Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Zpráva

MaVolt · #16 Příspěvek od **MaVolt** » 14 zář 2011 15:20

A já ho dám sem.

Mimochodem - super článek, hned budu taky číst...
---------- REPORT------------------
Scan Statistics:
Scan Time: 8 506 seconds
Scan Targets: Entire computer
Counts:
Total items scanned: 869 369
- Files & Directories: 858 908
- Registry Entries: 417
- Processes & Start-up Items: 3 108
- Network & Browser Items: 6 930
- Other: 5
- Trusted Files: 1 798
- Skipped Files: 0

Total security risks detected: 34
Total items resolved: 28
Total items that require attention: 6

Resolved Threats:
3 Tracking Cookies
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
Categories: Tracking Cookies
Status: Fully Resolved
-----------
3 Tracking Cookies
.hit.gemius.pl - Deleted
- Deleted
- Deleted

Suspicious.Cloud.2
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
c:\documents and settings\marek\local settings\data aplikací\xenocode\sandbox\trueboxshot\1.9\2010.02.22t04.15\virtual\modified\@programfiles@\true boxshot\trueboxshot.exe - Deleted
1 Browser Cache

Suspicious.Cloud.2
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
c:\program files\activision\call of duty 4 - modern warfare\brew-cod4.exe - Deleted
1 Browser Cache

Trojan.ADH
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
c:\program files\dvdvideosoft\free audio cd burner\icon1045.exe - Deleted
1 Browser Cache

Trojan.Gen
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
c:\program files\plasq\comic life\cl13671_crk.exe - Deleted
1 Browser Cache

WS.Viral.1
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
[cr_acds70.exe] inside of [d:\install\po_instalaci_pc\acdsee.v7.0\powerpacky\acd systems acdsee v7.0.43 powerpack winall keymaker only fixed-core\cr-x0298.zip] - Deleted

WS.Viral.1
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
d:\install\po_instalaci_pc\acdsee.v7.0\powerpacky\acd systems acdsee v7.0.43 powerpack winall keymaker only fixed-core\cr_acds70.exe - Deleted
1 Browser Cache

Trojan Horse
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
[cr-bs136.exe] inside of [d:\install\po_instalaci_pc\bsplayer\bsplayer.pro.v1.36.825.multilingual.winall.incl.keymaker-core\cr-bs136.zip] - Deleted

Trojan.Gen
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
d:\install\po_instalaci_pc\ahead nero 9.0.9.4b\nero 9.0.9.4b patchfix\nero9patch.exe - Deleted
1 Browser Cache

Trojan Horse
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
d:\install\po_instalaci_pc\bsplayer\bsplayer.pro.v1.36.825.multilingual.winall.incl.keymaker-core\cr-bs136-keygen.exe - Deleted
1 Browser Cache

AsteriskLogger
Type: Compressed
Risk: Medium (Medium Stealth, Medium Removal, Medium Performance, Medium Privacy)
Categories: Security Risk
Status: Fully Resolved
-----------
1 File
[astlog.exe] inside of [d:\install\programy\odkryvac hvezdicek\astlog.zip] - Deleted

AsteriskLogger
Type: Anomaly
Risk: Medium (Medium Stealth, Medium Removal, Medium Performance, Medium Privacy)
Categories: Security Risk
Status: Fully Resolved
-----------
1 File
d:\install\programy\odkryvac hvezdicek\astlog.exe - Deleted
1 Browser Cache

Trojan.Gen.2
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
d:\install\programy\_nove_zaradit\conxtdvd 4.1.7.343\keygen.exe - Deleted
1 Browser Cache

Suspicious.Cloud.2
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
d:\install\programy\_nove_zaradit\multi password recovery v1.1.8 portable\hooklib.dll - Deleted
1 Browser Cache

Suspicious.Cloud.2
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
d:\install\programy\_nove_zaradit\multi password recovery v1.1.8 portable\updatechecker.exe - Deleted
1 Browser Cache

Infostealer.Gampass
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Restart Required
-----------
51 Registry Entries
HKEY_USERS\S-1-5-21-507921405-616249376-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->Hidden:1 - Restart Required
HKEY_USERS\S-1-5-21-507921405-616249376-839522115-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->Hidden:1 - Restart Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->Hidden:1 - Restart Required
HKEY_USERS\S-1-5-21-507921405-616249376-839522115-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->ShowSuperHidden:1 - Restart Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->ShowSuperHidden:1 - Restart Required
HKEY_USERS\S-1-5-21-507921405-616249376-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\->NoDriveTypeAutoRun:149 - Restart Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\->NoDriveTypeAutoRun:149 - Restart Required
HKEY_USERS\S-1-5-21-507921405-616249376-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\->NoDriveTypeAutoRun:149 - Restart Required
HKEY_USERS\S-1-5-21-507921405-616249376-839522115-1009\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\->NoDriveTypeAutoRun:149 - Restart Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\->NoDriveTypeAutoRun:149 - Restart Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\->NoDriveTypeAutoRun:149 - Restart Required
HKEY_CLASSES_ROOT\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765} - Restart Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks->{1DBD6574-D6D0-4782-94C3-69619E719765} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{16AF66EB-93C8-49F9-BB09-B4F87CEDCE46} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{29EA67E0-9EE5-4D1A-A056-5B7BDAC4CF97} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{58FF3024-8A83-4B1A-88E9-302F47646EEE} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{5934EA2B-B2C4-4BE7-BF7A-FBA781A12E40} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{93DEE065-EC9B-4505-ADD3-19880AD3C38F} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{950D1600-DE4A-448D-93B4-7BAE5A7A8052} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{AD794E6B-90B7-4F9D-8FD6-0C16E3298FF2} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{DA63E650-537C-4042-87BB-9D19D844680B} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{E1D19FCC-4777-4D71-B863-6A0A5B4E59BC} - Restart Required
HKEY_USERS\S-1-5-21-507921405-616249376-839522115-1003\avs - Restart Required
HKEY_USERS\S-1-5-19\avs - Restart Required
HKEY_USERS\S-1-5-21-507921405-616249376-839522115-1007\avs - Restart Required
HKEY_USERS\S-1-5-21-507921405-616249376-839522115-1009\avs - Restart Required
HKEY_USERS\S-1-5-20\avs - Restart Required
HKEY_USERS\.DEFAULT\avs - Restart Required
HKEY_CLASSES_ROOT\CLSID\{021F087F-4378-545F-74FA-37D345AD7A8C} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{B29583D8-033A-4B9F-8553-7C5458F3FB8E} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC} - Restart Required
HKEY_CLASSES_ROOT\CLSID\{F99DEFDD-200B-4410-B572-E90883D527D2} - Restart Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks->{29EA67E0-9EE5-4D1A-A056-5B7BDAC4CF97} - Restart Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks->{DA63E650-537C-4042-87BB-9D19D844680B} - Restart Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks->{58FF3024-8A83-4B1A-88E9-302F47646EEE} - Restart Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks->{950D1600-DE4A-448D-93B4-7BAE5A7A8052} - Restart Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks->{93DEE065-EC9B-4505-ADD3-19880AD3C38F} - Restart Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\->CheckedValue:1 - Restart Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->Hidden:1 - Restart Required
HKEY_USERS\S-1-5-21-507921405-616249376-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->Hidden:1 - Restart Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->Hidden:1 - Restart Required
HKEY_USERS\S-1-5-21-507921405-616249376-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->ShowSuperHidden:1 - Restart Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->ShowSuperHidden:1 - Restart Required
HKEY_USERS\S-1-5-21-507921405-616249376-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->ShowSuperHidden:1 - Restart Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->ShowSuperHidden:1 - Restart Required
1 File
d:\install\programy\_nove_zaradit\naevius.youtube.converter.2.2\keygen.exe - Deleted
1 Browser Cache

Trojan.ADH.2
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
d:\install\programy\_nove_zaradit\esetlicence finder (minodlogin)3981\aln3981.exe - Deleted
1 Browser Cache

WS.Malware.2
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
2 Files
d:\install\programy\_nove_zaradit\fast mp3 cutter joiner 2.5.1128\patch\patch.exe - Deleted
d:\install\programy\audio-video - dvd-divx-mp3\winmpg - video convertor\fff-wm56.exe - Deleted
1 Browser Cache

Suspicious.Cloud.2
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
d:\install\programy\__portable\coreldraw graphics suite x5 sp2 v15.2.0.661\corel capture x5.exe - Deleted
1 Browser Cache

Suspicious.Cloud.2
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
d:\install\programy\__portable\winavi all-in-one converter v1.1.0.3916\winavi all in one converter.exe - Deleted
1 Browser Cache

WS.Malware.2
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
[keygen.exe] inside of [d:\install\programy\audio-video - dvd-divx-mp3\joining and splitting tools\avi-mpeg-rm-wmv_joiner_crack.zip] - Deleted

WS.Malware.2
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
[platorip.exe] inside of [d:\install\programy\audio-video - dvd-divx-mp3\plato.dvd.ripper.2.32.cracked-icu.zip] - Deleted

WS.Malware.2
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
[fff-wm56.exe] inside of [d:\install\programy\audio-video - dvd-divx-mp3\winmpg - video convertor\winmpg_videoconvert_crack.zip] - Deleted

Suspicious.Cloud.7.F
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
[keygen.exe] inside of [d:\osobni - marek\vjeci\games_vjeci\doom3\doom3 - keygen+crack.zip] - Deleted

Suspicious.Cloud.7.L
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
[pztrain.exe] inside of [d:\osobni - marek\vjeci\games_vjeci\doom3\doom3 - trainer09.zip] - Deleted

Suspicious.Cloud.2
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
d:\osobni - marek\vjeci\games_vjeci\call of duty 4 - modern warfare\trainer\brew-cod4.exe - Deleted
1 Browser Cache

Unresolved Threats:
Risks in compressed file "acd systems acdsee v7.0.43 powerpack winall keymaker only fixed-core.rar"
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Not Attempted
-----------
1 File
[d:\install\po_instalaci_pc\acdsee.v7.0\powerpacky\acd systems acdsee v7.0.43 powerpack winall keymaker only fixed-core.rar] - Not Attempted

Risks in compressed file "comic-life-1.3.6.71.rar"
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Not Attempted
-----------
1 File
[d:\install\programy\_nove_zaradit\comic-life-1.3.6.71.rar] - Not Attempted

Risks in compressed file "ojosoft total video converter 2.7.4.0126.rar"
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Not Attempted
-----------
1 File
[d:\install\programy\_nove_zaradit\ojosoft total video converter 2.7.4.0126.rar] - Not Attempted

MultiPassRecover
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
Categories: Security Assessment Tool
Status: Not Attempted
-----------
2 Files
d:\install\programy\_nove_zaradit\multi password recovery v1.1.8 portable\mpr.exe - No action taken
d:\install\programy\_nove_zaradit\multi password recovery v1.1.8 portable\mpr.exe.bak - No action taken
1 Browser Cache

Risks in compressed file "portable getright pro v6.5.exe"
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Not Attempted
-----------
1 File
[d:\install\programy\__portable\getright pro v6.5\portable getright pro v6.5.exe] - Not Attempted

Trojan.Alemod
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Review
-----------
1 File
d:\install\programy\audio-video - dvd-divx-mp3\replay.converter.v2.31-te\crack\replayconverterv231_crack.exe - Failed
1 Browser Cache

----------------REPORT END-----------------

MaVolt · #17 Příspěvek od **MaVolt** » 14 zář 2011 15:47

Naughty píše:Počkám na editaci dat sektoru

Tak jo, jdu na to. Ale když ten vir je i na C: a já ho z D: smažu, nepřeskočí hned zpět?

MaVolt · #18 Příspěvek od **MaVolt** » 14 zář 2011 15:50

Naughty píše:PhysicalMBR0.bin - čisto

PhysicalMBR1.bin - škodná

Nepřeskočí I kdyby, stejně si budu opět ověřovat

Ok, ale nod řve že je tam furt

MaVolt · #19 Příspěvek od **MaVolt** » 14 zář 2011 16:02

CHLAPE, MILUJU TĚ! (obrazně)

NOD nehlásí NIC!!!!!

A PC taky rychlej naběhl!!

DĚKUJU DĚKUJU DĚKUJU a klaním se hluboce!

MaVolt · #20 Příspěvek od **MaVolt** » 14 zář 2011 16:06

Nebydlíš někde blízko Zlína? Nepojedeš přes Zlín?
Dlužím ti šestimetrové pivo a 40 panáků

:)

Provedu, cos psal

MaVolt · #21 Příspěvek od **MaVolt** » 14 zář 2011 16:20

FÁZE 1: Spuštění OTL s vlastním skenováním

OTL logfile created on: 14.9.2011 17:09:10 - Run 3
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Marek\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,94 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 72,53% Memory free
3,25 Gb Paging File | 2,92 Gb Available in Paging File | 89,89% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 71,96 Gb Free Space | 64,38% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 36,74 Gb Free Space | 15,77% Space Free | Partition Type: NTFS

Computer Name: MAREK-A3C30D064 | User Name: Marek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Custom Scans ==========

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.09.14 17:09:10 | 000,000,512 | ---- | M] () MD5=C3F4332DFEA7E39B031B70560AFB446A -- C:\PhysicalMBR.bin

< End of report >

**********************************************************************
FÁZE 2: Online test souboru PhysicalMBR.bin.

Odkaz na kontrolu souboru PhysicalMBR.bin:
http://www.virustotal.com/file-scan/rep ... e699b-1316

012773

Antivirus Version Last Update Result
AhnLab-V3 2011.09.13.00 2011.09.13 -
AntiVir 7.11.14.202 2011.09.14 -
Antiy-AVL 2.0.3.7 2011.09.14 -
Avast 4.8.1351.0 2011.09.14 -
Avast5 5.0.677.0 2011.09.14 -
AVG 10.0.0.1190 2011.09.14 -
BitDefender 7.2 2011.09.14 -
ByteHero 1.0.0.1 2011.09.13 -
CAT-QuickHeal 11.00 2011.09.14 -
ClamAV 0.97.0.0 2011.09.14 -
Commtouch 5.3.2.6 2011.09.14 -
Comodo 10109 2011.09.14 -
DrWeb 5.0.2.03300 2011.09.14 -
Emsisoft 5.1.0.11 2011.09.14 -
eSafe 7.0.17.0 2011.09.13 -
eTrust-Vet 36.1.8559 2011.09.14 -
F-Prot 4.6.2.117 2011.09.14 -
F-Secure 9.0.16440.0 2011.09.14 -
Fortinet 4.3.370.0 2011.09.14 -
GData 22 2011.09.14 -
Ikarus T3.1.1.107.0 2011.09.14 -
Jiangmin 13.0.900 2011.09.14 -
K7AntiVirus 9.112.5128 2011.09.13 -
Kaspersky 9.0.0.837 2011.09.14 -
McAfee 5.400.0.1158 2011.09.14 -
McAfee-GW-Edition 2010.1D 2011.09.13 -
Microsoft 1.7604 2011.09.14 -
NOD32 6462 2011.09.14 -
Norman 6.07.11 2011.09.13 -
nProtect 2011-09-14.01 2011.09.14 -
Panda 10.0.3.5 2011.09.14 -
PCTools 8.0.0.5 2011.09.14 -
Prevx 3.0 2011.09.14 -
Rising 23.74.03.03 2011.09.09 -
Sophos 4.69.0 2011.09.14 -
SUPERAntiSpyware 4.40.0.1006 2011.09.14 -
Symantec 20111.2.0.82 2011.09.14 -
TheHacker 6.7.0.1.296 2011.09.14 -
TrendMicro 9.500.0.1008 2011.09.14 -
TrendMicro-HouseCall 9.500.0.1008 2011.09.14 -
VBA32 3.12.16.4 2011.09.14 -
VIPRE 10473 2011.09.14 -
ViRobot 2011.9.14.4668 2011.09.14 -
VirusBuster 14.0.211.0 2011.09.13 -

Additional information
MD5 : c3f4332dfea7e39b031b70560afb446a
SHA1 : 83f056de339f4096a94081fc03707a1a5a8fde12
SHA256: 53f5ce99a955f51c4dc9ea6e24a56cc29243c594a9247f999c0eb876bb2e699b

**********************************************************************
FÁZE 3: Přejmenování souboru PhysicalMBR.bin na PhysicalMBR0.bin a start OTL s vlastním skenováním

OTL logfile created on: 14.9.2011 17:15:37 - Run 4
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Marek\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,94 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 72,32% Memory free
3,25 Gb Paging File | 2,91 Gb Available in Paging File | 89,34% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 71,96 Gb Free Space | 64,38% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 36,74 Gb Free Space | 15,77% Space Free | Partition Type: NTFS

Computer Name: MAREK-A3C30D064 | User Name: Marek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
PhysicalDisk1 MBR saved to C:\PhysicalMBR.bin

========== Custom Scans ==========

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.09.14 17:15:37 | 000,000,512 | ---- | M] () MD5=E522A66B9742AF80B94B0AFC339FF805 -- C:\PhysicalMBR.bin

< End of report >

**********************************************************************
FÁZE 4: Online test souboru PhysicalMBR.bin.

Odkaz na kontrolu souboru PhysicalMBR.bin:
http://www.virustotal.com/file-scan/rep ... e06bd-1316

012691

Antivirus Version Last Update Result
AhnLab-V3 2011.09.13.00 2011.09.13 -
AntiVir 7.11.14.202 2011.09.14 -
Antiy-AVL 2.0.3.7 2011.09.14 -
Avast 4.8.1351.0 2011.09.14 -
Avast5 5.0.677.0 2011.09.14 -
AVG 10.0.0.1190 2011.09.14 -
BitDefender 7.2 2011.09.14 -
ByteHero 1.0.0.1 2011.09.13 -
CAT-QuickHeal 11.00 2011.09.14 -
ClamAV 0.97.0.0 2011.09.14 -
Commtouch 5.3.2.6 2011.09.14 -
Comodo 10109 2011.09.14 -
DrWeb 5.0.2.03300 2011.09.14 -
Emsisoft 5.1.0.11 2011.09.14 -
eSafe 7.0.17.0 2011.09.13 -
eTrust-Vet 36.1.8559 2011.09.14 -
F-Prot 4.6.2.117 2011.09.14 -
F-Secure 9.0.16440.0 2011.09.14 -
Fortinet 4.3.370.0 2011.09.14 -
GData 22 2011.09.14 -
Ikarus T3.1.1.107.0 2011.09.14 -
Jiangmin 13.0.900 2011.09.14 -
K7AntiVirus 9.112.5128 2011.09.13 -
Kaspersky 9.0.0.837 2011.09.14 -
McAfee 5.400.0.1158 2011.09.14 -
McAfee-GW-Edition 2010.1D 2011.09.13 -
Microsoft 1.7604 2011.09.14 -
NOD32 6462 2011.09.14 -
Norman 6.07.11 2011.09.13 -
nProtect 2011-09-14.01 2011.09.14 -
Panda 10.0.3.5 2011.09.14 -
PCTools 8.0.0.5 2011.09.14 -
Prevx 3.0 2011.09.14 -
Rising 23.74.03.03 2011.09.09 -
Sophos 4.69.0 2011.09.14 -
SUPERAntiSpyware 4.40.0.1006 2011.09.14 -
TheHacker 6.7.0.1.296 2011.09.14 -
TrendMicro 9.500.0.1008 2011.09.14 -
VBA32 3.12.16.4 2011.09.14 -
VIPRE 10473 2011.09.14 -
ViRobot 2011.9.14.4668 2011.09.14 -
VirusBuster 14.0.211.0 2011.09.13 -

Additional information
MD5 : e522a66b9742af80b94b0afc339ff805
SHA1 : bd0381216cd39c7c486e180ed36e82bcd16eb0b0
SHA256: 73eb27e16ca3b4231b9222ab3c2569810f0289263d2677c56f05e04f878e06bd

**********************************************************************

Tak co, můžu se radovat a ožrat?

:):)

#22 Příspěvek od **Rudy** » 14 zář 2011 16:38

Děkuji panu kolegovi.

PC je již v pořádku, nebo je ještě nějaký problém?

MaVolt · #23 Příspěvek od **MaVolt** » 14 zář 2011 16:41

Naughty píše:Obava naštěstí se nekonala. Data na disku D OK, na C nic nepreskočilo dle MD5=C3F4332DFEA7E39B031B70560AFB446A -- C:\PhysicalMBR.bin

Někam mi prosím upni zararované původní PhysicalMBR0.bin i PhysicalMBR1.bin

Tu to je:
http://leteckaposta.cz/821912163

Co dál ti určo napíše kolega Rudy.

Jo já mám s tím ještě dělat něco dáál?
Mám se mu ozvat nebo sem nakukne?
EDIT// než jsem to dopsal, Rudy se ozval sám. Problém není žádný, děkuji moc!

A tobě ještě jednou obrovský dík za pomoc!
Rudymu samozřejmě taky, na začátku se mi věnoval. Díky!

#24 Příspěvek od **Rudy** » 14 zář 2011 16:52

Ode mne též a nemáte zač!

krepi · #25 Příspěvek od **krepi** » 17 zář 2011 00:02

Dobrý den,včera se mi restartovalo PC a už nenaběhlo,horko těžko se mi podařilo najet systém zazálohovat data a pak kompletně přeinstalovat.Před instalací jsem HDD znova rozdělil,po nainstalování NOD hlásí:
MBR sektor 1. fyzického disku Win32/Agent.SDG.Gen trojský kůň

Pomůže mi s tím někdo prosím?

Výpis je zde:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Krepi at 2011-09-17 00:57:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 93 GB (93%) free of 100 GB
Total RAM: 3071 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:57:07, on 17.9.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HiCDEject\HiCDEject.exe
G:\Staženo\drweb-600-win-space-x86.exe
C:\WINDOWS\system32\MSIEXEC.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\DrWeb\drweb32w.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Staženo\RSIT.exe
C:\Program Files\trend micro\Krepi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TNOD UP] "C:\Program Files\TNod User & Password Finder\TNODUP.exe" /i
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe" -autorun
O4 - HKLM\..\Run: [SpIDerGate] "C:\Program Files\DrWeb\spidergate.exe" -autorun
O4 - HKLM\..\Run: [SpIDerAgent] "C:\Program Files\DrWeb\SpIDerAgent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1214440339-1364589140-682003330-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DVD open.lnk = C:\Program Files\HiCDEject\HiCDEject.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

--
End of file - 5161 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Dr.Web Daily scan.job
C:\WINDOWS\tasks\Dr.Web Update.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Krepi\Data aplikací\Mozilla\Firefox\Profiles\lthcq01c.default

prefs.js - "browser.startup.homepage" - "seznam.cz"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27, jqs@sun.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-09-16 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-09-16 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-03 16876032]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]
"TNOD UP"=C:\Program Files\TNod User & Password Finder\TNODUP.exe [2010-04-02 1811968]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-09-08 421888]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-08-03 13892200]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2011-07-05 1632360]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"SpIDerMail"=C:\Program Files\DrWeb\spiderml.exe [2011-08-17 1591024]
"SpIDerGate"=C:\Program Files\DrWeb\spidergate.exe [2011-06-08 2193648]
"SpIDerAgent"=C:\Program Files\DrWeb\SpIDerAgent.exe [2011-06-08 1473264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
InterVideo WinCinema Manager.lnk - C:\Program Files\Common\Bin\WinCinemaMgr.exe

C:\Documents and Settings\Krepi\Nabídka Start\Programy\Po spuštění
DVD open.lnk - C:\Program Files\HiCDEject\HiCDEject.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
C:\WINDOWS\system32\antiwpa.dll [2003-05-25 60416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\TeamViewer3\TeamViewer.exe"="D:\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\WinDVD5\WinDVD.exe"="C:\Program Files\WinDVD5\WinDVD.exe:*:Enabled:WinDVD"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-09-17 00:57:01 ----D---- C:\rsit
2011-09-17 00:57:01 ----D---- C:\Program Files\trend micro
2011-09-17 00:25:03 ----A---- C:\WINDOWS\system32\drivers\dwprot.sys
2011-09-17 00:25:00 ----A---- C:\WINDOWS\system32\drivers\spiderg3.sys
2011-09-17 00:24:49 ----D---- C:\Program Files\Common Files\Doctor Web
2011-09-17 00:24:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Doctor Web
2011-09-17 00:21:12 ----SHD---- C:\Config.Msi
2011-09-17 00:05:30 ----D---- C:\Documents and Settings\Krepi\Data aplikací\InterVideo
2011-09-17 00:04:34 ----D---- C:\Program Files\Common Files\InterVideo
2011-09-17 00:02:12 ----D---- C:\Program Files\Common
2011-09-17 00:02:11 ----D---- C:\Program Files\Creative
2011-09-17 00:02:11 ----A---- C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011-09-17 00:02:11 ----A---- C:\WINDOWS\system32\ctdvda32.dll
2011-09-17 00:02:11 ----A---- C:\WINDOWS\system32\Ctaa1.dat
2011-09-17 00:02:11 ----A---- C:\WINDOWS\system32\cddvdint.dll
2011-09-17 00:02:04 ----D---- C:\Program Files\WinDVD5
2011-09-16 23:59:20 ----D---- C:\Program Files\Common Files\Java
2011-09-16 23:59:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2011-09-16 23:58:55 ----A---- C:\WINDOWS\system32\javaws.exe
2011-09-16 23:58:55 ----A---- C:\WINDOWS\system32\javaw.exe
2011-09-16 23:58:55 ----A---- C:\WINDOWS\system32\java.exe
2011-09-16 23:58:55 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-09-16 23:58:48 ----D---- C:\Program Files\Java
2011-09-16 23:57:45 ----D---- C:\Documents and Settings\Krepi\Data aplikací\Sun
2011-09-16 23:47:53 ----SHD---- C:\RECYCLER
2011-09-16 23:46:19 ----D---- C:\Program Files\DrWeb
2011-09-16 23:43:33 ----N---- C:\WINDOWS\system32\spmsg.dll
2011-09-16 23:43:33 ----D---- C:\WINDOWS\system32\PreInstall
2011-09-16 23:43:33 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2011-09-16 23:43:32 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2011-09-16 23:43:32 ----HD---- C:\WINDOWS\$hf_mig$
2011-09-16 23:35:26 ----D---- C:\WINDOWS\system32\Lang
2011-09-16 23:31:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA Corporation
2011-09-16 23:31:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2011-09-16 23:31:07 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-09-16 23:30:59 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2011-09-16 23:30:59 ----A---- C:\WINDOWS\system32\nvmctray.dll
2011-09-16 23:30:59 ----A---- C:\WINDOWS\system32\nvcpl.dll
2011-09-16 23:30:59 ----A---- C:\WINDOWS\system32\nvcolor.exe
2011-09-16 23:30:58 ----A---- C:\WINDOWS\system32\nvwddi.dll
2011-09-16 23:30:58 ----A---- C:\WINDOWS\system32\easyupdatusapiu.dll
2011-09-16 23:30:44 ----A---- C:\WINDOWS\system32\nvhdagenco322040.dll
2011-09-16 23:30:42 ----A---- C:\WINDOWS\system32\OpenCL.dll
2011-09-16 23:30:42 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2011-09-16 23:30:42 ----A---- C:\WINDOWS\system32\nvgenco32.dll
2011-09-16 23:30:42 ----A---- C:\WINDOWS\system32\nvdispco32.dll
2011-09-16 23:30:42 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2011-09-16 23:30:41 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2011-09-16 23:30:41 ----A---- C:\WINDOWS\system32\nvcuda.dll
2011-09-16 23:30:41 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2011-09-16 23:30:41 ----A---- C:\WINDOWS\system32\nvapi.dll
2011-09-16 23:30:41 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2011-09-16 23:30:41 ----A---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2011-09-16 23:27:58 ----D---- C:\Program Files\NVIDIA Corporation
2011-09-16 23:27:39 ----D---- C:\NVIDIA
2011-09-16 23:24:15 ----D---- C:\Documents and Settings\Krepi\Data aplikací\Macromedia
2011-09-16 23:24:15 ----D---- C:\Documents and Settings\Krepi\Data aplikací\Adobe
2011-09-16 23:22:15 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2011-09-16 23:21:37 ----A---- C:\WINDOWS\nsreg.dat
2011-09-16 23:21:32 ----D---- C:\Documents and Settings\Krepi\Data aplikací\Mozilla
2011-09-16 23:19:47 ----A---- C:\WINDOWS\system32\drivers\imagedrv.sys
2011-09-16 23:19:24 ----A---- C:\WINDOWS\system32\picn20.dll
2011-09-16 23:19:23 ----A---- C:\WINDOWS\system32\ImagXpr5.dll
2011-09-16 23:19:23 ----A---- C:\WINDOWS\system32\imagx5.dll
2011-09-16 23:19:23 ----A---- C:\WINDOWS\system32\imagr5.dll
2011-09-16 23:19:22 ----D---- C:\Program Files\Common Files\Ahead
2011-09-16 23:19:22 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2011-09-16 23:19:19 ----D---- C:\Program Files\Ahead
2011-09-16 23:17:50 ----D---- C:\Program Files\Mozilla Firefox
2011-09-16 23:16:53 ----D---- C:\Program Files\QuickTime
2011-09-16 23:16:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2011-09-16 23:16:36 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2011-09-16 23:16:36 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2011-09-16 23:16:35 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2011-09-16 23:16:34 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2011-09-16 23:16:33 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2011-09-16 23:16:32 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2011-09-16 23:16:31 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2011-09-16 23:16:29 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2011-09-16 23:16:28 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2011-09-16 23:16:27 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2011-09-16 23:16:26 ----D---- C:\Program Files\Common Files\Apple
2011-09-16 23:16:26 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2011-09-16 23:16:25 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2011-09-16 23:16:24 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2011-09-16 23:16:23 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2011-09-16 23:16:22 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2011-09-16 23:16:22 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2011-09-16 23:16:21 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2011-09-16 23:16:21 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2011-09-16 23:16:19 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2011-09-16 23:16:19 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2011-09-16 23:16:16 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2011-09-16 23:16:15 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2011-09-16 23:16:14 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2011-09-16 23:16:13 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2011-09-16 23:16:12 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2011-09-16 23:16:10 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2011-09-16 23:16:10 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2011-09-16 23:16:09 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2011-09-16 23:16:08 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2011-09-16 23:16:07 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2011-09-16 23:16:06 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2011-09-16 23:16:04 ----D---- C:\Program Files\Apple Software Update
2011-09-16 23:16:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2011-09-16 23:16:04 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2011-09-16 23:16:04 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2011-09-16 23:16:03 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2011-09-16 23:16:00 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2011-09-16 23:15:59 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2011-09-16 23:15:59 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2011-09-16 23:15:58 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2011-09-16 23:15:57 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2011-09-16 23:15:56 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2011-09-16 23:15:56 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2011-09-16 23:15:55 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2011-09-16 23:15:54 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2011-09-16 23:15:53 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2011-09-16 23:15:53 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2011-09-16 23:15:50 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2011-09-16 23:15:50 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2011-09-16 23:15:48 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2011-09-16 23:15:47 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2011-09-16 23:15:46 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2011-09-16 23:15:46 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2011-09-16 23:15:45 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2011-09-16 23:15:44 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2011-09-16 23:15:44 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2011-09-16 23:15:44 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2011-09-16 23:15:44 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2011-09-16 23:15:43 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2011-09-16 23:15:43 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2011-09-16 23:15:42 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2011-09-16 23:15:41 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2011-09-16 23:15:41 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2011-09-16 23:15:39 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2011-09-16 23:15:39 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2011-09-16 23:15:39 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2011-09-16 23:15:39 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2011-09-16 23:15:38 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2011-09-16 23:15:38 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2011-09-16 23:15:38 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2011-09-16 23:15:38 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2011-09-16 23:15:38 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2011-09-16 23:15:37 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2011-09-16 23:15:37 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2011-09-16 23:15:37 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2011-09-16 23:15:37 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2011-09-16 23:15:36 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2011-09-16 23:15:36 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2011-09-16 23:15:36 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2011-09-16 23:15:36 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2011-09-16 23:15:36 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2011-09-16 23:15:35 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2011-09-16 23:15:35 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2011-09-16 23:15:35 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2011-09-16 23:15:34 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2011-09-16 23:14:51 ----D---- C:\WINDOWS\Logs
2011-09-16 23:14:23 ----A---- C:\WINDOWS\iun6002.exe
2011-09-16 23:14:17 ----D---- C:\Program Files\Codec Pack - All In 1
2011-09-16 23:14:02 ----A---- C:\WINDOWS\Codec Pack - All In 1 Setup Log.txt
2011-09-16 23:13:38 ----D---- C:\Program Files\WinRAR
2011-09-16 23:13:26 ----D---- C:\Program Files\Common Files\Adobe
2011-09-16 23:13:26 ----D---- C:\Program Files\Adobe
2011-09-16 23:13:22 ----D---- C:\Program Files\7-Zip
2011-09-16 23:13:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-09-16 23:13:00 ----A---- C:\WINDOWS\system32\antiwpa.dll
2011-09-16 23:11:25 ----D---- C:\Documents and Settings\Krepi\Data aplikací\GlarySoft
2011-09-16 23:10:01 ----D---- C:\Program Files\Absolute Uninstaller
2011-09-16 23:08:35 ----D---- C:\Documents and Settings\Krepi\Data aplikací\TeamViewer
2011-09-16 23:06:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2011-09-16 23:04:25 ----D---- C:\Documents and Settings\Krepi\Data aplikací\Vso
2011-09-16 23:04:23 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2011-09-16 23:03:32 ----D---- C:\Program Files\TNod User & Password Finder
2011-09-16 23:02:11 ----D---- C:\Program Files\ESET
2011-09-16 23:02:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2011-09-16 22:54:01 ----D---- C:\Program Files\HiCDEject
2011-09-16 22:53:01 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2011-09-16 22:52:58 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2011-09-16 22:52:56 ----A---- C:\WINDOWS\system32\ChCfg.exe
2011-09-16 22:52:56 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2011-09-16 22:52:53 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2011-09-16 22:52:51 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2011-09-16 22:52:49 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2011-09-16 22:52:48 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2011-09-16 22:52:46 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2011-09-16 22:52:44 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011-09-16 22:52:42 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2011-09-16 22:52:40 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011-09-16 22:52:35 ----D---- C:\WINDOWS\system32\RTCOM
2011-09-16 22:52:33 ----A---- C:\WINDOWS\system32\ksuser.dll
2011-09-16 22:52:33 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2011-09-16 22:52:32 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2011-09-16 22:52:28 ----A---- C:\WINDOWS\SoundMan.exe
2011-09-16 22:52:28 ----A---- C:\WINDOWS\SkyTel.exe
2011-09-16 22:52:28 ----A---- C:\WINDOWS\RtlUpd.exe
2011-09-16 22:52:28 ----A---- C:\WINDOWS\RTLCPL.exe
2011-09-16 22:52:27 ----A---- C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011-09-16 22:52:27 ----A---- C:\WINDOWS\RTHDCPL.exe
2011-09-16 22:52:27 ----A---- C:\WINDOWS\MicCal.exe
2011-09-16 22:52:26 ----A---- C:\WINDOWS\alcwzrd.exe
2011-09-16 22:52:26 ----A---- C:\WINDOWS\Alcmtr.exe
2011-09-16 22:52:21 ----A---- C:\WINDOWS\RtlExUpd.dll
2011-09-16 22:52:21 ----A---- C:\WINDOWS\HideWin.exe
2011-09-16 22:52:18 ----D---- C:\Program Files\Common Files\InstallShield
2011-09-16 22:50:29 ----A---- C:\WINDOWS\system32\RTNUninst32.dll
2011-09-16 22:50:29 ----A---- C:\WINDOWS\system32\RtNicProp32.dll
2011-09-16 22:50:29 ----A---- C:\WINDOWS\system32\drivers\Rtenicxp.sys
2011-09-16 22:50:24 ----HD---- C:\Program Files\InstallShield Installation Information
2011-09-16 22:50:24 ----D---- C:\Program Files\Realtek
2011-09-16 22:49:40 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2011-09-16 22:36:25 ----A---- C:\WINDOWS\system32\h323log.txt
2011-09-16 22:15:09 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2011-09-16 22:14:24 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2011-09-16 22:13:49 ----A---- C:\WINDOWS\system32\usbui.dll
2011-09-16 22:13:48 ----A---- C:\WINDOWS\system32\drivers\wmiacpi.sys
2011-09-16 22:13:08 ----A---- C:\WINDOWS\imsins.BAK
2011-09-16 22:13:06 ----SHD---- C:\WINDOWS\Installer
2011-09-16 22:13:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-09-16 22:13:05 ----D---- C:\Program Files\Common Files\ODBC
2011-09-16 22:13:05 ----A---- C:\WINDOWS\ODBCINST.INI
2011-09-16 22:13:02 ----RD---- C:\Program Files
2011-09-16 22:13:02 ----D---- C:\Program Files\Common Files\SpeechEngines
2011-09-16 22:13:02 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-09-16 22:13:02 ----D---- C:\Program Files\Common Files
2011-09-16 22:12:59 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2011-09-16 22:12:59 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2011-09-16 22:12:59 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2011-09-16 22:12:57 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2011-09-16 22:12:57 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2011-09-16 22:12:57 ----RA---- C:\WINDOWS\system32\kbdur.dll
2011-09-16 22:12:57 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2011-09-16 22:12:57 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2011-09-16 22:12:57 ----RA---- C:\WINDOWS\system32\kbdru.dll
2011-09-16 22:12:57 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2011-09-16 22:12:57 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2011-09-16 22:12:57 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2011-09-16 22:12:57 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2011-09-16 22:12:57 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2011-09-16 22:12:57 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2011-09-16 22:12:55 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2011-09-16 22:12:55 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2011-09-16 22:12:55 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2011-09-16 22:12:55 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2011-09-16 22:12:55 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2011-09-16 22:12:55 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2011-09-16 22:12:55 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2011-09-16 22:12:53 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2011-09-16 22:12:53 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2011-09-16 22:12:53 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2011-09-16 22:12:53 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2011-09-16 22:12:53 ----RA---- C:\WINDOWS\system32\kbdest.dll
2011-09-16 22:12:50 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2011-09-16 22:12:50 ----A---- C:\WINDOWS\system32\kbdsl.dll
2011-09-16 22:12:50 ----A---- C:\WINDOWS\system32\kbdro.dll
2011-09-16 22:12:50 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2011-09-16 22:12:50 ----A---- C:\WINDOWS\system32\kbdpl.dll
2011-09-16 22:12:50 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2011-09-16 22:12:50 ----A---- C:\WINDOWS\system32\kbdhu.dll
2011-09-16 22:12:50 ----A---- C:\WINDOWS\system32\kbdcr.dll
2011-09-16 22:12:50 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2011-09-16 22:12:49 ----A---- C:\WINDOWS\system32\kbdycl.dll
2011-09-16 22:12:48 ----A---- C:\WINDOWS\system32\spxcoins.dll
2011-09-16 22:12:48 ----A---- C:\WINDOWS\system32\irclass.dll
2011-09-16 22:12:48 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2011-09-16 22:12:48 ----A---- C:\WINDOWS\system32\dgsetup.dll
2011-09-16 22:12:48 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2011-09-16 22:12:46 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2011-09-16 22:12:46 ----A---- C:\WINDOWS\TASKMAN.EXE
2011-09-16 22:12:45 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2011-09-16 22:12:45 ----A---- C:\WINDOWS\system32\batt.dll
2011-09-16 22:12:45 ----A---- C:\WINDOWS\NOTEPAD.EXE
2011-09-16 22:12:44 ----A---- C:\WINDOWS\system32\storprop.dll
2011-09-16 22:12:38 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2011-09-16 22:12:36 ----RA---- C:\WINDOWS\SET8.tmp
2011-09-16 22:12:34 ----RA---- C:\WINDOWS\SET4.tmp
2011-09-16 22:12:33 ----RA---- C:\WINDOWS\SET3.tmp
2011-09-16 22:12:28 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-16 22:12:28 ----D---- C:\WINDOWS\system32\CatRoot
2011-09-16 22:12:23 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-09-16 22:12:05 ----A---- C:\WINDOWS\setuplog.txt
2011-09-16 22:12:03 ----D---- C:\Documents and Settings
2011-09-16 22:12:03 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2011-09-16 22:11:23 ----SH---- C:\boot.ini
2011-09-16 22:10:57 ----SHD---- C:\System Volume Information
2011-09-16 22:05:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-09-16 22:05:59 ----RSD---- C:\WINDOWS\Fonts
2011-09-16 22:05:59 ----RD---- C:\WINDOWS\Web
2011-09-16 22:05:59 ----HD---- C:\WINDOWS\inf
2011-09-16 22:05:59 ----D---- C:\WINDOWS\WinSxS
2011-09-16 22:05:59 ----D---- C:\WINDOWS\twain_32
2011-09-16 22:05:59 ----D---- C:\WINDOWS\Temp
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\wins
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\wbem
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\usmt
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\spool
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\ShellExt
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\Setup
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\ras
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\oobe
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\npp
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\mui
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\inetsrv
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\IME
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\icsxml
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\ias
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\export
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\drivers\etc
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\drivers\disdn
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\drivers
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\dhcp
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\cs-cz
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\cs
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\config
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\3com_dmi
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\3076
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\2052
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\1054
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\1042
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\1041
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\1037
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\1033
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\1031
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\1029
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\1028
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32\1025
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system32
2011-09-16 22:05:59 ----D---- C:\WINDOWS\system
2011-09-16 22:05:59 ----D---- C:\WINDOWS\security
2011-09-16 22:05:59 ----D---- C:\WINDOWS\Resources
2011-09-16 22:05:59 ----D---- C:\WINDOWS\repair
2011-09-16 22:05:59 ----D---- C:\WINDOWS\Provisioning
2011-09-16 22:05:59 ----D---- C:\WINDOWS\pchealth
2011-09-16 22:05:59 ----D---- C:\WINDOWS\PeerNet
2011-09-16 22:05:59 ----D---- C:\WINDOWS\Network Diagnostic
2011-09-16 22:05:59 ----D---- C:\WINDOWS\mui
2011-09-16 22:05:59 ----D---- C:\WINDOWS\msapps
2011-09-16 22:05:59 ----D---- C:\WINDOWS\msagent
2011-09-16 22:05:59 ----D---- C:\WINDOWS\Media
2011-09-16 22:05:59 ----D---- C:\WINDOWS\L2Schemas
2011-09-16 22:05:59 ----D---- C:\WINDOWS\java
2011-09-16 22:05:59 ----D---- C:\WINDOWS\ime
2011-09-16 22:05:59 ----D---- C:\WINDOWS\Help
2011-09-16 22:05:59 ----D---- C:\WINDOWS\Driver Cache
2011-09-16 22:05:59 ----D---- C:\WINDOWS\Debug
2011-09-16 22:05:59 ----D---- C:\WINDOWS\Cursors
2011-09-16 22:05:59 ----D---- C:\WINDOWS\Connection Wizard
2011-09-16 22:05:59 ----D---- C:\WINDOWS\Config
2011-09-16 22:05:59 ----D---- C:\WINDOWS\AppPatch
2011-09-16 22:05:59 ----D---- C:\WINDOWS\addins
2011-09-16 22:05:59 ----D---- C:\WINDOWS
2011-09-16 22:05:58 ----ASH---- C:\pagefile.sys
2011-09-16 20:58:19 ----D---- C:\Windows Commander 5
2011-09-16 20:58:19 ----A---- C:\WINDOWS\wincmd.ini
2011-09-16 20:58:19 ----A---- C:\WINDOWS\UC.PIF
2011-09-16 20:58:19 ----A---- C:\WINDOWS\RAR.PIF
2011-09-16 20:58:19 ----A---- C:\WINDOWS\PKZIP.PIF
2011-09-16 20:58:19 ----A---- C:\WINDOWS\PKUNZIP.PIF
2011-09-16 20:58:19 ----A---- C:\WINDOWS\NOCLOSE.PIF
2011-09-16 20:58:19 ----A---- C:\WINDOWS\LHA.PIF
2011-09-16 20:58:19 ----A---- C:\WINDOWS\ARJ.PIF
2011-09-16 20:48:18 ----D---- C:\Documents and Settings\Krepi\Data aplikací\Identities
2011-09-16 20:48:17 ----HD---- C:\Program Files\Uninstall Information
2011-09-16 20:48:14 ----SD---- C:\Documents and Settings\Krepi\Data aplikací\Microsoft
2011-09-16 20:48:14 ----ASH---- C:\Documents and Settings\Krepi\Data aplikací\desktop.ini
2011-09-16 20:47:42 ----D---- C:\WINDOWS\SoftwareDistribution
2011-09-16 20:47:41 ----D---- C:\WINDOWS\Prefetch
2011-09-16 20:47:38 ----SD---- C:\WINDOWS\system32\Microsoft
2011-09-16 20:47:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-09-16 20:43:31 ----AS---- C:\WINDOWS\bootstat.dat
2011-09-16 20:42:16 ----D---- C:\WINDOWS\system32\xircom
2011-09-16 20:42:16 ----D---- C:\Program Files\xerox
2011-09-16 20:42:16 ----D---- C:\Program Files\microsoft frontpage
2011-09-16 20:42:07 ----RASH---- C:\MSDOS.SYS
2011-09-16 20:42:07 ----RASH---- C:\IO.SYS
2011-09-16 20:42:07 ----A---- C:\WINDOWS\control.ini
2011-09-16 20:42:07 ----A---- C:\CONFIG.SYS
2011-09-16 20:42:07 ----A---- C:\AUTOEXEC.BAT
2011-09-16 20:41:59 ----A---- C:\WINDOWS\OEWABLog.txt
2011-09-16 20:41:56 ----A---- C:\WINDOWS\system32\mapi32.dll
2011-09-16 20:41:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-09-16 20:41:25 ----RD---- C:\WINDOWS\Offline Web Pages
2011-09-16 20:41:19 ----HD---- C:\Program Files\WindowsUpdate
2011-09-16 20:41:16 ----D---- C:\Program Files\Online Services
2011-09-16 20:40:57 ----D---- C:\WINDOWS\system32\DirectX
2011-09-16 20:40:48 ----A---- C:\WINDOWS\system32\atrace.dll
2011-09-16 20:40:44 ----A---- C:\WINDOWS\system32\desktop.ini
2011-09-16 20:40:44 ----A---- C:\WINDOWS\desktop.ini
2011-09-16 20:40:34 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2011-09-16 20:40:33 ----A---- C:\WINDOWS\system32\acctres.dll
2011-09-16 20:40:32 ----D---- C:\Program Files\Common Files\Services
2011-09-16 20:40:28 ----SD---- C:\WINDOWS\Tasks
2011-09-16 20:40:28 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2011-09-16 20:40:27 ----D---- C:\Program Files\Common Files\MSSoap
2011-09-16 20:40:20 ----D---- C:\WINDOWS\srchasst
2011-09-16 20:40:19 ----D---- C:\WINDOWS\system32\Macromed
2011-09-16 20:40:14 ----A---- C:\WINDOWS\system32\wuweb.dll
2011-09-16 20:40:14 ----A---- C:\WINDOWS\system32\wucltui.dll
2011-09-16 20:40:14 ----A---- C:\WINDOWS\system32\wuauserv.dll
2011-09-16 20:40:14 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2011-09-16 20:40:13 ----A---- C:\WINDOWS\system32\wups.dll
2011-09-16 20:40:13 ----A---- C:\WINDOWS\system32\wuaueng.dll
2011-09-16 20:40:13 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2011-09-16 20:40:13 ----A---- C:\WINDOWS\system32\wuauclt.exe
2011-09-16 20:40:13 ----A---- C:\WINDOWS\system32\wuapi.dll
2011-09-16 20:40:13 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2011-09-16 20:40:13 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2011-09-16 20:40:13 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2011-09-16 20:40:12 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2011-09-16 20:40:12 ----A---- C:\WINDOWS\system32\qmgr.dll
2011-09-16 20:40:06 ----D---- C:\Program Files\Movie Maker
2011-09-16 20:39:39 ----A---- C:\WINDOWS\system32\safrslv.dll
2011-09-16 20:39:39 ----A---- C:\WINDOWS\system32\safrdm.dll
2011-09-16 20:39:39 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2011-09-16 20:39:39 ----A---- C:\WINDOWS\system32\racpldlg.dll
2011-09-16 20:39:33 ----A---- C:\WINDOWS\system32\fltlib.dll
2011-09-16 20:39:32 ----D---- C:\WINDOWS\system32\Restore
2011-09-16 20:39:32 ----A---- C:\WINDOWS\system32\srrstr.dll
2011-09-16 20:39:32 ----A---- C:\WINDOWS\system32\fltMc.exe
2011-09-16 20:39:32 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2011-09-16 20:39:31 ----A---- C:\WINDOWS\system32\srsvc.dll
2011-09-16 20:39:31 ----A---- C:\WINDOWS\system32\srclient.dll
2011-09-16 20:39:31 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2011-09-16 20:39:30 ----A---- C:\WINDOWS\system32\mnmdd.dll
2011-09-16 20:39:30 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2011-09-16 20:39:30 ----A---- C:\WINDOWS\system32\ils.dll
2011-09-16 20:39:29 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2011-09-16 20:39:29 ----A---- C:\WINDOWS\system32\msconf.dll
2011-09-16 20:39:29 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2011-09-16 20:39:25 ----D---- C:\Program Files\NetMeeting
2011-09-16 20:39:25 ----A---- C:\WINDOWS\system32\msoert2.dll
2011-09-16 20:39:25 ----A---- C:\WINDOWS\system32\msoeacct.dll
2011-09-16 20:39:23 ----A---- C:\WINDOWS\system32\inetres.dll
2011-09-16 20:39:22 ----A---- C:\WINDOWS\system32\inetcomm.dll
2011-09-16 20:39:19 ----D---- C:\Program Files\Outlook Express
2011-09-16 20:39:19 ----A---- C:\WINDOWS\system32\schedsvc.dll
2011-09-16 20:39:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2011-09-16 20:39:19 ----A---- C:\WINDOWS\system32\mstask.dll
2011-09-16 20:39:18 ----A---- C:\WINDOWS\system32\isign32.dll
2011-09-16 20:39:18 ----A---- C:\WINDOWS\system32\icwphbk.dll
2011-09-16 20:39:18 ----A---- C:\WINDOWS\system32\icwdial.dll
2011-09-16 20:39:17 ----A---- C:\WINDOWS\system32\inetcfg.dll
2011-09-16 20:39:09 ----D---- C:\Program Files\Common Files\System
2011-09-16 20:39:07 ----D---- C:\Program Files\Internet Explorer
2011-09-16 20:39:05 ----A---- C:\WINDOWS\system32\emptyregdb.dat
2011-09-16 20:38:57 ----D---- C:\Program Files\ComPlus Applications
2011-09-16 20:38:55 ----A---- C:\WINDOWS\vbaddin.ini
2011-09-16 20:38:55 ----A---- C:\WINDOWS\vb.ini
2011-09-16 20:38:51 ----D---- C:\WINDOWS\Registration
2011-09-16 20:38:27 ----D---- C:\Program Files\Windows Media Player
2011-09-16 20:38:21 ----D---- C:\Program Files\Messenger
2011-09-16 20:38:16 ----D---- C:\Program Files\MSN Gaming Zone
2011-09-16 20:38:16 ----A---- C:\WINDOWS\system32\write.exe
2011-09-16 20:38:04 ----A---- C:\WINDOWS\system32\sndvol32.exe
2011-09-16 20:38:04 ----A---- C:\WINDOWS\system32\hticons.dll
2011-09-16 20:38:04 ----A---- C:\WINDOWS\system32\avwav.dll
2011-09-16 20:38:03 ----A---- C:\WINDOWS\system32\avtapi.dll
2011-09-16 20:38:03 ----A---- C:\WINDOWS\system32\avmeter.dll
2011-09-16 20:38:02 ----A---- C:\WINDOWS\system32\winchat.exe
2011-09-16 20:37:53 ----A---- C:\WINDOWS\system32\getuname.dll
2011-09-16 20:37:52 ----A---- C:\WINDOWS\system32\charmap.exe
2011-09-16 20:37:52 ----A---- C:\WINDOWS\system32\calc.exe
2011-09-16 20:37:51 ----A---- C:\WINDOWS\system32\winmine.exe
2011-09-16 20:37:51 ----A---- C:\WINDOWS\system32\sol.exe
2011-09-16 20:37:50 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2011-09-16 20:37:50 ----A---- C:\WINDOWS\system32\reset.exe
2011-09-16 20:37:50 ----A---- C:\WINDOWS\system32\mshearts.exe
2011-09-16 20:37:50 ----A---- C:\WINDOWS\system32\freecell.exe
2011-09-16 20:37:49 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2011-09-16 20:37:49 ----A---- C:\WINDOWS\system32\tslabels.ini
2011-09-16 20:37:49 ----A---- C:\WINDOWS\system32\tskill.exe
2011-09-16 20:37:49 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2011-09-16 20:37:49 ----A---- C:\WINDOWS\system32\tscon.exe
2011-09-16 20:37:49 ----A---- C:\WINDOWS\system32\shadow.exe
2011-09-16 20:37:49 ----A---- C:\WINDOWS\system32\rwinsta.exe
2011-09-16 20:37:49 ----A---- C:\WINDOWS\system32\regini.exe
2011-09-16 20:37:49 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2011-09-16 20:37:48 ----A---- C:\WINDOWS\system32\qwinsta.exe
2011-09-16 20:37:48 ----A---- C:\WINDOWS\system32\qappsrv.exe
2011-09-16 20:37:48 ----A---- C:\WINDOWS\system32\msg.exe
2011-09-16 20:37:48 ----A---- C:\WINDOWS\system32\logoff.exe
2011-09-16 20:37:48 ----A---- C:\WINDOWS\system32\cdmodem.dll
2011-09-16 20:37:47 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2011-09-16 20:37:40 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2011-09-16 20:37:39 ----A---- C:\WINDOWS\system32\sndrec32.exe
2011-09-16 20:37:39 ----A---- C:\WINDOWS\system32\accwiz.exe
2011-09-16 20:37:38 ----A---- C:\WINDOWS\system32\mplay32.exe
2011-09-16 20:37:38 ----A---- C:\WINDOWS\system32\hypertrm.dll
2011-09-16 20:37:37 ----D---- C:\Program Files\Windows NT
2011-09-16 20:37:37 ----A---- C:\WINDOWS\system32\mspaint.exe
2011-09-16 20:37:36 ----A---- C:\WINDOWS\system32\spider.exe
2011-09-16 20:37:36 ----A---- C:\WINDOWS\system32\clipbrd.exe
2011-09-16 20:37:35 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2011-09-16 20:37:35 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2011-09-16 20:37:34 ----A---- C:\WINDOWS\system32\tsgqec.dll
2011-09-16 20:37:34 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2011-09-16 20:37:34 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2011-09-16 20:37:34 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2011-09-16 20:37:33 ----A---- C:\WINDOWS\system32\aaclient.dll
2011-09-16 20:37:32 ----A---- C:\WINDOWS\system32\mstscax.dll
2011-09-16 20:37:32 ----A---- C:\WINDOWS\system32\mstsc.exe
2011-09-16 20:37:31 ----A---- C:\WINDOWS\system32\sessmgr.exe
2011-09-16 20:37:31 ----A---- C:\WINDOWS\system32\remotepg.dll
2011-09-16 20:37:31 ----A---- C:\WINDOWS\system32\rdshost.exe
2011-09-16 20:37:31 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2011-09-16 20:37:31 ----A---- C:\WINDOWS\system32\rdchost.dll
2011-09-16 20:37:30 ----A---- C:\WINDOWS\system32\termsrv.dll
2011-09-16 20:37:30 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2011-09-16 20:37:30 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2011-09-16 20:37:30 ----A---- C:\WINDOWS\system32\rdpclip.exe
2011-09-16 20:37:30 ----A---- C:\WINDOWS\system32\qprocess.exe
2011-09-16 20:37:30 ----A---- C:\WINDOWS\system32\icaapi.dll
2011-09-16 20:37:30 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2011-09-16 20:37:29 ----D---- C:\WINDOWS\system32\MsDtc
2011-09-16 20:37:29 ----A---- C:\WINDOWS\system32\mtxoci.dll
2011-09-16 20:37:29 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2011-09-16 20:37:28 ----A---- C:\WINDOWS\system32\xolehlp.dll
2011-09-16 20:37:28 ----A---- C:\WINDOWS\system32\msdtctm.dll
2011-09-16 20:37:28 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2011-09-16 20:37:27 ----A---- C:\WINDOWS\system32\msdtclog.dll
2011-09-16 20:37:27 ----A---- C:\WINDOWS\system32\msdtc.exe
2011-09-16 20:37:26 ----D---- C:\WINDOWS\system32\Com
2011-09-16 20:37:26 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2011-09-16 20:37:26 ----A---- C:\WINDOWS\system32\mtxex.dll
2011-09-16 20:37:26 ----A---- C:\WINDOWS\system32\mtxdm.dll
2011-09-16 20:37:26 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2011-09-16 20:37:26 ----A---- C:\WINDOWS\system32\colbact.dll
2011-09-16 20:37:25 ----A---- C:\WINDOWS\system32\stclient.dll
2011-09-16 20:37:25 ----A---- C:\WINDOWS\system32\comrepl.dll
2011-09-16 20:37:25 ----A---- C:\WINDOWS\system32\comaddin.dll
2011-09-16 20:37:25 ----A---- C:\WINDOWS\system32\clbcatex.dll
2011-09-16 20:37:25 ----A---- C:\WINDOWS\system32\catsrvps.dll
2011-09-16 20:37:24 ----A---- C:\WINDOWS\system32\catsrvut.dll
2011-09-16 20:37:24 ----A---- C:\WINDOWS\system32\catsrv.dll
2011-09-16 20:37:23 ----A---- C:\WINDOWS\system32\comsvcs.dll
2011-09-16 20:37:22 ----A---- C:\WINDOWS\system32\comuid.dll
2011-09-16 20:37:22 ----A---- C:\WINDOWS\system32\comsnap.dll
2011-09-16 20:37:22 ----A---- C:\WINDOWS\system32\clbcatq.dll
2011-09-16 20:37:14 ----A---- C:\WINDOWS\system32\servdeps.dll
2011-09-16 20:37:14 ----A---- C:\WINDOWS\system32\mmfutil.dll
2011-09-16 20:37:14 ----A---- C:\WINDOWS\system32\licwmi.dll
2011-09-16 20:37:13 ----A---- C:\WINDOWS\system32\cmprops.dll
2011-09-16 20:37:11 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2011-09-16 20:37:10 ----A---- C:\WINDOWS\system32\drivers\termdd.sys

======List of files/folders modified in the last 1 month======

2011-09-16 22:13:01 ----A---- C:\WINDOWS\system.ini
2011-09-16 20:42:07 ----A---- C:\WINDOWS\win.ini
2011-09-16 20:41:48 ----ASH---- C:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DwProt;DrWeb Protection; C:\WINDOWS\system32\drivers\dwprot.sys [2011-07-08 139640]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-03 4745216]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-08-03 12542592]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2011-05-10 119528]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-07-06 234392]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S0 SpiderG3;DrWeb file system scanner; C:\WINDOWS\system32\drivers\spiderg3.sys [2011-07-06 109560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-09-16 153376]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-08-03 146024]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine); C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2011-08-17 1771864]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 33584]

-----------------EOF-----------------

#26 Příspěvek od **cernohous13** » 17 zář 2011 05:43

Zdravím,

1. Odinstaluj NODa včetně cracku
2. Nahraď jej free antivirem (Avast, Avira, MSE)
3. Dej nový RSIT do nového téma

původní téma vyřešeno - zde

VIRY.CZ

Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc

Re: Win32/agent.sdg.gen v MBR sektoru disku - prosim o pomoc