Avast hlasi vir Vyřešeno

[feryking]

ComboFix 10-01-22.03 - feryking 23.01.2010 9:47.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1597 [GMT 1:00]
Spuštěný z: c:\documents and settings\feryking\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\feryking\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100122-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\documents and settings\feryking\ojl.exe"
"c:\windows\system32\emptyregdb.dat"
"c:\windows\system32\SET50.tmp"
"c:\windows\system32\SET52.tmp"
"c:\windows\system32\SET56.tmp"
"c:\windows\system32\SET58.tmp"
"c:\windows\system32\SET68.tmp"
"c:\windows\system32\SET6A.tmp"
"c:\windows\system32\SET6C.tmp"
"c:\windows\system32\SET70.tmp"
"c:\windows\system32\SET72.tmp"
"c:\windows\system32\SET78.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\feryking\ojl.exe
C:\found.000
c:\found.000\dir0000.chk\16and32.ico
c:\found.000\dir0000.chk\16x16.png
c:\found.000\dir0000.chk\25x25.png
c:\found.000\dir0000.chk\slide-a-lama.zip
c:\found.000\dir0000.chk\Thumbs.db
C:\found.001
c:\found.001\file0000.chk
C:\found.002
c:\found.002\dir0000.chk\INDEX.BTR
c:\found.002\dir0000.chk\INDEX.MAP
c:\found.002\dir0000.chk\MAPPING.VER
c:\found.002\dir0000.chk\MAPPING1.MAP
c:\found.002\dir0000.chk\MAPPING2.MAP
c:\found.002\dir0000.chk\OBJECTS.DATA
c:\found.002\dir0000.chk\OBJECTS.MAP
C:\found.003
c:\found.003\file0000.chk
c:\windows\system32\emptyregdb.dat
c:\windows\system32\SET50.tmp
c:\windows\system32\SET52.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\SET58.tmp
c:\windows\system32\SET68.tmp
c:\windows\system32\SET6A.tmp
c:\windows\system32\SET6C.tmp
c:\windows\system32\SET70.tmp
c:\windows\system32\SET72.tmp
c:\windows\system32\SET78.tmp

c:\windows\system32\ntbackup.exe . . . je infikován!!

c:\windows\system32\rcp.exe . . . je infikován!!

c:\windows\system32\tracerpt.exe . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-23 do 2010-01-23 )))))))))))))))))))))))))))))))
.

2010-01-23 07:10 . 2008-04-13 22:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-01-21 19:23 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-21 19:10 . 2010-01-21 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-21 19:10 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-21 18:37 . 2010-01-21 18:37 -------- d-----w- c:\program files\TrendMicro
2010-01-21 18:25 . 2010-01-22 10:42 -------- d-----w- c:\program files\WinClamAVShield
2010-01-21 18:23 . 2010-01-21 18:23 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-21 18:14 . 2010-01-22 19:14 -------- d-----w- c:\program files\Spyware Terminator
2010-01-21 15:23 . 2010-01-21 19:04 -------- d-----w- c:\program files\HDD Regenerator
2010-01-21 15:02 . 2009-08-24 21:13 34304 ----a-w- c:\windows\system32\DfSdkBt64.exe
2010-01-21 15:02 . 2009-08-24 21:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2010-01-21 15:02 . 2010-01-21 15:02 -------- d-----w- c:\program files\Ashampoo
2010-01-21 12:41 . 2010-01-21 12:41 -------- d-----w- c:\program files\SCi Games
2010-01-21 11:07 . 2010-01-21 11:07 -------- d-----w- c:\program files\Lavalys
2010-01-21 10:58 . 2010-01-21 11:00 -------- d-----w- c:\windows\system32\NtmsData
2010-01-20 19:35 . 2010-01-20 19:51 -------- d-----w- c:\program files\Unlocker
2010-01-20 12:54 . 2010-01-20 12:54 -------- d-----w- c:\windows\system32\custom matrices
2010-01-20 12:54 . 2010-01-20 12:54 -------- d-----w- c:\windows\system32\QuickTime
2010-01-20 12:54 . 2010-01-20 12:54 -------- d-----w- c:\windows\system32\C2MP
2010-01-20 12:52 . 2009-10-29 07:43 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-20 12:52 . 2009-10-29 07:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-20 12:52 . 2009-10-29 07:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-20 12:52 . 2009-10-29 07:43 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-20 12:52 . 2009-10-29 07:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-20 12:52 . 2009-10-29 07:43 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-20 12:11 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2010-01-19 18:22 . 2010-01-19 18:22 -------- d-----w- c:\program files\Common Files\migrosoft shared
2010-01-19 14:47 . 2008-04-13 23:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-01-19 14:47 . 2008-04-13 23:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-01-19 14:46 . 2008-04-13 23:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-01-19 14:45 . 2008-04-13 23:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-01-19 14:45 . 2008-04-13 23:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-01-19 14:45 . 2008-04-13 23:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-01-19 14:43 . 2006-06-14 12:44 12288 ----a-r- c:\windows\system32\drivers\EIO_XP.sys
2010-01-19 14:40 . 2010-01-19 14:40 -------- d-----w- c:\program files\My Company Name
2010-01-19 14:39 . 2008-04-14 07:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-01-19 14:39 . 2010-01-19 18:01 -------- d-----w- c:\program files\ASUS
2010-01-19 14:39 . 2008-07-03 18:13 12416 ----a-w- c:\windows\system32\drivers\asusgsb.sys
2010-01-19 14:33 . 2008-06-24 14:08 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2010-01-19 14:32 . 2008-06-24 14:11 421888 ----a-r- c:\windows\system32\ATIDEMGX.dll
2010-01-19 14:32 . 2008-06-24 13:36 887724 ----a-r- c:\windows\system32\ativva6x.dat
2010-01-19 14:32 . 2008-06-24 13:36 3107788 ----a-r- c:\windows\system32\ativva5x.dat
2010-01-19 14:32 . 2008-06-10 09:50 174819 ----a-r- c:\windows\system32\atiicdxx.dat
2010-01-19 14:20 . 2009-11-25 02:44 13533184 ----a-w- c:\windows\system32\atioglxx.dll
2010-01-19 14:20 . 2009-11-25 02:26 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-01-19 14:20 . 2009-11-25 02:20 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-01-19 14:20 . 2009-11-25 02:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-01-19 14:20 . 2009-11-25 02:18 3612672 ----a-w- c:\windows\system32\aticaldd.dll
2010-01-19 14:20 . 2009-05-11 22:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-01-19 14:20 . 2010-01-19 14:26 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-19 14:20 . 2010-01-19 14:20 -------- d-----w- c:\program files\ATI
2010-01-19 14:18 . 2010-01-19 14:18 -------- dc----w- C:\ATI
2010-01-19 14:13 . 2010-01-19 14:13 -------- d-----w- c:\program files\Common Files\DirectX
2010-01-19 13:47 . 2010-01-23 06:53 -------- d-----w- c:\program files\ICQ6.5
2010-01-19 13:19 . 2008-04-14 07:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-01-19 13:19 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-19 13:19 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 12:41 . 2010-01-19 12:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 12:39 . 2010-01-19 11:50 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-21 12:39 . 2010-01-19 11:50 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-01-21 12:38 . 2010-01-19 11:50 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-01-21 11:06 . 2010-01-19 12:03 16512 ----a-w- c:\windows\gdrv.sys
2010-01-20 12:47 . 2001-10-25 12:00 46016 ----a-w- c:\windows\system32\perfc005.dat
2010-01-20 12:47 . 2001-10-25 12:00 309716 ----a-w- c:\windows\system32\perfh005.dat
2010-01-19 18:05 . 2010-01-19 12:09 -------- d-----w- c:\program files\ATI Technologies
2010-01-19 14:50 . 2010-01-19 14:50 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-01-19 12:11 . 2010-01-19 12:11 0 ----a-w- c:\windows\ativpsrm.bin
2010-01-19 12:09 . 2010-01-19 12:03 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-19 12:03 . 2010-01-19 12:03 -------- d-----w- c:\program files\Realtek
2010-01-19 12:03 . 2010-01-19 12:03 315392 ----a-w- c:\windows\HideWin.exe
2010-01-19 11:59 . 2010-01-19 11:59 -------- d-----w- c:\program files\Alwil Software
2010-01-19 11:51 . 2010-01-19 11:51 -------- d-----w- c:\program files\microsoft frontpage
2009-11-24 23:54 . 2010-01-19 11:59 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2010-01-19 11:59 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2010-01-19 11:59 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2010-01-19 11:59 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2010-01-19 11:59 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2010-01-19 11:59 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2010-01-19 11:59 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2010-01-19 11:59 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2010-01-19 11:59 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2008-04-14 06:51 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:43 . 2008-04-14 06:52 916480 ------w- c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\custom matrices ----

2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\andreas_78er.matrix.xcm
2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\andreas_doppelte_99er.matrix.xcm
2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\andreas_einfache_99er.matrix.xcm
2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\Bulletproof's Heavy Compression Matrix.xcm
2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\Bulletproof's High Quality Matrix.xcm
2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\CG-Animation Matrix.xcm
2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\hvs-best-picture.xcm
2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\hvs-better-picture.xcm
2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\hvs-good-picture.xcm
2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\Low Bitrate Matrix.xcm
2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\MPEG.xcm
2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\pvcd.xcm
2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\Soulhunters V3.xcm
2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\Soulhunters V5.xcm
2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\Standard.xcm
2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\Ultimate Matrix.xcm
2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\Ultra Low Bitrate Matrix.xcm
2005-08-23 07:41 . 2005-08-23 07:41 128 ----a-w- c:\windows\system32\custom matrices\Very Low Bitrate Matrix.xcm


------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2001-10-25 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-10-25 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 1B6162FE7F66B1A71A4B70F941C4AA9B . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2001-10-25 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-10-25 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\1d2803a1f84cfd41d61e509943d67213\sp3qfe\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\1d2803a1f84cfd41d61e509943d67213\sp3gdr\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-14 . 249276D3EF1E74B992299CB96099E4D7 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . 249276D3EF1E74B992299CB96099E4D7 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-14 . ED0A176354487CEED65B80A7148AB739 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . ED0A176354487CEED65B80A7148AB739 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 . 72E1E9E2977BE08BDEEDB6D8FD9D4D40 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . 72E1E9E2977BE08BDEEDB6D8FD9D4D40 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll

[-] 2008-04-14 . 19395D092FD85DDC2D9C7729CF5A2AC8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 19395D092FD85DDC2D9C7729CF5A2AC8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2009-02-09 . C0BD34A62508BA68F146E22CE45919F9 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . C0BD34A62508BA68F146E22CE45919F9 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3QFE\rpcss.dll
[-] 2009-02-09 . BE27674D1CBC3214AEC84B4336A38BBF . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3GDR\rpcss.dll
[-] 2009-02-09 . BE27674D1CBC3214AEC84B4336A38BBF . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . BE27674D1CBC3214AEC84B4336A38BBF . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 2B269C916766BDB43404F043B763427D . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2GDR\rpcss.dll
[-] 2009-02-09 . BEF7BB41E666EAA34BE7E99C2B107DB8 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2QFE\rpcss.dll
[-] 2008-04-14 . C868F3AE15CF71A93F2AA3A32856D839 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2009-02-09 . 9EF697AF07BB8DD82C3B02CA953A95B7 . 111104 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3GDR\services.exe
[-] 2009-02-09 . 9EF697AF07BB8DD82C3B02CA953A95B7 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . 9EF697AF07BB8DD82C3B02CA953A95B7 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . 3D107D45CCFDB266E91D84B52CD7F430 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . 3D107D45CCFDB266E91D84B52CD7F430 . 111104 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3QFE\services.exe
[-] 2009-02-09 . 4F9F7B567970B524F31D9970A23F7C24 . 111104 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2GDR\services.exe
[-] 2009-02-09 . 33081FED75032291EE0E008D5385E86F . 111104 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2QFE\services.exe
[-] 2008-04-14 . F0D2AE69035092BF22DAD6B50FAB85C2 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-14 . CB1090BCA0E7B40D0B5B4E4D66531809 . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2008-04-14 . CB1090BCA0E7B40D0B5B4E4D66531809 . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2008-04-14 . F3AB0933CBD166D271992F411C27CCAF . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . F3AB0933CBD166D271992F411C27CCAF . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2008-07-07 20:29 . A371F11EF07653591C8DE26AFB13CE7F . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\238cf948db525111b0a69f7144be46ee\sp3gdr\es.dll
[-] 2008-07-07 20:29 . A371F11EF07653591C8DE26AFB13CE7F . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:29 . A371F11EF07653591C8DE26AFB13CE7F . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:25 . BE68EA4457E2E5717231CF91BE5448E0 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:25 . BE68EA4457E2E5717231CF91BE5448E0 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\238cf948db525111b0a69f7144be46ee\sp3qfe\es.dll
[-] 2008-04-14 06:51 . 260C69FD67687B0DC062FC3D31655857 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2008-04-14 . 6C60CA8AC7470AC01CFD3D24C7283CD1 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . 6C60CA8AC7470AC01CFD3D24C7283CD1 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll

[-] 2009-03-21 . 545C653E8FE241CA6200798AA94FE5C7 . 988160 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\5aa53a77792c8cc6cbdb431d4bf47daa\sp3gdr\kernel32.dll
[-] 2009-03-21 . 545C653E8FE241CA6200798AA94FE5C7 . 988160 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 545C653E8FE241CA6200798AA94FE5C7 . 988160 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 0D8F61460F84139BBE5E391D8DE18D9A . 990208 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 0D8F61460F84139BBE5E391D8DE18D9A . 990208 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\5aa53a77792c8cc6cbdb431d4bf47daa\sp3qfe\kernel32.dll
[-] 2008-04-14 . FD91CD95A1C663DF54DD371CC8A234DE . 988160 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2008-04-14 . 7FDE9FC15765E02B23E1756930165AD1 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 7FDE9FC15765E02B23E1756930165AD1 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2008-04-14 . C66BA7BD13C8FB8BEC4863B88641C763 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . C66BA7BD13C8FB8BEC4863B88641C763 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll

[-] 2008-04-14 . D165DFCB4EA452510E53416F573018BB . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . D165DFCB4EA452510E53416F573018BB . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2008-06-20 . 1289B7611CCD6CB27596AE92CBF03E35 . 247296 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\1d2803a1f84cfd41d61e509943d67213\sp3gdr\mswsock.dll
[-] 2008-06-20 . 1289B7611CCD6CB27596AE92CBF03E35 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 1289B7611CCD6CB27596AE92CBF03E35 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . B6CEC406351EA5EF131416D5F52D006F . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . B6CEC406351EA5EF131416D5F52D006F . 247296 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\1d2803a1f84cfd41d61e509943d67213\sp3qfe\mswsock.dll
[-] 2008-04-14 . AAC97DAB5F8A0573CF10E0EAC42A7724 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-14 . C2ED0E3408F50BBC149D4F0936E67832 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . C2ED0E3408F50BBC149D4F0936E67832 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2009-08-04 . F61EB18DA0AA630E2F8A944ED6BD3BF9 . 2191360 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-04 . F61EB18DA0AA630E2F8A944ED6BD3BF9 . 2191360 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . F61EB18DA0AA630E2F8A944ED6BD3BF9 . 2191360 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . 3742270B8C90A97A0BDD25DED1201AA9 . 2147328 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . 3502DBBC657001D7A2A2768BD7DE1483 . 2191488 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 3502DBBC657001D7A2A2768BD7DE1483 . 2191488 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 90DFE2B714EDEF95891C979720E23B4F . 2188160 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP2QFE\ntoskrnl.exe
[-] 2009-08-04 . F46E90D50BA9D114D606C19D81ADB761 . 2182528 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP2GDR\ntoskrnl.exe
[-] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . DF530FCAD41349C92945DF52EBA9F3E4 . 2182656 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2GDR\ntoskrnl.exe
[-] 2009-02-09 . C424407DDD99223BF3248044CBBE91F6 . 2188288 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 . F48662F55CD8DDD4DBBBCB69DE197725 . 2191232 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3GDR\ntoskrnl.exe
[-] 2008-04-14 . 27C7A7AED8A477F6A0C7D3AD00AB9419 . 2147328 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe

[-] 2008-04-14 . 9FA69781CAA7A1DA981A24F240A61A60 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . 9FA69781CAA7A1DA981A24F240A61A60 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 . 830CE8951C71F361D7D2F38416CC8BC1 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . 830CE8951C71F361D7D2F38416CC8BC1 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll

[-] 2008-04-14 . 5EE949255BABC0B17C09DDB2E59E3878 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 5EE949255BABC0B17C09DDB2E59E3878 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-14 . BE4A520E29B6391F49E79CCC52044D93 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . BE4A520E29B6391F49E79CCC52044D93 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 . C2546CD7A398476F9DF5614B2AE160E8 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . C2546CD7A398476F9DF5614B2AE160E8 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[-] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

[-] 2008-04-14 . 951D473917C51F21496D914CF6E5DDD1 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . 951D473917C51F21496D914CF6E5DDD1 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 . 2EE99F67C930931EB404DADCE57E976E . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 . B927443008910B412BEC72FC41C1BAD0 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2008-04-14 . B927443008910B412BEC72FC41C1BAD0 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2008-04-14 . 8F31505484A190D5B22274708799F4EC . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . 8F31505484A190D5B22274708799F4EC . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-04-14 . 3FF232A7731621B8902D81D42418C93C . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . 3FF232A7731621B8902D81D42418C93C . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . A75DD6FC3DBEE4FFF5EBC9F2C28BB66E . 295936 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . A75DD6FC3DBEE4FFF5EBC9F2C28BB66E . 295936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-14 . 6B8E7A90E576D4FE308F97C69060A171 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-14 . 6B8E7A90E576D4FE308F97C69060A171 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2001-10-25 . AFDFF022A01F0B11C776F0860C3B282F . 11776 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 06:51 . 7C3351F60B759D5D917E68342AE3307C . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-04-14 06:51 . 7C3351F60B759D5D917E68342AE3307C . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-04-14 . 221CD1C815B8A6B79389C3F5D1018DE8 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . 221CD1C815B8A6B79389C3F5D1018DE8 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2008-04-14 06:51 . 6199B2AE3F9DB9CB6DB230471A1DC601 . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
[-] 2008-04-14 06:51 . 6199B2AE3F9DB9CB6DB230471A1DC601 . 52224 . . [9.0.1.56] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2009-08-04 . 97815C93200676C727CE951AE5C78137 . 2068352 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 97815C93200676C727CE951AE5C78137 . 2068352 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 182A95C233C9C254FEE7F047E6CA73D1 . 2068224 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 182A95C233C9C254FEE7F047E6CA73D1 . 2068224 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . 182A95C233C9C254FEE7F047E6CA73D1 . 2068224 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-08-04 . C50A3A3C9724135FFBD9CB31355F9341 . 2025984 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . 90E58FFA70A7951899BBF5551A9D246A . 2065152 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 809D2CA366FBA705B143D1EA84A3BC1A . 2059904 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP2GDR\ntkrnlpa.exe
[-] 2009-02-10 . D721665942F74CA7FF4162A0761CBB0A . 2068224 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3GDR\ntkrnlpa.exe
[-] 2009-02-09 . 73A13AA10E146A3E2B4AC6D007953A74 . 2059904 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2GDR\ntkrnlpa.exe
[-] 2009-02-09 . BB64DC108F8C4EE4D4B7998AA19E5FA7 . 2065152 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 . FF8A3F180A224AA27EBAB937CA027F4D . 2068352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-09 . FF8A3F180A224AA27EBAB937CA027F4D . 2068352 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . 9F12E026DC0B0C43F521114EFB3A3ACC . 2025984 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe

[-] 2008-04-14 06:51 . 023DD70573D644F3D9C8B1258A7BFD08 . 435712 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 06:51 . 023DD70573D644F3D9C8B1258A7BFD08 . 435712 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 . 651BD90DCEE5B7BDC74A2EB7C9266F9E . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . 651BD90DCEE5B7BDC74A2EB7C9266F9E . 186368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-23_07.15.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 06:51 . 2009-03-08 03:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2001-10-25 12:00 . 2001-10-25 12:00 12514 c:\windows\system32\dllcache\append.exe
+ 2010-01-19 12:40 . 2001-10-25 12:00 5632 c:\windows\system32\kbdbu.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-21 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"Ashampoo HDD Control Guard"="c:\program files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe" [2009-09-09 2874712]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-22 2166784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\feryking\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.1.2010 12:59 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [21.1.2010 19:23 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.1.2010 12:59 20560]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [21.1.2010 16:02 406016]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 09:50
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-01-23 09:51:02
ComboFix-quarantined-files.txt 2010-01-23 08:51
ComboFix2.txt 2010-01-23 07:17

Před spuštěním: Volných bajtů: 96 393 850 880
Po spuštění: Volných bajtů: 96 545 964 032

- - End Of File - - F2B9E3A9199DF9F1FCD8F44078392A63

[Reklama]

[Damned]

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

c:\windows\system32\ntbackup.exe
c:\windows\system32\rcp.exe
c:\windows\system32\tracerpt.exe
*****************************************************************************************************************************************
Start-spustit-napiš: notepad a dej OK. Do něho vlož tento celý (bledě zelený) text:

Kód: Vybrat vše

dir \ntbackup.exe /a h /s > File.txt

uložho na Plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.
*****************************************************************************************************************************************
Start-spustit-napiš: notepad a dej OK. Do něho vlož tento celý (bledě zelený) text:

Kód: Vybrat vše

dir \rcp.exe /a h /s > File1.txt

uložho na Plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.
*****************************************************************************************************************************************
Start-spustit-napiš: notepad a dej OK. Do něho vlož tento celý (bledě zelený) text:

Kód: Vybrat vše

dir \tracerpt.exe /a h /s > File2.txt

uložho na Plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.

[feryking]

Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je FC60-4B61.

Věpis adres ýe C:\WINDOWS\system32

14.04.2008 07:52 1˙204˙224 ntbackup.exe
1 soubor…, 1˙204˙224 bajt…

Věpis adres ýe C:\WINDOWS\system32\dllcache

14.04.2008 07:52 1˙204˙224 ntbackup.exe
1 soubor…, 1˙204˙224 bajt…
Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je FC60-4B61.

Věpis adres ýe C:\WINDOWS\system32

14.04.2008 07:52 22˙528 rcp.exe
1 soubor…, 22˙528 bajt…
Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je FC60-4B61.

Věpis adres ýe C:\WINDOWS\system32

14.04.2008 07:52 260˙096 tracerpt.exe
1 soubor…, 260˙096 bajt…

[feryking]

Soubor ntbackup.exe přijatý 2010.01.23 10:22:53 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 46 a 66 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov. Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.01.23 -
AhnLab-V3 5.0.0.2 2010.01.22 -
AntiVir 7.9.1.146 2010.01.22 -
Antiy-AVL 2.0.3.7 2010.01.22 -
Authentium 5.2.0.5 2010.01.23 -
Avast 4.8.1351.0 2010.01.22 -
AVG 9.0.0.730 2010.01.23 -
BitDefender 7.2 2010.01.23 -
CAT-QuickHeal 10.00 2010.01.22 -
ClamAV 0.94.1 2010.01.22 -
Comodo 3680 2010.01.23 -
DrWeb 5.0.1.12222 2010.01.23 -
eSafe 7.0.17.0 2010.01.21 -
eTrust-Vet 35.2.7255 2010.01.22 -
F-Prot 4.5.1.85 2010.01.22 -
F-Secure 9.0.15370.0 2010.01.23 -
Fortinet 4.0.14.0 2010.01.23 -
GData 19 2010.01.23 -
Ikarus T3.1.1.80.0 2010.01.23 -
Jiangmin 13.0.900 2010.01.23 -
K7AntiVirus 7.10.952 2010.01.22 -
Kaspersky 7.0.0.125 2010.01.23 -
McAfee 5869 2010.01.22 -
McAfee+Artemis 5869 2010.01.22 -
McAfee-GW-Edition 6.8.5 2010.01.23 -
Microsoft 1.5405 2010.01.23 -
NOD32 4798 2010.01.22 -
Norman 6.04.03 2010.01.23 -
nProtect 2009.1.8.0 2010.01.23 -
Panda 10.0.2.2 2010.01.22 -
PCTools 7.0.3.5 2010.01.23 -
Prevx 3.0 2010.01.23 -
Rising 22.31.04.04 2010.01.22 -
Sophos 4.50.0 2010.01.23 -
Sunbelt 3.2.1858.2 2010.01.23 -
Symantec 20091.2.0.41 2010.01.23 -
TheHacker 6.5.0.9.160 2010.01.23 -
TrendMicro 9.120.0.1004 2010.01.23 -
VBA32 3.12.12.1 2010.01.21 -
ViRobot 2010.1.22.2151 2010.01.22 -
VirusBuster 5.0.21.0 2010.01.22 -
Rozšiřující informace
File size: 1204224 bytes
MD5...: 80117eba46e1025a7b2b8017db6e58fe
SHA1..: e11025039673c0d86c17a6f08514e0515b935b2b
SHA256: e8d4c4679752c21c4da63552d60e67c013bc04288dbec14794b749bd08cb1b05
ssdeep: 24576:BmcP3/lBK27WgX6iD2C2/YpzgMmQtUw+JvXADNKbDo7ZOi2qSvnJf7Jrze
k:j973XtS56NxZJ2jv91rzd

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7760b
timedatestamp.....: 0x48025224 (Sun Apr 13 18:34:12 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xdae12 0xdb000 6.46 f7d1904016898d59daa3444a3446b159
.data 0xdc000 0x12c78 0x3c00 4.79 cc042726c26829c9566ddd6225dfc174
.rsrc 0xef000 0x46d7c 0x46e00 4.54 3717b26e8c98c9d3ff67af398357f701

( 23 imports )
> MFC42u.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> msvcrt.dll: realloc, malloc, free, wcsncpy, wcscmp, _wcsicmp, swscanf, wcsstr, _wcslwr, _ftol, wcschr, calloc, wcscat, _wcsupr, memmove, _CxxThrowException, wprintf, wcsncat, _snwprintf, wcspbrk, wcsncmp, _except_handler3, _local_unwind2, _wcsnicmp, _purecall, wcscpy, wcsrchr, wcslen, __CxxFrameHandler, swprintf, _wtoi, isalpha, localtime, _tzset, mktime, _putenv, _errno, fseek, _fdopen, _open_osfhandle, _wcsrev, _wcsdup, fflush, fread, _filelength, _getpid, _mbscpy, _mbslen, _wfopen, wcstok, _controlfp, _onexit, __dllonexit, _terminate@@YAXXZ, __1type_info@@UAE@XZ, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __wgetmainargs, _wcmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _vsnwprintf, isspace, fclose, ftell, time, clearerr, fwrite
> ADVAPI32.dll: RegOpenKeyExA, QueryServiceStatus, OpenServiceW, StartServiceW, GetUserNameW, RegisterEventSourceW, ReportEventW, GetSecurityDescriptorDacl, InitializeSecurityDescriptor, SetEntriesInAclW, SetSecurityDescriptorDacl, RegDeleteValueW, AddAccessAllowedAce, RegQueryValueExA, ReadEncryptedFileRaw, WriteEncryptedFileRaw, EnumDependentServicesW, ControlService, OpenEncryptedFileRawW, CloseEncryptedFileRaw, EncryptFileW, DecryptFileW, RegRestoreKeyW, RegLoadKeyW, RegFlushKey, RegUnLoadKeyW, RegReplaceKeyW, RegConnectRegistryW, InitializeAcl, GetAce, EqualSid, DeleteAce, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, CloseServiceHandle, OpenSCManagerW, RegOpenKeyW, AllocateAndInitializeSid, FreeSid, CheckTokenMembership, RegEnumKeyExW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, LookupAccountSidW, GetTokenInformation, OpenThreadToken, RegSaveKeyW, SetFileSecurityW
> KERNEL32.dll: GetCurrentProcess, GetTickCount, Sleep, GetComputerNameW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, WaitForSingleObject, TerminateThread, DeleteCriticalSection, GetVolumeInformationW, GetVolumeNameForVolumeMountPointW, GetFileAttributesW, LoadLibraryW, GetProcAddress, FreeLibrary, GetModuleFileNameW, ExpandEnvironmentStringsW, WritePrivateProfileStringW, GetPrivateProfileStringW, SetCurrentDirectoryW, GetLogicalDriveStringsW, GetDriveTypeW, GetDiskFreeSpaceExW, CreateThread, FindFirstFileW, FindClose, GetLocaleInfoW, SetLastError, GetLastError, DeleteFileW, CreateDirectoryW, CreateFileW, GetCurrentThread, GetDateFormatW, GetTimeFormatW, GetTapeParameters, ReleaseMutex, CreateMutexW, GetCurrentThreadId, GetVersionExW, GetSystemDirectoryW, ReleaseSemaphore, CreateSemaphoreW, LocalFree, VerifyVersionInfoW, VerSetConditionMask, FindNextFileW, FormatMessageW, CreateProcessW, GlobalFree, LockResource, LoadResource, FindResourceW, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoW, SetFileAttributesW, GetFileInformationByHandle, GetExitCodeThread, GetEnvironmentVariableW, WriteFile, ReadFile, DeviceIoControl, FlushFileBuffers, GetVolumePathNameW, GetUserDefaultLCID, MultiByteToWideChar, SetEvent, CreateEventW, HeapFree, HeapAlloc, GetProcessHeap, SetFilePointer, GetSystemTime, CloseHandle, GetWindowsDirectoryW, FileTimeToSystemTime, FileTimeToLocalFileTime, GetLocalTime, GetCurrentDirectoryA, GetCurrentDirectoryW, CompareStringW, GetNumberFormatW, SetErrorMode, SetEndOfFile, SetTapePosition, GetTapePosition, EraseTape, WriteTapemark, GetTapeStatus, SetTapeParameters, PrepareTape, FindVolumeMountPointClose, FindNextVolumeMountPointW, FindFirstVolumeMountPointW, ExitThread, MoveFileExW, SystemTimeToTzSpecificLocalTime, GetTimeZoneInformation, SystemTimeToFileTime, BackupRead, BackupWrite, CreateHardLinkW, BackupSeek, GetFileSize, LockFile, SetFileShortNameW, SetFileTime, LocalFileTimeToFileTime, GetCompressedFileSizeW, RemoveDirectoryW, WideCharToMultiByte, LoadLibraryA
> GDI32.dll: GetObjectW, Polygon, CombineRgn, CreateRectRgn, DeleteObject, GetTextExtentPoint32W, BitBlt, PatBlt, Rectangle, GetMapMode, SelectObject, CreateCompatibleDC, CreateCompatibleBitmap, CreateBitmap, CreateFontIndirectW
> USER32.dll: PeekMessageW, EnableWindow, SendMessageW, PostMessageW, GetCapture, SetActiveWindow, GetAsyncKeyState, GetDlgItem, AppendMenuW, wvsprintfW, LoadStringW, GetKeyState, GetWindowRect, ScreenToClient, EnableMenuItem, DeleteMenu, SetClassLongW, IsCharAlphaW, IsCharAlphaNumericW, GetCursorPos, WindowFromPoint, ChildWindowFromPoint, GetSysColor, LoadCursorW, KillTimer, IsWindowVisible, InvalidateRect, ReleaseDC, GetDC, GetClientRect, LoadBitmapW, DefWindowProcW, PostQuitMessage, CreateDialogParamW, ShowWindow, DestroyWindow, UnregisterClassW, MonitorFromWindow, GetMonitorInfoW, GetFocus, LoadMenuW, GetWindowThreadProcessId, SetWindowsHookExW, UnhookWindowsHookEx, CallNextHookEx, LoadImageW, GetMenu, RemoveMenu, GetSubMenu, CreateIconFromResource, LoadIconW, DrawFocusRect, InflateRect, CopyRect, GetActiveWindow, InvalidateRgn, MapDialogRect, SetWindowPos, ExitWindowsEx, SendDlgItemMessageW, SetParent, GetIconInfo, CreateIconIndirect, DestroyIcon, LockSetForegroundWindow, UpdateWindow, SetWindowLongW, ClientToScreen, SetCursor, MessageBoxW, BringWindowToTop, SystemParametersInfoW, FlashWindow, GetDesktopWindow, IsIconic, GetMenuItemID, SetTimer, IsWindow, GetWindowTextLengthW, SetWindowTextW, wsprintfW, GetNextDlgGroupItem, GetWindowTextW, GetWindow, GetWindowLongW, GetParent, GetSystemMetrics, GetMenuItemCount
> ntdll.dll: iswctype, _aulldvrm, towupper, NtSetQuotaInformationFile, NtQueryQuotaInformationFile, wcstoul, wcscspn, isdigit
> COMCTL32.dll: DestroyPropertySheetPage, CreatePropertySheetPageW, ImageList_AddMasked, ImageList_GetIcon, ImageList_GetImageCount, ImageList_ReplaceIcon, InitCommonControlsEx, PropertySheetW
> SHELL32.dll: SHGetSpecialFolderLocation, ExtractIconExW, SHGetDesktopFolder, SHGetPathFromIDListW, SHGetMalloc, SHGetFileInfoW, SHGetFolderPathW
> MPR.dll: WNetEnumResourceW, WNetOpenEnumW, WNetGetConnectionW, WNetAddConnection2W, WNetCancelConnection2W, WNetCloseEnum
> comdlg32.dll: GetOpenFileNameW, GetFileTitleW, GetSaveFileNameW
> NETAPI32.dll: NetServerEnum, NetApiBufferSize, NetShareEnum, NetShareGetInfo, NetWkstaGetInfo, NetApiBufferFree
> RPCRT4.dll: UuidToStringW, UuidFromStringW
> ole32.dll: CoInitializeEx, CoCreateGuid, CLSIDFromString, StringFromGUID2, CoCreateInstance, CoTaskMemFree, CoUninitialize, CoInitializeSecurity
> SETUPAPI.dll: SetupCloseInfFile, SetupFindNextLine, SetupFindFirstLineW, SetupOpenInfFileW, SetupGetLineTextW, SetupGetIntField, SetupGetStringFieldW
> USERENV.dll: GetProfilesDirectoryW
> NTMSAPI.dll: CloseNtmsNotification, WaitForNtmsNotification, OpenNtmsNotification, MoveToNtmsMediaPool, CloseNtmsSession, DeleteNtmsMedia, DeallocateNtmsMedia, AllocateNtmsMedia, GetNtmsObjectSecurity, DismountNtmsMedia, SetNtmsObjectSecurity, UpdateNtmsOmidInfo, ImportNtmsDatabase, InjectNtmsMedia, AccessNtmsLibraryDoor, EjectNtmsMedia, GetNtmsObjectInformationW, SetNtmsObjectInformationW, GetNtmsObjectAttributeW, SetNtmsObjectAttributeW, EnumerateNtmsObject, CreateNtmsMediaPoolW, DeleteNtmsMediaPool, EndNtmsDeviceChangeDetection, SetNtmsDeviceChangeDetection, OpenNtmsSessionW, IdentifyNtmsSlot, SetNtmsUIOptionsW, BeginNtmsDeviceChangeDetection, MountNtmsMedia
> CLUSAPI.dll: RestoreClusterDatabase, GetNodeClusterState
> query.dll: SetCatalogState
> sfc_os.dll: SfcGetNextProtectedFile
> SYSSETUP.dll: AsrRestorePlugPlayRegistryData, AsrAddSifEntryW, AsrFreeContext, AsrCreateStateFileW
> OLEAUT32.dll: -
> VSSAPI.DLL: -, -, _CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z, -

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Microsoft_ Windows_ Operating System
description..: Z_lohov_n_
original name: NTBackup.Exe
internal name: NTBackup.Exe
file version.: 5.1.2600.5512 (xpsp.080413-2111)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Soubor rcp.exe přijatý 2010.01.23 10:25:55 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 3.
Odhadovaný čas začátku mezi 70 a 100 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov. Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.01.23 -
AhnLab-V3 5.0.0.2 2010.01.22 -
AntiVir 7.9.1.146 2010.01.22 -
Antiy-AVL 2.0.3.7 2010.01.22 -
Authentium 5.2.0.5 2010.01.23 -
Avast 4.8.1351.0 2010.01.22 -
AVG 9.0.0.730 2010.01.23 -
BitDefender 7.2 2010.01.23 -
CAT-QuickHeal 10.00 2010.01.22 -
ClamAV 0.94.1 2010.01.22 -
Comodo 3680 2010.01.23 -
DrWeb 5.0.1.12222 2010.01.23 -
eSafe 7.0.17.0 2010.01.21 -
eTrust-Vet 35.2.7255 2010.01.22 -
F-Prot 4.5.1.85 2010.01.22 -
F-Secure 9.0.15370.0 2010.01.23 -
Fortinet 4.0.14.0 2010.01.23 -
GData 19 2010.01.23 -
Ikarus T3.1.1.80.0 2010.01.23 -
Jiangmin 13.0.900 2010.01.23 -
K7AntiVirus 7.10.952 2010.01.22 -
Kaspersky 7.0.0.125 2010.01.23 -
McAfee 5869 2010.01.22 -
McAfee+Artemis 5869 2010.01.22 -
McAfee-GW-Edition 6.8.5 2010.01.23 -
Microsoft 1.5405 2010.01.23 -
NOD32 4798 2010.01.22 -
Norman 6.04.03 2010.01.23 -
nProtect 2009.1.8.0 2010.01.23 -
Panda 10.0.2.2 2010.01.22 -
PCTools 7.0.3.5 2010.01.23 -
Prevx 3.0 2010.01.23 -
Rising 22.31.04.04 2010.01.22 -
Sophos 4.50.0 2010.01.23 -
Sunbelt 3.2.1858.2 2010.01.23 -
Symantec 20091.2.0.41 2010.01.23 -
TheHacker 6.5.0.9.160 2010.01.23 -
TrendMicro 9.120.0.1004 2010.01.23 -
VBA32 3.12.12.1 2010.01.21 -
ViRobot 2010.1.22.2151 2010.01.22 -
VirusBuster 5.0.21.0 2010.01.22 -
Rozšiřující informace
File size: 22528 bytes
MD5...: 7d89b35a850cd9a89a64212291feb41a
SHA1..: 441465a8740533d33a98b598ab2ff10a02d1d729
SHA256: 263f62a56ffdd0ebcc3d8f9261bdb1aa87360aea3761c44cb7384e602acd7061
ssdeep: 384:4nk9y3b2v8G6aiNBo6irP0F8QFBxP7Th/+2xqOG33ZoWJp:4pA8G2gpQxh/x
qOG3Jbp

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2b5f
timedatestamp.....: 0x48025817 (Sun Apr 13 18:59:35 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x24cc 0x2600 6.16 bc0f3717761d5a092cf2eee1086c0d21
.data 0x4000 0x594 0x200 1.70 faab6ee70e3e89e1b747a1e1bffe046d
.rsrc 0x5000 0x2ad4 0x2c00 3.74 6423da97d4bb846fc171028b36cd58b5

( 6 imports )
> msvcrt.dll: _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, _chmod, strncpy, strncat, system, strrchr, _stat, _open, _errno, _sys_errlist, _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _fstat, _close, _snprintf, _mkdir, exit, _write, _read, _adjust_fdiv, strchr, __setusermatherr, _lseek
> KERNEL32.dll: Sleep, LocalFree, GetLastError, GetFileAttributesA, FindClose, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, FindFirstFileA, FindNextFileA, FormatMessageA
> USER32.dll: CharToOemBuffA, IsCharAlphaNumericA
> WS2_32.dll: -, -, -, -, -
> MSWSOCK.dll: s_perror, rcmd
> ADVAPI32.dll: GetUserNameA

( 0 exports )

RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Opera_n_ syst_m Microsoft_ Windows_
description..: TCP/IP Remote Copy Command
original name: rcp.exe
internal name: rcp.exe
file version.: 5.1.2600.5512 (xpsp.080413-0852)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Soubor tracerpt.exe přijatý 2010.01.23 10:27:36 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 46 a 66 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov. Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.01.23 -
AhnLab-V3 5.0.0.2 2010.01.22 -
AntiVir 7.9.1.146 2010.01.22 -
Antiy-AVL 2.0.3.7 2010.01.22 -
Authentium 5.2.0.5 2010.01.23 -
Avast 4.8.1351.0 2010.01.22 -
AVG 9.0.0.730 2010.01.23 -
BitDefender 7.2 2010.01.23 -
CAT-QuickHeal 10.00 2010.01.22 -
ClamAV 0.94.1 2010.01.22 -
Comodo 3680 2010.01.23 -
DrWeb 5.0.1.12222 2010.01.23 -
eSafe 7.0.17.0 2010.01.21 -
eTrust-Vet 35.2.7255 2010.01.22 -
F-Prot 4.5.1.85 2010.01.22 -
F-Secure 9.0.15370.0 2010.01.23 -
Fortinet 4.0.14.0 2010.01.23 -
GData 19 2010.01.23 -
Ikarus T3.1.1.80.0 2010.01.23 -
Jiangmin 13.0.900 2010.01.23 -
K7AntiVirus 7.10.952 2010.01.22 -
Kaspersky 7.0.0.125 2010.01.23 -
McAfee 5869 2010.01.22 -
McAfee+Artemis 5869 2010.01.22 -
McAfee-GW-Edition 6.8.5 2010.01.23 -
Microsoft 1.5405 2010.01.23 -
NOD32 4798 2010.01.22 -
Norman 6.04.03 2010.01.23 -
nProtect 2009.1.8.0 2010.01.23 -
Panda 10.0.2.2 2010.01.22 -
PCTools 7.0.3.5 2010.01.23 -
Prevx 3.0 2010.01.23 -
Rising 22.31.04.04 2010.01.22 -
Sophos 4.50.0 2010.01.23 -
Sunbelt 3.2.1858.2 2010.01.23 -
Symantec 20091.2.0.41 2010.01.23 -
TheHacker 6.5.0.9.160 2010.01.23 -
TrendMicro 9.120.0.1004 2010.01.23 -
VBA32 3.12.12.1 2010.01.21 -
ViRobot 2010.1.22.2151 2010.01.22 -
VirusBuster 5.0.21.0 2010.01.22 -
Rozšiřující informace
File size: 260096 bytes
MD5...: 738decf2c88ef77526224dc9629d5dab
SHA1..: b2f86ab3e4e63ef5af34134c813ef31b9482ae20
SHA256: f233d13ee67c2a0aa31fa5615c01b9f49210f4fbbb604877db62a92d803010f0
ssdeep: 3072:Wz43rj6PV9nv0FNChQr1ChQTkVQpntW3eGRPRzDGFx1ziVyMIJp8FwJECoF
jtxe9:b3rj6LeNCqChOIuGRtmuwJECoFjLe9

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xafe6
timedatestamp.....: 0x48025485 (Sun Apr 13 18:44:21 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x232fe 0x23400 6.59 031b41d9e74b46f436f413d8cba32667
.data 0x25000 0x3520 0x1200 3.23 e8795604d82a24fd5b0a412470d43244
.rsrc 0x29000 0x1ac9c 0x1ae00 5.24 7f6e80c2f15561818bdab69d2e5693b5

( 8 imports )
> ADVAPI32.dll: RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegisterTraceGuidsW, StartTraceW, TraceEvent, LookupAccountSidA, LookupAccountSidW, OpenTraceW, ProcessTrace, CloseTrace, StopTraceW
> KERNEL32.dll: FindClose, FindNextFileW, FindFirstFileW, SetThreadLocale, GetSystemDefaultLCID, GetConsoleOutputCP, GetThreadLocale, GetUserDefaultUILanguage, LocalFree, WriteFile, WriteConsoleW, GetFileType, FormatMessageW, GetModuleHandleW, GetModuleFileNameW, ReadConsoleW, MultiByteToWideChar, ReadFile, SetConsoleMode, GetConsoleMode, CloseHandle, CreateFileW, SystemTimeToFileTime, FreeLibrary, LoadLibraryW, DeleteFileW, LockResource, LoadResource, FindResourceW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetVersionExA, ExitProcess, GetLastError, GetModuleHandleA, GetACP, GetOEMCP, GetCPInfo, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, SetHandleCount, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, WideCharToMultiByte, VirtualProtect, GetSystemInfo, VirtualQuery, LCMapStringA, LCMapStringW, RtlUnwind, InterlockedExchange, GetStringTypeA, GetStringTypeW, LoadLibraryA, VirtualAlloc, HeapReAlloc, SetFilePointer, GetLocaleInfoA, RaiseException, SetStdHandle, FlushFileBuffers, SetEndOfFile, Sleep, lstrlenA, FileTimeToLocalFileTime, FileTimeToSystemTime, SetLastError, ExpandEnvironmentStringsW, GetStringTypeExW, GetLocaleInfoW, SetConsoleTextAttribute, GetStdHandle, GetConsoleScreenBufferInfo, GetProcessHeap, HeapAlloc, HeapFree, GetProcAddress, SetEvent, lstrlenW, GetLocalTime
> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
> USER32.dll: LoadStringW, CharToOemW, wsprintfW
> RPCRT4.dll: UuidCreate
> ole32.dll: CoCreateInstance, CoInitialize, CoSetProxyBlanket
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -
> ntdll.dll: RtlLeaveCriticalSection, RtlDeleteCriticalSection, RtlInitializeCriticalSection, RtlFreeUnicodeString, RtlStringFromGUID, RtlEnterCriticalSection, RtlAnsiCharToUnicodeChar

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Opera_n_ syst_m Microsoft_ Windows_
description..: N_stroj Hl__en_ ud_lost_
original name: TraceRpt.Exe
internal name: TraceRpt.Exe
file version.: 5.1.2600.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

[Damned]

Pro příště: Adresní řádek je například toto:

Spusť ještě jednou ComboFix a vlož mi sem z něho log.

[feryking]

ComboFix 10-01-23.03 - feryking 24.01.2010 8:13.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1623 [GMT 1:00]
Spuštěný z: c:\documents and settings\feryking\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100123-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\beep.sys . . . je infikován!!

c:\windows\system32\msgsvc.dll . . . je infikován!!

c:\windows\system32\drivers\asyncmac.sys . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-24 do 2010-01-24 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-21 3037696]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-01-12 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"Ashampoo HDD Control Guard"="c:\program files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe" [2009-09-09 2874712]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-23 2166784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\feryking\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.1.2010 12:59 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [21.1.2010 19:23 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.1.2010 12:59 20560]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [21.1.2010 16:02 406016]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 08:16
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2732)
c:\windows\system32\webcheck.dll
.
Celkový čas:

Před spuštěním: Volných bajtů: 96 488 861 696
Po spuštění: Volných bajtů: 96 897 712 128

[Damned]

Odinstaluj si ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si :Dr. Web CureIt nebo z http://www.majorgeeks.com/Dr.Web_CureIT_d4783.html dej update , po aktualizaci dej start.

Tlačítky dole můzeš soubor léčit, smazat, přesunout nebo přejmenovat.Pak napiš výsledek. Sken může trvat dlouho. Nalezenou infekci nejdříve léčit, potom teprve smazat. Pokud něco najde ve složce System Volume Information, tak smazat.

[feryking]

Ten programek Dr my nejde stahnout uz to stahuju asi po patnacty a vzdycky kdyz to spustim a extrahuje to tak to haze chybu

[Damned]

Spusť tedy F-Secure Online Scanner

Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci.
Akceptuj licenci.
Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken .
Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended).
Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .

[feryking]

Tak se mi podarilo spustit ten Dr web a naslo to 1 trojana v system volume. Tak jsem dal smazat.

[Damned]

Zkusíme to vyčistit. Protože buď tam něco je a nebo tam nic není.

Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check.
Na All nastav také:
-Procesess
-Services
-Drivers
-Extra Registry

Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

[feryking]

OTL Extras logfile created on: 24.1.2010 11:42:17 - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\feryking\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 91,95 Gb Free Space | 94,16% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 198,17 Gb Free Space | 98,87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FERYKING-7DE820
Current User Name: feryking
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"25151:TCP" = 25151:TCP:*:Enabled:Utorrent
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\ICQ7.0\ICQ.exe" = C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, Inc.)
"C:\Program Files\ICQ7.0\aolload.exe" = C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Documents and Settings\feryking\Data aplikací\uTorrent\utorrent.exe" = C:\Documents and Settings\feryking\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator -- File not found
"C:\Program Files\ICQ7.0\ICQ.exe" = C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, Inc.)
"C:\Program Files\ICQ7.0\aolload.exe" = C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{307EB4FE-0D78-5E8D-CCCA-96CD18751694}" = Catalyst Control Center InstallProxy
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"µTorrent CZ_is1" = µTorrent CZ 1.8.5 (build 17414)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"Ashampoo HDD Control_is1" = Ashampoo HDD Control 1.10
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.1.0
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"WinRAR archiver" = WinRAR
"xvid" = XviD MPEG-4 Video Codec

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 23.1.2010 10:21:02 | Computer Name = FERYKING-7DE820 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avworkInitialize
failed, 0000A438.

Error - 23.1.2010 10:21:02 | Computer Name = FERYKING-7DE820 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: unhandled exception!,
642AAEC8.

Error - 23.1.2010 10:21:02 | Computer Name = FERYKING-7DE820 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Documents and Settings\feryking\Local Settings\Temporary Internet Files\Content.IE5\N0R4W8RI\0[2].jpg
failed, 0000A413.

Error - 23.1.2010 10:21:02 | Computer Name = FERYKING-7DE820 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Documents and Settings\feryking\Local Settings\Temporary Internet Files\Content.IE5\N0R4W8RI\0[2].jpg
failed, 0000A413.

Error - 23.1.2010 10:21:02 | Computer Name = FERYKING-7DE820 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx failed, 0000A413.

Error - 23.1.2010 10:21:10 | Computer Name = FERYKING-7DE820 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: Aavm: FetchGlobalCounters cannot open
mapping - server DOWN???, 00000002.

Error - 23.1.2010 11:43:20 | Computer Name = FERYKING-7DE820 | Source = avast! | ID = 33554522
Description = AAVM - chyba při startu: AavmStart: avworkInitialize failed, 0000A438.


Error - 23.1.2010 11:55:45 | Computer Name = FERYKING-7DE820 | Source = avast! | ID = 33554522
Description = AAVM - chyba při startu: AavmStart: avworkInitialize failed, 0000A438.


Error - 23.1.2010 12:08:27 | Computer Name = FERYKING-7DE820 | Source = avast! | ID = 33554522
Description = AAVM - chyba při startu: AavmStart: avworkInitialize failed, 0000A438.


Error - 23.1.2010 12:39:37 | Computer Name = FERYKING-7DE820 | Source = avast! | ID = 33554522
Description = AAVM - chyba při startu: AavmStart: avworkInitialize failed, 0000A438.


[ Application Events ]
Error - 21.1.2010 8:22:04 | Computer Name = FERYKING-7DE820 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace SETUP.EXE, verze 7.1.100.1248, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 21.1.2010 8:39:17 | Computer Name = FERYKING-7DE820 | Source = ESENT | ID = 474
Description = HelpSvc.exe (2064) Ověření načtení stránky databáze ze souboru C:\WINDOWS\PCHealth\HelpCtr\Database\HCdata.edb
na posunu 11354112 (0x0000000000ad4000) o velikosti 4096 (0x00001000) bajtů se
nezdařilo. Došlo k neshodě kontrolního součtu stránky. Byl očekáván kontrolní součet
3959009171 (0xebf9af93), ale skutečný kontrolní součet byl 3959009175 (0xebf9af97).
Operace čtení se nezdaří a dojde k chybě -1018 (0xfffffc06). Pokud potíže potrvají,
obnovte databázi ze záložní kopie.

Error - 21.1.2010 10:17:51 | Computer Name = FERYKING-7DE820 | Source = Application Error | ID = 1000
Description = Chybující aplikace everest.exe, verze 5.30.1900.0, chybující modul
kernel32.dll, verze 5.1.2600.5781, adresa chyby 0x00012afb.

Error - 21.1.2010 12:30:24 | Computer Name = FERYKING-7DE820 | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 8.0.6001.18702, chybující modul
jscript.dll, verze 5.8.6001.22886, adresa chyby 0x0001ec27.

Error - 21.1.2010 12:31:58 | Computer Name = FERYKING-7DE820 | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 8.0.6001.18702, chybující modul
jscript.dll, verze 5.8.6001.22886, adresa chyby 0x0001ec27.

Error - 21.1.2010 15:04:26 | Computer Name = FERYKING-7DE820 | Source = Application Error | ID = 1000
Description = Chybující aplikace rundll32.exe, verze 5.1.2600.5512, chybující modul
wuapi.dll, verze 7.4.7600.226, adresa chyby 0x0002e067.

Error - 21.1.2010 19:58:29 | Computer Name = FERYKING-7DE820 | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 8.0.6001.18702, chybující modul
flash10d.ocx, verze 10.0.42.34, adresa chyby 0x000b0d90.

Error - 22.1.2010 12:56:37 | Computer Name = FERYKING-7DE820 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace ICQ.exe, verze 6.5.0.2024, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 22.1.2010 12:57:47 | Computer Name = FERYKING-7DE820 | Source = EventSystem | ID = 4609
Description = Systém událostí modelu COM+ zjistil při vnitřním zpracovávání chybný
návratový kód. Hodnota HRESULT byla 80070005 z řádku 44 v d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.Obraťte
se na služby odborné pomoci společnosti Microsoft a informujte je o této chyb

Error - 22.1.2010 13:12:38 | Computer Name = FERYKING-7DE820 | Source = Application Error | ID = 1000
Description = Chybující aplikace svchost.exe, verze 5.1.2600.5512, chybující modul
repdrvfs.dll, verze 5.1.2600.5512, adresa chyby 0x0001bf8f.

[ System Events ]
Error - 21.1.2010 1:54:53 | Computer Name = FERYKING-7DE820 | Source = Service Control Manager | ID = 7022
Description = Služba avast! Antivirus přestala během spouštění reagovat.

Error - 21.1.2010 6:52:09 | Computer Name = FERYKING-7DE820 | Source = Service Control Manager | ID = 7022
Description = Služba avast! Antivirus přestala během spouštění reagovat.

Error - 21.1.2010 7:15:34 | Computer Name = FERYKING-7DE820 | Source = Ntfs | ID = 262199
Description = Struktura systému souborů disku je poškozena a je nepoužitelná. Je
nutné na svazek C: spustit nástroj chkdsk.

Error - 21.1.2010 8:11:32 | Computer Name = FERYKING-7DE820 | Source = Ntfs | ID = 262199
Description = Struktura systému souborů disku je poškozena a je nepoužitelná. Je
nutné na svazek C: spustit nástroj chkdsk.

Error - 21.1.2010 8:40:01 | Computer Name = FERYKING-7DE820 | Source = Ntfs | ID = 262199
Description = Struktura systému souborů disku je poškozena a je nepoužitelná. Je
nutné na svazek C: spustit nástroj chkdsk.

Error - 21.1.2010 10:46:34 | Computer Name = FERYKING-7DE820 | Source = Service Control Manager | ID = 7034
Description = Služba avast! Web Scanner byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 21.1.2010 10:53:55 | Computer Name = FERYKING-7DE820 | Source = Ntfs | ID = 262199
Description = Struktura systému souborů disku je poškozena a je nepoužitelná. Je
nutné na svazek C: spustit nástroj chkdsk.

Error - 21.1.2010 12:32:02 | Computer Name = FERYKING-7DE820 | Source = i8042prt | ID = 327703
Description = Nelze nastavit rozlišení myši.

Error - 21.1.2010 12:32:32 | Computer Name = FERYKING-7DE820 | Source = Ntfs | ID = 262199
Description = Struktura systému souborů disku je poškozena a je nepoužitelná. Je
nutné na svazek C: spustit nástroj chkdsk.

Error - 21.1.2010 15:07:16 | Computer Name = FERYKING-7DE820 | Source = Ntfs | ID = 262199
Description = Struktura systému souborů disku je poškozena a je nepoužitelná. Je
nutné na svazek C: spustit nástroj chkdsk.


< End of report >