Program Files\Alwil Software\Avast4\aswRes.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast! version 4 resource file
|_ MD5: 7604EFEA62ACC8E90C8D7DCC58D577AF (147456)
|_ Procesy:
|_ ashServ.exe

[?] C:\Program Files\Alwil Software\Avast4\SLOVAK\Base.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast! Slovak Basic Module, translation by SlovakSoft
|_ MD5: 519BB4D6F47DCC5D7804267516DEF3A5 (90112)
|_ Procesy:
|_ ashServ.exe
|_ ashMaiSv.exe
|_ ashWebSv.exe
|_ ashDisp.exe

[?] C:\Program Files\Alwil Software\Avast4\SLOVAK\Lang.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast! Main Slovak Module, translator: Peter Mikšík (SlovakSoft), contributor: Vlado Valaštiak (wladow)
|_ MD5: C75222D3BDEBA71F67D6D9A480C3D4D6 (2543616)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashMaiSv.exe
|_ ashDisp.exe

[?] C:\Program Files\Alwil Software\Avast4\SLOVAK\LangMai.dll
|_ Výrobce: ALWIL Software
|_ Popis: Slovak language DLL for avast! e-Mail Scanner
|_ MD5: 4B5F714ED7A7C55C2864F1A31B2ADFDA (43520)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashMaiSv.exe

[?] C:\Windows\System32\mfc71.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: MFCDLL Shared Library - Retail Version
|_ MD5: 1FD3F9722119BDF7B8CFF0ECD1E84EA6 (1060864)
|_ Soubor Heuri: ncmpny,
|_ Procesy:
|_ ashMaiSv.exe
|_ ashDisp.exe

[?] C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
|_ Výrobce: ?
|_ Popis: OverlayIconShlExt
|_ MD5: A95209B0323131E40309207D4C2616A8 (147456)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ explorer.exe
|_ firefox.exe
|_ upm.exe

[?] C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
|_ Výrobce: ?
|_ Popis: ?
|_ MD5: 44CB8F8C28BC8CC2AE73740B3A1502F3 (143360)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ explorer.exe
|_ firefox.exe
|_ upm.exe

[?] C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
|_ Výrobce: SUPERAntiSpyware.com
|_ Popis: SUPERAntiSpyware Context Menu Extension
|_ MD5: D617404D119B1DB10366692447D8A648 (61440)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ explorer.exe

[?] C:\Program Files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.NLR
|_ Výrobce: Nokia
|_ Popis: Nokia Phone Browser language resources
|_ MD5: 07D777AC2849D42E19AAD8EB331E1B36 (27648)
|_ Procesy:
|_ explorer.exe

[?] C:\Program Files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.NGR
|_ Výrobce: Nokia
|_ Popis: Nokia Phone Browser graphics resources
|_ MD5: 5058D323DDABFAD0D8D8BC2CAEF73070 (573440)
|_ Procesy:
|_ explorer.exe

[?] C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
|_ Výrobce: Nokia
|_ Popis: Phone Browser
|_ MD5: DDF5324E0F3065846E9B65FF3AFD379E (614400)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ explorer.exe

[?] C:\Program Files\Nokia\Nokia PC Suite 7\NGSCM.dll
|_ Výrobce: Nokia
|_ Popis: Next Gen Suite Common Modules
|_ MD5: 83AB0FCCF90A395AE71B7EA931C90529 (929792)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ explorer.exe

[?] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
|_ Výrobce: ?
|_ Popis: ACE Context Menu
|_ MD5: 70F168522361476EDEF1FB2EFE8E438A (688128)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ explorer.exe

[?] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
|_ Výrobce: Elaborate Bytes AG
|_ Popis: CloseTray
|_ MD5: 0429E1E97BE616AE91F19E25078C921F (101544)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ explorer.exe

[?] C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
|_ Výrobce: ?
|_ Popis: ?
|_ MD5: AB323491A40A05F3122591D04F676DD4 (331776)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ explorer.exe

[?] C:\Program Files\7-Zip\7-zip.dll
|_ Výrobce: Igor Pavlov
|_ Popis: 7-Zip Shell Extension
|_ MD5: 4BE58151FA03D036DC017D41CF0589AE (54784)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ explorer.exe

[?] C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2990.37169__90ba9c70f846762e\MOM.Implementation.DLL
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: MOM Implementation
|_ MD5: 5AD170519B6E763EEE010AE7F3D4B611 (102400)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ MOM.exe
|_ MOM.exe
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.DLL
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: LOG Foundation Static
|_ MD5: B68401297E97B617D73A82B1532F98E7 (32768)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ MOM.exe
|_ MOM.exe
|_ CCC.exe
|_ CCC.exe

[?] [DLL] ?
|_ Výrobce:
|_ Popis:
|_ MD5:
|_ Soubor Heuri: cant open (Názov súboru, názov adresára alebo syntax označenia zväzku nie sú správne.)
|_ Procesy:
|_ MOM.exe
|_ MOM.exe
|_ CCC.exe
|_ CCC.exe
|_ CCC.exe
|_ CCC.exe
|_ CCC.exe
|_ CCC.exe
|_ CCC.exe
|_ CCC.exe
|_ CCC.exe
|_ CCC.exe
|_ CCC.exe
|_ CCC.exe
|_ CCC.exe
|_ CCC.exe
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.DLL
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: MOM Foundation
|_ MD5: 98AB38AF56BF3C333416878C13B161A1 (16384)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ MOM.exe
|_ MOM.exe
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2990.36910__90ba9c70f846762e\AEM.Server.DLL
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: AEM Server
|_ MD5: A572EFA9C3313A61835B298AE157F450 (45056)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ MOM.exe
|_ MOM.exe
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.DLL
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: AEM Foundation
|_ MD5: 298C1239C0688EAB4F83EA0D5C2CCC8A (24576)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ MOM.exe
|_ MOM.exe
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\7742aef93bc3679a986cb5dab148cd76\System.Web.ni.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: System.Web.dll
|_ MD5: 08DD0E0639AC0929C9A46E876CDBADF8 (11800576)
|_ Procesy:
|_ MOM.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2990.37168__90ba9c70f846762e\LOG.Foundation.Implementation.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: LOG Foundation Implementation
|_ MD5: 3D32E968FD7AC06718757EBF656C254F (61440)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ MOM.exe
|_ CCC.exe

[?] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\425e95df110b77abad261a46fca54e99\System.Windows.Forms.ni.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: .NET Framework
|_ MD5: 4005C194272628CD1362A7AC88B50718 (12430848)
|_ Procesy:
|_ MOM.exe
|_ CCC.exe

[?] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\57e722244d3b48cb92b340bc92d7a191\System.Drawing.ni.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: .NET Framework
|_ MD5: 31D759EB90CCCADC5641B6461C8AE180 (1587200)
|_ Procesy:
|_ MOM.exe
|_ CCC.exe

[?] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\13cce38e8de5fd54853390e4e98abd0e\System.ni.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: .NET Framework
|_ MD5: 96D9CCDFCBDAB436BF49AD0ED15C18E3 (7868416)
|_ Procesy:
|_ MOM.exe
|_ CCC.exe

[?] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5fada30bf7c201ababed5104184b9754\System.Runtime.Remoting.ni.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: Microsoft .NET Runtime Object Remoting
|_ MD5: B49D32FBA5F5670B45663145947F717A (771584)
|_ Procesy:
|_ MOM.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: LOG Foundation Implementation Private SDK
|_ MD5: 8FFD904980FD6DCD8A48608704D05030 (20480)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ MOM.exe
|_ CCC.exe

[?] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\894183c0c47bd4772fbfad4c1a7e3b71\mscorlib.ni.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: Microsoft Common Language Runtime Class Library
|_ MD5: 3C97E7131026A968C69892A3002F4003 (11490816)
|_ Procesy:
|_ MOM.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: LOG Foundation Dynamic
|_ MD5: EC294E9704E766DD05CB29AA31A86469 (32768)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ MOM.exe
|_ CCC.exe

[?] C:\Program Files\ATK Hotkey\inter_f2.dll
|_ Výrobce: ATK
|_ Popis: inter_f2 DLL
|_ MD5: 06B4C8D5D9708A7494AC7C02CD54650E (36864)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ HControl.exe

[?] C:\Program Files\ATK Hotkey\SiSPkt.dll
|_ Výrobce: Silicon Integrated Systems Corp.
|_ Popis: SiSPkt
|_ MD5: E7C665D4AFAAB45A9086D02FFC87A4B4 (303104)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ HControl.exe

[?] C:\Program Files\ATK Hotkey\CMSSC.DLL
|_ Výrobce:
|_ Popis:
|_ MD5: E3E8DC9033D9C2AD2F30F23ADA3C4BE4 (57344)
|_ Soubor Heuri: ncmpny,
|_ Procesy:
|_ HControl.exe

[?] C:\Program Files\ATK Hotkey\ATKWLIOC.DLL
|_ Výrobce: ACTIONTEC Electronics,Inc
|_ Popis: AEI Driver Interface Library
|_ MD5: 388CE212A119271EEA68F42712F3F64F (80384)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ HControl.exe

[?] C:\Program Files\ASUS\ATK Media\ATKMETHOD.dll
|_ Výrobce: ASUSTeK Computer Inc.
|_ Popis: ATKMETHOD
|_ MD5: CE3337219D3CD64243728B225C730394 (49152)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ DMedia.exe

[?] C:\Program Files\ASUS\Splendid\GLCDdll.dll
|_ Výrobce: ?
|_ Popis: GLCDdll
|_ MD5: 4AC5C7F14B6077BF189B43276E9B6F08 (9216)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ACMON.exe

[?] C:\Program Files\ASUS\Splendid\Chameleon.dll
|_ Výrobce: ASUSTeK
|_ Popis: Chameleon
|_ MD5: 98AB7A3AC4155640146F6BEC422C81E4 (53248)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ACMON.exe

[?] C:\Program Files\ASUS\Splendid\OVS.dll
|_ Výrobce: ASUSTek
|_ Popis: OVS
|_ MD5: 85C57CD47F292E248E56A41E7E7A19C6 (32768)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ACMON.exe

[?] C:\Program Files\Alwil Software\Avast4\ashUInt.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast! User Interface Common Module
|_ MD5: FCE48F51523E38C5E74969766B353D73 (331776)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashDisp.exe

[?] C:\Program Files\Alwil Software\Avast4\XT1922.dll
|_ Výrobce: Codejock Software
|_ Popis: Xtreme Toolkit Library DLL
|_ MD5: 6C08604B5465DE19EAAC58C6A537D0BF (917504)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashDisp.exe

[?] C:\Program Files\Alwil Software\Avast4\AhRuiStd.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast! Standard Shield AAVM Provider GUI Library
|_ MD5: CB39A7024BE54E75E3B696272FDC0987 (57344)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashDisp.exe

[?] C:\Program Files\Alwil Software\Avast4\AhRuiOut.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast! MS Outlook/Exchange AAVM Provider GUI Library
|_ MD5: 9625471205DFC433FB73E231FC9CBB01 (118784)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashDisp.exe

[?] C:\Program Files\Alwil Software\Avast4\AhRuiMai.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast! e-Mail Scanner provider GUI
|_ MD5: 02BD0FEACAA1A65F77806A3C3DEBD046 (94208)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashDisp.exe

[?] C:\Program Files\Alwil Software\Avast4\ahRuiMes.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast!4 Messenger scanner AAVM Provider GUI Library
|_ MD5: 27BB54223D4AAEBBEB0E65DF776CF6C2 (57344)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashDisp.exe

[?] C:\Program Files\Alwil Software\Avast4\ahRuiP2P.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast!4 P2P Shield AAVM Provider GUI Library
|_ MD5: E5C7E4C34E43BFD68DE1CF2034FE9AF8 (22528)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashDisp.exe

[?] C:\Program Files\Alwil Software\Avast4\AhRuiNS.dll
|_ Výrobce: ALWIL Software
|_ Popis: avast!4 Network Shield AAVM Provider GUI Library
|_ MD5: 99C120153031FBD057D4FA0499FFF755 (57344)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashDisp.exe

[?] C:\Program Files\Alwil Software\Avast4\AhRuiWS.dll
|_ Výrobce: ALWIL Software
|_ Popis: Avast! WWW Scanner AAVM Provider GUI Library
|_ MD5: 8F933065A585EAFD798DD5E49598CDCB (49152)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ ashDisp.exe

[?] C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2990.37169__90ba9c70f846762e\CCC.Implementation.DLL
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: CCC Application Implementation
|_ MD5: 01734DE9EBDB0BA49952EB33050DAA4C (32768)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.DLL
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: CLI Foundation
|_ MD5: 7BE16AAF0923E6889C1276ABF7A1087C (53248)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.DLL
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: CCCCom
|_ MD5: AA5FFB8FD1425B18C23DE7450F554E9E (32768)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.DLL
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: AEM Foundation
|_ MD5: 770E3461F6CCC45EDEBA15321684A863 (24576)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.DLL
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: AEM Server Shared
|_ MD5: 8F5DB5F71EFCEDA174CBFD84CE10174F (16384)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.DLL
|_ Výrobce: ATI Technologies Inc.
|_ Popis: DEM Graphics I0601
|_ MD5: CCE69BC85D019F49691C592DDCC2FA97 (45056)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.DLL
|_ Výrobce: ATI Technologies Inc.
|_ Popis: DEM Foundation
Nahoru
MisoB
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 20 čer 2008 12:56

Re: DCOM Exploit

#34 Příspěvek od MisoB »

[?] C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.DLL
|_ Výrobce: ATI Technologies Inc.
|_ Popis: DEM Foundation
|_ MD5: 110D2A7BBFBA80AAE36B5F229FE800AD (16384)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.DLL
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: DEM Graphics
|_ MD5: 4CDAE1E74129C2BC16F3A859457D2ECD (16384)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.DLL
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: DEM.OS.I0602
|_ MD5: BDAF2483944B83E8D4BC39C7F487DCBE (20480)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.DLL
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: DEM OS
|_ MD5: 4C22C191479F65344885FD2188B3E266 (16384)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Popis: DEM.Graphics.I0709
|_ MD5: A28DE8E4EB7641639F68C62A32264578 (16384)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
|_ Výrobce: ?
|_ Popis:
|_ MD5: 0A7977FF7535F237C8C745AE09887C35 (16384)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2990.36911__90ba9c70f846762e\ATIDEMOS.DLL
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Popis: OS DEM
|_ MD5: 57580DE8F3F1926BAC13A198C3D56460 (65536)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.DLL
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Popis: DEM.Graphics.I0706
|_ MD5: 2E7FAB502A8615B1AAB0EAB35AFBCA3B (16384)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Popis: DEM Graphics I0712
|_ MD5: DAB3B370E0C2815FDF5B29204B8FB984 (16384)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2990.36909__90ba9c70f846762e\APM.Server.DLL
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Popis: APM Server
|_ MD5: 4357C0F6A62C80AB47877A26081B5BE4 (53248)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.DLL
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: APM Foundation
|_ MD5: F12698F6A8694E5FA6B96C10CF085C1A (20480)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.DLL
|_ Výrobce:
|_ Popis:
|_ MD5: 74A97243AB81F912EFB1E75C0233CBAE (6656)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2990.36926__90ba9c70f846762e\CLI.Component.Dashboard.dll
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Popis: Dashboard Component
|_ MD5: 6EDED8FFFAC9618615A7ECF8749100E7 (1507328)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2990.37076__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Dashboard Graphics Caste MM Video Aspect
|_ MD5: 43529DBFAAA352059FFA628A81D4480F (802816)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2990.36961__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Wizard DisplaysManager Aspect
|_ MD5: 1AA3C16C2306AB00FA0B23153C97B6EB (1679360)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2990.37177__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Dashboard Graphics Caste PowerPlayDPPE Aspect
|_ MD5: 5DB364A86F598B22E8A5D5BDC7C7804F (147456)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2990.36986__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Dashboard Graphics Display Colour 2 Aspect
|_ MD5: 891219D43249335017A43AFA0BC89EAF (585728)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2990.37118__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Dashboard Graphics Caste R300/R400 Radeon3D Aspect
|_ MD5: D7CC5313D124D6C2EDD4CD2C9E3F1F04 (352256)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2990.37062__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Popis: Dashboard Graphics Caste DFP Aspect
|_ MD5: 90030B9F11C849BEB45EF639BA39908D (442368)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2990.37104__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Popis: Dashboard Graphics Caste LCD Aspect
|_ MD5: BA60752F3EFFA3B410CDD36DC7DC08F4 (401408)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2990.37070__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Dashboard Graphics Caste CRT Aspect
|_ MD5: 1C179C0672FD48696F74B0E823B44EF0 (479232)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2990.37090__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Dashboard Graphics Caste Display Options Aspect
|_ MD5: DEA4158694442744D8CA798E6FE43388 (118784)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2990.36940__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Dashboard Graphics Caste Display Manager Aspect
|_ MD5: FC589B875935350B92FCAE3BD6384B01 (438272)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2990.36980__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Dashboard Graphics Caste InfoCentre Aspect
|_ MD5: B4574B1613A71C117AFC7C685D7B53F4 (217088)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2990.37184__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
|_ Výrobce: Advanced Mirco Devices, Inc.
|_ Popis: Dashboard Graphics Caste Welcome Aspect
|_ MD5: D35DA78F60D1E6C7A80EF275816D9D09 (135168)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2990.36932__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Dashboard Graphics Caste
|_ MD5: FF19683385FA9F5188DBEF48BF838AF5 (73728)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2990.36993__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Wizard DeviceLCD Aspect
|_ MD5: 43C0CEEFD5B91D3E4D1A7F7BA29C30CC (307200)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2990.37138__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Wizard Graphics Caste MM Video Aspect
|_ MD5: 5F60C2084EFD438628E750D92216C636 (401408)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2990.37179__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Dashboard Local Caste TransCode Wizard
|_ MD5: 5E9ABF120C143AD087AA7DD73F74AA20 (483328)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Dashboard Graphics Shared Caste
|_ MD5: 5F108CB732CBB5EA26C37D62D5ADCF29 (16384)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Dashboard Component Shared Private Types
|_ MD5: 0C900F762DDA5F13B2E41BA0AB2C8F67 (20480)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Dashboard Component Shared Types
|_ MD5: DAFC7899ED420D3224D0D2323B18914D (20480)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2990.36974__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Wizard Graphics Caste InfoCentre Aspect
|_ MD5: 6E41AE20E568E2086087D597CD0EF6C1 (196608)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Shared Graphics Caste PowerPlayDPPE Aspect
|_ MD5: 11DD295D619B9D53B0745DBCFDBFEEE5 (28672)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2990.37205__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Popis: Private Foundation Implementation for Localization framework
|_ MD5: ACDFD199A1B6649337E4065A25416B59 (11264)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Dashboard Local Caste TransCode Shared
|_ MD5: 3AF9735B4102959B3604D5A679DE6C71 (40960)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2990.37125__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Wizard Graphics Caste R300/R400 Radeon3D Aspect
|_ MD5: F94D78B073EFF74FB3AD95210F2F708D (90112)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Wizard Graphics Shared Caste
|_ MD5: 3CDC16E013AF214F37E66FA90217C35B (16384)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2990.36953__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Wizard Graphics Caste
|_ MD5: 5C466DB6CD4140DA12D318501AAFCC78 (40960)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Wizard Component Shared Private Types
|_ MD5: 99DF957642959A864AF8381BD60447CA (24576)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Wizard Component Shared Types
|_ MD5: 7CAF4277CA228E792122A7FDCD7C79FD (20480)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2990.36947__90ba9c70f846762e\CLI.Component.Wizard.dll
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Popis: Wizard Component
|_ MD5: C25FE44922330AB54DC31E97A86FD875 (491520)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2990.37161__90ba9c70f846762e\CLI.Component.Systemtray.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: SystemTray Component
|_ MD5: 6538F87C4E9D529B95C8EBC725A2FA45 (413696)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: HK Shared
|_ MD5: 91CF31A8BFE4ECD654BDFC6A1C8938BD (20480)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: DPPE Shared
|_ MD5: ECAFA04A73D64D8F23B531609BD52EDC (16384)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2990.37194__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: AEM Event Sources Kit
|_ MD5: 31DE5413A9DA53D80426A1B71F559F0F (40960)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: EEU source plugin shared
|_ MD5: D05CDC3EF5B1D9EDC48B9D78F9764967 (16384)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2990.36910__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: EEU Runtime Extension
|_ MD5: AB4ECF1A854DD7E4ADD0EF76F246EBE9 (6656)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Runtime Shared
|_ MD5: AB7E3AB416AF7A7A6F62A78557FFE45B (16384)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: CLI Foundation Private
|_ MD5: 2B8AE4B75ABA71135DC15D27046B09D7 (40960)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Runtime Shared Private
|_ MD5: 58394C6DC5E5639FBCD235355BB483EA (45056)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2990.36911__90ba9c70f846762e\CLI.Component.Runtime.dll
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Popis: Runtime Component
|_ MD5: A022375C617D744E5EBC7602A47AFB32 (73728)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\99e7927ccb9099e607035349814d4cf6\System.Xml.ni.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: .NET Framework
|_ MD5: 5ED7722D11473666528DADC758E4EDF1 (5450752)
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2990.37177__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Runtime Graphics Caste PowerPlayDPPE Aspect
|_ MD5: 21633D25B1B71D5AE8964B3F69E130C5 (45056)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Client Shared
|_ MD5: C086AF6684633310F140A08AD02480AF (20480)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Popis: Client Shared Private
|_ MD5: 605219B234F31CCFE28C87ECD5968905 (40960)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Shared Graphics Caste MM Video Aspect
|_ MD5: 23DA305E3BA3518E38628FB49B88D4C5 (49152)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2990.37076__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Runtime Graphics Caste MM Video Aspect
|_ MD5: 54E6C4C489DC5C409AE80F0BD1AD1CFB (73728)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Shared Graphics Caste R300/R400 Radeon3D Aspect
|_ MD5: BAB75620AE05D63CD80DDCE71DA4372A (53248)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2990.37118__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Runtime Graphics Caste R300/R400 Radeon3D Aspect
|_ MD5: E95623F5C68B8682D182B1D2DA1B8588 (61440)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Shared Graphics Caste DFP Aspect
|_ MD5: 688A947EC982A898858195BD6AF77BDA (45056)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2990.37068__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Popis: Runtime Graphics Caste DFP Aspect
|_ MD5: 670A72B1349C119216330A335D64D6A2 (61440)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Shared Graphics Caste LCD Aspect
|_ MD5: ACFEB0E56A4C6B229534DCD97C06A768 (28672)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2990.37103__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Popis: Runtime Graphics Caste LCD Aspect
|_ MD5: 818E944FC6B6178601F754D7000A0035 (32768)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Shared Graphics Caste CRT Aspect
|_ MD5: 97143B71E0DE3AFCF20D72DE8E06B017 (53248)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2990.37075__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Runtime Graphics Caste CRT Aspect
|_ MD5: 948801B5681BB9A7C7F40511275518C5 (40960)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Shared Graphics Caste Display Option Aspect
|_ MD5: E21CE3761B8A1E2DD7B954BC35CE662B (24576)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2990.37089__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Runtime Graphics Caste Display Option Aspect
|_ MD5: C7D6C091C671D0C67358B65503D89F37 (36864)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Shared Graphics Caste Display Colour 2 Aspect
|_ MD5: 5B112A16B848B3BECE8D69C6FE6055F2 (28672)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2990.36992__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Runtime Graphics Caste Display Colour 2
|_ MD5: 746FF6A28AB416EEEF43D4484CC44B10 (40960)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Shared Graphics Caste TV Aspect
|_ MD5: 655C7CD95EAD1DA652A026ED70EAA96B (65536)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2990.37146__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Runtime Graphics Caste CRT Aspect
|_ MD5: F7084ABF148198FB8CAC2829ADA96D5E (77824)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Shared Graphics Caste Common Display Device Aspect
|_ MD5: 0A397573B00FA7C18CDEF90765FD8C41 (32768)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2990.37068__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Popis: Runtime Graphics Caste DeviceProperty Aspect Shared
|_ MD5: FBDB9487ED2C94ED0B0F91D13CC211FB (36864)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Shared Custom Formats
|_ MD5: C115EFF076631E40E5A83AA95257CDB4 (24576)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Shared Graphics Caste CV Aspect
|_ MD5: F3B08F3772430FCE8EEDDACFA5CB01E0 (40960)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Runtime Shared Private Graphics Caste
|_ MD5: 28D660A70F0EBD04FA60A3CB2FCD41F6 (20480)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2990.37110__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Runtime Graphics Caste CV Aspect
|_ MD5: 8DC2C6EC4EB07B3AABE53E8893F661F3 (65536)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Shared Graphics Caste HotkeysHandling Aspect
|_ MD5: 707AA4ED132166BB0F492204F4B3A7CE (20480)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2990.36939__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: Runtime Graphics Caste HotkeysHandling Aspect
|_ MD5: 39E8773742A75C064B4F86066B21EA64 (20480)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
|_ Výrobce: Advanced Micro Devices, Inc.
|_ Popis: Private Foundation for Localization framework
|_ MD5: 5ACAB8B8A21E865818B4C2185439AC4B (16384)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: AEM Actions Shared
|_ MD5: 87645928254896D1EE82917F0456AA33 (20480)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: GD source plugin shared
|_ MD5: 51C404C32C2B54F157FF0369F2D4EF39 (16384)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2990.36918__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
|_ Výrobce: Advanced Mirco Devices, Inc.
|_ Popis: Runtime Graphics Caste
|_ MD5: 11EF5AAF7068A7C488CE57DDB5534FB2 (253952)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
|_ Výrobce: Advanced Micro Devices Inc.
|_ Popis: CLI Foundation XManifest
|_ MD5: 94815CCBF6BE55D5D605C74BD8B17036 (28672)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
|_ Výrobce: ATI Technologies Inc.
|_ Popis: ACE Graphics DisplaysManager Shared
|_ MD5: 93D5B9634C4744FB115785081ECF9738 (24576)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
|_ Výrobce: Advanced Mirco Devices, Inc.
|_ Popis: Shared Graphics Caste
|_ MD5: CE1A66F2DC0FAA685A14822EAFD368F6 (53248)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ CCC.exe

[?] C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
|_ Výrobce: Nokia
|_ Popis: Synchronizer OLE Server
|_ MD5: A6DCB0F8C92EF06AC5BA5D0CAE298A65 (303104)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ firefox.exe

[?] C:\Program Files\Mozilla Firefox\softokn3.dll
|_ Výrobce: Mozilla Foundation
|_ Popis: NSS PKCS #11 Library
|_ MD5: 72F0D6097C7749524394F4CE55BDCA55 (155648)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ firefox.exe

[?] C:\Program Files\Mozilla Firefox\nssdbm3.dll
|_ Výrobce: Mozilla Foundation
|_ Popis: Legacy Database Driver
|_ MD5: 29AE2DC6CDAD8AA57AF95200C19857AF (98304)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ firefox.exe

[?] C:\Program Files\Mozilla Firefox\freebl3.dll
|_ Výrobce: Mozilla Foundation
|_ Popis: NSS freebl Library
|_ MD5: 9EBDAB3BD2C807D606D10BC9B1A4F9B9 (249856)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ firefox.exe

[?] C:\Users\Michal\Desktop\Nový priečinok (2)\upm.dll
|_ Výrobce: Lodus Software
|_ Popis: Ultimate Process Manager Core Library
|_ MD5: 53E76DFB5653675E7D1A2980F36BE104 (14336)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ upm.exe

[?] C:\Users\Michal\Desktop\Nový priečinok (2)\prjXTab.ocx
|_ Výrobce: xyz
|_ Popis: ?
|_ MD5: A5BB28FFBB25AAF3FE75E22D102BC6F4 (159744)
|_ Soubor Heuri: no vrfy,
|_ Procesy:
|_ upm.exe

[?] C:\Users\Michal\Desktop\Nový priečinok (2)\olepro32.dll
|_ Výrobce: Microsoft Corporation
|_ Popis: ?
|_ MD5: 33F14F23DFAE4B43CDD4E535CD7C1963 (83456)
|_ Soubor Heuri: ncmpny,
|_ Procesy:
|_ upm.exe


Služby
================================================================

[?] Acronis Scheduler2 Service
|_ Cesta: C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
| |_ Soubor Heuri: cant open (Systém nemôže nájsť zadanú cestu.)
|
|_ Jméno: AcrSch2Svc
|_ StartName: LocalSystem

[?] ADSM Service
|_ Cesta: C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
| |_ Výrobce: ?
| |_ Popis: ADSMSrv
| |_ MD5: 609A6F49B6AF0F25837F8A0EDDDB0745 (73728)
| |_ Soubor Heuri: no vrfy,
|
|_ Jméno: ADSMService
|_ StartName: LocalSystem

[?] ASLDR Service
|_ Cesta: C:\Program Files\ATK Hotkey\ASLDRSrv.exe
| |_ Výrobce: ?
| |_ Popis: ASLDR Service
| |_ MD5: 66597AD6098352D11239C0C42100B176 (94208)
| |_ Soubor Heuri: no vrfy,
|
|_ Jméno: ASLDRService
|_ StartName: LocalSystem

[?] ATKGFNEX Service
|_ Cesta: C:\Program Files\ATKGFNEX\GFNEXSrv.exe
| |_ Výrobce: ?
| |_ Popis: GFNEXSrv
| |_ MD5: 7C157574A181B19B9DCF5F339E25337E (94208)
| |_ Soubor Heuri: no vrfy,
|
|_ Jméno: ATKGFNEXSrv
|_ StartName: LocalSystem

[?] avast! Mail Scanner
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe /service
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
| |_ Soubor Heuri: cant open (Systém nemôže nájsť zadanú cestu.)
|
|_ Jméno: avast! Mail Scanner
|_ StartName: LocalSystem

[?] avast! Web Scanner
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe /service
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
| |_ Soubor Heuri: cant open (Systém nemôže nájsť zadanú cestu.)
|
|_ Jméno: avast! Web Scanner
|_ StartName: LocalSystem

[?] Google Update Service (gupdate)
|_ Cesta: C:\Program Files\Google\Update\GoogleUpdate.exe /svc
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
| |_ Soubor Heuri: cant open (Systém nemôže nájsť zadanú cestu.)
|
|_ Jméno: gupdate
|_ StartName: LocalSystem

[?] Lavasoft Ad-Aware Service
|_ Cesta: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
| |_ Soubor Heuri: cant open (Systém nemôže nájsť zadaný súbor.)
|
|_ Jméno: Lavasoft Ad-Aware Service
|_ StartName: LocalSystem

[?] Inštalátor systému Windows
|_ Cesta: C:\Windows\system32\msiexec /V
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
| |_ Soubor Heuri: cant open (Systém nemôže nájsť zadanú cestu.)
|
|_ Jméno: msiserver
|_ StartName: LocalSystem

[?] ServiceLayer
|_ Cesta: C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
| |_ Výrobce: Nokia
| |_ Popis: ServiceLayer Module
| |_ MD5: 8988D1F32F56B3CD3F0F6C39F8A91A98 (657408)
| |_ Soubor Heuri: no vrfy,
|
|_ Jméno: ServiceLayer
|_ StartName: LocalSystem

[?] Windows Defender
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 3794B461C45882E06856F282EEF025AF (21504)
|
|_ ServiceDLL: C:\Windows\Program Files\Windows Defender\mpsvc.dll
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
| |_ Soubor Heuri: cant open (Systém nemôže nájsť zadanú cestu.)
|
|_ Jméno: WinDefend
|_ StartName: LocalSystem

[?]
|_ Cesta:
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
| |_ Soubor Heuri: cant open (Systém nemôže nájsť zadanú cestu.)
|
|_ Jméno:
|_ StartName:


Ovladače
================================================================

[?] C:\Windows\system32\DRIVERS\CnxEtU.sys
|_ ServiceName: Conexant AccessRunner USB ADSL Interface Device Driver
|
|_ Výrobce: Conexant
|_ Popis: Conexant USB WDM
|_ MD5: FA60C26336A08139F93705DD5CBD2853 (646400)
|_ Soubor Heuri: no vrfy,


[?] C:\Windows\system32\DRIVERS\CnxEtP.sys
|_ ServiceName: Conexant AccessRunner USB ADSL WAN Adapter Filter Driver
|
|_ Výrobce: Conexant
|_ Popis: Conexant USB WDM
|_ MD5: F586FB3A2128A0F3932D504B8946BAB4 (60288)
|_ Soubor Heuri: no vrfy,


[?] C:\Windows\system32\DRIVERS\CnxTgN.sys
|_ ServiceName: Conexant AccessRunner USB ADSL WAN Adapter Driver
|
|_ Výrobce: Conexant Systems Inc.
|_ Popis: NDIS 5.0 WAN driver for PCI ADSL adapter
|_ MD5: B6CABEE38CBB29CA66335B13AED8A052 (108771)
|_ Soubor Heuri: no vrfy,


[?] C:\Windows\System32\Drivers\ElbyCDIO.sys
|_ ServiceName: ElbyCDIO Driver
|
|_ Výrobce: Elaborate Bytes AG
|_ Popis: ElbyCD Windows NT/2000/XP I/O driver
|_ MD5: 178CC9403816C082D22A1D47FA1F9C85 (24232)
|_ Soubor Heuri: no vrfy,


[?] C:\Windows\System32\Drivers\dump_dumpata.sys
|_ ServiceName: N/A
|
|_ Výrobce:
|_ Popis:
|_ MD5:
|_ Soubor Heuri: cant open (Systém nemôže nájsť zadaný súbor.) nosvc,


[?] C:\Windows\System32\Drivers\dump_atapi.sys
|_ ServiceName: N/A
|
|_ Výrobce:
|_ Popis:
|_ MD5:
|_ Soubor Heuri: cant open (Systém nemôže nájsť zadaný súbor.) nosvc,



Soubory
================================================================

System32:
[!] 3456-A289-439d-8115-601632D005A0
|_Výrobce:
|_Popis:
|_MD5:
|_Soubor Heuri: cant open (Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.) (7B296F~1.C74)

[!] 3456-A289-439d-8115-601632D005A0
|_Výrobce:
|_Popis:
|_MD5:
|_Soubor Heuri: cant open (Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.) (7B296F~2.C74)

[?] ACEngSvr.exe
|_Výrobce: ASUSTeK
|_Popis: ACEngSvr Module
|_MD5: A391896CD406E6377F5CEF31FDC12019 (155648)
|_Soubor Heuri: no vrfy,

[?] acovcnt.exe
|_Výrobce:
|_Popis:
|_MD5: 6BCAF46E2B7FA9ACE92B4D39F3037C5C (45056)
|_Soubor Heuri: ncmpny,

[?] actskin4.ocx
|_Výrobce:
|_Popis: ActiveSkin Module
|_MD5: 99825C8AED2FA0AC76AA0FAD770F44C1 (380928)
|_Soubor Heuri: no vrfy,

[?] ASUSTPE.exe
|_Výrobce: ASUS
|_Popis: TouchPad Extra
|_MD5: FE0EF4DF767FA54FACBF03E815DFC23B (106496)
|_Soubor Heuri: no vrfy,

[?] athihvs.dll
|_Výrobce: Atheros
|_Popis: IHVS DLL
|_MD5: 3B5816464996EABEC62DFDB45D70C833 (393216)
|_Soubor Heuri: no vrfy,

[?] athihvui.dll
|_Výrobce: Atheros
|_Popis: IHVUI DLL
|_MD5: CC72D4B12DC12A9F4E99977F7AD0E365 (53248)
|_Soubor Heuri: no vrfy,

[?] atl71.dll
|_Výrobce: Microsoft Corporation
|_Popis: ATL Module for Windows (Unicode)
|_MD5: 79CB6457C81ADA9EB7F2087CE799AAA7 (89600)
|_Soubor Heuri: ncmpny,

[?] CnxClsCo.dll
|_Výrobce: Conexant Systems, Inc.
|_Popis: Conexant Device Class CoInstaller
|_MD5: 4C0C3D31D7CCB6CABC7F9F1AA4175931 (118784)
|_Soubor Heuri: no vrfy,

[?] CnxHwIo.dll
|_Výrobce: Conexant Systems Inc.
|_Popis: Application/Driver Interface DLL.
|_MD5: CABE7E9CD55A99E665305AC1C77FCCA5 (163840)
|_Soubor Heuri: no vrfy,

[?] CnxMfdCo.dll
|_Výrobce: Conexant Systems, Inc.
|_Popis: Conexant Multifunction Device CoInstaller
|_MD5: 8D12AE18428FAEF62F751AE78945C772 (118784)
|_Soubor Heuri: no vrfy,

[?] ElbyCDIO.dll
|_Výrobce: Elaborate Bytes AG
|_Popis: ElbyCDIO DLL
|_MD5: FE67ED90DD9CDDAED4CFFAE93192E58B (89256)
|_Soubor Heuri: no vrfy,

[?] ElbyVCD.dll
|_Výrobce: Elaborate Bytes AG
|_Popis: VirtualCloneDrive
|_MD5: B9FEE09256DE2814C7A9B8141CFD4B0C (134312)
|_Soubor Heuri: no vrfy,

[?] GPhotos.scr
|_Výrobce: Google Inc.
|_Popis: Google Photos Screensaver
|_MD5: 3FF3BB971AB74066971FE4FDA324D7C4 (2146304)
|_Soubor Heuri: no vrfy,

[?] mfc71.dll
|_Výrobce: Microsoft Corporation
|_Popis: MFCDLL Shared Library - Retail Version
|_MD5: 1FD3F9722119BDF7B8CFF0ECD1E84EA6 (1060864)
|_Soubor Heuri: ncmpny,

[?] mfc71u.dll
|_Výrobce: Microsoft Corporation
|_Popis: MFCDLL Shared Library - Retail Version
|_MD5: 863ABB8788D7A4562D845A70B3CCA426 (1053184)
|_Soubor Heuri: ncmpny,

[?] msvcp71.dll
|_Výrobce: Microsoft Corporation
|_Popis: Microsoft® C++ Runtime Library
|_MD5: A94DC60A90EFD7A35C36D971E3EE7470 (503808)
|_Soubor Heuri: ncmpny,

[?] msvcr70.dll
|_Výrobce: Microsoft Corporation
|_Popis: Microsoft® C Runtime Library
|_MD5: 9972A6ED4F2388DBFA8E0A96F6F3FDF1 (344064)
|_Soubor Heuri: ncmpny,

[?] msvcr71.dll
|_Výrobce: Microsoft Corporation
|_Popis: Microsoft® C Runtime Library
|_MD5: CA2F560921B7B8BE1CF555A5A18D54C3 (348160)
|_Soubor Heuri: ncmpny,

[?] S64CPA.exe
|_Výrobce: Atheros
|_Popis: S64CPA.DLL
|_MD5: 81980E7B6E70776A7BEB060A43474A13 (376832)
|_Soubor Heuri: no vrfy,

[?] TPESetting.dll
|_Výrobce: ASUS
|_Popis: TouchPad Extra Setting
|_MD5: 4C42174D8C6C575059EDFFF14B14AEEA (32768)
|_Soubor Heuri: no vrfy, (TPESET~1.DLL)

[?] vbzlib1.dll
|_Výrobce:
|_Popis: vbzlib data compression library
|_MD5: 82D58FC961DDF0EC5C61CDC0C3F14FE6 (73728)
|_Soubor Heuri: no vrfy,

Drivers:
[?] CnxEtP.sys
|_Výrobce: Conexant
|_Popis: Conexant USB WDM
|_MD5: F586FB3A2128A0F3932D504B8946BAB4 (60288)
|_Soubor Heuri: no vrfy,

[?] CnxEtU.sys
|_Výrobce: Conexant
|_Popis: Conexant USB WDM
|_MD5: FA60C26336A08139F93705DD5CBD2853 (646400)
|_Soubor Heuri: no vrfy,

[?] CnxTgN.sys
|_Výrobce: Conexant Systems Inc.
|_Popis: NDIS 5.0 WAN driver for PCI ADSL adapter
|_MD5: B6CABEE38CBB29CA66335B13AED8A052 (108771)
|_Soubor Heuri: no vrfy,

[?] ElbyCDIO.sys
|_Výrobce: Elaborate Bytes AG
|_Popis: ElbyCD Windows NT/2000/XP I/O driver
|_MD5: 178CC9403816C082D22A1D47FA1F9C85 (24232)
|_Soubor Heuri: no vrfy,


lNetStat
================================================================

Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------

Access Violations
================================================================

Blokace REGEDIT
Zakáže příkazovou řádku a BAT soubory

Ostatní
================================================================

Hosts:
127.0.0.1 localhost

DNS:
195.146.128.62
195.146.132.58

================================================================
Ultimate Process Manager v5.0.0w - [ Lodus Software ] - :-(

================================================================
Ultimate Process Manager v5.0.0w - [ Lodus Software ] - :-(
Nahoru
Uživatelský avatar
earl
VIP
VIP
Příspěvky: 1279
Registrován: 14 pro 2005 20:59
Bydliště: Brno

Re: DCOM Exploit

#35 Příspěvek od earl »

Ok.

Jak se chova pc nyni?

:arrow: Stahnete Rootkit Revealer

Rozbalte ZIP archiv a spustte aplikaci.Pokud to nepujde,zvolte pres prave tlacitko mysi Run as Administrator.

Kliknete na tlacitko Scan a po dokonceni scanu kliknete na File - Save a ulozeny log vlozte sem.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
ObrázekAKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ObrázekZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
ObrázekNEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
Obrázek Obrázek
Obrázek Obrázek
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Nahoru
MisoB
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 20 čer 2008 12:56

Re: DCOM Exploit

#36 Příspěvek od MisoB »

No ten DCOm Exploit stale avast ukazuje....
Nahoru
MisoB
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 20 čer 2008 12:56

Re: DCOM Exploit

#37 Příspěvek od MisoB »

Nejde to, stale to nejake nove okna windowsu ukazovalo a neslo na nic kliknut... 2-krat som restartoval pc... neslo to proste.... aj prescanovalo ale log už nesiel ulozit bo neslo kliknut na nic... zmizli tlacitka, preskakovali, prehadzovalis sa a tak :]]]
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: DCOM Exploit

#38 Příspěvek od motji »

Hezké odpoledne, záskok za kolegu :)

:arrow: Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

Poprosím o nový log ze Rsitu :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
MisoB
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 20 čer 2008 12:56

Re: DCOM Exploit

#39 Příspěvek od MisoB »

AVPTOOL log sem nedavam leob nic nenasiel... Jedine co by v tom logu bolo že scan zacal a scan bol dokonceny :lol: :lol: :lol: A potom este ten log z RSITU pridam za chvilku... :]
Nahoru
MisoB
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 20 čer 2008 12:56

Re: DCOM Exploit

#40 Příspěvek od MisoB »

Logfile of random's system information tool 1.06 (written by random/random)
Run by Michal at 2009-12-25 17:31:56
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 68 GB (57%) free of 119 GB
Total RAM: 3071 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:18, on 25. 12. 2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michal\Desktop\RSIT.exe
C:\Program Files\trend micro\Michal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=13170&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.2\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: setup_9.0.0.722_24.12.2009_23-08.lnk = Michal\Desktop\Virus Removal Tool\setup_9.0.0.722_24.12.2009_23-08\startup.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{9597B395-063F-409D-A331-5A31D9898724}: NameServer = 195.146.128.62 195.146.132.58
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AWJVFYPG - Unknown owner - C:\Users\Michal\AppData\Local\Temp\AWJVFYPG.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SU - Unknown owner - C:\Users\Michal\AppData\Local\Temp\SU.exe (file missing)

--
End of file - 7400 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Michal.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-07 4853760]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-09-03 630784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"ASUSTPE"=C:\Windows\system32\ASUSTPE.exe [2007-10-12 106496]
"ASUS Camera ScreenSaver"=C:\Windows\ASScrProlog.exe [2009-09-15 37232]
"ASUS Screen Saver Protector"=C:\Windows\ASScrPro.exe [2009-09-15 33136]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.2\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-05 149280]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-12-10 1800464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe [2004-05-06 516096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
C:\Program Files\P4P\P4P.exe [2007-08-03 778240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]

C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
setup_9.0.0.722_24.12.2009_23-08.lnk - C:\Users\Michal\Desktop\Virus Removal Tool\setup_9.0.0.722_24.12.2009_23-08\startup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-24 23:24:30 ----D---- C:\ProgramData\Kaspersky Lab
2009-12-22 16:45:15 ----D---- C:\Program Files\The KMPlayer
2009-12-22 14:45:52 ----D---- C:\Program Files\Nokia
2009-12-16 15:55:51 ----D---- C:\Windows\temp
2009-12-16 15:43:16 ----D---- C:\ComboFix
2009-12-16 15:42:55 ----D---- C:\Qoobox
2009-12-12 12:20:38 ----D---- C:\32788R22FWJFW
2009-12-12 11:56:50 ----A---- C:\Windows\iun6002.exe
2009-12-10 19:42:22 ----D---- C:\ProgramData\Comodo
2009-12-10 19:42:21 ----A---- C:\Windows\system32\guard32.dll
2009-12-10 19:42:16 ----D---- C:\Program Files\COMODO
2009-12-10 17:46:01 ----D---- C:\Temp
2009-12-09 13:54:39 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-09 13:54:36 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 13:51:35 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 13:51:34 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 13:51:33 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 13:51:33 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 13:51:32 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 13:51:32 ----A---- C:\Windows\system32\occache.dll
2009-12-09 13:51:32 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 13:51:32 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 13:51:31 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 13:51:31 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 13:51:31 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 13:51:31 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 13:51:31 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-09 13:51:31 ----A---- C:\Windows\system32\iepeers.dll
2009-12-09 13:51:30 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-09 13:51:30 ----A---- C:\Windows\system32\iesetup.dll
2009-12-09 13:51:30 ----A---- C:\Windows\system32\iernonce.dll
2009-12-09 13:51:30 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-09 13:51:07 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 13:49:24 ----A---- C:\Windows\system32\rastls.dll
2009-12-07 18:45:22 ----D---- C:\Program Files\PC Connectivity Solution
2009-11-28 20:22:26 ----D---- C:\ProgramData\ICQ
2009-11-27 16:42:22 ----D---- C:\Program Files\CCleaner

======List of files/folders modified in the last 1 months======

2009-12-25 17:32:07 ----D---- C:\Windows\Prefetch
2009-12-25 17:31:57 ----D---- C:\Program Files\trend micro
2009-12-25 17:26:43 ----D---- C:\Windows\System32
2009-12-25 17:26:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-25 17:26:42 ----D---- C:\Windows\inf
2009-12-24 23:57:42 ----D---- C:\Users\Michal\AppData\Roaming\Skype
2009-12-24 23:35:17 ----D---- C:\Users\Michal\AppData\Roaming\skypePM
2009-12-24 23:25:03 ----SHD---- C:\System Volume Information
2009-12-24 23:24:30 ----HD---- C:\ProgramData
2009-12-24 23:23:50 ----D---- C:\Windows\system32\drivers
2009-12-24 21:54:43 ----A---- C:\Windows\system32\acovcnt.exe
2009-12-22 21:29:57 ----D---- C:\Program Files\Mozilla Firefox
2009-12-22 21:29:06 ----D---- C:\Users\Michal\AppData\Roaming\uTorrent
2009-12-22 20:32:30 ----RD---- C:\Program Files
2009-12-22 20:31:43 ----SHD---- C:\Windows\Installer
2009-12-22 16:46:03 ----D---- C:\Windows\system32\Tasks
2009-12-22 15:40:55 ----D---- C:\Windows
2009-12-22 14:46:53 ----D---- C:\ProgramData\Nokia
2009-12-22 14:46:32 ----D---- C:\Windows\winsxs
2009-12-22 14:45:52 ----D---- C:\Program Files\Common Files\Nokia
2009-12-22 14:38:54 ----D---- C:\Windows\system32\catroot2
2009-12-22 14:38:54 ----D---- C:\Windows\system32\catroot
2009-12-22 14:35:16 ----D---- C:\Users\Michal\AppData\Roaming\JAlbum
2009-12-22 14:31:22 ----D---- C:\Users\Michal\AppData\Roaming\Nokia
2009-12-22 14:29:26 ----D---- C:\ProgramData\Installations
2009-12-22 14:27:59 ----D---- C:\Program Files\Common Files
2009-12-21 16:33:23 ----D---- C:\Program Files\SUPERAntiSpyware
2009-12-20 11:17:24 ----D---- C:\Program Files\Google
2009-12-20 11:11:21 ----D---- C:\Windows\system32\Msdtc
2009-12-20 11:11:17 ----D---- C:\Windows\system32\wbem
2009-12-20 11:07:47 ----D---- C:\Windows\system32\config
2009-12-20 11:07:35 ----D---- C:\Windows\Tasks
2009-12-20 11:07:35 ----D---- C:\Windows\system32\spool
2009-12-20 11:07:34 ----D---- C:\ProgramData\P4G
2009-12-20 11:07:32 ----D---- C:\Windows\registration
2009-12-16 19:18:07 ----D---- C:\Windows\system32\CodeIntegrity
2009-12-16 19:18:00 ----SHD---- C:\$Recycle.Bin
2009-12-16 15:48:00 ----D---- C:\Windows\AppPatch
2009-12-16 15:35:22 ----D---- C:\Windows\system
2009-12-12 12:00:50 ----RSD---- C:\Windows\Fonts
2009-12-12 10:18:12 ----D---- C:\Windows\system32\WDI
2009-12-10 17:50:04 ----D---- C:\Users\Michal\AppData\Roaming\Broad Intelligence
2009-12-09 15:39:03 ----D---- C:\Windows\rescache
2009-12-09 14:05:12 ----D---- C:\Windows\Debug
2009-12-09 13:57:28 ----D---- C:\Windows\system32\migration
2009-12-09 13:57:28 ----D---- C:\Windows\system32\en-US
2009-12-09 13:57:28 ----D---- C:\Program Files\Windows Mail
2009-12-09 13:57:28 ----D---- C:\Program Files\Internet Explorer
2009-12-09 13:56:10 ----D---- C:\ProgramData\Microsoft Help
2009-12-07 18:45:48 ----DC---- C:\Windows\system32\DRVSTORE
2009-12-07 18:37:16 ----D---- C:\Users\Michal\AppData\Roaming\PC Suite
2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2009-12-10 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2009-12-10 29520]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2009-12-10 74328]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver; C:\Windows\system32\DRIVERS\CnxEtP.sys [2004-04-28 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:\Windows\system32\DRIVERS\CnxEtU.sys [2004-04-28 646400]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver; C:\Windows\system32\DRIVERS\CnxTgN.sys [2004-04-29 108771]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-08 2044896]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-15 7680]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-04-08 64000]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-23 29696]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-10 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-10 29696]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-10 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-09 655360]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-12-10 723632]
S2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe []
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-03 133104]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 AWJVFYPG;AWJVFYPG; C:\Users\Michal\AppData\Local\Temp\AWJVFYPG.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-23 136120]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 SU;SU; C:\Users\Michal\AppData\Local\Temp\SU.exe []

-----------------EOF-----------------
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: DCOM Exploit

#41 Příspěvek od motji »

:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript

Kód: Vybrat vše

:processes
explorer.exe
 
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
setup_9.0.0.722_24.12.2009_23-08.lnk - C:\Users\Michal\Desktop\Virus Removal Tool\setup_9.0.0.722_24.12.2009_23-08\startup.exe
C:\ComboFix
C:\Qoobox
C:\32788R22FWJFW

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKLM\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz"
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

:Services
AWJVFYPG
SU 

:commands
[clearallrestorepoints]
[resethost]
[Reboot]
-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
MisoB
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 20 čer 2008 12:56

Re: DCOM Exploit

#42 Příspěvek od MisoB »

Tu je log... explorer.exe bol úspešne zavraždený... :lol: :lol: :lol:

========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12B3.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP89A3.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp folder moved successfully.
C:\WINDOWS\temp\is51AC.tmp moved successfully.
C:\WINDOWS\temp\isB123.tmp moved successfully.
C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup folder moved successfully.
File/Folder setup_9.0.0.722_24.12.2009_23-08.lnk - C:\Users\Michal\Desktop\Virus Removal Tool\setup_9.0.0.722_24.12.2009_23-08\startup.exe not found.
C:\ComboFix\N_ folder moved successfully.
C:\ComboFix folder moved successfully.
C:\Qoobox\TestC folder moved successfully.
C:\Qoobox\Test folder moved successfully.
C:\Qoobox\Quarantine\C\Windows\System32 folder moved successfully.
C:\Qoobox\Quarantine\C\Windows folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Michal\Desktop folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Michal folder moved successfully.
C:\Qoobox\Quarantine\C\Users folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
C:\Qoobox\LastRun folder moved successfully.
C:\Qoobox\BackEnv folder moved successfully.
C:\Qoobox folder moved successfully.
C:\32788R22FWJFW\sk-SK folder moved successfully.
C:\32788R22FWJFW\License folder moved successfully.
C:\32788R22FWJFW\EN-US folder moved successfully.
C:\32788R22FWJFW folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart\ deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.seznam.cz" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe\ deleted successfully.
========== SERVICES/DRIVERS ==========
Service AWJVFYPG stopped successfully!
Service AWJVFYPG deleted successfully!
Service SU stopped successfully!
Service SU deleted successfully!
========== COMMANDS ==========

OTM cannot clear restorepoints on Vista OSs!

OTM by OldTimer - Version 3.1.4.0 log created on 12262009_220516
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: DCOM Exploit

#43 Příspěvek od motji »

Poprosím o nový log ze Rsitu.
co počítač, nezlobí?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
MisoB
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 20 čer 2008 12:56

Re: DCOM Exploit

#44 Příspěvek od MisoB »

Ten DCOm Exploit stale ukazuje a pozeram ze ked som sa prihlasil na konto teraz tak su zobrazene vsetky tie subory co maju byt skryte, co sa to nastavuje v nastaveni priecinkov, ako napriklad desktop.ini su zobrazene... :)
Nahoru
MisoB
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 20 čer 2008 12:56

Re: DCOM Exploit

#45 Příspěvek od MisoB »

Logfile of random's system information tool 1.06 (written by random/random)
Run by Michal at 2009-12-27 11:12:21
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 56 GB (47%) free of 119 GB
Total RAM: 3071 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:53, on 27. 12. 2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 9.2\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michal\Desktop\RSIT.exe
C:\Program Files\trend micro\Michal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=13170&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.2\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{9597B395-063F-409D-A331-5A31D9898724}: NameServer = 195.146.128.62 195.146.132.58
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7417 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Michal.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-07 4853760]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-09-03 630784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"ASUSTPE"=C:\Windows\system32\ASUSTPE.exe [2007-10-12 106496]
"ASUS Camera ScreenSaver"=C:\Windows\ASScrProlog.exe [2009-09-15 37232]
"ASUS Screen Saver Protector"=C:\Windows\ASScrPro.exe [2009-09-15 33136]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.2\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-05 149280]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-12-10 1800464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe [2004-05-06 516096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
C:\Program Files\P4P\P4P.exe [2007-08-03 778240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-26 22:05:16 ----D---- C:\_OTM
2009-12-26 11:28:55 ----D---- C:\Program Files\CCleaner
2009-12-25 19:28:32 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-24 23:24:30 ----D---- C:\ProgramData\Kaspersky Lab
2009-12-22 16:45:15 ----D---- C:\Program Files\The KMPlayer
2009-12-22 14:45:52 ----D---- C:\Program Files\Nokia
2009-12-16 15:55:51 ----D---- C:\Windows\temp
2009-12-12 11:56:50 ----A---- C:\Windows\iun6002.exe
2009-12-10 19:42:22 ----D---- C:\ProgramData\Comodo
2009-12-10 19:42:21 ----A---- C:\Windows\system32\guard32.dll
2009-12-10 19:42:16 ----D---- C:\Program Files\COMODO
2009-12-10 17:46:01 ----D---- C:\Temp
2009-12-09 13:54:39 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-09 13:54:36 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 13:51:35 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 13:51:34 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 13:51:33 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 13:51:33 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 13:51:32 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 13:51:32 ----A---- C:\Windows\system32\occache.dll
2009-12-09 13:51:32 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 13:51:32 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 13:51:31 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 13:51:31 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 13:51:31 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 13:51:31 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 13:51:31 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-09 13:51:31 ----A---- C:\Windows\system32\iepeers.dll
2009-12-09 13:51:30 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-09 13:51:30 ----A---- C:\Windows\system32\iesetup.dll
2009-12-09 13:51:30 ----A---- C:\Windows\system32\iernonce.dll
2009-12-09 13:51:30 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-09 13:51:07 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 13:49:24 ----A---- C:\Windows\system32\rastls.dll
2009-12-07 18:45:22 ----D---- C:\Program Files\PC Connectivity Solution
2009-11-28 20:22:26 ----D---- C:\ProgramData\ICQ

======List of files/folders modified in the last 1 months======

2009-12-27 11:12:39 ----D---- C:\Windows\Prefetch
2009-12-27 11:12:30 ----D---- C:\Program Files\trend micro
2009-12-27 09:53:40 ----A---- C:\Windows\system32\acovcnt.exe
2009-12-27 08:21:26 ----D---- C:\Windows\System32
2009-12-27 08:21:26 ----D---- C:\Windows\inf
2009-12-27 08:21:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-26 22:03:29 ----SHD---- C:\System Volume Information
2009-12-26 20:29:29 ----D---- C:\Users\Michal\AppData\Roaming\uTorrent
2009-12-26 17:07:27 ----SHD---- C:\Windows\Installer
2009-12-26 17:07:01 ----D---- C:\Program Files\Google
2009-12-26 16:26:53 ----D---- C:\Users\Michal\AppData\Roaming\Skype
2009-12-26 16:23:31 ----D---- C:\Users\Michal\AppData\Roaming\skypePM
2009-12-26 11:28:55 ----RD---- C:\Program Files
2009-12-25 21:51:30 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-25 21:14:54 ----D---- C:\Windows\system32\drivers
2009-12-25 19:11:06 ----SD---- C:\Users\Michal\AppData\Roaming\Microsoft
2009-12-25 18:58:41 ----D---- C:\Users\Michal\AppData\Roaming\Adobe
2009-12-24 23:24:30 ----HD---- C:\ProgramData
2009-12-22 21:29:57 ----D---- C:\Program Files\Mozilla Firefox
2009-12-22 16:46:03 ----D---- C:\Windows\system32\Tasks
2009-12-22 15:40:55 ----D---- C:\Windows
2009-12-22 14:46:53 ----D---- C:\ProgramData\Nokia
2009-12-22 14:46:32 ----D---- C:\Windows\winsxs
2009-12-22 14:45:52 ----D---- C:\Program Files\Common Files\Nokia
2009-12-22 14:38:54 ----D---- C:\Windows\system32\catroot2
2009-12-22 14:38:54 ----D---- C:\Windows\system32\catroot
2009-12-22 14:35:16 ----D---- C:\Users\Michal\AppData\Roaming\JAlbum
2009-12-22 14:31:22 ----D---- C:\Users\Michal\AppData\Roaming\Nokia
2009-12-22 14:29:26 ----D---- C:\ProgramData\Installations
2009-12-22 14:27:59 ----D---- C:\Program Files\Common Files
2009-12-21 16:33:23 ----D---- C:\Program Files\SUPERAntiSpyware
2009-12-20 11:11:21 ----D---- C:\Windows\system32\Msdtc
2009-12-20 11:11:17 ----D---- C:\Windows\system32\wbem
2009-12-20 11:07:47 ----D---- C:\Windows\system32\config
2009-12-20 11:07:35 ----D---- C:\Windows\Tasks
2009-12-20 11:07:35 ----D---- C:\Windows\system32\spool
2009-12-20 11:07:34 ----D---- C:\ProgramData\P4G
2009-12-20 11:07:32 ----D---- C:\Windows\registration
2009-12-16 19:18:07 ----D---- C:\Windows\system32\CodeIntegrity
2009-12-16 19:18:00 ----SHD---- C:\$Recycle.Bin
2009-12-16 15:48:00 ----D---- C:\Windows\AppPatch
2009-12-16 15:35:22 ----D---- C:\Windows\system
2009-12-12 12:00:50 ----RSD---- C:\Windows\Fonts
2009-12-12 10:18:12 ----D---- C:\Windows\system32\WDI
2009-12-10 17:50:04 ----D---- C:\Users\Michal\AppData\Roaming\Broad Intelligence
2009-12-09 15:39:03 ----D---- C:\Windows\rescache
2009-12-09 14:05:12 ----D---- C:\Windows\Debug
2009-12-09 13:57:28 ----D---- C:\Windows\system32\migration
2009-12-09 13:57:28 ----D---- C:\Windows\system32\en-US
2009-12-09 13:57:28 ----D---- C:\Program Files\Windows Mail
2009-12-09 13:57:28 ----D---- C:\Program Files\Internet Explorer
2009-12-09 13:56:10 ----D---- C:\ProgramData\Microsoft Help
2009-12-07 18:45:48 ----DC---- C:\Windows\system32\DRVSTORE
2009-12-07 18:37:16 ----D---- C:\Users\Michal\AppData\Roaming\PC Suite
2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2009-12-10 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2009-12-10 29520]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2009-12-10 74328]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver; C:\Windows\system32\DRIVERS\CnxEtP.sys [2004-04-28 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:\Windows\system32\DRIVERS\CnxEtU.sys [2004-04-28 646400]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver; C:\Windows\system32\DRIVERS\CnxTgN.sys [2004-04-29 108771]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-08 2044896]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-15 7680]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-04-08 64000]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-23 29696]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-10 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-10 29696]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-10 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-09 655360]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-12-10 723632]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe []
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-03 133104]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-23 136120]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]

-----------------EOF-----------------
Nahoru
Zamčeno

Zpět na „Diskuze, řešení problémů“