Zdravím, po reinstalu PC se mi podařilo natáhnout nechtěnou havěť. Nemám přístup do některých složek, přesto, že jsem admin.
Děkuji Vám předem.
Logfile of random's system information tool 1.06 (written by random/random)
Run by de Muerto at 2010-01-12 06:32:02
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 51 GB (67%) free of 76 GB
Total RAM: 2047 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:15, on 12.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\astsrv.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\launch4j-tmp\frd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Totalcmd\TOTALCMD.EXE
E:\-==Programs==-\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\de Muerto.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2269556328
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6620 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-30 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-30 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PtiuPbmd"=ulutil2.dll,SetWriteBack []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-30 149280]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"NWEReboot"= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"NPSStartup"= []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"AdobeBridge"= []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-25 190976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
======File associations======
.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2010-01-12 06:32:02 ----D---- C:\rsit
2010-01-10 21:12:55 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\Apple Computer
2010-01-10 21:11:51 ----D---- C:\Program Files\iPod
2010-01-10 21:11:47 ----D---- C:\Program Files\iTunes
2010-01-10 21:11:11 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2010-01-10 21:06:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-01-10 21:06:11 ----D---- C:\Program Files\Apple Software Update
2010-01-10 21:06:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2010-01-10 21:00:35 ----D---- C:\Program Files\Windows Installer Clean Up
2010-01-10 21:00:22 ----D---- C:\Program Files\MSECACHE
2010-01-10 20:49:31 ----SHD---- C:\Config.Msi
2010-01-10 20:19:34 ----D---- C:\WINDOWS\LastGood
2010-01-10 20:18:44 ----D---- C:\Program Files\Common Files\Apple
2010-01-10 18:51:39 ----D---- C:\WINDOWS\system32\appmgmt
2010-01-10 18:33:06 ----D---- C:\PortableApps
2010-01-10 17:16:37 ----N---- C:\WINDOWS\system32\spmsg2.dll
2010-01-10 17:16:31 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2010-01-10 16:51:30 ----D---- C:\Program Files\WinSCP
2010-01-09 09:05:24 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2010-01-09 09:04:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-09 09:03:15 ----D---- C:\Program Files\QuickTime
2010-01-09 08:45:13 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-01-09 08:45:11 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-01-05 22:32:32 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-01-05 22:32:30 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-01-05 22:32:07 ----D---- C:\Program Files\Windows Media Connect 2
2010-01-05 22:31:55 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-01-05 22:30:35 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-01-05 22:29:55 ----D---- C:\WINDOWS\system32\LogFiles
2010-01-05 22:29:50 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-01-04 06:52:05 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\dvdcss
2010-01-03 13:02:00 ----A---- C:\OnOneErrorLog.txt
2010-01-03 12:46:15 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\Mask Pro 4.0
2010-01-03 10:21:16 ----A---- C:\WINDOWS\system32\Deco_32.dll
2010-01-03 10:21:14 ----D---- C:\Program Files\Common Files\onOne Software Shared
2010-01-03 10:20:29 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\onOne Software
2010-01-03 10:17:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\onOne Software
2010-01-03 10:16:59 ----A---- C:\WINDOWS\system32\ASTSRV.EXE
2010-01-03 10:16:58 ----D---- C:\Program Files\onOne Software
2010-01-02 09:50:02 ----D---- C:\Program Files\Seagate
2010-01-02 09:49:21 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-01 16:36:54 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\Imagenomic
2010-01-01 16:35:11 ----D---- C:\Program Files\Imagenomic
2010-01-01 14:28:07 ----D---- C:\Program Files\Bonjour
2010-01-01 14:18:21 ----D---- C:\Program Files\Common Files\Macrovision Shared
2010-01-01 14:12:00 ----A---- C:\ASLog.txt
2010-01-01 13:44:07 ----A---- C:\WINDOWS\RSetupCE.exe
2010-01-01 13:44:02 ----D---- C:\Program Files\Resco
2010-01-01 13:03:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2010-01-01 12:51:54 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-01 09:14:24 ----D---- C:\Program Files\HD Tune Pro
2009-12-31 23:26:59 ----D---- C:\Program Files\CeRegEditor
2009-12-31 23:09:21 ----D---- C:\Program Files\Microsoft ActiveSync
2009-12-31 23:04:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2009-12-31 23:04:24 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\PC Suite
2009-12-31 23:02:36 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2009-12-31 23:01:40 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2009-12-31 23:01:37 ----D---- C:\Program Files\DIFX
2009-12-31 23:01:30 ----A---- C:\WINDOWS\system32\FsUsbExService.Exe
2009-12-31 23:01:30 ----A---- C:\WINDOWS\system32\FsUsbExDevice.Dll
2009-12-31 23:00:03 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\Samsung
2009-12-31 22:59:44 ----D---- C:\Program Files\MarkAny
2009-12-31 22:59:41 ----D---- C:\Program Files\PC Connectivity Solution
2009-12-31 22:58:26 ----D---- C:\Program Files\Samsung
2009-12-31 21:33:59 ----D---- C:\Program Files\Nero
2009-12-31 21:33:59 ----D---- C:\Program Files\Common Files\Ahead
2009-12-31 18:38:15 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-12-31 18:37:47 ----D---- C:\Program Files\Realtek AC97
2009-12-31 18:10:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-12-31 18:10:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-12-31 16:01:38 ----D---- C:\WINDOWS\system32\XPSViewer
2009-12-31 16:01:31 ----D---- C:\Program Files\MSBuild
2009-12-31 16:01:29 ----D---- C:\WINDOWS\system32\en-US
2009-12-31 16:01:21 ----D---- C:\Program Files\Reference Assemblies
2009-12-31 16:00:58 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-12-31 16:00:58 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-12-31 16:00:58 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-12-31 15:45:49 ----D---- C:\WINDOWS\ie8updates
2009-12-31 15:45:11 ----D---- C:\WINDOWS\WBEM
2009-12-31 15:44:05 ----HDC---- C:\WINDOWS\ie8
2009-12-31 10:46:22 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-12-31 10:45:59 ----D---- C:\Program Files\MSXML 4.0
2009-12-31 10:02:23 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\WinRAR
2009-12-31 09:17:43 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\vlc
2009-12-31 00:54:59 ----D---- C:\Program Files\AnswerWorks 4.0
2009-12-31 00:51:04 ----D---- C:\Program Files\AutoCAD 2007
2009-12-31 00:51:04 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\Autodesk
2009-12-31 00:51:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Autodesk
2009-12-31 00:49:10 ----D---- C:\Program Files\Common Files\Autodesk Shared
2009-12-31 00:49:04 ----D---- C:\Program Files\Autodesk
2009-12-31 00:46:38 ----RSD---- C:\WINDOWS\assembly
2009-12-31 00:46:05 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-31 00:42:20 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-12-31 00:41:43 ----D---- C:\Program Files\Microsoft Works
2009-12-31 00:41:24 ----D---- C:\Program Files\Microsoft Visual Studio
2009-12-31 00:41:23 ----D---- C:\Program Files\Common Files\DESIGNER
2009-12-31 00:38:39 ----D---- C:\WINDOWS\SHELLNEW
2009-12-31 00:38:23 ----D---- C:\Program Files\Microsoft Office
2009-12-31 00:38:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2009-12-31 00:38:05 ----RHD---- C:\MSOCache
2009-12-31 00:21:43 ----D---- C:\WINDOWS\RegisteredPackages
2009-12-31 00:21:10 ----D---- C:\Program Files\Winamp
2009-12-31 00:21:10 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\Winamp
2009-12-31 00:15:29 ----D---- C:\Program Files\Trend Micro
2009-12-31 00:11:08 ----D---- C:\Program Files\IrfanView
2009-12-31 00:08:17 ----D---- C:\Program Files\WinRAR
2009-12-31 00:07:38 ----D---- C:\Program Files\WinHTTrack
2009-12-31 00:01:41 ----D---- C:\Program Files\CCleaner
2009-12-30 23:59:03 ----D---- C:\Program Files\DAEMON Tools Lite
2009-12-30 23:58:24 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\DAEMON Tools Lite
2009-12-30 23:58:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2009-12-30 23:55:06 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\VitySoft
2009-12-30 23:54:58 ----D---- C:\Program Files\FreeRapid-0.83u1
2009-12-30 23:54:06 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-30 23:54:05 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-30 23:54:05 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-30 23:54:05 ----A---- C:\WINDOWS\system32\java.exe
2009-12-30 23:53:51 ----D---- C:\Program Files\Java
2009-12-30 23:53:04 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\Sun
2009-12-30 23:51:27 ----D---- C:\Program Files\AMD
2009-12-30 23:23:54 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\Vso
2009-12-30 23:23:54 ----A---- C:\Documents and Settings\de Muerto\Data aplikací\inst.exe
2009-12-30 23:23:39 ----D---- C:\Program Files\DVDFab 6
2009-12-30 23:22:47 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-30 23:21:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2009-12-30 23:20:56 ----D---- C:\Program Files\Common Files\Adobe
2009-12-30 23:20:56 ----D---- C:\Program Files\Adobe
2009-12-30 23:17:23 ----D---- C:\WINDOWS\Prefetch
2009-12-30 23:07:49 ----D---- C:\WINDOWS\system32\cs-cz
2009-12-30 23:07:49 ----D---- C:\WINDOWS\system32\cs
2009-12-30 23:07:49 ----D---- C:\WINDOWS\l2schemas
2009-12-30 23:07:48 ----D---- C:\WINDOWS\system32\bits
2009-12-30 23:06:33 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-30 23:04:53 ----D---- C:\WINDOWS\network diagnostic
2009-12-30 23:01:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-30 22:54:07 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-12-30 22:54:05 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-12-30 22:54:03 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-12-30 22:54:02 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-12-30 22:54:02 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-12-30 22:53:58 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-12-30 22:53:58 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-12-30 22:53:58 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-12-30 22:53:53 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-12-30 22:53:53 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-12-30 22:53:52 ----N---- C:\WINDOWS\system32\slserv.exe
2009-12-30 22:53:52 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-12-30 22:53:52 ----N---- C:\WINDOWS\system32\slgen.dll
2009-12-30 22:53:52 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-12-30 22:53:52 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-12-30 22:53:52 ----N---- C:\WINDOWS\slrundll.exe
2009-12-30 22:53:51 ----N---- C:\WINDOWS\system32\setupn.exe
2009-12-30 22:53:49 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-12-30 22:53:49 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-12-30 22:53:48 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-12-30 22:53:48 ----N---- C:\WINDOWS\system32\qutil.dll
2009-12-30 22:53:47 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-12-30 22:53:47 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-12-30 22:53:47 ----N---- C:\WINDOWS\system32\qagent.dll
2009-12-30 22:53:46 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-12-30 22:53:44 ----N---- C:\WINDOWS\system32\onex.dll
2009-12-30 22:53:39 ----N---- C:\WINDOWS\system32\napstat.exe
2009-12-30 22:53:39 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-12-30 22:53:39 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-12-30 22:53:39 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-12-30 22:53:38 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-12-30 22:53:38 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-12-30 22:53:37 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-12-30 22:53:37 ----N---- C:\WINDOWS\system32\mssha.dll
2009-12-30 22:53:29 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-12-30 22:53:29 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-12-30 22:53:29 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-12-30 22:53:29 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-12-30 22:53:28 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-12-30 22:53:19 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-12-30 22:53:19 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-12-30 22:53:19 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-12-30 22:53:19 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-12-30 22:53:19 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-12-30 22:53:19 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-12-30 22:53:15 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-12-30 22:53:15 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-12-30 22:53:13 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-12-30 22:53:10 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-12-30 22:53:06 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-12-30 22:53:06 ----A---- C:\WINDOWS\002757_.tmp
2009-12-30 22:53:04 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-12-30 22:53:04 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-12-30 22:53:04 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-12-30 22:53:04 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-12-30 22:53:04 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-12-30 22:53:04 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-12-30 22:53:04 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-12-30 22:53:04 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-12-30 22:53:02 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-12-30 22:53:02 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-12-30 22:53:02 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-12-30 22:53:02 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-12-30 22:53:02 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-12-30 22:53:02 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-12-30 22:53:02 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-12-30 22:53:01 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-12-30 22:53:01 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-12-30 22:53:01 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-12-30 22:52:58 ----N---- C:\WINDOWS\system32\credssp.dll
2009-12-30 22:52:54 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-12-30 22:52:53 ----N---- C:\WINDOWS\system32\azroles.dll
2009-12-30 22:52:53 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-12-30 22:52:53 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-12-30 22:52:52 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-12-30 22:52:52 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-12-30 22:52:52 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-12-30 22:52:52 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-12-30 22:52:52 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-12-30 22:52:48 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-12-30 22:47:16 ----D---- C:\Program Files\VideoLAN
2009-12-30 22:42:22 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\Macromedia
2009-12-30 22:42:22 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\Adobe
2009-12-30 22:34:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2009-12-30 22:31:51 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\Opera
2009-12-30 22:31:38 ----D---- C:\Program Files\Opera
2009-12-30 22:26:24 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-12-30 22:05:35 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-12-30 22:05:34 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-12-30 22:05:34 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-12-30 22:05:30 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-12-30 22:05:30 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-12-30 22:05:30 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-12-30 22:05:30 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-12-30 22:05:30 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-12-30 22:05:30 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-12-30 22:05:03 ----D---- C:\Program Files\Zone Labs
2009-12-30 22:04:48 ----D---- C:\WINDOWS\Internet Logs
2009-12-30 22:04:47 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-12-30 22:04:47 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-12-30 22:04:47 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-12-30 22:04:15 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2009-12-30 22:04:15 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2009-12-30 22:04:15 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-12-30 22:04:15 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-12-30 22:04:13 ----D---- C:\Program Files\Alwil Software
2009-12-30 21:09:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-30 21:09:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-30 21:09:31 ----A---- C:\WINDOWS\system32\difxapi.dll
2009-12-30 21:06:28 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2009-12-30 21:06:28 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2009-12-30 21:06:26 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-12-30 21:06:22 ----D---- C:\Program Files\AvRack
2009-12-30 21:06:13 ----A---- C:\WINDOWS\soundman.exe
2009-12-30 21:06:12 ----A---- C:\WINDOWS\alcupd.exe
2009-12-30 21:06:12 ----A---- C:\WINDOWS\Alcrmv.exe
2009-12-30 20:59:36 ----D---- C:\Program Files\VIA
2009-12-30 20:55:17 ----A---- C:\WINDOWS\system32\ulutil2.dll
2009-12-30 20:38:21 ----A---- C:\WINDOWS\system32\h323log.txt
2009-12-30 20:36:37 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-12-30 20:36:37 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-12-30 20:36:37 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-12-30 20:36:37 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-12-30 20:36:36 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-12-30 20:36:36 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2009-12-30 20:36:36 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-12-30 20:36:36 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-12-30 20:36:36 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-12-30 20:36:35 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-12-30 20:36:35 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-12-30 20:36:35 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-12-30 20:36:35 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-12-30 20:36:34 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-12-30 20:36:33 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-12-30 20:36:33 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-12-30 20:36:33 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-12-30 20:36:33 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-12-30 20:36:33 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-12-30 20:36:32 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-12-30 20:36:32 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-12-30 20:36:32 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-12-30 20:36:32 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-12-30 20:36:32 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-12-30 20:36:32 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-12-30 20:36:31 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-12-30 20:36:31 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-12-30 20:36:31 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-12-30 20:36:31 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-12-30 20:36:30 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-12-30 20:36:30 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-12-30 20:36:30 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-12-30 20:36:29 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-12-30 20:36:29 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-12-30 20:36:29 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-12-30 20:35:52 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-12-30 20:35:12 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-12-30 20:34:39 ----A---- C:\WINDOWS\system32\usbui.dll
2009-12-30 20:33:40 ----SHD---- C:\WINDOWS\Installer
2009-12-30 20:33:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-30 20:33:39 ----D---- C:\Program Files\Common Files\ODBC
2009-12-30 20:33:39 ----A---- C:\WINDOWS\ODBCINST.INI
2009-12-30 20:33:36 ----RD---- C:\Program Files
2009-12-30 20:33:36 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-12-30 20:33:36 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-30 20:33:36 ----D---- C:\Program Files\Common Files
2009-12-30 20:33:33 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-12-30 20:33:33 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-12-30 20:33:33 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-12-30 20:33:31 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-12-30 20:33:31 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-12-30 20:33:31 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-12-30 20:33:31 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-12-30 20:33:31 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-12-30 20:33:31 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-12-30 20:33:31 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-12-30 20:33:31 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-12-30 20:33:31 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-12-30 20:33:31 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-12-30 20:33:31 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-12-30 20:33:31 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-12-30 20:33:29 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-12-30 20:33:29 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-12-30 20:33:29 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-12-30 20:33:29 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-12-30 20:33:29 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-12-30 20:33:29 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-12-30 20:33:29 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-12-30 20:33:27 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-12-30 20:33:27 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-12-30 20:33:27 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-12-30 20:33:27 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-12-30 20:33:27 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-12-30 20:33:24 ----A---- C:\WINDOWS\system32\kbdycl.dll
2009-12-30 20:33:24 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2009-12-30 20:33:24 ----A---- C:\WINDOWS\system32\kbdsl.dll
2009-12-30 20:33:24 ----A---- C:\WINDOWS\system32\kbdro.dll
2009-12-30 20:33:24 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2009-12-30 20:33:24 ----A---- C:\WINDOWS\system32\kbdpl.dll
2009-12-30 20:33:24 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2009-12-30 20:33:24 ----A---- C:\WINDOWS\system32\kbdhu.dll
2009-12-30 20:33:24 ----A---- C:\WINDOWS\system32\kbdcr.dll
2009-12-30 20:33:24 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2009-12-30 20:33:23 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-12-30 20:33:23 ----A---- C:\WINDOWS\system32\irclass.dll
2009-12-30 20:33:23 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-12-30 20:33:23 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-12-30 20:33:23 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-12-30 20:33:21 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-12-30 20:33:20 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-12-30 20:33:20 ----A---- C:\WINDOWS\system32\batt.dll
2009-12-30 20:33:20 ----A---- C:\WINDOWS\notepad.exe
2009-12-30 20:33:19 ----A---- C:\WINDOWS\system32\storprop.dll
2009-12-30 20:33:12 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2009-12-30 20:33:04 ----RA---- C:\WINDOWS\SET8.tmp
2009-12-30 20:33:01 ----RA---- C:\WINDOWS\SET4.tmp
2009-12-30 20:33:00 ----RA---- C:\WINDOWS\SET3.tmp
2009-12-30 20:32:55 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-30 20:32:55 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-30 20:32:50 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-12-30 20:32:30 ----SHD---- C:\System Volume Information
2009-12-30 20:32:30 ----SHD---- C:\RECYCLER
2009-12-30 20:32:30 ----D---- C:\Documents and Settings
2009-12-30 20:31:54 ----SH---- C:\boot.ini
2009-12-30 20:29:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-30 20:29:14 ----RSD---- C:\WINDOWS\Fonts
2009-12-30 20:29:14 ----RD---- C:\WINDOWS\Web
2009-12-30 20:29:14 ----HD---- C:\WINDOWS\inf
2009-12-30 20:29:14 ----D---- C:\WINDOWS\WinSxS
2009-12-30 20:29:14 ----D---- C:\WINDOWS\twain_32
2009-12-30 20:29:14 ----D---- C:\WINDOWS\Temp
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\wins
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\wbem
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\usmt
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\ShellExt
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\Setup
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\PreInstall
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\oobe
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\npp
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\mui
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\inetsrv
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\IME
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\icsxml
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\ias
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\export
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\dhcp
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\3com_dmi
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\3076
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\2052
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\1054
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\1042
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\1041
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\1037
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\1033
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\1031
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\1029
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\1028
2009-12-30 20:29:14 ----D---- C:\WINDOWS\system32\1025
2009-12-30 20:29:14 ----D---- C:\WINDOWS\security
2009-12-30 20:29:14 ----D---- C:\WINDOWS\Resources
2009-12-30 20:29:14 ----D---- C:\WINDOWS\repair
2009-12-30 20:29:14 ----D---- C:\WINDOWS\Provisioning
2009-12-30 20:29:14 ----D---- C:\WINDOWS\pchealth
2009-12-30 20:29:14 ----D---- C:\WINDOWS\PeerNet
2009-12-30 20:29:14 ----D---- C:\WINDOWS\mui
2009-12-30 20:29:14 ----D---- C:\WINDOWS\msapps
2009-12-30 20:29:14 ----D---- C:\WINDOWS\msagent
2009-12-30 20:29:14 ----D---- C:\WINDOWS\Media
2009-12-30 20:29:14 ----D---- C:\WINDOWS\java
2009-12-30 20:29:14 ----D---- C:\WINDOWS\ime
2009-12-30 20:29:14 ----D---- C:\WINDOWS\Help
2009-12-30 20:29:14 ----D---- C:\WINDOWS\ehome
2009-12-30 20:29:14 ----D---- C:\WINDOWS\Driver Cache
2009-12-30 20:29:14 ----D---- C:\WINDOWS\Debug
2009-12-30 20:29:14 ----D---- C:\WINDOWS\Cursors
2009-12-30 20:29:14 ----D---- C:\WINDOWS\Connection Wizard
2009-12-30 20:29:14 ----D---- C:\WINDOWS\Config
2009-12-30 20:29:14 ----D---- C:\WINDOWS\AppPatch
2009-12-30 20:29:14 ----D---- C:\WINDOWS\addins
2009-12-30 20:29:13 ----D---- C:\WINDOWS\system32\spool
2009-12-30 20:29:13 ----D---- C:\WINDOWS\system32\ras
2009-12-30 20:29:13 ----D---- C:\WINDOWS\system32\drivers
2009-12-30 20:29:13 ----D---- C:\WINDOWS\system32\config
2009-12-30 20:29:13 ----D---- C:\WINDOWS\system32
2009-12-30 20:29:13 ----D---- C:\WINDOWS\system
2009-12-30 20:29:13 ----AD---- C:\WINDOWS
2009-12-30 20:18:51 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-12-30 20:18:40 ----A---- C:\WINDOWS\HideWin.exe
2009-12-30 20:18:38 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-30 20:15:14 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-30 20:15:14 ----D---- C:\WINDOWS\OPTIONS
2009-12-30 20:15:14 ----D---- C:\Program Files\Realtek
2009-12-30 20:15:05 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\InstallShield
2009-12-30 20:06:27 ----D---- C:\Program Files\Totalcmd
2009-12-30 20:06:27 ----A---- C:\WINDOWS\wincmd.ini
2009-12-30 19:52:06 ----D---- C:\Documents and Settings\de Muerto\Data aplikací\Identities
2009-12-30 19:52:04 ----HD---- C:\Program Files\Uninstall Information
2009-12-30 19:51:59 ----SD---- C:\Documents and Settings\de Muerto\Data aplikací\Microsoft
2009-12-30 19:51:59 ----ASH---- C:\Documents and Settings\de Muerto\Data aplikací\desktop.ini
2009-12-30 19:47:00 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-30 19:46:59 ----SD---- C:\WINDOWS\system32\Microsoft
2009-12-30 19:46:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-30 19:44:07 ----D---- C:\WINDOWS\system32\xircom
2009-12-30 19:44:07 ----D---- C:\Program Files\xerox
2009-12-30 19:44:07 ----D---- C:\Program Files\microsoft frontpage
2009-12-30 19:43:47 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-30 19:43:33 ----A---- C:\WINDOWS\control.ini
2009-12-30 19:43:33 ----A---- C:\AUTOEXEC.BAT
2009-12-30 19:43:15 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-12-30 19:42:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-30 19:42:32 ----RD---- C:\WINDOWS\Offline Web Pages
2009-12-30 19:42:32 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-12-30 19:42:27 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-12-30 19:42:23 ----HD---- C:\Program Files\WindowsUpdate
2009-12-30 19:42:19 ----D---- C:\Program Files\Online Services
2009-12-30 19:42:02 ----D---- C:\WINDOWS\system32\DirectX
2009-12-30 19:41:42 ----A---- C:\WINDOWS\system32\atrace.dll
2009-12-30 19:41:40 ----A---- C:\WINDOWS\system32\desktop.ini
2009-12-30 19:41:40 ----A---- C:\WINDOWS\desktop.ini
2009-12-30 19:41:34 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-12-30 19:41:33 ----D---- C:\Program Files\Common Files\Services
2009-12-30 19:41:33 ----A---- C:\WINDOWS\system32\acctres.dll
2009-12-30 19:41:30 ----SD---- C:\WINDOWS\Tasks
2009-12-30 19:41:30 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-12-30 19:41:29 ----D---- C:\Program Files\Common Files\MSSoap
2009-12-30 19:41:26 ----D---- C:\WINDOWS\srchasst
2009-12-30 19:41:25 ----D---- C:\WINDOWS\system32\Macromed
2009-12-30 19:41:22 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-12-30 19:41:22 ----A---- C:\WINDOWS\system32\wups.dll
2009-12-30 19:41:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-12-30 19:41:22 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-12-30 19:41:22 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-12-30 19:41:22 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-12-30 19:41:22 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-12-30 19:41:22 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-12-30 19:41:21 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-12-30 19:41:21 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-12-30 19:41:21 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-12-30 19:41:21 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-12-30 19:41:21 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-12-30 19:41:18 ----D---- C:\Program Files\Movie Maker
2009-12-30 19:41:14 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-12-30 19:41:14 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-12-30 19:41:14 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-12-30 19:41:14 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-12-30 19:41:10 ----D---- C:\WINDOWS\system32\Restore
2009-12-30 19:41:10 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-12-30 19:41:10 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-12-30 19:41:10 ----A---- C:\WINDOWS\system32\srclient.dll
2009-12-30 19:41:10 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-12-30 19:41:10 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-12-30 19:41:09 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-12-30 19:41:09 ----A---- C:\WINDOWS\system32\msconf.dll
2009-12-30 19:41:09 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-12-30 19:41:09 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-12-30 19:41:09 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-12-30 19:41:09 ----A---- C:\WINDOWS\system32\ils.dll
2009-12-30 19:41:06 ----D---- C:\Program Files\NetMeeting
2009-12-30 19:41:06 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-12-30 19:41:06 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-12-30 19:41:05 ----A---- C:\WINDOWS\system32\inetres.dll
2009-12-30 19:41:05 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-12-30 19:41:03 ----D---- C:\Program Files\Outlook Express
2009-12-30 19:41:03 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-12-30 19:41:03 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-12-30 19:41:03 ----A---- C:\WINDOWS\system32\mstask.dll
2009-12-30 19:41:03 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-12-30 19:41:03 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-12-30 19:41:02 ----A---- C:\WINDOWS\system32\isign32.dll
2009-12-30 19:41:02 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-12-30 19:40:57 ----D---- C:\Program Files\Common Files\System
2009-12-30 19:40:56 ----D---- C:\Program Files\Internet Explorer
2009-12-30 19:40:25 ----D---- C:\Program Files\ComPlus Applications
2009-12-30 19:40:23 ----A---- C:\WINDOWS\vbaddin.ini
2009-12-30 19:40:23 ----A---- C:\WINDOWS\vb.ini
2009-12-30 19:40:19 ----D---- C:\WINDOWS\Registration
2009-12-30 19:40:11 ----D---- C:\Program Files\Windows Media Player
2009-12-30 19:40:03 ----D---- C:\Program Files\MSN Gaming Zone
2009-12-30 19:40:03 ----A---- C:\WINDOWS\system32\write.exe
2009-12-30 19:39:53 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-12-30 19:39:53 ----A---- C:\WINDOWS\system32\hticons.dll
2009-12-30 19:39:53 ----A---- C:\WINDOWS\system32\avwav.dll
2009-12-30 19:39:53 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-12-30 19:39:53 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-12-30 19:39:52 ----A---- C:\WINDOWS\system32\winchat.exe
2009-12-30 19:39:46 ----A---- C:\WINDOWS\system32\getuname.dll
2009-12-30 19:39:45 ----A---- C:\WINDOWS\system32\winmine.exe
2009-12-30 19:39:45 ----A---- C:\WINDOWS\system32\sol.exe
2009-12-30 19:39:45 ----A---- C:\WINDOWS\system32\charmap.exe
2009-12-30 19:39:45 ----A---- C:\WINDOWS\system32\calc.exe
2009-12-30 19:39:44 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-12-30 19:39:44 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-12-30 19:39:44 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-12-30 19:39:44 ----A---- C:\WINDOWS\system32\tskill.exe
2009-12-30 19:39:44 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-12-30 19:39:44 ----A---- C:\WINDOWS\system32\tscon.exe
2009-12-30 19:39:44 ----A---- C:\WINDOWS\system32\shadow.exe
2009-12-30 19:39:44 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-12-30 19:39:44 ----A---- C:\WINDOWS\system32\reset.exe
2009-12-30 19:39:44 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-12-30 19:39:44 ----A---- C:\WINDOWS\system32\freecell.exe
2009-12-30 19:39:43 ----A---- C:\WINDOWS\system32\regini.exe
2009-12-30 19:39:43 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-12-30 19:39:43 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-12-30 19:39:43 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-12-30 19:39:43 ----A---- C:\WINDOWS\system32\msg.exe
2009-12-30 19:39:43 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-12-30 19:39:43 ----A---- C:\WINDOWS\system32\logoff.exe
2009-12-30 19:39:43 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-12-30 19:39:42 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-12-30 19:39:42 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-12-30 19:39:42 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-12-30 19:39:42 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-12-30 19:39:42 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-12-30 19:39:42 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-12-30 19:39:41 ----A---- C:\WINDOWS\system32\stclient.dll
2009-12-30 19:39:41 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-12-30 19:39:36 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-12-30 19:39:35 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-12-30 19:39:35 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-12-30 19:39:35 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-12-30 19:39:35 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-12-30 19:39:34 ----D---- C:\Program Files\Windows NT
2009-12-30 19:39:34 ----A---- C:\WINDOWS\system32\spider.exe
2009-12-30 19:39:34 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-12-30 19:39:34 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-12-30 19:39:33 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-12-30 19:39:33 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-12-30 19:39:33 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-12-30 19:39:33 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-12-30 19:39:33 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-12-30 19:39:33 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-12-30 19:39:33 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-12-30 19:39:32 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-12-30 19:39:32 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-12-30 19:39:32 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-12-30 19:39:32 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-12-30 19:39:32 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-12-30 19:39:32 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-12-30 19:39:32 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-12-30 19:39:32 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-12-30 19:39:32 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-12-30 19:39:31 ----D---- C:\WINDOWS\system32\MsDtc
2009-12-30 19:39:31 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-12-30 19:39:31 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-12-30 19:39:31 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-12-30 19:39:31 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-12-30 19:39:31 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-12-30 19:39:30 ----D---- C:\WINDOWS\system32\Com
2009-12-30 19:39:30 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-12-30 19:39:30 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-12-30 19:39:30 ----A---- C:\WINDOWS\system32\colbact.dll
2009-12-30 19:39:29 ----A---- C:\WINDOWS\system32\comuid.dll
2009-12-30 19:39:29 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-12-30 19:39:29 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-12-30 19:39:29 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-12-30 19:39:29 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-12-30 19:39:29 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-12-30 19:39:28 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-12-30 19:39:23 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-12-30 19:39:23 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-12-30 19:39:23 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-12-30 19:39:22 ----A---- C:\WINDOWS\system32\cmprops.dll
======List of files/folders modified in the last 1 months======
2010-01-11 21:10:58 ----A---- C:\WINDOWS\win.ini
2009-12-30 20:33:35 ----A---- C:\WINDOWS\system.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-11-22 486280]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-30 47360]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-04-07 105088]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 ag3nq4sm;ag3nq4sm; C:\WINDOWS\system32\drivers\ag3nq4sm.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 astcc;AST Service; C:\WINDOWS\system32\astsrv.exe [2009-02-13 57344]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-02-16 233472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-30 153376]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-11-22 2384240]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-12-31 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-01 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Jornada de Muerto
- Návštěvník
- Příspěvky: 16
- Registrován: 04 bře 2008 15:42
-
pitimir
- Vzorný návštěvník
- Příspěvky: 479
- Registrován: 18 čer 2008 17:54
- Bydliště: Šutrovec
- Kontaktovat uživatele:
Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"
Nazdar, kde presne bol smejd hlaseny?
1) Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan (po jeho skonceni vloz log c. 1) - pokial pri scanovani nieco najde (=vyskoci nejake upozornenie), klik na "NO" a nastavis program podla obrazku:
Klik na "Scan". Po scane klik na "Save" a log c. 2 vloz sem.
Ak nic nenajde (=nevyskoci nic), zaskrtaj vpravo vsetko a spusti scan. Po jeho ukonceni klik na "Copy" a vloz log c. 2.
2) Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.
Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!
1) Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan (po jeho skonceni vloz log c. 1) - pokial pri scanovani nieco najde (=vyskoci nejake upozornenie), klik na "NO" a nastavis program podla obrazku:
Klik na "Scan". Po scane klik na "Save" a log c. 2 vloz sem.
Ak nic nenajde (=nevyskoci nic), zaskrtaj vpravo vsetko a spusti scan. Po jeho ukonceni klik na "Copy" a vloz log c. 2.
2) Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.
Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!
Ja som skromný, mám len dve veci do podpisu...
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
-
Jornada de Muerto
- Návštěvník
- Příspěvky: 16
- Registrován: 04 bře 2008 15:42
Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"
Děkuji za odpověď a radu.
Při spuštění GMERu se mi restartoval komp, na třetí pokus se mi podařilo ho spustit, zde je výsledek 1. skenu, 2. právě probíhá.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-12 19:02:26
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\DEMUER~1\LOCALS~1\Temp\pgtdypoc.sys
---- System - GMER 1.0.15 ----
SSDT spdj.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spdj.sys ZwEnumerateValueKey [0xB9ECE132]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89E531F8
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
Při spuštění GMERu se mi restartoval komp, na třetí pokus se mi podařilo ho spustit, zde je výsledek 1. skenu, 2. právě probíhá.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-12 19:02:26
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\DEMUER~1\LOCALS~1\Temp\pgtdypoc.sys
---- System - GMER 1.0.15 ----
SSDT spdj.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spdj.sys ZwEnumerateValueKey [0xB9ECE132]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89E531F8
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
-
Jornada de Muerto
- Návštěvník
- Příspěvky: 16
- Registrován: 04 bře 2008 15:42
Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"
2. log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-12 21:17:23
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\DEMUER~1\LOCALS~1\Temp\pgtdypoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB7FFF6B8]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB81F7630]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB81F0D80]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB7FFF574]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB81F7E40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB820ED30]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB820F150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB8219240]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB81F7FB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB81F1C60]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB8216780]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB7FFFA52]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB820DE70]
SSDT spdj.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spdj.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB8217080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB82172B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB81F1750]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB7FFF64E]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB8211450]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB8211020]
SSDT spdj.sys ZwQueryKey [0xB9ECE20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB7FFF76E]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB8218430]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB8217A40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB81F7180]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB7FFF72E]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB81F7910]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB81F2080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB82188E0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB7FFF8AE]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB820FD20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB820FA50]
INT 0x62 ? 89E55BF8
INT 0x73 ? 89E58BF8
INT 0x82 ? 89E55BF8
INT 0x83 ? 89E58BF8
INT 0xB4 ? 89727F00
INT 0xB4 ? 89727F00
INT 0xB4 ? 89727F00
INT 0xB4 ? 89727F00
INT 0xB4 ? 89727F00
INT 0xB4 ? 89727F00
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C54 12 Bytes [40, 7E, 1F, B8, 30, ED, 20, ...]
? spdj.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B9A258AC 5 Bytes JMP 897274E0
.text a8e0siye.SYS B95C1386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a8e0siye.SYS B95C13AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a8e0siye.SYS B95C13C4 3 Bytes [00, 80, 02]
.text a8e0siye.SYS B95C13C9 1 Byte [30]
.text a8e0siye.SYS B95C13C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spdj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spdj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spdj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spdj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spdj.sys
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B81FD080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B81FCE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B81FD7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B81FB3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B81FB3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B81FD080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B81FCE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B81FD7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B81FD080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B81FB3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B81FD7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B81FCE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B81FD7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B81FCE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B81FD080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B81FB3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B81FD080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B81FCE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B81FD7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B81FD080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B81FB3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B81FD7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B81FCE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89E531F8
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\PCI_PNP1338 \Device\00000043 spdj.sys
Device \Driver\usbuhci \Device\USBPDO-0 8963B500
Device \Driver\usbuhci \Device\USBPDO-1 8963B500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DEA1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89DEA1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89DEA1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89DEA1F8
Device \Driver\sptd \Device\210993838 spdj.sys
Device \Driver\usbuhci \Device\USBPDO-2 8963B500
Device \Driver\usbuhci \Device\USBPDO-3 8963B500
Device \Driver\usbehci \Device\USBPDO-4 8966D500
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 89E561F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89E561F8
Device \Driver\Cdrom \Device\CdRom0 89639500
Device \Driver\Ftdisk \Device\HarddiskVolume3 89E561F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 89637500
Device \Driver\NetBT \Device\NetbiosSmb 89637500
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 8963B500
Device \Driver\usbuhci \Device\USBFDO-1 8963B500
Device \Driver\usbuhci \Device\USBFDO-2 8963B500
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89671500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89671500
Device \Driver\usbuhci \Device\USBFDO-3 8963B500
Device \Driver\Ftdisk \Device\FtControl 89E561F8
Device \Driver\usbehci \Device\USBFDO-4 8966D500
Device \Driver\viamraid \Device\Scsi\viamraid1 89E541F8
Device \Driver\ulsata2 \Device\Scsi\ulsata21Port2Path0Target0Lun0 89DE91F8
Device \Driver\ulsata2 \Device\Scsi\ulsata21Port2Path0Target10Lun0 89DE91F8
Device \Driver\ulsata2 \Device\Scsi\ulsata21 89DE91F8
Device \Driver\ulsata2 \Device\Scsi\ulsata21Port2Path0Target4Lun0 89DE91F8
Device \Driver\a8e0siye \Device\Scsi\a8e0siye1 896C7500
Device \Driver\NetBT \Device\NetBT_Tcpip_{918445E1-643F-4D9F-B337-453C5BC45995} 89637500
Device \FileSystem\Cdfs \Cdfs 88DD6500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0x59 0x9A 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0x6E 0x39 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4F 0x80 0x0A 0xCA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0x59 0x9A 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0x6E 0x39 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4F 0x80 0x0A 0xCA ...
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-12 21:17:23
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\DEMUER~1\LOCALS~1\Temp\pgtdypoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB7FFF6B8]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB81F7630]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB81F0D80]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB7FFF574]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB81F7E40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB820ED30]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB820F150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB8219240]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB81F7FB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB81F1C60]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB8216780]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB7FFFA52]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB820DE70]
SSDT spdj.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spdj.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB8217080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB82172B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB81F1750]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB7FFF64E]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB8211450]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB8211020]
SSDT spdj.sys ZwQueryKey [0xB9ECE20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB7FFF76E]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB8218430]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB8217A40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB81F7180]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB7FFF72E]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB81F7910]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB81F2080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB82188E0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB7FFF8AE]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB820FD20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB820FA50]
INT 0x62 ? 89E55BF8
INT 0x73 ? 89E58BF8
INT 0x82 ? 89E55BF8
INT 0x83 ? 89E58BF8
INT 0xB4 ? 89727F00
INT 0xB4 ? 89727F00
INT 0xB4 ? 89727F00
INT 0xB4 ? 89727F00
INT 0xB4 ? 89727F00
INT 0xB4 ? 89727F00
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C54 12 Bytes [40, 7E, 1F, B8, 30, ED, 20, ...]
? spdj.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B9A258AC 5 Bytes JMP 897274E0
.text a8e0siye.SYS B95C1386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a8e0siye.SYS B95C13AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a8e0siye.SYS B95C13C4 3 Bytes [00, 80, 02]
.text a8e0siye.SYS B95C13C9 1 Byte [30]
.text a8e0siye.SYS B95C13C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spdj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spdj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spdj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spdj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spdj.sys
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a8e0siye.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B81FD080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B81FCE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B81FD7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B81FB3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B81FB3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B81FD080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B81FCE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B81FD7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B81FD080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B81FB3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B81FD7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B81FCE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B81FD7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B81FCE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B81FD080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B81FB3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B81FD080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B81FCE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B81FD7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B81FD080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B81FB3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B81FD7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B81FCE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89E531F8
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\PCI_PNP1338 \Device\00000043 spdj.sys
Device \Driver\usbuhci \Device\USBPDO-0 8963B500
Device \Driver\usbuhci \Device\USBPDO-1 8963B500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DEA1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89DEA1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89DEA1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89DEA1F8
Device \Driver\sptd \Device\210993838 spdj.sys
Device \Driver\usbuhci \Device\USBPDO-2 8963B500
Device \Driver\usbuhci \Device\USBPDO-3 8963B500
Device \Driver\usbehci \Device\USBPDO-4 8966D500
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 89E561F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89E561F8
Device \Driver\Cdrom \Device\CdRom0 89639500
Device \Driver\Ftdisk \Device\HarddiskVolume3 89E561F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 89637500
Device \Driver\NetBT \Device\NetbiosSmb 89637500
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 8963B500
Device \Driver\usbuhci \Device\USBFDO-1 8963B500
Device \Driver\usbuhci \Device\USBFDO-2 8963B500
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89671500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89671500
Device \Driver\usbuhci \Device\USBFDO-3 8963B500
Device \Driver\Ftdisk \Device\FtControl 89E561F8
Device \Driver\usbehci \Device\USBFDO-4 8966D500
Device \Driver\viamraid \Device\Scsi\viamraid1 89E541F8
Device \Driver\ulsata2 \Device\Scsi\ulsata21Port2Path0Target0Lun0 89DE91F8
Device \Driver\ulsata2 \Device\Scsi\ulsata21Port2Path0Target10Lun0 89DE91F8
Device \Driver\ulsata2 \Device\Scsi\ulsata21 89DE91F8
Device \Driver\ulsata2 \Device\Scsi\ulsata21Port2Path0Target4Lun0 89DE91F8
Device \Driver\a8e0siye \Device\Scsi\a8e0siye1 896C7500
Device \Driver\NetBT \Device\NetBT_Tcpip_{918445E1-643F-4D9F-B337-453C5BC45995} 89637500
Device \FileSystem\Cdfs \Cdfs 88DD6500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0x59 0x9A 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0x6E 0x39 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4F 0x80 0x0A 0xCA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0x59 0x9A 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0x6E 0x39 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4F 0x80 0x0A 0xCA ...
---- EOF - GMER 1.0.15 ----
-
Jornada de Muerto
- Návštěvník
- Příspěvky: 16
- Registrován: 04 bře 2008 15:42
Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"
Tak v rootu na c: nic není, soubor stejného názvu je v této složce:
c:\ComboFix\ComboFix.txt
mj se na c: utvořily následující složky:
cmdcons
Qoobox
Log ze zmíněného souboru:
ComboFix 10-01-11.04 - de Muerto 12.01.2010 21:31:04.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1628 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\de Muerto\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100111-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
c:\ComboFix\ComboFix.txt
mj se na c: utvořily následující složky:
cmdcons
Qoobox
Log ze zmíněného souboru:
ComboFix 10-01-11.04 - de Muerto 12.01.2010 21:31:04.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1628 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\de Muerto\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100111-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
-
pitimir
- Vzorný návštěvník
- Příspěvky: 479
- Registrován: 18 čer 2008 17:54
- Bydliště: Šutrovec
- Kontaktovat uživatele:
Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"
Start -> Spustit -> (napis) notepad "C:\Qoobox\ComboFix-quarantined-files.txt"
Enter. Vyskoci na teba textovy subor, vloz sem jeho obsah. A poprosim si aj novy log z RSITu
Enter. Vyskoci na teba textovy subor, vloz sem jeho obsah. A poprosim si aj novy log z RSITu
Ja som skromný, mám len dve veci do podpisu...
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
-
Jornada de Muerto
- Návštěvník
- Příspěvky: 16
- Registrován: 04 bře 2008 15:42
Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"
Po skenu ComboFix-em na mne vyskočilo toto okno:
Tyto soubory mám na c:
A tyto v adresáři C:\Qoobox
....nikde jsem nenašel ten texťák.
Děkuji za trpělivost.
Tyto soubory mám na c:
A tyto v adresáři C:\Qoobox
....nikde jsem nenašel ten texťák.
Děkuji za trpělivost.
-
pitimir
- Vzorný návštěvník
- Příspěvky: 479
- Registrován: 18 čer 2008 17:54
- Bydliště: Šutrovec
- Kontaktovat uživatele:
Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"
Nevadi, nic sa nedeje.
Start -> Spustit -> (napis) "%userprofile%\plocha\ComboFix.exe" /StepDel
Enter. CF zacne robit, po skonceni scanu by mal vyplut log.
Toto by pomohlopitimir píše:...kde presne bol smejd hlaseny?
Start -> Spustit -> (napis) "%userprofile%\plocha\ComboFix.exe" /StepDel
Enter. CF zacne robit, po skonceni scanu by mal vyplut log.
Ja som skromný, mám len dve veci do podpisu...
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
-
Jornada de Muerto
- Návštěvník
- Příspěvky: 16
- Registrován: 04 bře 2008 15:42
Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"
Log z AVASTu:
10.1.2010 17:01:32 de Muerto 1948 Virus "Win32:Small-GWM [Trj]" byl nalezen v souboru "C:\DOCUME~1\DEMUER~1\LOCALS~1\Temp\GUQF296\we.exe\[UPX]".
10.1.2010 17:01:55 de Muerto 1948 Virus "Win32:Small-GWM [Trj]" byl nalezen v souboru "C:\DOCUME~1\DEMUER~1\LOCALS~1\Temp\GUQF296\we.exe\[UPX]".
10.1.2010 17:02:01 de Muerto 1948 Virus "Win32:Adware-gen [Adw]" byl nalezen v souboru "C:\DOCUME~1\DEMUER~1\LOCALS~1\Temp\GUQF296\en.exe".
10.1.2010 17:02:03 de Muerto 1948 Virus "Win32:Adware-gen [Adw]" byl nalezen v souboru "C:\DOCUME~1\DEMUER~1\LOCALS~1\Temp\GUQF296\en.exe".
11.1.2010 7:43:26 de Muerto 4076 Virus "Win32:Small-GWM [Trj]" byl nalezen v souboru "C:\System Volume Information\_restore{7D0BFA63-30EC-4AB7-A84F-64B3377B542A}\RP17\A0001609.exe\[UPX]".
11.1.2010 15:38:14 SYSTEM 1772 Funkce setifaceUpdatePackages() selhala. Návratová hodnota je 0x20000011, dwRes je 20000011.
11.1.2010 19:39:49 SYSTEM 1772 Funkce setifaceUpdatePackages() selhala. Návratová hodnota je 0x20000011, dwRes je 20000011.
12.1.2010 0:30:59 de Muerto 4076 Virus "Win32:FakeAV-ADU [Trj]" byl nalezen v souboru "E:\System Volume Information\_restore{7D0BFA63-30EC-4AB7-A84F-64B3377B542A}\RP45\A0014197.exe".
12.1.2010 0:31:00 de Muerto 4076 Virus "Win32:FakeAV-ADU [Trj]" byl nalezen v souboru "E:\System Volume Information\_restore{7D0BFA63-30EC-4AB7-A84F-64B3377B542A}\RP45\A0014199.exe".
13.1.2010 7:11:26 SYSTEM 2040 Funkce setifaceUpdatePackages() selhala. Návratová hodnota je 0x20000004, dwRes je 20000004.
10.1.2010 17:01:32 de Muerto 1948 Virus "Win32:Small-GWM [Trj]" byl nalezen v souboru "C:\DOCUME~1\DEMUER~1\LOCALS~1\Temp\GUQF296\we.exe\[UPX]".
10.1.2010 17:01:55 de Muerto 1948 Virus "Win32:Small-GWM [Trj]" byl nalezen v souboru "C:\DOCUME~1\DEMUER~1\LOCALS~1\Temp\GUQF296\we.exe\[UPX]".
10.1.2010 17:02:01 de Muerto 1948 Virus "Win32:Adware-gen [Adw]" byl nalezen v souboru "C:\DOCUME~1\DEMUER~1\LOCALS~1\Temp\GUQF296\en.exe".
10.1.2010 17:02:03 de Muerto 1948 Virus "Win32:Adware-gen [Adw]" byl nalezen v souboru "C:\DOCUME~1\DEMUER~1\LOCALS~1\Temp\GUQF296\en.exe".
11.1.2010 7:43:26 de Muerto 4076 Virus "Win32:Small-GWM [Trj]" byl nalezen v souboru "C:\System Volume Information\_restore{7D0BFA63-30EC-4AB7-A84F-64B3377B542A}\RP17\A0001609.exe\[UPX]".
11.1.2010 15:38:14 SYSTEM 1772 Funkce setifaceUpdatePackages() selhala. Návratová hodnota je 0x20000011, dwRes je 20000011.
11.1.2010 19:39:49 SYSTEM 1772 Funkce setifaceUpdatePackages() selhala. Návratová hodnota je 0x20000011, dwRes je 20000011.
12.1.2010 0:30:59 de Muerto 4076 Virus "Win32:FakeAV-ADU [Trj]" byl nalezen v souboru "E:\System Volume Information\_restore{7D0BFA63-30EC-4AB7-A84F-64B3377B542A}\RP45\A0014197.exe".
12.1.2010 0:31:00 de Muerto 4076 Virus "Win32:FakeAV-ADU [Trj]" byl nalezen v souboru "E:\System Volume Information\_restore{7D0BFA63-30EC-4AB7-A84F-64B3377B542A}\RP45\A0014199.exe".
13.1.2010 7:11:26 SYSTEM 2040 Funkce setifaceUpdatePackages() selhala. Návratová hodnota je 0x20000004, dwRes je 20000004.
-
pitimir
- Vzorný návštěvník
- Příspěvky: 479
- Registrován: 18 čer 2008 17:54
- Bydliště: Šutrovec
- Kontaktovat uživatele:
Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"
A ten CF ide?
Ja som skromný, mám len dve veci do podpisu...
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
-
Jornada de Muerto
- Návštěvník
- Příspěvky: 16
- Registrován: 04 bře 2008 15:42
Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"
Teď se probral komp...CF spuštěn z příkazové řádky dle návodu...nejdříve chtěl odpálit Avasta, následovalo okno s upozorněním na virtuální mechaniku. Přiznám se, tady nevím, který program ho s virtuální mechanikou dráždí (Daemon T. vypnut, Nero taky).
Nicméně následoval restart a CF začal se skenem a už to vypadalo nadějně...Log téměr hotov, najdete ho v c:\Com blabla. a komp se opět restartoval.
Po opětovném příhlášení soubor nenajdu.
Nicméně následoval restart a CF začal se skenem a už to vypadalo nadějně...Log téměr hotov, najdete ho v c:\Com blabla. a komp se opět restartoval.
Po opětovném příhlášení soubor nenajdu.
-
pitimir
- Vzorný návštěvník
- Příspěvky: 479
- Registrován: 18 čer 2008 17:54
- Bydliště: Šutrovec
- Kontaktovat uživatele:
Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"
1) Stiahni si Win32kDiag, najlepsie na plochu. Spust dvojklikom, po skonceni scanu by sa ti mal zobrazit textovy subor. Jeho obsah sem vloz.
2) Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.
2) Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.
Ja som skromný, mám len dve veci do podpisu...
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
-
Jornada de Muerto
- Návštěvník
- Příspěvky: 16
- Registrován: 04 bře 2008 15:42
Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"
ad 1)
Running from: C:\Documents and Settings\de Muerto\Plocha\Win32kDiag.exe
Log file at : C:\Documents and Settings\de Muerto\Plocha\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Finished!
Running from: C:\Documents and Settings\de Muerto\Plocha\Win32kDiag.exe
Log file at : C:\Documents and Settings\de Muerto\Plocha\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Finished!
-
Jornada de Muerto
- Návštěvník
- Příspěvky: 16
- Registrován: 04 bře 2008 15:42
Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"
ad 2)
DDS (Ver_09-12-01.01) - NTFSx86
Run by de Muerto at 22:08:57,32 on st 13.01.2010
Internet Explorer: 8.0.6001.18702
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1606 [GMT 1:00]
AV: avast! antivirus 4.8.1368 [VPS 100113-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\astsrv.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\de Muerto\Plocha\dds.scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [AdobeBridge]
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
mRun: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [NPSStartup]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\akcele~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdat ... 2269556328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2009-12-30 190720]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-30 114768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-30 486280]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-30 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-30 138680]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-31 233472]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-12-31 36608]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-4 69120]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-30 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-30 352920]
=============== Created Last 30 ================
2010-01-13 20:00:55 0 d-----w- c:\program files\CABviaActiveSync
2010-01-13 19:50:09 0 d-----w- c:\windows\ASTULogTemp
2010-01-13 19:13:58 0 d-----w- C:\ComboFix
2010-01-12 20:28:47 0 d-sha-r- C:\cmdcons
2010-01-12 20:27:41 77312 ----a-w- c:\windows\MBR.exe
2010-01-12 20:27:41 261632 ----a-w- c:\windows\PEV.exe
2010-01-12 20:27:40 98816 ----a-w- c:\windows\sed.exe
2010-01-12 20:27:40 161792 ----a-w- c:\windows\SWREG.exe
2010-01-10 20:31:56 75288 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-10 20:00:35 0 d-----w- c:\program files\Windows Installer Clean Up
2010-01-10 20:00:22 0 d-----w- c:\program files\MSECACHE
2010-01-10 17:51:39 0 d-----w- c:\windows\system32\appmgmt
2010-01-10 16:16:37 14048 ------w- c:\windows\system32\spmsg2.dll
2010-01-10 16:03:44 142 ----a-w- c:\windows\system32\spupdsvc.inf
2010-01-09 08:05:24 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-09 08:05:24 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-09 08:04:27 0 d-----w- c:\docume~1\alluse~1\dataap~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-09 07:45:13 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-09 07:45:12 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-01-09 07:45:12 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-09 07:45:11 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-01-05 21:32:07 0 d-----w- c:\program files\Windows Media Connect 2
2010-01-05 21:29:55 0 d-----w- c:\windows\system32\LogFiles
2010-01-05 21:29:07 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-03 11:46:15 0 d-----w- c:\docume~1\demuer~1\dataap~1\Mask Pro 4.0
2010-01-03 09:21:16 227840 ----a-w- c:\windows\system32\Deco_32.dll
2010-01-03 09:21:14 0 d-----w- c:\program files\common files\onOne Software Shared
2010-01-03 09:20:29 0 d-----w- c:\docume~1\demuer~1\dataap~1\onOne Software
2010-01-03 09:17:11 0 d-----w- c:\docume~1\alluse~1\dataap~1\onOne Software
2010-01-03 09:16:59 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2010-01-03 09:16:58 0 d-----w- c:\program files\onOne Software
2010-01-02 08:50:02 0 d-----w- c:\program files\Seagate
2010-01-02 08:49:21 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-01 19:15:27 266240 ----a-w- c:\windows\system32\Adobe Gamma.cpl
2010-01-01 15:35:11 0 d-----w- c:\program files\Imagenomic
2010-01-01 13:28:07 0 d-----w- c:\program files\Bonjour
2010-01-01 13:18:21 0 d-----w- c:\program files\common files\Macrovision Shared
2010-01-01 12:44:07 90112 ----a-w- c:\windows\RSetupCE.exe
2010-01-01 12:44:02 0 d-----w- c:\program files\Resco
2010-01-01 08:14:24 0 d-----w- c:\program files\HD Tune Pro
2009-12-31 22:26:59 0 d-----w- c:\program files\CeRegEditor
2009-12-31 22:09:21 0 d-----w- c:\program files\Microsoft ActiveSync
2009-12-31 22:02:36 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-31 22:02:29 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-31 22:01:40 0 d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-12-31 22:01:30 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2009-12-31 22:01:30 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2009-12-31 22:01:30 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2009-12-31 22:00:03 0 d-----w- c:\docume~1\demuer~1\dataap~1\Samsung
2009-12-31 21:59:44 0 d-----w- c:\program files\MarkAny
2009-12-31 21:59:41 0 d-----w- c:\program files\PC Connectivity Solution
2009-12-31 21:58:26 0 d-----w- c:\program files\Samsung
2009-12-31 20:33:59 0 d-----w- c:\program files\Nero
2009-12-31 20:29:39 1089883 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-12-31 17:38:15 49152 ----a-w- c:\windows\system32\ChCfg.exe
2009-12-31 17:37:47 0 d-----w- c:\program files\Realtek AC97
2009-12-31 17:10:48 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-31 17:10:48 17264 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-12-31 15:01:38 0 d-----w- c:\windows\system32\XPSViewer
2009-12-31 15:00:58 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-31 15:00:58 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-31 15:00:58 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-31 15:00:58 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-31 15:00:58 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-31 15:00:58 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-31 15:00:58 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-31 14:48:41 0 d-sh--w- c:\documents and settings\de muerto\PrivacIE
2009-12-31 14:47:39 0 d-sh--w- c:\documents and settings\de muerto\IETldCache
2009-12-31 14:45:49 0 d-----w- c:\windows\ie8updates
2009-12-31 14:44:05 0 dc-h--w- c:\windows\ie8
2009-12-31 14:43:00 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-31 14:43:00 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-31 14:42:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-31 14:42:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-31 14:42:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-31 14:42:57 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-31 14:42:35 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-31 09:46:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-31 09:45:59 0 d-----w- c:\program files\MSXML 4.0
2009-12-31 08:14:05 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2009-12-30 23:54:59 0 d-----w- c:\program files\AnswerWorks 4.0
2009-12-30 23:51:04 0 d-----w- c:\program files\AutoCAD 2007
2009-12-30 23:51:04 0 d-----w- c:\docume~1\demuer~1\dataap~1\Autodesk
2009-12-30 23:49:10 0 d-----w- c:\program files\common files\Autodesk Shared
2009-12-30 23:49:04 0 d-----w- c:\program files\Autodesk
2009-12-30 23:42:20 30568 ----a-w- c:\windows\system32\mdimon.dll
2009-12-30 23:38:39 0 d-----w- c:\windows\SHELLNEW
2009-12-30 23:21:43 0 d-----w- c:\windows\RegisteredPackages
2009-12-30 23:15:29 0 d-----w- c:\program files\Trend Micro
2009-12-30 23:11:08 0 d-----w- c:\program files\IrfanView
2009-12-30 23:07:38 0 d-----w- c:\program files\WinHTTrack
2009-12-30 23:01:41 0 d-----w- c:\program files\CCleaner
2009-12-30 22:59:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-30 22:59:03 0 d-----w- c:\program files\DAEMON Tools Lite
2009-12-30 22:58:24 0 d-----w- c:\docume~1\demuer~1\dataap~1\DAEMON Tools Lite
2009-12-30 22:58:20 0 d-----w- c:\docume~1\alluse~1\dataap~1\DAEMON Tools Lite
2009-12-30 22:55:06 0 d-----w- c:\docume~1\demuer~1\dataap~1\VitySoft
2009-12-30 22:54:58 0 d-----w- c:\program files\FreeRapid-0.83u1
2009-12-30 22:54:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-30 22:54:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-30 22:51:27 42496 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2009-12-30 22:51:27 0 d-----w- c:\program files\AMD
2009-12-30 22:23:54 87608 ----a-w- c:\docume~1\demuer~1\dataap~1\inst.exe
2009-12-30 22:23:54 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-30 22:23:54 47360 ----a-w- c:\docume~1\demuer~1\dataap~1\pcouffin.sys
2009-12-30 22:23:39 0 d-----w- c:\program files\DVDFab 6
2009-12-30 22:19:48 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-30 22:19:08 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-30 22:19:07 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-30 22:19:07 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-30 22:19:07 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-30 22:19:07 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-30 22:19:06 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-30 22:19:06 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-30 22:19:06 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-30 22:18:57 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-30 22:07:49 0 d-----w- c:\windows\system32\cs-cz
2009-12-30 22:07:49 0 d-----w- c:\windows\system32\cs
2009-12-30 22:07:49 0 d-----w- c:\windows\l2schemas
2009-12-30 22:07:48 0 d-----w- c:\windows\system32\bits
2009-12-30 22:06:33 0 d-----w- c:\windows\ServicePackFiles
2009-12-30 22:04:53 0 d-----w- c:\windows\network diagnostic
2009-12-30 21:53:59 12800 ------w- c:\windows\system32\drivers\usb8023x.sys
2009-12-30 21:52:59 129045 ------w- c:\windows\system32\drivers\cxthsfs2.cty
2009-12-30 21:47:16 0 d-----w- c:\program files\VideoLAN
2009-12-30 21:40:30 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-12-30 21:33:34 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-30 21:33:32 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-30 21:33:29 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-30 21:33:26 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-30 21:33:21 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-30 21:33:12 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-30 21:32:56 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-30 21:32:55 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-30 21:32:54 2068224 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-30 21:31:35 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-30 21:31:32 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-30 21:31:20 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2009-12-30 21:31:19 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-30 21:28:13 0 d-sh--w- c:\documents and settings\de muerto\UserData
2009-12-30 21:26:24 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-12-30 21:05:35 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-30 21:05:30 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-30 21:05:30 0 d-----w- c:\windows\system32\ZoneLabs
2009-12-30 21:05:29 422437 ----a-w- c:\windows\system32\vsconfig.xml
2009-12-30 21:05:03 0 d-----w- c:\program files\Zone Labs
2009-12-30 20:09:54 9216 ----a-r- c:\windows\system32\drivers\videX32.sys
2009-12-30 20:09:36 0 d-----w- c:\windows\system32\ReinstallBackups
2009-12-30 20:09:31 319456 ----a-w- c:\windows\system32\difxapi.dll
2009-12-30 20:06:22 0 d-----w- c:\program files\AvRack
2009-12-30 19:59:36 0 d-----w- c:\program files\VIA
2009-12-30 19:33:39 0 d-----w- c:\program files\common files\ODBC
2009-12-30 19:33:36 0 d-----w- c:\program files\common files\SpeechEngines
2009-12-30 19:33:12 0 d--h--w- c:\documents and settings\all users\Šablony
2009-12-30 19:33:12 0 d-----w- c:\documents and settings\all users\Plocha
2009-12-30 19:33:12 0 d-----w- c:\documents and settings\all users\Oblíbené položky
2009-12-30 19:33:12 0 d-----r- c:\documents and settings\all users\Nabídka Start
2009-12-30 19:33:12 0 d-----r- c:\documents and settings\all users\Dokumenty
2009-12-30 19:32:50 0 d--h--r- c:\documents and settings\all users\Data aplikací
2009-12-30 19:15:14 0 d-----w- c:\program files\Realtek
2009-12-30 19:06:27 0 d-----w- c:\program files\Totalcmd
2009-12-30 18:42:40 0 d-sh--w- c:\documents and settings\all users\DRM
2009-12-30 18:42:23 0 d--h--w- c:\program files\WindowsUpdate
2009-12-30 18:42:19 0 d-----w- c:\program files\Online Services
2009-12-30 18:41:29 0 d-----w- c:\program files\common files\MSSoap
2009-12-30 18:40:03 0 d-----w- c:\program files\MSN Gaming Zone
2009-12-30 18:39:34 0 d-----w- c:\program files\Windows NT
==================== Find3M ====================
2010-01-12 17:55:58 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-01-12 17:55:57 78052 ----a-w- c:\windows\system32\perfc005.dat
2009-12-30 19:18:40 315392 ----a-w- c:\windows\HideWin.exe
2009-12-30 18:40:34 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 07:43:54 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40:39 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40:39 25088 ----a-w- c:\windows\system32\httpapi.dll
============= FINISH: 22:09:03,79 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Systém Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 30.12.2009 19:45:52
System Uptime: 13.1.2010 20:21:20 (2 hours ago)
Motherboard: MSI | | MS-6702E
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket-939 | 2200/200mhz
==== Disk Partitions =========================
B: is Removable
C: is FIXED (NTFS) - 75 GiB total, 48,638 GiB free.
D: is FIXED (NTFS) - 186 GiB total, 175,77 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 685,861 GiB free.
G: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP19: 30.12.2009 23:20:52 - Installed Adobe Reader 9.2 - Czech.
RP20: 30.12.2009 23:21:49 - Software Distribution Service 3.0
RP21: 30.12.2009 23:51:27 - Instalováno Athlon 64 Processor Driver
RP22: 30.12.2009 23:53:48 - Installed Java(TM) 6 Update 17
RP23: 30.12.2009 23:59:08 - SPTD setup V1.62
RP24: 31.12.2009 0:02:52 - Odstraněno Realtek High Definition Audio Driver
RP25: 31.12.2009 0:21:43 - Installed Windows Media Format Runtime
RP26: 31.12.2009 0:35:05 - Installed Microsoft Office Enterprise 2007
RP27: 31.12.2009 0:38:01 - Installed Microsoft Office Enterprise 2007
RP28: 31.12.2009 0:42:17 - Je nainstalován ovladač tiskárny Microsoft Office Document Imag
RP29: 31.12.2009 0:45:58 - Nainstalováno: Microsoft .NET Framework 2.0
RP30: 31.12.2009 0:48:34 - Nainstalováno: Microsoft .NET Framework 2.0 Language Pack - CSY
RP31: 31.12.2009 0:48:56 - Ovladače rozhraní DirectX
RP32: 31.12.2009 0:50:53 - Nainstalováno: AutoCAD 2007 - Český
RP33: 31.12.2009 10:45:25 - Software Distribution Service 3.0
RP34: 31.12.2009 15:44:56 - Byla nainstalována aplikace Windows Internet Explorer 8.
RP35: 31.12.2009 15:45:36 - Software Distribution Service 3.0
RP36: 31.12.2009 15:56:38 - Software Distribution Service 3.0
RP37: 31.12.2009 18:37:39 - Instalováno Realtek AC'97 Audio
RP38: 31.12.2009 21:33:53 - Nero 7 Ultra Edition wird installiert
RP39: 31.12.2009 22:58:35 - Instalováno Samsung New PC Studio
RP40: 31.12.2009 23:09:19 - Installed Microsoft ActiveSync
RP41: 1.1.2010 16:35:10 - Installed Portraiture Plug-in
RP42: 2.1.2010 9:49:34 - Nainstalováno: Microsoft Visual C++ 2005 Redistributable
RP43: 2.1.2010 9:50:00 - Nainstalováno: SeaTools for Windows
RP44: 2.1.2010 19:40:21 - Software Distribution Service 3.0
RP45: 3.1.2010 10:16:55 - Installed Plug-in Suite 4
RP46: 4.1.2010 19:16:32 - Kontrolní bod systému
RP47: 4.1.2010 20:03:26 - Software Distribution Service 3.0
RP48: 5.1.2010 20:29:51 - Kontrolní bod systému
RP49: 5.1.2010 21:23:42 - Installed Windows Media Player Firefox Plugin
RP50: 5.1.2010 22:29:11 - Software Distribution Service 3.0
RP51: 6.1.2010 6:38:47 - Software Distribution Service 3.0
RP52: 7.1.2010 7:44:04 - Kontrolní bod systému
RP53: 9.1.2010 9:04:17 - Installed iTunes
RP54: 10.1.2010 10:16:45 - Kontrolní bod systému
RP55: 10.1.2010 12:41:50 - Removed Bonjour
RP56: 10.1.2010 17:03:08 - Software Distribution Service 3.0
RP57: 10.1.2010 17:16:37 - Installed %1 %2.
RP58: 10.1.2010 17:58:34 - Software Distribution Service 3.0
RP59: 10.1.2010 18:50:02 - Removed Apple Mobile Device Support
RP60: 10.1.2010 18:58:24 - Installed iPhone Configuration Utility
RP61: 10.1.2010 19:02:34 - Removed iPhone Configuration Utility
RP62: 10.1.2010 19:02:57 - Removed Apple Mobile Device Support
RP63: 10.1.2010 19:13:06 - Installed iPhone Configuration Utility
RP64: 10.1.2010 19:19:06 - Removed Apple Mobile Device Support
RP65: 10.1.2010 19:21:20 - Removed iTunes
RP66: 10.1.2010 19:23:57 - Removed Apple Software Update
RP67: 10.1.2010 19:24:19 - Removed Apple Application Support
RP68: 10.1.2010 19:25:02 - Removed iPhone Configuration Utility
RP69: 10.1.2010 20:20:33 - Installed iTunes
RP70: 10.1.2010 20:27:48 - Removed iTunes
RP71: 10.1.2010 20:35:29 - Installed iTunes
RP72: 10.1.2010 20:41:00 - Installed Apple Application Support
RP73: 10.1.2010 20:44:31 - Removed iTunes
RP74: 10.1.2010 20:48:15 - Removed QuickTime
RP75: 10.1.2010 20:49:18 - Removed Bonjour
RP76: 10.1.2010 20:49:28 - Removed Apple Software Update
RP77: 10.1.2010 20:51:31 - Removed Apple Application Support
RP78: 10.1.2010 20:52:12 - Removed Apple Mobile Device Support
RP79: 10.1.2010 21:00:33 - Installed Windows Installer Clean Up
RP80: 10.1.2010 21:06:41 - Installed QuickTime
RP81: 10.1.2010 21:11:37 - Installed iTunes
RP82: 12.1.2010 0:10:28 - Kontrolní bod systému
RP83: 13.1.2010 6:53:26 - Removed Apple Application Support
RP84: 13.1.2010 6:54:44 - Removed Apple Mobile Device Support
RP85: 13.1.2010 6:56:48 - Removed Apple Software Update
RP86: 13.1.2010 6:57:05 - Removed Bonjour
RP87: 13.1.2010 7:01:09 - Software Distribution Service 3.0
RP88: 13.1.2010 20:54:39 - Removed Microsoft ActiveSync
RP89: 13.1.2010 20:57:02 - Nainstalováno: Microsoft ActiveSync
==== Installed Programs ======================
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.2 - Czech
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Aktualizace systému Windows Internet Explorer 8 (KB975364)
Aktualizace zabezpečení produktu Windows XP (KB923689)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB971961)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB976325)
Aktualizace zabezpečení systému Windows XP (KB923789)
Athlon 64 Processor Driver
AutoCAD 2007 - Český
Autodesk DWF Viewer
avast! Antivirus
Balíček ovladače systému Windows - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Balíček ovladače systému Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
CCleaner
CeRegEditor 0.0.5.1
DVDFab 6.1.2.5 (27/10/2009)
HD Tune Pro 3.50
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
IrfanView (remove only)
iTunes
Java(TM) 6 Update 17
Macromedia Flash Player 8
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
Microsoft .NET Framework 3.5 Language Pack SP1 - csy
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Czech) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Czech) 2007
Microsoft Office Groove MUI (Czech) 2007
Microsoft Office InfoPath MUI (Czech) 2007
Microsoft Office OneNote MUI (Czech) 2007
Microsoft Office Outlook MUI (Czech) 2007
Microsoft Office PowerPoint MUI (Czech) 2007
Microsoft Office Proof (Czech) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Slovak) 2007
Microsoft Office Proofing (Czech) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Czech) 2007
Microsoft Office Shared MUI (Czech) 2007
Microsoft Office Word MUI (Czech) 2007
Microsoft Software Update for Web Folders (Czech) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
Opera 10.10
PC Connectivity Solution
PDF Settings
Platform
Plug-in Suite 4
Portraiture Plug-in
QuickTime
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI-E NIC Driver
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Download Driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Total Commander (Remove or Repair)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977839)
VC 9.0 Runtime
VIA Platforma Ovladače zařízení
VLC media player 1.0.3
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinHTTrack Website Copier 3.43-7
WinRAR
Wocarson Windows Genuine Advantage Validation v1.9.40.0 Cracked V2
XML Paper Specification Shared Components Language Pack 1.0
ZoneAlarm
==== End Of File ===========================
...jak je vidět samej legal SW.
DDS (Ver_09-12-01.01) - NTFSx86
Run by de Muerto at 22:08:57,32 on st 13.01.2010
Internet Explorer: 8.0.6001.18702
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1606 [GMT 1:00]
AV: avast! antivirus 4.8.1368 [VPS 100113-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\astsrv.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\de Muerto\Plocha\dds.scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [AdobeBridge]
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
mRun: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [NPSStartup]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\akcele~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdat ... 2269556328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2009-12-30 190720]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-30 114768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-30 486280]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-30 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-30 138680]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-31 233472]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-12-31 36608]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-4 69120]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-30 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-30 352920]
=============== Created Last 30 ================
2010-01-13 20:00:55 0 d-----w- c:\program files\CABviaActiveSync
2010-01-13 19:50:09 0 d-----w- c:\windows\ASTULogTemp
2010-01-13 19:13:58 0 d-----w- C:\ComboFix
2010-01-12 20:28:47 0 d-sha-r- C:\cmdcons
2010-01-12 20:27:41 77312 ----a-w- c:\windows\MBR.exe
2010-01-12 20:27:41 261632 ----a-w- c:\windows\PEV.exe
2010-01-12 20:27:40 98816 ----a-w- c:\windows\sed.exe
2010-01-12 20:27:40 161792 ----a-w- c:\windows\SWREG.exe
2010-01-10 20:31:56 75288 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-10 20:00:35 0 d-----w- c:\program files\Windows Installer Clean Up
2010-01-10 20:00:22 0 d-----w- c:\program files\MSECACHE
2010-01-10 17:51:39 0 d-----w- c:\windows\system32\appmgmt
2010-01-10 16:16:37 14048 ------w- c:\windows\system32\spmsg2.dll
2010-01-10 16:03:44 142 ----a-w- c:\windows\system32\spupdsvc.inf
2010-01-09 08:05:24 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-09 08:05:24 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-09 08:04:27 0 d-----w- c:\docume~1\alluse~1\dataap~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-09 07:45:13 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-09 07:45:12 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-01-09 07:45:12 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-09 07:45:11 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-01-05 21:32:07 0 d-----w- c:\program files\Windows Media Connect 2
2010-01-05 21:29:55 0 d-----w- c:\windows\system32\LogFiles
2010-01-05 21:29:07 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-03 11:46:15 0 d-----w- c:\docume~1\demuer~1\dataap~1\Mask Pro 4.0
2010-01-03 09:21:16 227840 ----a-w- c:\windows\system32\Deco_32.dll
2010-01-03 09:21:14 0 d-----w- c:\program files\common files\onOne Software Shared
2010-01-03 09:20:29 0 d-----w- c:\docume~1\demuer~1\dataap~1\onOne Software
2010-01-03 09:17:11 0 d-----w- c:\docume~1\alluse~1\dataap~1\onOne Software
2010-01-03 09:16:59 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2010-01-03 09:16:58 0 d-----w- c:\program files\onOne Software
2010-01-02 08:50:02 0 d-----w- c:\program files\Seagate
2010-01-02 08:49:21 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-01 19:15:27 266240 ----a-w- c:\windows\system32\Adobe Gamma.cpl
2010-01-01 15:35:11 0 d-----w- c:\program files\Imagenomic
2010-01-01 13:28:07 0 d-----w- c:\program files\Bonjour
2010-01-01 13:18:21 0 d-----w- c:\program files\common files\Macrovision Shared
2010-01-01 12:44:07 90112 ----a-w- c:\windows\RSetupCE.exe
2010-01-01 12:44:02 0 d-----w- c:\program files\Resco
2010-01-01 08:14:24 0 d-----w- c:\program files\HD Tune Pro
2009-12-31 22:26:59 0 d-----w- c:\program files\CeRegEditor
2009-12-31 22:09:21 0 d-----w- c:\program files\Microsoft ActiveSync
2009-12-31 22:02:36 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-31 22:02:29 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-31 22:01:40 0 d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-12-31 22:01:30 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2009-12-31 22:01:30 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2009-12-31 22:01:30 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2009-12-31 22:00:03 0 d-----w- c:\docume~1\demuer~1\dataap~1\Samsung
2009-12-31 21:59:44 0 d-----w- c:\program files\MarkAny
2009-12-31 21:59:41 0 d-----w- c:\program files\PC Connectivity Solution
2009-12-31 21:58:26 0 d-----w- c:\program files\Samsung
2009-12-31 20:33:59 0 d-----w- c:\program files\Nero
2009-12-31 20:29:39 1089883 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-12-31 17:38:15 49152 ----a-w- c:\windows\system32\ChCfg.exe
2009-12-31 17:37:47 0 d-----w- c:\program files\Realtek AC97
2009-12-31 17:10:48 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-31 17:10:48 17264 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-12-31 15:01:38 0 d-----w- c:\windows\system32\XPSViewer
2009-12-31 15:00:58 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-31 15:00:58 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-31 15:00:58 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-31 15:00:58 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-31 15:00:58 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-31 15:00:58 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-31 15:00:58 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-31 14:48:41 0 d-sh--w- c:\documents and settings\de muerto\PrivacIE
2009-12-31 14:47:39 0 d-sh--w- c:\documents and settings\de muerto\IETldCache
2009-12-31 14:45:49 0 d-----w- c:\windows\ie8updates
2009-12-31 14:44:05 0 dc-h--w- c:\windows\ie8
2009-12-31 14:43:00 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-31 14:43:00 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-31 14:42:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-31 14:42:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-31 14:42:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-31 14:42:57 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-31 14:42:35 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-31 09:46:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-31 09:45:59 0 d-----w- c:\program files\MSXML 4.0
2009-12-31 08:14:05 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2009-12-30 23:54:59 0 d-----w- c:\program files\AnswerWorks 4.0
2009-12-30 23:51:04 0 d-----w- c:\program files\AutoCAD 2007
2009-12-30 23:51:04 0 d-----w- c:\docume~1\demuer~1\dataap~1\Autodesk
2009-12-30 23:49:10 0 d-----w- c:\program files\common files\Autodesk Shared
2009-12-30 23:49:04 0 d-----w- c:\program files\Autodesk
2009-12-30 23:42:20 30568 ----a-w- c:\windows\system32\mdimon.dll
2009-12-30 23:38:39 0 d-----w- c:\windows\SHELLNEW
2009-12-30 23:21:43 0 d-----w- c:\windows\RegisteredPackages
2009-12-30 23:15:29 0 d-----w- c:\program files\Trend Micro
2009-12-30 23:11:08 0 d-----w- c:\program files\IrfanView
2009-12-30 23:07:38 0 d-----w- c:\program files\WinHTTrack
2009-12-30 23:01:41 0 d-----w- c:\program files\CCleaner
2009-12-30 22:59:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-30 22:59:03 0 d-----w- c:\program files\DAEMON Tools Lite
2009-12-30 22:58:24 0 d-----w- c:\docume~1\demuer~1\dataap~1\DAEMON Tools Lite
2009-12-30 22:58:20 0 d-----w- c:\docume~1\alluse~1\dataap~1\DAEMON Tools Lite
2009-12-30 22:55:06 0 d-----w- c:\docume~1\demuer~1\dataap~1\VitySoft
2009-12-30 22:54:58 0 d-----w- c:\program files\FreeRapid-0.83u1
2009-12-30 22:54:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-30 22:54:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-30 22:51:27 42496 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2009-12-30 22:51:27 0 d-----w- c:\program files\AMD
2009-12-30 22:23:54 87608 ----a-w- c:\docume~1\demuer~1\dataap~1\inst.exe
2009-12-30 22:23:54 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-30 22:23:54 47360 ----a-w- c:\docume~1\demuer~1\dataap~1\pcouffin.sys
2009-12-30 22:23:39 0 d-----w- c:\program files\DVDFab 6
2009-12-30 22:19:48 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-30 22:19:08 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-30 22:19:07 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-30 22:19:07 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-30 22:19:07 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-30 22:19:07 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-30 22:19:06 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-30 22:19:06 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-30 22:19:06 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-30 22:18:57 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-30 22:07:49 0 d-----w- c:\windows\system32\cs-cz
2009-12-30 22:07:49 0 d-----w- c:\windows\system32\cs
2009-12-30 22:07:49 0 d-----w- c:\windows\l2schemas
2009-12-30 22:07:48 0 d-----w- c:\windows\system32\bits
2009-12-30 22:06:33 0 d-----w- c:\windows\ServicePackFiles
2009-12-30 22:04:53 0 d-----w- c:\windows\network diagnostic
2009-12-30 21:53:59 12800 ------w- c:\windows\system32\drivers\usb8023x.sys
2009-12-30 21:52:59 129045 ------w- c:\windows\system32\drivers\cxthsfs2.cty
2009-12-30 21:47:16 0 d-----w- c:\program files\VideoLAN
2009-12-30 21:40:30 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-12-30 21:33:34 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-30 21:33:32 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-30 21:33:29 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-30 21:33:26 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-30 21:33:21 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-30 21:33:12 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-30 21:32:56 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-30 21:32:55 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-30 21:32:54 2068224 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-30 21:31:35 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-30 21:31:32 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-30 21:31:20 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2009-12-30 21:31:19 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-30 21:28:13 0 d-sh--w- c:\documents and settings\de muerto\UserData
2009-12-30 21:26:24 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-12-30 21:05:35 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-30 21:05:30 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-30 21:05:30 0 d-----w- c:\windows\system32\ZoneLabs
2009-12-30 21:05:29 422437 ----a-w- c:\windows\system32\vsconfig.xml
2009-12-30 21:05:03 0 d-----w- c:\program files\Zone Labs
2009-12-30 20:09:54 9216 ----a-r- c:\windows\system32\drivers\videX32.sys
2009-12-30 20:09:36 0 d-----w- c:\windows\system32\ReinstallBackups
2009-12-30 20:09:31 319456 ----a-w- c:\windows\system32\difxapi.dll
2009-12-30 20:06:22 0 d-----w- c:\program files\AvRack
2009-12-30 19:59:36 0 d-----w- c:\program files\VIA
2009-12-30 19:33:39 0 d-----w- c:\program files\common files\ODBC
2009-12-30 19:33:36 0 d-----w- c:\program files\common files\SpeechEngines
2009-12-30 19:33:12 0 d--h--w- c:\documents and settings\all users\Šablony
2009-12-30 19:33:12 0 d-----w- c:\documents and settings\all users\Plocha
2009-12-30 19:33:12 0 d-----w- c:\documents and settings\all users\Oblíbené položky
2009-12-30 19:33:12 0 d-----r- c:\documents and settings\all users\Nabídka Start
2009-12-30 19:33:12 0 d-----r- c:\documents and settings\all users\Dokumenty
2009-12-30 19:32:50 0 d--h--r- c:\documents and settings\all users\Data aplikací
2009-12-30 19:15:14 0 d-----w- c:\program files\Realtek
2009-12-30 19:06:27 0 d-----w- c:\program files\Totalcmd
2009-12-30 18:42:40 0 d-sh--w- c:\documents and settings\all users\DRM
2009-12-30 18:42:23 0 d--h--w- c:\program files\WindowsUpdate
2009-12-30 18:42:19 0 d-----w- c:\program files\Online Services
2009-12-30 18:41:29 0 d-----w- c:\program files\common files\MSSoap
2009-12-30 18:40:03 0 d-----w- c:\program files\MSN Gaming Zone
2009-12-30 18:39:34 0 d-----w- c:\program files\Windows NT
==================== Find3M ====================
2010-01-12 17:55:58 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-01-12 17:55:57 78052 ----a-w- c:\windows\system32\perfc005.dat
2009-12-30 19:18:40 315392 ----a-w- c:\windows\HideWin.exe
2009-12-30 18:40:34 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 07:43:54 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40:39 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40:39 25088 ----a-w- c:\windows\system32\httpapi.dll
============= FINISH: 22:09:03,79 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Systém Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 30.12.2009 19:45:52
System Uptime: 13.1.2010 20:21:20 (2 hours ago)
Motherboard: MSI | | MS-6702E
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket-939 | 2200/200mhz
==== Disk Partitions =========================
B: is Removable
C: is FIXED (NTFS) - 75 GiB total, 48,638 GiB free.
D: is FIXED (NTFS) - 186 GiB total, 175,77 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 685,861 GiB free.
G: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP19: 30.12.2009 23:20:52 - Installed Adobe Reader 9.2 - Czech.
RP20: 30.12.2009 23:21:49 - Software Distribution Service 3.0
RP21: 30.12.2009 23:51:27 - Instalováno Athlon 64 Processor Driver
RP22: 30.12.2009 23:53:48 - Installed Java(TM) 6 Update 17
RP23: 30.12.2009 23:59:08 - SPTD setup V1.62
RP24: 31.12.2009 0:02:52 - Odstraněno Realtek High Definition Audio Driver
RP25: 31.12.2009 0:21:43 - Installed Windows Media Format Runtime
RP26: 31.12.2009 0:35:05 - Installed Microsoft Office Enterprise 2007
RP27: 31.12.2009 0:38:01 - Installed Microsoft Office Enterprise 2007
RP28: 31.12.2009 0:42:17 - Je nainstalován ovladač tiskárny Microsoft Office Document Imag
RP29: 31.12.2009 0:45:58 - Nainstalováno: Microsoft .NET Framework 2.0
RP30: 31.12.2009 0:48:34 - Nainstalováno: Microsoft .NET Framework 2.0 Language Pack - CSY
RP31: 31.12.2009 0:48:56 - Ovladače rozhraní DirectX
RP32: 31.12.2009 0:50:53 - Nainstalováno: AutoCAD 2007 - Český
RP33: 31.12.2009 10:45:25 - Software Distribution Service 3.0
RP34: 31.12.2009 15:44:56 - Byla nainstalována aplikace Windows Internet Explorer 8.
RP35: 31.12.2009 15:45:36 - Software Distribution Service 3.0
RP36: 31.12.2009 15:56:38 - Software Distribution Service 3.0
RP37: 31.12.2009 18:37:39 - Instalováno Realtek AC'97 Audio
RP38: 31.12.2009 21:33:53 - Nero 7 Ultra Edition wird installiert
RP39: 31.12.2009 22:58:35 - Instalováno Samsung New PC Studio
RP40: 31.12.2009 23:09:19 - Installed Microsoft ActiveSync
RP41: 1.1.2010 16:35:10 - Installed Portraiture Plug-in
RP42: 2.1.2010 9:49:34 - Nainstalováno: Microsoft Visual C++ 2005 Redistributable
RP43: 2.1.2010 9:50:00 - Nainstalováno: SeaTools for Windows
RP44: 2.1.2010 19:40:21 - Software Distribution Service 3.0
RP45: 3.1.2010 10:16:55 - Installed Plug-in Suite 4
RP46: 4.1.2010 19:16:32 - Kontrolní bod systému
RP47: 4.1.2010 20:03:26 - Software Distribution Service 3.0
RP48: 5.1.2010 20:29:51 - Kontrolní bod systému
RP49: 5.1.2010 21:23:42 - Installed Windows Media Player Firefox Plugin
RP50: 5.1.2010 22:29:11 - Software Distribution Service 3.0
RP51: 6.1.2010 6:38:47 - Software Distribution Service 3.0
RP52: 7.1.2010 7:44:04 - Kontrolní bod systému
RP53: 9.1.2010 9:04:17 - Installed iTunes
RP54: 10.1.2010 10:16:45 - Kontrolní bod systému
RP55: 10.1.2010 12:41:50 - Removed Bonjour
RP56: 10.1.2010 17:03:08 - Software Distribution Service 3.0
RP57: 10.1.2010 17:16:37 - Installed %1 %2.
RP58: 10.1.2010 17:58:34 - Software Distribution Service 3.0
RP59: 10.1.2010 18:50:02 - Removed Apple Mobile Device Support
RP60: 10.1.2010 18:58:24 - Installed iPhone Configuration Utility
RP61: 10.1.2010 19:02:34 - Removed iPhone Configuration Utility
RP62: 10.1.2010 19:02:57 - Removed Apple Mobile Device Support
RP63: 10.1.2010 19:13:06 - Installed iPhone Configuration Utility
RP64: 10.1.2010 19:19:06 - Removed Apple Mobile Device Support
RP65: 10.1.2010 19:21:20 - Removed iTunes
RP66: 10.1.2010 19:23:57 - Removed Apple Software Update
RP67: 10.1.2010 19:24:19 - Removed Apple Application Support
RP68: 10.1.2010 19:25:02 - Removed iPhone Configuration Utility
RP69: 10.1.2010 20:20:33 - Installed iTunes
RP70: 10.1.2010 20:27:48 - Removed iTunes
RP71: 10.1.2010 20:35:29 - Installed iTunes
RP72: 10.1.2010 20:41:00 - Installed Apple Application Support
RP73: 10.1.2010 20:44:31 - Removed iTunes
RP74: 10.1.2010 20:48:15 - Removed QuickTime
RP75: 10.1.2010 20:49:18 - Removed Bonjour
RP76: 10.1.2010 20:49:28 - Removed Apple Software Update
RP77: 10.1.2010 20:51:31 - Removed Apple Application Support
RP78: 10.1.2010 20:52:12 - Removed Apple Mobile Device Support
RP79: 10.1.2010 21:00:33 - Installed Windows Installer Clean Up
RP80: 10.1.2010 21:06:41 - Installed QuickTime
RP81: 10.1.2010 21:11:37 - Installed iTunes
RP82: 12.1.2010 0:10:28 - Kontrolní bod systému
RP83: 13.1.2010 6:53:26 - Removed Apple Application Support
RP84: 13.1.2010 6:54:44 - Removed Apple Mobile Device Support
RP85: 13.1.2010 6:56:48 - Removed Apple Software Update
RP86: 13.1.2010 6:57:05 - Removed Bonjour
RP87: 13.1.2010 7:01:09 - Software Distribution Service 3.0
RP88: 13.1.2010 20:54:39 - Removed Microsoft ActiveSync
RP89: 13.1.2010 20:57:02 - Nainstalováno: Microsoft ActiveSync
==== Installed Programs ======================
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.2 - Czech
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Aktualizace systému Windows Internet Explorer 8 (KB975364)
Aktualizace zabezpečení produktu Windows XP (KB923689)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB971961)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB976325)
Aktualizace zabezpečení systému Windows XP (KB923789)
Athlon 64 Processor Driver
AutoCAD 2007 - Český
Autodesk DWF Viewer
avast! Antivirus
Balíček ovladače systému Windows - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Balíček ovladače systému Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
CCleaner
CeRegEditor 0.0.5.1
DVDFab 6.1.2.5 (27/10/2009)
HD Tune Pro 3.50
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
IrfanView (remove only)
iTunes
Java(TM) 6 Update 17
Macromedia Flash Player 8
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
Microsoft .NET Framework 3.5 Language Pack SP1 - csy
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Czech) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Czech) 2007
Microsoft Office Groove MUI (Czech) 2007
Microsoft Office InfoPath MUI (Czech) 2007
Microsoft Office OneNote MUI (Czech) 2007
Microsoft Office Outlook MUI (Czech) 2007
Microsoft Office PowerPoint MUI (Czech) 2007
Microsoft Office Proof (Czech) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Slovak) 2007
Microsoft Office Proofing (Czech) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Czech) 2007
Microsoft Office Shared MUI (Czech) 2007
Microsoft Office Word MUI (Czech) 2007
Microsoft Software Update for Web Folders (Czech) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
Opera 10.10
PC Connectivity Solution
PDF Settings
Platform
Plug-in Suite 4
Portraiture Plug-in
QuickTime
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI-E NIC Driver
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Download Driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Total Commander (Remove or Repair)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977839)
VC 9.0 Runtime
VIA Platforma Ovladače zařízení
VLC media player 1.0.3
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinHTTrack Website Copier 3.43-7
WinRAR
Wocarson Windows Genuine Advantage Validation v1.9.40.0 Cracked V2
XML Paper Specification Shared Components Language Pack 1.0
ZoneAlarm
==== End Of File ===========================
...jak je vidět samej legal SW.
-
pitimir
- Vzorný návštěvník
- Příspěvky: 479
- Registrován: 18 čer 2008 17:54
- Bydliště: Šutrovec
- Kontaktovat uživatele:
Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"
Stiahni OTL. Uloz na plochu a spust dvojklikom subor "OTL.exe". Otvori sa okno programu, v nom zaskrtni "Scan All Users", "Lop" aj "Purity Check" a "File Scan" zmen na 7 dni miesto 30. Do policka pod nazvom "Custom Scans/Fixes" skopiruj:
Potom klikni na "Run Scan". Zacne scan pocitaca, po jeho ukonceni sa otvoria dva reporty - obsah oboch potrebujem vidiet.
Kód: Vybrat vše
netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
%SYSTEMROOT%\*. /mp /s
CREATERESTOREPOINT
%SYSTEMROOT%\system32\*.dll /lockedfiles
%SYSTEMROOT%\Tasks\*.job /lockedfilesJa som skromný, mám len dve veci do podpisu...
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Přispějete na provoz fóra?